Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netkey backout; committed by mistake
details: https://anonhg.NetBSD.org/src/rev/88f99891e4e4
branches: trunk
changeset: 550818:88f99891e4e4
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Aug 22 05:48:27 2003 +0000
description:
backout; committed by mistake
diffstat:
sys/netkey/key.c | 345 +++++++++++++-----------------------------------
sys/netkey/key.h | 9 +-
sys/netkey/key_debug.c | 127 +-----------------
sys/netkey/keydb.c | 59 +++----
sys/netkey/keydb.h | 5 +-
5 files changed, 134 insertions(+), 411 deletions(-)
diffs (truncated from 939 to 300 lines):
diff -r b884d8bbb154 -r 88f99891e4e4 sys/netkey/key.c
--- a/sys/netkey/key.c Fri Aug 22 05:46:37 2003 +0000
+++ b/sys/netkey/key.c Fri Aug 22 05:48:27 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.87 2003/08/22 05:46:37 itojun Exp $ */
+/* $NetBSD: key.c,v 1.88 2003/08/22 05:48:27 itojun Exp $ */
/* $KAME: key.c,v 1.299 2003/07/25 08:48:05 sakane Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.87 2003/08/22 05:46:37 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.88 2003/08/22 05:48:27 itojun Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -182,7 +182,6 @@
0, /* SADB_X_EXT_KMPRIVATE */
sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
- sizeof(struct sadb_x_tag), /* SADB_X_TAG */
};
static const int maxsize[] = {
sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
@@ -205,7 +204,6 @@
0, /* SADB_X_EXT_KMPRIVATE */
0, /* SADB_X_EXT_POLICY */
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
- sizeof(struct sadb_x_tag), /* SADB_X_TAG */
};
static int ipsec_esp_keymin = 256;
@@ -308,7 +306,6 @@
static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int));
static void key_delsp __P((struct secpolicy *));
static struct secpolicy *key_getsp __P((struct secpolicyindex *, int));
-static struct secpolicy *key_getspbytag __P((u_int16_t, int));
static struct secpolicy *key_getspbyid __P((u_int32_t));
static u_int32_t key_newreqid __P((void));
static struct mbuf *key_gather_mbuf __P((struct mbuf *,
@@ -352,7 +349,6 @@
int, u_int64_t));
#endif
static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int32_t));
-static struct mbuf *key_setsadbxtag __P((u_int16_t));
static struct mbuf *key_setsadblifetime __P((u_int16_t, u_int32_t,
u_int64_t, u_int64_t, u_int64_t));
static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t,
@@ -443,14 +439,17 @@
* others: found and return the pointer.
*/
struct secpolicy *
-key_allocsp(tag, spidx, dir)
- u_int16_t tag;
+key_allocsp(spidx, dir)
struct secpolicyindex *spidx;
u_int dir;
{
struct secpolicy *sp;
int s;
+ /* sanity check */
+ if (spidx == NULL)
+ panic("key_allocsp: NULL pointer is passed.");
+
/* check direction */
switch (dir) {
case IPSEC_DIR_INBOUND:
@@ -462,31 +461,19 @@
/* get a SP entry */
s = splsoftnet(); /*called from softclock()*/
- if (spidx) {
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("*** objects\n");
- kdebug_secpolicyindex(spidx));
- }
+ KEYDEBUG(KEYDEBUG_IPSEC_DATA,
+ printf("*** objects\n");
+ kdebug_secpolicyindex(spidx));
LIST_FOREACH(sp, &sptree[dir], chain) {
+ KEYDEBUG(KEYDEBUG_IPSEC_DATA,
+ printf("*** in SPD\n");
+ kdebug_secpolicyindex(sp->spidx));
+
if (sp->state == IPSEC_SPSTATE_DEAD)
continue;
- if (!sp->spidx) {
- if (!tag)
- continue;
- if (sp->tag == tag)
- goto found;
- } else {
- if (!spidx)
- continue;
-
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("*** in SPD\n");
- kdebug_secpolicyindex(sp->spidx));
-
- if (key_cmpspidx_withmask(sp->spidx, spidx))
- goto found;
- }
+ if (key_cmpspidx_withmask(sp->spidx, spidx))
+ goto found;
}
splx(s);
@@ -947,8 +934,6 @@
LIST_FOREACH(sp, &sptree[dir], chain) {
if (sp->state == IPSEC_SPSTATE_DEAD)
continue;
- if (!sp->spidx)
- continue;
if (key_cmpspidx_exactly(spidx, sp->spidx)) {
sp->refcnt++;
return sp;
@@ -958,27 +943,6 @@
return NULL;
}
-static struct secpolicy *
-key_getspbytag(tag, dir)
- u_int16_t tag;
- int dir;
-{
- struct secpolicy *sp;
-
- LIST_FOREACH(sp, &sptree[dir], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
- if (sp->spidx)
- continue;
- if (sp->tag == tag) {
- sp->refcnt++;
- return sp;
- }
- }
-
- return NULL;
-}
-
/*
* get SP by index.
* OUT: NULL : not found
@@ -1001,41 +965,14 @@
}
struct secpolicy *
-key_newsp(id)
- u_int32_t id;
+key_newsp()
{
- struct secpolicy *newsp = NULL, *sp;
- u_int32_t newid;
-
- if (id > IPSEC_MANUAL_POLICYID_MAX) {
- ipseclog((LOG_DEBUG,
- "key_newsp: policy_id=%u range "
- "violation, updated by kernel.\n", id));
- id = 0;
- }
-
- if (id == 0) {
- if ((newid = keydb_newspid()) == 0) {
- ipseclog((LOG_DEBUG,
- "key_newsp: new policy_id allocation failed."));
- return NULL;
- }
- } else {
- sp = key_getspbyid(id);
- if (sp != NULL) {
- ipseclog((LOG_DEBUG,
- "key_newsp: policy_id(%u) has been used.\n", id));
- key_freesp(sp);
- return NULL;
- }
- newid = id;
- }
+ struct secpolicy *newsp = NULL;
newsp = keydb_newsecpolicy();
if (!newsp)
return newsp;
- newsp->id = newid;
newsp->refcnt = 1;
newsp->req = NULL;
@@ -1066,7 +1003,7 @@
return NULL;
}
- if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
+ if ((newsp = key_newsp()) == NULL) {
*error = ENOBUFS;
return NULL;
}
@@ -1458,40 +1395,23 @@
struct sadb_address *src0, *dst0;
struct sadb_x_policy *xpl0, *xpl;
struct sadb_lifetime *lft = NULL;
- struct sadb_x_tag *tag = NULL;
struct secpolicyindex spidx;
struct secpolicy *newsp;
struct ipsecrequest *isr;
int error;
- u_int16_t tagvalue;
- int spidxmode;
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_spdadd: NULL pointer is passed.");
- if ((mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
- mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) ||
- mhp->ext[SADB_X_EXT_TAG] != NULL) {
- ;
- } else {
+ if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
+ mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
+ mhp->ext[SADB_X_EXT_POLICY] == NULL) {
ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
return key_senderror(so, m, EINVAL);
}
- if (mhp->ext[SADB_X_EXT_TAG] != NULL) {
- ipseclog((LOG_DEBUG, "key_spdadd: tag not supported.\n"));
- return key_senderror(so, m, EOPNOTSUPP);
- }
- if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
- ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
- return key_senderror(so, m, EINVAL);
- }
- if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
- mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
- (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
- mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
- (mhp->extlen[SADB_X_EXT_TAG] &&
- mhp->extlen[SADB_X_EXT_TAG] < sizeof(struct sadb_x_tag)) ||
+ if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
+ mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
return key_senderror(so, m, EINVAL);
@@ -1505,21 +1425,19 @@
lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
}
- /* spidx mode, or tag mode */
- spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
-
- if (spidxmode) {
- src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
- dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
- /* make secindex */
- /* XXX boundary check against sa_len */
- KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
- src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
- src0->sadb_address_proto, &spidx);
- } else
- tag = (struct sadb_x_tag *)mhp->ext[SADB_X_EXT_TAG];
+ src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
+ dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
+ /* make secindex */
+ /* XXX boundary check against sa_len */
+ KEY_SETSECSPIDX(src0 + 1,
+ dst0 + 1,
+ src0->sadb_address_prefixlen,
+ dst0->sadb_address_prefixlen,
+ src0->sadb_address_proto,
+ &spidx);
+
/* checking the direciton. */
switch (xpl0->sadb_x_policy_dir) {
case IPSEC_DIR_INBOUND:
@@ -1553,15 +1471,7 @@
* If the type is either SPDADD or SPDSETIDX AND a SP is found,
* then error.
*/
- if (xpl0->sadb_x_policy_id != 0)
- newsp = key_getspbyid(xpl0->sadb_x_policy_id);
- else if (spidxmode)
- newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
- else {
- tagvalue = m_nametag_tagname2tag(tag->sadb_x_tag_name);
- /* tag refcnt++ */
- newsp = key_getspbytag(tagvalue, xpl0->sadb_x_policy_dir);
- }
+ newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
if (newsp) {
key_sp_dead(newsp);
@@ -1573,39 +1483,31 @@
if (newsp != NULL) {
key_freesp(newsp);
Home |
Main Index |
Thread Index |
Old Index