Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys ipsec: remove unnecessary splsoftnet
details: https://anonhg.NetBSD.org/src/rev/a67e1f7da570
branches: trunk
changeset: 373245:a67e1f7da570
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Fri Jan 27 09:33:43 2023 +0000
description:
ipsec: remove unnecessary splsoftnet
Because the code of IPsec itself is already MP-safe.
diffstat:
sys/netinet6/ip6_output.c | 6 ++----
sys/netipsec/ipsec.c | 21 ++++-----------------
sys/netipsec/ipsec_input.c | 10 +++-------
sys/netipsec/ipsec_output.c | 19 ++++---------------
4 files changed, 13 insertions(+), 43 deletions(-)
diffs (295 lines):
diff -r e8c79e752f62 -r a67e1f7da570 sys/netinet6/ip6_output.c
--- a/sys/netinet6/ip6_output.c Fri Jan 27 09:28:41 2023 +0000
+++ b/sys/netinet6/ip6_output.c Fri Jan 27 09:33:43 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.231 2022/10/28 05:25:36 ozaki-r Exp $ */
+/* $NetBSD: ip6_output.c,v 1.232 2023/01/27 09:33:43 ozaki-r Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.231 2022/10/28 05:25:36 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.232 2023/01/27 09:33:43 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -484,9 +484,7 @@
#ifdef IPSEC
if (needipsec) {
- int s = splsoftnet();
error = ipsec6_process_packet(m, sp->req, flags);
- splx(s);
/*
* Preserve KAME behaviour: ENOENT can be returned
diff -r e8c79e752f62 -r a67e1f7da570 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Fri Jan 27 09:28:41 2023 +0000
+++ b/sys/netipsec/ipsec.c Fri Jan 27 09:33:43 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.177 2022/12/08 08:07:07 knakahara Exp $ */
+/* $NetBSD: ipsec.c,v 1.178 2023/01/27 09:33:43 ozaki-r Exp $ */
/* $FreeBSD: ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.177 2022/12/08 08:07:07 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.178 2023/01/27 09:33:43 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -619,7 +619,7 @@
{
struct secpolicy *sp = NULL;
u_long _mtu = 0;
- int error, s;
+ int error;
/*
* Check the security policy (SP) for the packet and, if required,
@@ -632,9 +632,7 @@
if (ipsec_outdone(m)) {
return 0;
}
- s = splsoftnet();
if (inp && ipsec_pcb_skip_ipsec(inp->inp_sp, IPSEC_DIR_OUTBOUND)) {
- splx(s);
return 0;
}
sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, inp);
@@ -647,7 +645,6 @@
* sp == NULL, error != 0 discard packet, report error
*/
if (sp == NULL) {
- splx(s);
if (error) {
/*
* Hack: -EINVAL is used to signal that a packet
@@ -684,7 +681,6 @@
*mtu = _mtu;
*natt_frag = true;
KEY_SP_UNREF(&sp);
- splx(s);
return 0;
}
@@ -698,7 +694,6 @@
if (error == ENOENT)
error = 0;
KEY_SP_UNREF(&sp);
- splx(s);
*done = true;
return error;
}
@@ -707,11 +702,9 @@
ipsec_ip_input_checkpolicy(struct mbuf *m, bool forward)
{
struct secpolicy *sp;
- int error, s;
+ int error;
- s = splsoftnet();
error = ipsec_in_reject(m, NULL);
- splx(s);
if (error) {
return EINVAL;
}
@@ -724,14 +717,12 @@
* Peek at the outbound SP for this packet to determine if
* it is a Fast Forward candidate.
*/
- s = splsoftnet();
sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING,
&error, NULL);
if (sp != NULL) {
m->m_flags &= ~M_CANFASTFWD;
KEY_SP_UNREF(&sp);
}
- splx(s);
return 0;
}
@@ -1801,20 +1792,16 @@
int *needipsecp, int *errorp)
{
struct secpolicy *sp = NULL;
- int s;
int error = 0;
int needipsec = 0;
if (ipsec_outdone(m)) {
goto skippolicycheck;
}
- s = splsoftnet();
if (inp && ipsec_pcb_skip_ipsec(inp->inp_sp, IPSEC_DIR_OUTBOUND)) {
- splx(s);
goto skippolicycheck;
}
sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, inp);
- splx(s);
/*
* There are four return cases:
diff -r e8c79e752f62 -r a67e1f7da570 sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c Fri Jan 27 09:28:41 2023 +0000
+++ b/sys/netipsec/ipsec_input.c Fri Jan 27 09:33:43 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.78 2022/08/23 09:25:10 knakahara Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.79 2023/01/27 09:33:43 ozaki-r Exp $ */
/* $FreeBSD: ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.78 2022/08/23 09:25:10 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.79 2023/01/27 09:33:43 ozaki-r Exp $");
/*
* IPsec input processing.
@@ -220,7 +220,7 @@
u_int32_t spi;
u_int16_t sport;
u_int16_t dport;
- int s, error;
+ int error;
IPSEC_ISTAT(sproto, ESP_STAT_INPUT, AH_STAT_INPUT,
IPCOMP_STAT_INPUT);
@@ -296,8 +296,6 @@
return EPFNOSUPPORT;
}
- s = splsoftnet();
-
/* NB: only pass dst since key_lookup_sa follows RFC2401 */
sav = KEY_LOOKUP_SA(&dst_address, sproto, spi, sport, dport);
if (sav == NULL) {
@@ -332,7 +330,6 @@
}
IPSEC_ISTAT(sproto, ESP_STAT_NOTDB, AH_STAT_NOTDB,
IPCOMP_STAT_NOTDB);
- splx(s);
m_freem(m);
return ENOENT;
}
@@ -345,7 +342,6 @@
*/
error = (*sav->tdb_xform->xf_input)(m, sav, skip, protoff);
KEY_SA_UNREF(&sav);
- splx(s);
return error;
}
diff -r e8c79e752f62 -r a67e1f7da570 sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Fri Jan 27 09:28:41 2023 +0000
+++ b/sys/netipsec/ipsec_output.c Fri Jan 27 09:33:43 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.85 2022/04/10 09:50:46 andvar Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.86 2023/01/27 09:33:43 ozaki-r Exp $ */
/*
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.85 2022/04/10 09:50:46 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.86 2023/01/27 09:33:43 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -488,7 +488,7 @@
{
struct secasvar *sav = NULL;
struct ip *ip;
- int s, error, i, off;
+ int error, i, off;
union sockaddr_union *dst;
int setdf;
@@ -496,8 +496,6 @@
KASSERT(m->m_nextpkt == NULL);
KASSERT(isr != NULL);
- s = splsoftnet(); /* insure SA contents don't change */
-
isr = ipsec_nextisr(m, isr, AF_INET, &error, &sav);
if (isr == NULL) {
if (error != 0) {
@@ -506,7 +504,6 @@
if (ipsec_register_done(m, &error) < 0)
goto bad;
- splx(s);
return ipsec_reinject_ipstack(m, AF_INET, 0);
}
}
@@ -531,7 +528,6 @@
goto noneed;
*mtu = sav->esp_frag;
KEY_SA_UNREF(&sav);
- splx(s);
return 0;
}
noneed:
@@ -633,13 +629,11 @@
error = ipsec_process_done(m, isr, sav, 0);
}
KEY_SA_UNREF(&sav);
- splx(s);
return error;
unrefsav:
KEY_SA_UNREF(&sav);
bad:
- splx(s);
if (m)
m_freem(m);
return error;
@@ -738,15 +732,13 @@
{
struct secasvar *sav = NULL;
struct ip6_hdr *ip6;
- int s, error, i, off;
+ int error, i, off;
union sockaddr_union *dst;
KASSERT(m != NULL);
KASSERT(m->m_nextpkt == NULL);
KASSERT(isr != NULL);
- s = splsoftnet(); /* insure SA contents don't change */
-
isr = ipsec_nextisr(m, isr, AF_INET6, &error, &sav);
if (isr == NULL) {
if (error != 0) {
@@ -756,7 +748,6 @@
if (ipsec_register_done(m, &error) < 0)
goto bad;
- splx(s);
return ipsec_reinject_ipstack(m, AF_INET6, flags);
}
}
@@ -823,13 +814,11 @@
}
error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off, flags);
KEY_SA_UNREF(&sav);
- splx(s);
return error;
unrefsav:
KEY_SA_UNREF(&sav);
bad:
- splx(s);
if (m)
m_freem(m);
return error;
Home |
Main Index |
Thread Index |
Old Index