Module Name: src
Committed By: ozaki-r
Date: Tue May 23 04:26:08 UTC 2017
Modified Files:
src/sys/netipsec: ipsec.c key.c
Log Message:
Disable secspacq stuffs that are now unused
The stuffs are used only if sp->policy == IPSEC_POLICY_IPSEC
&& sp->req == NULL (see ipsec{4,6}_checkpolicy). However, in the
current implementation, sp->req never be NULL (except for the
moments of SP allocation and deallocation) if sp->policy is
IPSEC_POLICY_IPSEC.
It seems that the facility was partially implemented in the KAME
era and wasn't completed. Make it clear that the facility is
unused for now by #ifdef notyet. Eventually we should complete
the implementation or remove it entirely.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.138 -r1.139 src/sys/netipsec/key.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.92 src/sys/netipsec/ipsec.c:1.93
--- src/sys/netipsec/ipsec.c:1.92 Fri May 19 04:34:09 2017
+++ src/sys/netipsec/ipsec.c Tue May 23 04:26:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.92 2017/05/19 04:34:09 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.93 2017/05/23 04:26:08 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.92 2017/05/19 04:34:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.93 2017/05/23 04:26:08 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -644,8 +644,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
sp = NULL; /* NB: force NULL result */
break;
case IPSEC_POLICY_IPSEC:
- if (sp->req == NULL) /* acquire an SA */
- *error = key_spdacquire(sp);
+ KASSERT(sp->req != NULL);
break;
}
if (*error != 0) {
@@ -890,8 +889,7 @@ ipsec6_checkpolicy(struct mbuf *m, u_int
sp = NULL; /* NB: force NULL result */
break;
case IPSEC_POLICY_IPSEC:
- if (sp->req == NULL) /* acquire an SA */
- *error = key_spdacquire(sp);
+ KASSERT(sp->req != NULL);
break;
}
if (*error != 0) {
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.138 src/sys/netipsec/key.c:1.139
--- src/sys/netipsec/key.c:1.138 Tue May 23 03:13:52 2017
+++ src/sys/netipsec/key.c Tue May 23 04:26:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.138 2017/05/23 03:13:52 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.139 2017/05/23 04:26:08 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.138 2017/05/23 03:13:52 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.139 2017/05/23 04:26:08 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -150,7 +150,9 @@ static LIST_HEAD(_regtree, secreg) regtr
#ifndef IPSEC_NONBLOCK_ACQUIRE
static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
#endif
+#ifdef notyet
static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
+#endif
/* search order for SAs */
/*
@@ -488,8 +490,10 @@ static struct secacq *key_newacq (const
static struct secacq *key_getacq (const struct secasindex *);
static struct secacq *key_getacqbyseq (u_int32_t);
#endif
+#ifdef notyet
static struct secspacq *key_newspacq (const struct secpolicyindex *);
static struct secspacq *key_getspacq (const struct secpolicyindex *);
+#endif
static int key_acquire2 (struct socket *, struct mbuf *,
const struct sadb_msghdr *);
static int key_register (struct socket *, struct mbuf *,
@@ -1957,8 +1961,11 @@ key_spdadd(struct socket *so, struct mbu
newsp->refcnt = 1; /* do not reclaim until I say I do */
newsp->state = IPSEC_SPSTATE_ALIVE;
+ if (newsp->policy == IPSEC_POLICY_IPSEC)
+ KASSERT(newsp->req != NULL);
LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
+#ifdef notyet
/* delete the entry in spacqtree */
if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
struct secspacq *spacq = key_getspacq(&spidx);
@@ -1968,6 +1975,7 @@ key_spdadd(struct socket *so, struct mbu
spacq->count = 0;
}
}
+#endif
/* Invalidate all cached SPD pointers in the PCBs. */
ipsec_invalpcbcacheall();
@@ -2312,6 +2320,7 @@ key_spdget(struct socket *so, struct mbu
return key_senderror(so, m, ENOBUFS);
}
+#ifdef notyet
/*
* SADB_X_SPDACQUIRE processing.
* Acquire policy and SA(s) for a *OUTBOUND* packet.
@@ -2382,6 +2391,7 @@ fail:
m_freem(result);
return error;
}
+#endif /* notyet */
/*
* SADB_SPDFLUSH processing
@@ -4669,6 +4679,7 @@ key_timehandler_work(struct work *wk, vo
}
#endif
+#ifdef notyet
/* SP ACQ tree */
{
struct secspacq *acq, *nextacq;
@@ -4681,6 +4692,7 @@ key_timehandler_work(struct work *wk, vo
}
}
}
+#endif
/* do exchange to tick time !! */
callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
@@ -6418,6 +6430,7 @@ key_getacqbyseq(u_int32_t seq)
}
#endif
+#ifdef notyet
static struct secspacq *
key_newspacq(const struct secpolicyindex *spidx)
{
@@ -6450,6 +6463,7 @@ key_getspacq(const struct secpolicyindex
return NULL;
}
+#endif /* notyet */
/*
* SADB_ACQUIRE processing,
@@ -7676,7 +7690,9 @@ key_do_init(void)
#ifndef IPSEC_NONBLOCK_ACQUIRE
LIST_INIT(&acqtree);
#endif
+#ifdef notyet
LIST_INIT(&spacqtree);
+#endif
/* system default */
ip4_def_policy.policy = IPSEC_POLICY_NONE;
