Module Name: src
Committed By: ozaki-r
Date: Thu Feb 15 04:24:32 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c xform_esp.c xform_ipcomp.c
Log Message:
Don't relook up an SP/SA in opencrpyto callbacks
We don't need to do so because we have a reference to it. And also
relooking-up one there may return an sp/sav that has different
parameters from an original one.
To generate a diff of this commit:
cvs rdiff -u -r1.77 -r1.78 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.75 -r1.76 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.55 -r1.56 src/sys/netipsec/xform_ipcomp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.77 src/sys/netipsec/xform_ah.c:1.78
--- src/sys/netipsec/xform_ah.c:1.77 Wed Jan 24 13:49:23 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 04:24:32 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.77 2018/01/24 13:49:23 maxv Exp $ */
+/* $NetBSD: xform_ah.c,v 1.78 2018/02/15 04:24:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.77 2018/01/24 13:49:23 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.78 2018/02/15 04:24:32 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -824,18 +824,6 @@ ah_input_cb(struct cryptop *crp)
IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
- sport, dport);
- if (sav == NULL) {
- AH_STATINC(AH_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
-
saidx = &sav->sah->saidx;
KASSERTMSG(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
@@ -1218,24 +1206,6 @@ ah_output_cb(struct cryptop *crp)
isr = tc->tc_isr;
sav = tc->tc_sav;
- if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
- AH_STATINC(AH_STAT_NOTDB);
- IPSECLOG(LOG_DEBUG,
- "SP is being destroyed while in crypto (id=%u)\n",
- isr->sp->id);
- error = ENOENT;
- goto bad;
- }
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- AH_STATINC(AH_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
/* Check for crypto errors. */
if (crp->crp_etype) {
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.75 src/sys/netipsec/xform_esp.c:1.76
--- src/sys/netipsec/xform_esp.c:1.75 Wed Feb 14 09:13:03 2018
+++ src/sys/netipsec/xform_esp.c Thu Feb 15 04:24:32 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.75 2018/02/14 09:13:03 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.76 2018/02/15 04:24:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.75 2018/02/14 09:13:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.76 2018/02/15 04:24:32 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -538,21 +538,6 @@ esp_input_cb(struct cryptop *crp)
IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
- sport, dport);
- if (sav == NULL) {
- ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto "
- "(SA %s/%08lx proto %u)\n", __func__,
- ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
- (u_long) ntohl(tc->tc_spi), tc->tc_proto));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
-
saidx = &sav->sah->saidx;
KASSERTMSG(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
@@ -1000,28 +985,6 @@ esp_output_cb(struct cryptop *crp)
isr = tc->tc_isr;
sav = tc->tc_sav;
- if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
- ESP_STATINC(ESP_STAT_NOTDB);
- IPSECLOG(LOG_DEBUG,
- "SP is being destroyed while in crypto (id=%u)\n",
- isr->sp->id);
- error = ENOENT;
- goto bad;
- }
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- char buf[IPSEC_ADDRSTRLEN];
- ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto (SA %s/%08lx "
- "proto %u)\n", __func__,
- ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
- (u_long) ntohl(tc->tc_spi), tc->tc_proto));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
/* Check for crypto errors. */
if (crp->crp_etype) {
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.55 src/sys/netipsec/xform_ipcomp.c:1.56
--- src/sys/netipsec/xform_ipcomp.c:1.55 Wed Feb 14 09:13:03 2018
+++ src/sys/netipsec/xform_ipcomp.c Thu Feb 15 04:24:32 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.55 2018/02/14 09:13:03 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.56 2018/02/15 04:24:32 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.55 2018/02/14 09:13:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.56 2018/02/15 04:24:32 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -275,18 +275,6 @@ ipcomp_input_cb(struct cryptop *crp)
IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
- sport, dport);
- if (sav == NULL) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
-
saidx = &sav->sah->saidx;
KASSERTMSG(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
@@ -567,24 +555,6 @@ ipcomp_output_cb(struct cryptop *crp)
isr = tc->tc_isr;
sav = tc->tc_sav;
- if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- IPSECLOG(LOG_DEBUG,
- "SP is being destroyed while in crypto (id=%u)\n",
- isr->sp->id);
- error = ENOENT;
- goto bad;
- }
- if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_SA_UNREF(&sav);
- sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
- if (sav == NULL) {
- IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("%s: SA expired while in crypto\n", __func__));
- error = ENOBUFS; /*XXX*/
- goto bad;
- }
- }
/* Check for crypto errors */
if (crp->crp_etype) {
