CVS commit: [netbsd-8] src/sys/netipsec

["Martin Husemann" <martin%netbsd.org@localhost>]

Module Name:    src
Committed By:   martin
Date:           Wed Apr 18 14:06:24 UTC 2018

Modified Files:
        src/sys/netipsec [netbsd-8]: key.c keydb.h

Log Message:
Pull up following revision(s) (requested by yamaguchi in ticket #776):

        sys/netipsec/key.c: revision 1.251-1.253
        sys/netipsec/keydb.h: revision 1.22

Introduced a hash table to sahlist

An saidx of sah included in the list is unique so that
the search can use a hash list whose hash is calculated by
the saidx to find an sah quickly.

The hash list of the sahlits is used in FreeBSD, too.
reviewed by ozaki-r@n.o, thanks.

Added a lookup table to find an sav quickly
key_sad.sahlists doesn't work well for inbound packets because
its key includes source address. For the reason, the
look-up-table for the inbound packets is newly added.
The table has all sav whose state is MATURE or DYING and uses a
key calculated by destination address, protocol, and spi instead
of saidx.

reviewd ozaki-r@n.o, thanks.

Fix panic of SADB when the state of sav is changed in timeout
pointed out by ozaki-r@n.o, thanks


To generate a diff of this commit:
cvs rdiff -u -r1.163.2.8 -r1.163.2.9 src/sys/netipsec/key.c
cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/sys/netipsec/keydb.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.