Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netipsec Don't use unstable isr->sav for header size cal...



details:   https://anonhg.NetBSD.org/src/rev/82f049297a0f
branches:  trunk
changeset: 355247:82f049297a0f
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Fri Jul 21 02:51:12 2017 +0000

description:
Don't use unstable isr->sav for header size calculations

We may need to optimize to not look up sav here for users that
don't need to know an exact size of headers (e.g., TCP segmemt size
caclulation).

diffstat:

 sys/netipsec/ipsec.c |  22 +++++++++++++++++-----
 1 files changed, 17 insertions(+), 5 deletions(-)

diffs (55 lines):

diff -r 8b04828f6322 -r 82f049297a0f sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c      Fri Jul 21 01:01:57 2017 +0000
+++ b/sys/netipsec/ipsec.c      Fri Jul 21 02:51:12 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $      */
+/*     $NetBSD: ipsec.c,v 1.107 2017/07/21 02:51:12 ozaki-r Exp $      */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $       */
 /*     $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.106 2017/07/19 06:31:54 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.107 2017/07/21 02:51:12 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -1876,7 +1876,7 @@
 static size_t
 ipsec_hdrsiz(const struct secpolicy *sp)
 {
-       const struct ipsecrequest *isr;
+       struct ipsecrequest *isr;
        size_t siz;
 
        if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
@@ -1897,13 +1897,25 @@
        siz = 0;
        for (isr = sp->req; isr != NULL; isr = isr->next) {
                size_t clen = 0;
+               struct secasvar *sav = NULL;
+               int error;
 
                switch (isr->saidx.proto) {
                case IPPROTO_ESP:
-                       clen = esp_hdrsiz(isr->sav);
+                       error = key_checkrequest(isr, &sav);
+                       if (error == 0) {
+                               clen = esp_hdrsiz(sav);
+                               KEY_FREESAV(&sav);
+                       } else
+                               clen = esp_hdrsiz(NULL);
                        break;
                case IPPROTO_AH:
-                       clen = ah_hdrsiz(isr->sav);
+                       error = key_checkrequest(isr, &sav);
+                       if (error == 0) {
+                               clen = ah_hdrsiz(sav);
+                               KEY_FREESAV(&sav);
+                       } else
+                               clen = ah_hdrsiz(NULL);
                        break;
                case IPPROTO_IPCOMP:
                        clen = sizeof(struct ipcomp);



Home | Main Index | Thread Index | Old Index