Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Stop setting isr->sav on looking up sav in key_checkrequest
details: https://anonhg.NetBSD.org/src/rev/6b718b0a62be
branches: trunk
changeset: 355250:6b718b0a62be
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Fri Jul 21 04:43:42 2017 +0000
description:
Stop setting isr->sav on looking up sav in key_checkrequest
diffstat:
sys/netipsec/key.c | 48 +++++-----------------------------------
tests/net/ipsec/t_ipsec_misc.sh | 30 ++++---------------------
2 files changed, 12 insertions(+), 66 deletions(-)
diffs (141 lines):
diff -r bfa8b35ba087 -r 6b718b0a62be sys/netipsec/key.c
--- a/sys/netipsec/key.c Fri Jul 21 04:39:08 2017 +0000
+++ b/sys/netipsec/key.c Fri Jul 21 04:43:42 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.189 2017/07/21 04:39:08 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.190 2017/07/21 04:43:42 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.189 2017/07/21 04:39:08 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.190 2017/07/21 04:43:42 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -777,8 +777,8 @@
{
u_int level;
int error;
- struct secasvar *oldsav = NULL;
const struct secasindex *saidx = &isr->saidx;
+ struct secasvar *sav;
KASSERT(isr != NULL);
KASSERTMSG(saidx->mode == IPSEC_MODE_TRANSPORT ||
@@ -795,43 +795,10 @@
* handle bundled SA's in the callback thread.
*/
IPSEC_SPLASSERT_SOFTNET("key_checkrequest");
-#if 0
- /*
- * We do allocate new SA only if the state of SA in the holder is
- * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
- */
- if (isr->sav != NULL) {
- if (isr->sav == (struct secasvar *)LIST_FIRST(
- &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
- KEY_FREESAV(&isr->sav);
- isr->sav = NULL;
- }
- }
-#else
- /*
- * we free any SA stashed in the IPsec request because a different
- * SA may be involved each time this request is checked, either
- * because new SAs are being configured, or this request is
- * associated with an unconnected datagram socket, or this request
- * is associated with a system default policy.
- *
- * The operation may have negative impact to performance. We may
- * want to check cached SA carefully, rather than picking new SA
- * every time.
- */
- if (isr->sav != NULL)
- oldsav = isr->sav;
-#endif
-
- isr->sav = key_lookup_sa_bysaidx(saidx);
- membar_producer();
- if (oldsav != NULL)
- KEY_FREESAV(&oldsav);
-
- /* When there is SA. */
- if (isr->sav != NULL) {
- *ret = isr->sav;
- SA_ADDREF(*ret);
+
+ sav = key_lookup_sa_bysaidx(saidx);
+ if (sav != NULL) {
+ *ret = sav;
return 0;
}
@@ -846,7 +813,6 @@
if (level != IPSEC_LEVEL_REQUIRE) {
/* XXX sigh, the interface to this routine is botched */
- KASSERTMSG(isr->sav == NULL, "unexpected SA");
*ret = NULL;
return 0;
} else {
diff -r bfa8b35ba087 -r 6b718b0a62be tests/net/ipsec/t_ipsec_misc.sh
--- a/tests/net/ipsec/t_ipsec_misc.sh Fri Jul 21 04:39:08 2017 +0000
+++ b/tests/net/ipsec/t_ipsec_misc.sh Fri Jul 21 04:43:42 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.14 2017/07/20 01:10:57 ozaki-r Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.15 2017/07/21 04:43:42 ozaki-r Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -152,21 +152,11 @@
export RUMP_SERVER=$SOCK_LOCAL
$DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o empty $HIJACKING setkey -D
- # The SA on output remain because sp/isr still refers it
- atf_check -s exit:0 -o match:"$ip_local $ip_peer" \
- $HIJACKING setkey -D -a
- atf_check -s exit:0 -o not-match:"$ip_peer $ip_local" \
- $HIJACKING setkey -D -a
+ atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
export RUMP_SERVER=$SOCK_PEER
$DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o empty $HIJACKING setkey -D
- atf_check -s exit:0 -o not-match:"$ip_local $ip_peer" \
- $HIJACKING setkey -D -a
- # The SA on output remain because sp/isr still refers it
- atf_check -s exit:0 -o match:"$ip_peer $ip_local" \
- $HIJACKING setkey -D -a
+ atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s not-exit:0 -o match:'0 packets received' \
@@ -248,21 +238,11 @@
export RUMP_SERVER=$SOCK_LOCAL
$DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o empty $HIJACKING setkey -D
- # The SA on output remain because sp/isr still refers it
- atf_check -s exit:0 -o match:"$ip_local $ip_peer" \
- $HIJACKING setkey -D -a
- atf_check -s exit:0 -o not-match:"$ip_peer $ip_local" \
- $HIJACKING setkey -D -a
+ atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
export RUMP_SERVER=$SOCK_PEER
$DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o empty $HIJACKING setkey -D
- atf_check -s exit:0 -o not-match:"$ip_local $ip_peer" \
- $HIJACKING setkey -D -a
- # The SA on output remain because sp/isr still refers it
- atf_check -s exit:0 -o match:"$ip_peer $ip_local" \
- $HIJACKING setkey -D -a
+ atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s not-exit:0 -o match:'0 packets received' \
Home |
Main Index |
Thread Index |
Old Index