At 10:03 PM 8/19/99 , itojun@iijlab.net wrote:
>         Hello, could someone review the following patch.
>
>         By addition of IPsec code, tcp syn cache has additional member,
>         sc_so, which points back to socket structure of listening socket.
>         This is required because, when responding to the connection attempt
>         at syn_cache_respond(), we need to check the security policy
>         of relevant listening socket ("need encryption on reply" for example).

Instead of pointing to socket in the syn cache, point to an intermediate
structure which contains a reference counter and a pointer the socket.
the [listening] socket should also contain a pointer to this structure
so that it can nuke the socket pointer inside of it and decrement the
reference counter when either itself is deleted or its security policy 
is changed.  As each syn cache is freed, the reference counter is decremented
and when it reaches 0, the structure is freed. 
-- 
Matt Thomas               Internet:   matt@3am-software.com
3am Software Foundry      WWW URL:    http://www.3am-software.com/bio/matt/
Cupertino, CA             Disclaimer: I avow all knowledge of this message