Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Don't relook up an SP/SA in opencrpyto callbacks
details: https://anonhg.NetBSD.org/src/rev/8729e6377eab
branches: trunk
changeset: 829851:8729e6377eab
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Thu Feb 15 04:24:32 2018 +0000
description:
Don't relook up an SP/SA in opencrpyto callbacks
We don't need to do so because we have a reference to it. And also
relooking-up one there may return an sp/sav that has different
parameters from an original one.
diffstat:
sys/netipsec/xform_ah.c | 34 ++--------------------------------
sys/netipsec/xform_esp.c | 41 ++---------------------------------------
sys/netipsec/xform_ipcomp.c | 34 ++--------------------------------
3 files changed, 6 insertions(+), 103 deletions(-)
diffs (193 lines):
diff -r 2bf2fa5ad502 -r 8729e6377eab sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Wed Feb 14 20:10:17 2018 +0000
+++ b/sys/netipsec/xform_ah.c Thu Feb 15 04:24:32 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.77 2018/01/24 13:49:23 maxv Exp $ */
+/* $NetBSD: xform_ah.c,v 1.78 2018/02/15 04:24:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.77 2018/01/24 13:49:23 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.78 2018/02/15 04:24:32 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -824,18 +824,6 @@
IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
- sport, dport);
- if (sav == NULL) {
- AH_STATINC(AH_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
-
saidx = &sav->sah->saidx;
KASSERTMSG(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
@@ -1218,24 +1206,6 @@
isr = tc->tc_isr;
sav = tc->tc_sav;
- if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
- AH_STATINC(AH_STAT_NOTDB);
- IPSECLOG(LOG_DEBUG,
- "SP is being destroyed while in crypto (id=%u)\n",
- isr->sp->id);
- error = ENOENT;
- goto bad;
- }
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- AH_STATINC(AH_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
/* Check for crypto errors. */
if (crp->crp_etype) {
diff -r 2bf2fa5ad502 -r 8729e6377eab sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c Wed Feb 14 20:10:17 2018 +0000
+++ b/sys/netipsec/xform_esp.c Thu Feb 15 04:24:32 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.75 2018/02/14 09:13:03 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.76 2018/02/15 04:24:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.75 2018/02/14 09:13:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.76 2018/02/15 04:24:32 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -538,21 +538,6 @@
IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
- sport, dport);
- if (sav == NULL) {
- ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto "
- "(SA %s/%08lx proto %u)\n", __func__,
- ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
- (u_long) ntohl(tc->tc_spi), tc->tc_proto));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
-
saidx = &sav->sah->saidx;
KASSERTMSG(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
@@ -1000,28 +985,6 @@
isr = tc->tc_isr;
sav = tc->tc_sav;
- if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
- ESP_STATINC(ESP_STAT_NOTDB);
- IPSECLOG(LOG_DEBUG,
- "SP is being destroyed while in crypto (id=%u)\n",
- isr->sp->id);
- error = ENOENT;
- goto bad;
- }
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- char buf[IPSEC_ADDRSTRLEN];
- ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto (SA %s/%08lx "
- "proto %u)\n", __func__,
- ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
- (u_long) ntohl(tc->tc_spi), tc->tc_proto));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
/* Check for crypto errors. */
if (crp->crp_etype) {
diff -r 2bf2fa5ad502 -r 8729e6377eab sys/netipsec/xform_ipcomp.c
--- a/sys/netipsec/xform_ipcomp.c Wed Feb 14 20:10:17 2018 +0000
+++ b/sys/netipsec/xform_ipcomp.c Thu Feb 15 04:24:32 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.55 2018/02/14 09:13:03 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.56 2018/02/15 04:24:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.55 2018/02/14 09:13:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.56 2018/02/15 04:24:32 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -275,18 +275,6 @@
IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
- sport, dport);
- if (sav == NULL) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
-
saidx = &sav->sah->saidx;
KASSERTMSG(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
@@ -567,24 +555,6 @@
isr = tc->tc_isr;
sav = tc->tc_sav;
- if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- IPSECLOG(LOG_DEBUG,
- "SP is being destroyed while in crypto (id=%u)\n",
- isr->sp->id);
- error = ENOENT;
- goto bad;
- }
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
/* Check for crypto errors */
if (crp->crp_etype) {
Home |
Main Index |
Thread Index |
Old Index