OK to rename gettdbbyaddr to gettdbbydst since that's what it does
and it aligns well with gettdbbysrc?
---
sys/netinet/ip_ipsp.c | 47 +++++++++++++++++++++++++----------------------
sys/netinet/ip_ipsp.h | 4 ++--
sys/netinet/ip_spd.c | 6 +++---
3 files changed, 30 insertions(+), 27 deletions(-)
diff --git sys/netinet/ip_ipsp.c sys/netinet/ip_ipsp.c
index f6e598f..edeabc8 100644
--- sys/netinet/ip_ipsp.c
+++ sys/netinet/ip_ipsp.c
@@ -118,21 +118,21 @@ struct xformsw xformsw[] = {
tcp_signature_tdb_zeroize, tcp_signature_tdb_input,
tcp_signature_tdb_output, }
#endif /* TCP_SIGNATURE */
};
struct xformsw *xformswNXFORMSW = &xformsw[nitems(xformsw)];
#define TDB_HASHSIZE_INIT 32
static struct tdb **tdbh = NULL;
-static struct tdb **tdbaddr = NULL;
+static struct tdb **tdbdst = NULL;
static struct tdb **tdbsrc = NULL;
static u_int tdb_hashmask = TDB_HASHSIZE_INIT - 1;
static int tdb_count;
/*
* Our hashing function needs to stir things with a non-zero random multiplier
* so we cannot be DoS-attacked via choosing of the data to hash.
*/
int
tdb_hash(u_int rdomain, u_int32_t spi, union sockaddr_union *dst,
@@ -393,34 +393,34 @@ ipsp_aux_match(struct tdb *tdb,
}
return 1;
}
/*
* Get an SA given the remote address, the security protocol type, and
* the desired IDs.
*/
struct tdb *
-gettdbbyaddr(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto,
+gettdbbydst(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto,
struct ipsec_ref *srcid, struct ipsec_ref *dstid,
struct ipsec_ref *local_cred, struct sockaddr_encap *filter,
struct sockaddr_encap *filtermask)
{
u_int32_t hashval;
struct tdb *tdbp;
- if (tdbaddr == NULL)
+ if (tdbdst == NULL)
return (struct tdb *) NULL;
hashval = tdb_hash(rdomain, 0, dst, sproto);
- for (tdbp = tdbaddr[hashval]; tdbp != NULL; tdbp = tdbp->tdb_anext)
+ for (tdbp = tdbdst[hashval]; tdbp != NULL; tdbp = tdbp->tdb_dnext)
if ((tdbp->tdb_sproto == sproto) &&
(tdbp->tdb_rdomain == rdomain) &&
((tdbp->tdb_flags & TDBF_INVALID) == 0) &&
(!memcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa)))) {
/* Do IDs and local credentials match ? */
if (!ipsp_aux_match(tdbp, srcid, dstid,
local_cred, NULL, filter, filtermask))
continue;
break;
}
@@ -576,85 +576,85 @@ tdb_soft_firstuse(void *v)
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;
}
/*
* Caller is responsible for splsoftnet().
*/
void
tdb_rehash(void)
{
- struct tdb **new_tdbh, **new_tdbaddr, **new_srcaddr, *tdbp, *tdbnp;
+ struct tdb **new_tdbh, **new_tdbdst, **new_srcaddr, *tdbp, *tdbnp;
u_int i, old_hashmask = tdb_hashmask;
u_int32_t hashval;
tdb_hashmask = (tdb_hashmask << 1) | 1;
new_tdbh = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
- new_tdbaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
+ new_tdbdst = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
new_srcaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB,
M_WAITOK | M_ZERO);
for (i = 0; i <= old_hashmask; i++) {
for (tdbp = tdbh[i]; tdbp != NULL; tdbp = tdbnp) {
tdbnp = tdbp->tdb_hnext;
hashval = tdb_hash(tdbp->tdb_rdomain,
tdbp->tdb_spi, &tdbp->tdb_dst,
tdbp->tdb_sproto);
tdbp->tdb_hnext = new_tdbh[hashval];
new_tdbh[hashval] = tdbp;
}
- for (tdbp = tdbaddr[i]; tdbp != NULL; tdbp = tdbnp) {
- tdbnp = tdbp->tdb_anext;
+ for (tdbp = tdbdst[i]; tdbp != NULL; tdbp = tdbnp) {
+ tdbnp = tdbp->tdb_dnext;
hashval = tdb_hash(tdbp->tdb_rdomain,
0, &tdbp->tdb_dst,
tdbp->tdb_sproto);
- tdbp->tdb_anext = new_tdbaddr[hashval];
- new_tdbaddr[hashval] = tdbp;
+ tdbp->tdb_dnext = new_tdbdst[hashval];
+ new_tdbdst[hashval] = tdbp;
}
for (tdbp = tdbsrc[i]; tdbp != NULL; tdbp = tdbnp) {
tdbnp = tdbp->tdb_snext;
hashval = tdb_hash(tdbp->tdb_rdomain,
0, &tdbp->tdb_src,
tdbp->tdb_sproto);
tdbp->tdb_snext = new_srcaddr[hashval];
new_srcaddr[hashval] = tdbp;
}
}
free(tdbh, M_TDB, 0);
tdbh = new_tdbh;
- free(tdbaddr, M_TDB, 0);
- tdbaddr = new_tdbaddr;
+ free(tdbdst, M_TDB, 0);
+ tdbdst = new_tdbdst;
free(tdbsrc, M_TDB, 0);
tdbsrc = new_srcaddr;
}
/*
* Add TDB in the hash table.
*/
void
puttdb(struct tdb *tdbp)
{
u_int32_t hashval;
int s = splsoftnet();
if (tdbh == NULL) {
tdbh = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *),
M_TDB, M_WAITOK | M_ZERO);
- tdbaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *),
+ tdbdst = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *),
M_TDB, M_WAITOK | M_ZERO);
tdbsrc = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *),
M_TDB, M_WAITOK | M_ZERO);
}
hashval = tdb_hash(tdbp->tdb_rdomain, tdbp->tdb_spi,
&tdbp->tdb_dst, tdbp->tdb_sproto);
/*
* Rehash if this tdb would cause a bucket to have more than
@@ -669,22 +669,22 @@ puttdb(struct tdb *tdbp)
tdb_rehash();
hashval = tdb_hash(tdbp->tdb_rdomain, tdbp->tdb_spi,
&tdbp->tdb_dst, tdbp->tdb_sproto);
}
tdbp->tdb_hnext = tdbh[hashval];
tdbh[hashval] = tdbp;
hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_dst,
tdbp->tdb_sproto);
- tdbp->tdb_anext = tdbaddr[hashval];
- tdbaddr[hashval] = tdbp;
+ tdbp->tdb_dnext = tdbdst[hashval];
+ tdbdst[hashval] = tdbp;
hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_src,
tdbp->tdb_sproto);
tdbp->tdb_snext = tdbsrc[hashval];
tdbsrc[hashval] = tdbp;
tdb_count++;
ipsec_last_added = time_second;
@@ -697,53 +697,56 @@ puttdb(struct tdb *tdbp)
void
tdb_delete(struct tdb *tdbp)
{
struct tdb *tdbpp;
u_int32_t hashval;
int s;
if (tdbh == NULL)
return;
+ s = splsoftnet();
+
hashval = tdb_hash(tdbp->tdb_rdomain, tdbp->tdb_spi,
&tdbp->tdb_dst, tdbp->tdb_sproto);
- s = splsoftnet();
if (tdbh[hashval] == tdbp) {
tdbh[hashval] = tdbp->tdb_hnext;
} else {
for (tdbpp = tdbh[hashval]; tdbpp != NULL;
tdbpp = tdbpp->tdb_hnext) {
if (tdbpp->tdb_hnext == tdbp) {
tdbpp->tdb_hnext = tdbp->tdb_hnext;
break;
}
}
}
tdbp->tdb_hnext = NULL;
hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_dst,
tdbp->tdb_sproto);
- if (tdbaddr[hashval] == tdbp) {
- tdbaddr[hashval] = tdbp->tdb_anext;
+ if (tdbdst[hashval] == tdbp) {
+ tdbdst[hashval] = tdbp->tdb_dnext;
} else {
- for (tdbpp = tdbaddr[hashval]; tdbpp != NULL;
- tdbpp = tdbpp->tdb_anext) {
- if (tdbpp->tdb_anext == tdbp) {
- tdbpp->tdb_anext = tdbp->tdb_anext;
+ for (tdbpp = tdbdst[hashval]; tdbpp != NULL;
+ tdbpp = tdbpp->tdb_dnext) {
+ if (tdbpp->tdb_dnext == tdbp) {
+ tdbpp->tdb_dnext = tdbp->tdb_dnext;
break;
}
}
}
+ tdbp->tdb_dnext = NULL;
+
hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_src,
tdbp->tdb_sproto);
if (tdbsrc[hashval] == tdbp) {
tdbsrc[hashval] = tdbp->tdb_snext;
}
else {
for (tdbpp = tdbsrc[hashval]; tdbpp != NULL;
tdbpp = tdbpp->tdb_snext) {
if (tdbpp->tdb_snext == tdbp) {
diff --git sys/netinet/ip_ipsp.h sys/netinet/ip_ipsp.h
index 8c24fc1..47a5670 100644
--- sys/netinet/ip_ipsp.h
+++ sys/netinet/ip_ipsp.h
@@ -264,21 +264,21 @@ struct ipsec_policy {
struct tdb { /* tunnel descriptor block */
/*
* Each TDB is on three hash tables: one keyed on dst/spi/sproto,
* one keyed on dst/sproto, and one keyed on src/sproto. The first
* is used for finding a specific TDB, the second for finding TDBs
* for outgoing policy matching, and the third for incoming
* policy matching. The following three fields maintain the hash
* queues in those three tables.
*/
struct tdb *tdb_hnext; /* dst/spi/sproto table */
- struct tdb *tdb_anext; /* dst/sproto table */
+ struct tdb *tdb_dnext; /* dst/sproto table */
struct tdb *tdb_snext; /* src/sproto table */
struct tdb *tdb_inext;
struct tdb *tdb_onext;
struct xformsw *tdb_xform; /* Transform to use */
struct enc_xform *tdb_encalgxform; /* Enc algorithm */
struct auth_hash *tdb_authalgxform; /* Auth algorithm */
struct comp_algo *tdb_compalgxform; /* Compression algo */
#define TDBF_UNIQUE 0x00001 /* This should not be used by
others */
@@ -497,21 +497,21 @@ do {
\
uint8_t get_sa_require(struct inpcb *);
#ifdef ENCDEBUG
const char *ipsp_address(union sockaddr_union, char *, socklen_t);
#endif /* ENCDEBUG */
/* TDB management routines */
void tdb_add_inp(struct tdb *, struct inpcb *, int);
uint32_t reserve_spi(u_int, u_int32_t, u_int32_t, union sockaddr_union *,
union sockaddr_union *, u_int8_t, int *);
struct tdb *gettdb(u_int, u_int32_t, union sockaddr_union *, u_int8_t);
-struct tdb *gettdbbyaddr(u_int, union sockaddr_union *, u_int8_t,
+struct tdb *gettdbbydst(u_int, union sockaddr_union *, u_int8_t,
struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *,
struct sockaddr_encap *, struct sockaddr_encap *);
struct tdb *gettdbbysrc(u_int, union sockaddr_union *, u_int8_t,
struct ipsec_ref *, struct ipsec_ref *,
struct sockaddr_encap *, struct sockaddr_encap *);
struct tdb *gettdbbysrcdst(u_int, u_int32_t, union sockaddr_union *,
union sockaddr_union *, u_int8_t);
void puttdb(struct tdb *);
void tdb_delete(struct tdb *);
struct tdb *tdb_alloc(u_int);
diff --git sys/netinet/ip_spd.c sys/netinet/ip_spd.c
index 3287e2f..81e22da 100644
--- sys/netinet/ip_spd.c
+++ sys/netinet/ip_spd.c
@@ -393,21 +393,21 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int
*error, int direction,
* destinations exist but are not used, possibly leading to an
* explosion in the number of acquired SAs).
*/
if (ipo->ipo_last_searched <= ipsec_last_added) {
/* "Touch" the entry. */
if (dignore == 0)
ipo->ipo_last_searched = time_second;
/* Find an appropriate SA from the existing ones. */
ipo->ipo_tdb =
- gettdbbyaddr(rdomain,
+ gettdbbydst(rdomain,
dignore ? &sdst : &ipo->ipo_dst,
ipo->ipo_sproto,
srcid ? srcid : ipo->ipo_srcid,
dstid ? dstid : ipo->ipo_dstid,
ipo->ipo_local_cred, &ipo->ipo_addr,
&ipo->ipo_mask);
if (ipo->ipo_tdb) {
TAILQ_INSERT_TAIL(&ipo->ipo_tdb->tdb_policy_head,
ipo, ipo_tdb_next);
*error = 0;
@@ -1056,38 +1056,38 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int
*error, int direction,
/* XXX Only support one policy/protocol for now. */
if (inp->inp_ipo != NULL) {
if (inp->inp_ipo->ipo_last_searched <=
ipsec_last_added) {
inp->inp_ipo->ipo_last_searched = time_second;
/* Update, just in case. */
ipsec_update_policy(inp, inp->inp_ipo, af,
IPSP_DIRECTION_OUT);
- tdb = gettdbbyaddr(rtable_l2(inp->inp_rtableid),
+ tdb = gettdbbydst(rtable_l2(inp->inp_rtableid),
&inp->inp_ipo->ipo_dst,
inp->inp_ipo->ipo_sproto,
inp->inp_ipo->ipo_srcid,
inp->inp_ipo->ipo_dstid,
inp->inp_ipo->ipo_local_cred,
&inp->inp_ipo->ipo_addr,
&inp->inp_ipo->ipo_mask);
}
} else {
/*
* Construct a pseudo-policy, with just the necessary
* fields.
*/
ipsec_update_policy(inp, &sipon, af,
IPSP_DIRECTION_OUT);
- tdb = gettdbbyaddr(rtable_l2(inp->inp_rtableid),
+ tdb = gettdbbydst(rtable_l2(inp->inp_rtableid),
&sipon.ipo_dst, IPPROTO_ESP, NULL,
NULL, NULL, &sipon.ipo_addr, &sipon.ipo_mask);
}
/* If we found an appropriate SA... */
if (tdb != NULL) {
tdb_add_inp(tdb, inp, 0); /* Latch onto PCB. */
if (ipo != NULL && ipo->ipo_tdb != NULL &&
ipo->ipo_tdb != inp->inp_tdb_out && m != NULL)
--
2.3.4
