| key.c (157123) | key.c (158767) |
|---|---|
| 1/* $FreeBSD: head/sys/netipsec/key.c 157123 2006-03-25 13:38:52Z gnn $ */ | 1/* $FreeBSD: head/sys/netipsec/key.c 158767 2006-05-20 15:35:36Z pjd $ */ |
| 2/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4/*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 39 unchanged lines hidden (view full) --- 49#include <sys/protosw.h> 50#include <sys/malloc.h> 51#include <sys/socket.h> 52#include <sys/socketvar.h> 53#include <sys/sysctl.h> 54#include <sys/errno.h> 55#include <sys/proc.h> 56#include <sys/queue.h> | 2/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4/*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 39 unchanged lines hidden (view full) --- 49#include <sys/protosw.h> 50#include <sys/malloc.h> 51#include <sys/socket.h> 52#include <sys/socketvar.h> 53#include <sys/sysctl.h> 54#include <sys/errno.h> 55#include <sys/proc.h> 56#include <sys/queue.h> |
| 57#include <sys/refcount.h> |
|
| 57#include <sys/syslog.h> 58 59#include <net/if.h> 60#include <net/route.h> 61#include <net/raw_cb.h> 62 63#include <netinet/in.h> 64#include <netinet/in_systm.h> --- 432 unchanged lines hidden (view full) --- 497 498#if 0 499static const char *key_getfqdn __P((void)); 500static const char *key_getuserfqdn __P((void)); 501#endif 502static void key_sa_chgstate __P((struct secasvar *, u_int8_t)); 503static struct mbuf *key_alloc_mbuf __P((int)); 504 | 58#include <sys/syslog.h> 59 60#include <net/if.h> 61#include <net/route.h> 62#include <net/raw_cb.h> 63 64#include <netinet/in.h> 65#include <netinet/in_systm.h> --- 432 unchanged lines hidden (view full) --- 498 499#if 0 500static const char *key_getfqdn __P((void)); 501static const char *key_getuserfqdn __P((void)); 502#endif 503static void key_sa_chgstate __P((struct secasvar *, u_int8_t)); 504static struct mbuf *key_alloc_mbuf __P((int)); 505 |
| 505#define SA_ADDREF(p) do { \ 506 (p)->refcnt++; \ 507 IPSEC_ASSERT((p)->refcnt != 0, ("SA refcnt overflow")); \ 508} while (0) 509#define SA_DELREF(p) do { \ 510 IPSEC_ASSERT((p)->refcnt > 0, ("SA refcnt underflow")); \ 511 (p)->refcnt--; \ 512} while (0) | 506static __inline void 507sa_initref(struct secasvar *sav) 508{ |
| 513 | 509 |
| 510 refcount_init(&sav->refcnt, 1); 511} 512static __inline void 513sa_addref(struct secasvar *sav) 514{ 515 516 refcount_acquire(&sav->refcnt); 517 IPSEC_ASSERT(sav->refcnt != 0, ("SA refcnt overflow")); 518} 519static __inline int 520sa_delref(struct secasvar *sav) 521{ 522 523 IPSEC_ASSERT(sav->refcnt > 0, ("SA refcnt underflow")); 524 return (refcount_release(&sav->refcnt)); 525} 526 |
|
| 514#define SP_ADDREF(p) do { \ 515 (p)->refcnt++; \ 516 IPSEC_ASSERT((p)->refcnt != 0, ("SP refcnt overflow")); \ 517} while (0) 518#define SP_DELREF(p) do { \ 519 IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow")); \ 520 (p)->refcnt--; \ 521} while (0) --- 473 unchanged lines hidden (view full) --- 995 if (key_sendup_mbuf(NULL, result, 996 KEY_SENDUP_REGISTERED)) 997 goto msgfail; 998 msgfail: 999 KEY_FREESAV(&d); 1000 } 1001 } 1002 if (candidate) { | 527#define SP_ADDREF(p) do { \ 528 (p)->refcnt++; \ 529 IPSEC_ASSERT((p)->refcnt != 0, ("SP refcnt overflow")); \ 530} while (0) 531#define SP_DELREF(p) do { \ 532 IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow")); \ 533 (p)->refcnt--; \ 534} while (0) --- 473 unchanged lines hidden (view full) --- 1008 if (key_sendup_mbuf(NULL, result, 1009 KEY_SENDUP_REGISTERED)) 1010 goto msgfail; 1011 msgfail: 1012 KEY_FREESAV(&d); 1013 } 1014 } 1015 if (candidate) { |
| 1003 SA_ADDREF(candidate); | 1016 sa_addref(candidate); |
| 1004 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1005 printf("DP %s cause refcnt++:%d SA:%p\n", 1006 __func__, candidate->refcnt, candidate)); 1007 } 1008 SAHTREE_UNLOCK(); 1009 1010 return candidate; 1011} --- 62 unchanged lines hidden (view full) --- 1074#if 0 /* don't check src */ 1075 /* check src address */ 1076 if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, 0) != 0) 1077 continue; 1078#endif 1079 /* check dst address */ 1080 if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, 0) != 0) 1081 continue; | 1017 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1018 printf("DP %s cause refcnt++:%d SA:%p\n", 1019 __func__, candidate->refcnt, candidate)); 1020 } 1021 SAHTREE_UNLOCK(); 1022 1023 return candidate; 1024} --- 62 unchanged lines hidden (view full) --- 1087#if 0 /* don't check src */ 1088 /* check src address */ 1089 if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, 0) != 0) 1090 continue; 1091#endif 1092 /* check dst address */ 1093 if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, 0) != 0) 1094 continue; |
| 1082 SA_ADDREF(sav); | 1095 sa_addref(sav); |
| 1083 goto done; 1084 } 1085 } 1086 } 1087 sav = NULL; 1088done: 1089 SAHTREE_UNLOCK(); 1090 --- 102 unchanged lines hidden (view full) --- 1193 */ 1194void 1195key_freesav(struct secasvar **psav, const char* where, int tag) 1196{ 1197 struct secasvar *sav = *psav; 1198 1199 IPSEC_ASSERT(sav != NULL, ("null sav")); 1200 | 1096 goto done; 1097 } 1098 } 1099 } 1100 sav = NULL; 1101done: 1102 SAHTREE_UNLOCK(); 1103 --- 102 unchanged lines hidden (view full) --- 1206 */ 1207void 1208key_freesav(struct secasvar **psav, const char* where, int tag) 1209{ 1210 struct secasvar *sav = *psav; 1211 1212 IPSEC_ASSERT(sav != NULL, ("null sav")); 1213 |
| 1201 /* XXX unguarded? */ 1202 SA_DELREF(sav); 1203 1204 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1205 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1206 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); 1207 1208 if (sav->refcnt == 0) { | 1214 if (sa_delref(sav)) { 1215 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1216 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1217 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); |
| 1209 *psav = NULL; 1210 key_delsav(sav); | 1218 *psav = NULL; 1219 key_delsav(sav); |
| 1220 } else { 1221 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1222 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1223 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); |
|
| 1211 } 1212} 1213 1214/* %%% SPD management */ 1215/* 1216 * free security policy entry. 1217 */ 1218static void --- 1540 unchanged lines hidden (view full) --- 2759 SECASVAR_LOCK_INIT(newsav); 2760 2761 /* reset created */ 2762 newsav->created = time_second; 2763 newsav->pid = mhp->msg->sadb_msg_pid; 2764 2765 /* add to satree */ 2766 newsav->sah = sah; | 1224 } 1225} 1226 1227/* %%% SPD management */ 1228/* 1229 * free security policy entry. 1230 */ 1231static void --- 1540 unchanged lines hidden (view full) --- 2772 SECASVAR_LOCK_INIT(newsav); 2773 2774 /* reset created */ 2775 newsav->created = time_second; 2776 newsav->pid = mhp->msg->sadb_msg_pid; 2777 2778 /* add to satree */ 2779 newsav->sah = sah; |
| 2767 newsav->refcnt = 1; | 2780 sa_initref(newsav); |
| 2768 newsav->state = SADB_SASTATE_LARVAL; 2769 2770 /* XXX locking??? */ 2771 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, 2772 secasvar, chain); 2773done: 2774 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 2775 printf("DP %s from %s:%u return SP:%p\n", __func__, --- 2041 unchanged lines hidden (view full) --- 4817 state = SADB_SASTATE_LARVAL; 4818 4819 /* search SAD with sequence number ? */ 4820 LIST_FOREACH(sav, &sah->savtree[state], chain) { 4821 4822 KEY_CHKSASTATE(state, sav->state, __func__); 4823 4824 if (sav->seq == seq) { | 2781 newsav->state = SADB_SASTATE_LARVAL; 2782 2783 /* XXX locking??? */ 2784 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, 2785 secasvar, chain); 2786done: 2787 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 2788 printf("DP %s from %s:%u return SP:%p\n", __func__, --- 2041 unchanged lines hidden (view full) --- 4830 state = SADB_SASTATE_LARVAL; 4831 4832 /* search SAD with sequence number ? */ 4833 LIST_FOREACH(sav, &sah->savtree[state], chain) { 4834 4835 KEY_CHKSASTATE(state, sav->state, __func__); 4836 4837 if (sav->seq == seq) { |
| 4825 SA_ADDREF(sav); | 4838 sa_addref(sav); |
| 4826 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 4827 printf("DP %s cause refcnt++:%d SA:%p\n", 4828 __func__, sav->refcnt, sav)); 4829 return sav; 4830 } 4831 } 4832 4833 return NULL; --- 2509 unchanged lines hidden --- | 4839 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 4840 printf("DP %s cause refcnt++:%d SA:%p\n", 4841 __func__, sav->refcnt, sav)); 4842 return sav; 4843 } 4844 } 4845 4846 return NULL; --- 2509 unchanged lines hidden --- |