Extend the protosw pr_ctlinput function to include the rdomain. This is

needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

1 files changed, 7 insertions, 4 deletions

diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index d371367d458..acc28c6b43b 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsec_input.c,v 1.92 2009/08/09 12:47:50 henning Exp $	*/
+/*	$OpenBSD: ipsec_input.c,v 1.93 2009/11/13 20:54:05 claudio Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -746,8 +746,9 @@ ah4_input_cb(struct mbuf *m, ...)
 }
 
 
+/* XXX rdomain */
 void *
-ah4_ctlinput(int cmd, struct sockaddr *sa, void *v)
+ah4_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v)
 {
 	if (sa->sa_family != AF_INET ||
 	    sa->sa_len != sizeof(struct sockaddr_in))
@@ -907,8 +908,9 @@ ipsec_common_ctlinput(int cmd, struct sockaddr *sa, void *v, int proto)
 	return (NULL);
 }
 
+/* XXX rdomain */
 void *
-udpencap_ctlinput(int cmd, struct sockaddr *sa, void *v)
+udpencap_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v)
 {
 	struct ip *ip = v;
 	struct tdb *tdbp;
@@ -965,8 +967,9 @@ udpencap_ctlinput(int cmd, struct sockaddr *sa, void *v)
 	return (NULL);
 }
 
+/* XXX rdomain */
 void *
-esp4_ctlinput(int cmd, struct sockaddr *sa, void *v)
+esp4_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v)
 {
 	if (sa->sa_family != AF_INET ||
 	    sa->sa_len != sizeof(struct sockaddr_in))