[src/trunk]: src/sys/netipsec Removed the unnecessary order check of key_look...

[yamaguchi <yamaguchi%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/789c5f7cb90b
branches:  trunk
changeset: 321883:789c5f7cb90b
user:      yamaguchi <yamaguchi%NetBSD.org@localhost>
date:      Mon Apr 09 06:26:05 2018 +0000

description:
Removed the unnecessary order check of key_lookup_sa

key_prefered_oldsa flag can change the sa to use if an sah
has multiple sav. However the multiple saves whose protocol
is ah, esp, or tcp cannot exist because their duplications
are checked by the spi value. Although the multiple saves
can exist in the case of ipcomp, the values using in the
post processing are same between the saves.

For those reasons, it is no need to select an sav by its
lifetime.
In addition, FreeBSD has already remove this.

reviewed by ozaki-r@n.o, thanks.

diffstat:

 sys/netipsec/key.c |  25 +++++++++++--------------
 1 files changed, 11 insertions(+), 14 deletions(-)

diffs (63 lines):

diff -r 2a9599cb8801 -r 789c5f7cb90b sys/netipsec/key.c
--- a/sys/netipsec/key.c        Sun Apr 08 21:56:48 2018 +0000
+++ b/sys/netipsec/key.c        Mon Apr 09 06:26:05 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.249 2018/03/02 07:37:13 ozaki-r Exp $        */
+/*     $NetBSD: key.c,v 1.250 2018/04/09 06:26:05 yamaguchi Exp $      */
 /*     $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $        */
 /*     $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.249 2018/03/02 07:37:13 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.250 2018/04/09 06:26:05 yamaguchi Exp $");
 
 /*
  * This code is referred to RFC 2367
@@ -424,6 +424,12 @@
            _i < __arraycount(saorder_state_any) ?              \
            (s) = saorder_state_any[_i], true : false;          \
            _i++)
+#define SASTATE_USABLE_FOREACH(s)                              \
+       for (int _i = 0;                                        \
+           _i < __arraycount(saorder_state_valid_prefer_new) ? \
+           (s) = saorder_state_valid_prefer_new[_i],           \
+           true : false;                                       \
+           _i++)
 
 static const int minsize[] = {
        sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
@@ -1196,9 +1202,8 @@
 {
        struct secashead *sah;
        struct secasvar *sav;
-       u_int stateidx, state;
-       const u_int *saorder_state_valid;
-       int arraysize, chkport;
+       u_int state;
+       int chkport;
        int s;
 
        int must_check_spi = 1;
@@ -1242,18 +1247,10 @@
         * IPsec tunnel packet is received.  But ESP tunnel mode is
         * encrypted so we can't check internal IP header.
         */
-       if (key_prefered_oldsa) {
-               saorder_state_valid = saorder_state_valid_prefer_old;
-               arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
-       } else {
-               saorder_state_valid = saorder_state_valid_prefer_new;
-               arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
-       }
        s = pserialize_read_enter();
        SAHLIST_READER_FOREACH(sah) {
                /* search valid state */
-               for (stateidx = 0; stateidx < arraysize; stateidx++) {
-                       state = saorder_state_valid[stateidx];
+               SASTATE_USABLE_FOREACH(state) {
                        SAVLIST_READER_FOREACH(sav, sah, state) {
                                KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
                                    "try match spi %#x, %#x\n",