[src/trunk]: src/sys cache pcb policy as much as possible. in fact, if polic...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys cache pcb policy as much as possible. in fact, if polic...
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 11:35:29 +0000

details:   https://anonhg.NetBSD.org/src/rev/9658d5a107dc
branches:  trunk
changeset: 532765:9658d5a107dc
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri Jun 14 14:47:24 2002 +0000

description:
cache pcb policy as much as possible.  in fact, if policy is not
IPSEC_POLICY_IPSEC we don't need to compare spidx.  sync w/kame

diffstat:

 sys/netinet6/ipsec.c |  8 +++++---
 sys/netkey/key.c     |  8 ++++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diffs (73 lines):

diff -r 4cab15a808b9 -r 9658d5a107dc sys/netinet6/ipsec.c
--- a/sys/netinet6/ipsec.c      Fri Jun 14 14:17:55 2002 +0000
+++ b/sys/netinet6/ipsec.c      Fri Jun 14 14:47:24 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.c,v 1.56 2002/06/14 14:17:55 itojun Exp $        */
+/*     $NetBSD: ipsec.c,v 1.57 2002/06/14 14:47:24 itojun Exp $        */
 /*     $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
 
 /*
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.56 2002/06/14 14:17:55 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.57 2002/06/14 14:47:24 itojun Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -176,6 +176,7 @@
        switch (dir) {
        case IPSEC_DIR_INBOUND:
        case IPSEC_DIR_OUTBOUND:
+       case IPSEC_DIR_ANY:
                break;
        default:
                return NULL;
@@ -201,7 +202,8 @@
                if (ipsec_setspidx(m, &spidx, 1) != 0)
                        return NULL;
                if (bcmp(&pcbsp->cacheidx[dir], &spidx, sizeof(spidx))) {
-                       if (pcbsp->cache[dir]->spidx &&
+                       if (pcbsp->cache[dir]->policy == IPSEC_POLICY_IPSEC &&
+                           pcbsp->cache[dir]->spidx &&
                            !key_cmpspidx_withmask(pcbsp->cache[dir]->spidx,
                            &spidx))
                                return NULL;
diff -r 4cab15a808b9 -r 9658d5a107dc sys/netkey/key.c
--- a/sys/netkey/key.c  Fri Jun 14 14:17:55 2002 +0000
+++ b/sys/netkey/key.c  Fri Jun 14 14:47:24 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.70 2002/06/12 17:56:46 itojun Exp $  */
+/*     $NetBSD: key.c,v 1.71 2002/06/14 14:47:25 itojun Exp $  */
 /*     $KAME: key.c,v 1.234 2002/05/13 03:21:17 itojun Exp $   */
 
 /*
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.70 2002/06/12 17:56:46 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.71 2002/06/14 14:47:25 itojun Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -6993,14 +6993,18 @@
        ip4_def_policy = key_newsp();
        if (!ip4_def_policy)
                panic("could not initialize IPv4 default security policy");
+       ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
        ip4_def_policy->policy = IPSEC_POLICY_NONE;
+       ip4_def_policy->dir = IPSEC_DIR_ANY;
        ip4_def_policy->readonly = 1;
 #endif
 #ifdef INET6
        ip6_def_policy = key_newsp();
        if (!ip6_def_policy)
                panic("could not initialize IPv6 default security policy");
+       ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
        ip6_def_policy->policy = IPSEC_POLICY_NONE;
+       ip6_def_policy->dir = IPSEC_DIR_ANY;
        ip6_def_policy->readonly = 1;
 #endif

Prev by Date: [src/trunk]: src/sys/dev/pci Map the device's memory space with BUS_SPACE_MAP...
Next by Date: [src/trunk]: src/sys/dev/ic Use M_IFMADDR instead of M_IPMADDR. From John Fr...
Previous by Thread: [src/trunk]: src/sys/dev/pci Map the device's memory space with BUS_SPACE_MAP...
Next by Thread: [src/trunk]: src/sys/dev/ic Use M_IFMADDR instead of M_IPMADDR. From John Fr...
Indexes:

Home | Main Index | Thread Index | Old Index