OK to rename gettdbbyaddr to gettdbbydst since that's what it does and it aligns well with gettdbbysrc?
--- sys/netinet/ip_ipsp.c | 47 +++++++++++++++++++++++++---------------------- sys/netinet/ip_ipsp.h | 4 ++-- sys/netinet/ip_spd.c | 6 +++--- 3 files changed, 30 insertions(+), 27 deletions(-) diff --git sys/netinet/ip_ipsp.c sys/netinet/ip_ipsp.c index f6e598f..edeabc8 100644 --- sys/netinet/ip_ipsp.c +++ sys/netinet/ip_ipsp.c @@ -118,21 +118,21 @@ struct xformsw xformsw[] = { tcp_signature_tdb_zeroize, tcp_signature_tdb_input, tcp_signature_tdb_output, } #endif /* TCP_SIGNATURE */ }; struct xformsw *xformswNXFORMSW = &xformsw[nitems(xformsw)]; #define TDB_HASHSIZE_INIT 32 static struct tdb **tdbh = NULL; -static struct tdb **tdbaddr = NULL; +static struct tdb **tdbdst = NULL; static struct tdb **tdbsrc = NULL; static u_int tdb_hashmask = TDB_HASHSIZE_INIT - 1; static int tdb_count; /* * Our hashing function needs to stir things with a non-zero random multiplier * so we cannot be DoS-attacked via choosing of the data to hash. */ int tdb_hash(u_int rdomain, u_int32_t spi, union sockaddr_union *dst, @@ -393,34 +393,34 @@ ipsp_aux_match(struct tdb *tdb, } return 1; } /* * Get an SA given the remote address, the security protocol type, and * the desired IDs. */ struct tdb * -gettdbbyaddr(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto, +gettdbbydst(u_int rdomain, union sockaddr_union *dst, u_int8_t sproto, struct ipsec_ref *srcid, struct ipsec_ref *dstid, struct ipsec_ref *local_cred, struct sockaddr_encap *filter, struct sockaddr_encap *filtermask) { u_int32_t hashval; struct tdb *tdbp; - if (tdbaddr == NULL) + if (tdbdst == NULL) return (struct tdb *) NULL; hashval = tdb_hash(rdomain, 0, dst, sproto); - for (tdbp = tdbaddr[hashval]; tdbp != NULL; tdbp = tdbp->tdb_anext) + for (tdbp = tdbdst[hashval]; tdbp != NULL; tdbp = tdbp->tdb_dnext) if ((tdbp->tdb_sproto == sproto) && (tdbp->tdb_rdomain == rdomain) && ((tdbp->tdb_flags & TDBF_INVALID) == 0) && (!memcmp(&tdbp->tdb_dst, dst, SA_LEN(&dst->sa)))) { /* Do IDs and local credentials match ? */ if (!ipsp_aux_match(tdbp, srcid, dstid, local_cred, NULL, filter, filtermask)) continue; break; } @@ -576,85 +576,85 @@ tdb_soft_firstuse(void *v) pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE; } /* * Caller is responsible for splsoftnet(). */ void tdb_rehash(void) { - struct tdb **new_tdbh, **new_tdbaddr, **new_srcaddr, *tdbp, *tdbnp; + struct tdb **new_tdbh, **new_tdbdst, **new_srcaddr, *tdbp, *tdbnp; u_int i, old_hashmask = tdb_hashmask; u_int32_t hashval; tdb_hashmask = (tdb_hashmask << 1) | 1; new_tdbh = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB, M_WAITOK | M_ZERO); - new_tdbaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB, + new_tdbdst = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB, M_WAITOK | M_ZERO); new_srcaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB, M_WAITOK | M_ZERO); for (i = 0; i <= old_hashmask; i++) { for (tdbp = tdbh[i]; tdbp != NULL; tdbp = tdbnp) { tdbnp = tdbp->tdb_hnext; hashval = tdb_hash(tdbp->tdb_rdomain, tdbp->tdb_spi, &tdbp->tdb_dst, tdbp->tdb_sproto); tdbp->tdb_hnext = new_tdbh[hashval]; new_tdbh[hashval] = tdbp; } - for (tdbp = tdbaddr[i]; tdbp != NULL; tdbp = tdbnp) { - tdbnp = tdbp->tdb_anext; + for (tdbp = tdbdst[i]; tdbp != NULL; tdbp = tdbnp) { + tdbnp = tdbp->tdb_dnext; hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_dst, tdbp->tdb_sproto); - tdbp->tdb_anext = new_tdbaddr[hashval]; - new_tdbaddr[hashval] = tdbp; + tdbp->tdb_dnext = new_tdbdst[hashval]; + new_tdbdst[hashval] = tdbp; } for (tdbp = tdbsrc[i]; tdbp != NULL; tdbp = tdbnp) { tdbnp = tdbp->tdb_snext; hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_src, tdbp->tdb_sproto); tdbp->tdb_snext = new_srcaddr[hashval]; new_srcaddr[hashval] = tdbp; } } free(tdbh, M_TDB, 0); tdbh = new_tdbh; - free(tdbaddr, M_TDB, 0); - tdbaddr = new_tdbaddr; + free(tdbdst, M_TDB, 0); + tdbdst = new_tdbdst; free(tdbsrc, M_TDB, 0); tdbsrc = new_srcaddr; } /* * Add TDB in the hash table. */ void puttdb(struct tdb *tdbp) { u_int32_t hashval; int s = splsoftnet(); if (tdbh == NULL) { tdbh = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB, M_WAITOK | M_ZERO); - tdbaddr = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), + tdbdst = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB, M_WAITOK | M_ZERO); tdbsrc = mallocarray(tdb_hashmask + 1, sizeof(struct tdb *), M_TDB, M_WAITOK | M_ZERO); } hashval = tdb_hash(tdbp->tdb_rdomain, tdbp->tdb_spi, &tdbp->tdb_dst, tdbp->tdb_sproto); /* * Rehash if this tdb would cause a bucket to have more than @@ -669,22 +669,22 @@ puttdb(struct tdb *tdbp) tdb_rehash(); hashval = tdb_hash(tdbp->tdb_rdomain, tdbp->tdb_spi, &tdbp->tdb_dst, tdbp->tdb_sproto); } tdbp->tdb_hnext = tdbh[hashval]; tdbh[hashval] = tdbp; hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_dst, tdbp->tdb_sproto); - tdbp->tdb_anext = tdbaddr[hashval]; - tdbaddr[hashval] = tdbp; + tdbp->tdb_dnext = tdbdst[hashval]; + tdbdst[hashval] = tdbp; hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_src, tdbp->tdb_sproto); tdbp->tdb_snext = tdbsrc[hashval]; tdbsrc[hashval] = tdbp; tdb_count++; ipsec_last_added = time_second; @@ -697,53 +697,56 @@ puttdb(struct tdb *tdbp) void tdb_delete(struct tdb *tdbp) { struct tdb *tdbpp; u_int32_t hashval; int s; if (tdbh == NULL) return; + s = splsoftnet(); + hashval = tdb_hash(tdbp->tdb_rdomain, tdbp->tdb_spi, &tdbp->tdb_dst, tdbp->tdb_sproto); - s = splsoftnet(); if (tdbh[hashval] == tdbp) { tdbh[hashval] = tdbp->tdb_hnext; } else { for (tdbpp = tdbh[hashval]; tdbpp != NULL; tdbpp = tdbpp->tdb_hnext) { if (tdbpp->tdb_hnext == tdbp) { tdbpp->tdb_hnext = tdbp->tdb_hnext; break; } } } tdbp->tdb_hnext = NULL; hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_dst, tdbp->tdb_sproto); - if (tdbaddr[hashval] == tdbp) { - tdbaddr[hashval] = tdbp->tdb_anext; + if (tdbdst[hashval] == tdbp) { + tdbdst[hashval] = tdbp->tdb_dnext; } else { - for (tdbpp = tdbaddr[hashval]; tdbpp != NULL; - tdbpp = tdbpp->tdb_anext) { - if (tdbpp->tdb_anext == tdbp) { - tdbpp->tdb_anext = tdbp->tdb_anext; + for (tdbpp = tdbdst[hashval]; tdbpp != NULL; + tdbpp = tdbpp->tdb_dnext) { + if (tdbpp->tdb_dnext == tdbp) { + tdbpp->tdb_dnext = tdbp->tdb_dnext; break; } } } + tdbp->tdb_dnext = NULL; + hashval = tdb_hash(tdbp->tdb_rdomain, 0, &tdbp->tdb_src, tdbp->tdb_sproto); if (tdbsrc[hashval] == tdbp) { tdbsrc[hashval] = tdbp->tdb_snext; } else { for (tdbpp = tdbsrc[hashval]; tdbpp != NULL; tdbpp = tdbpp->tdb_snext) { if (tdbpp->tdb_snext == tdbp) { diff --git sys/netinet/ip_ipsp.h sys/netinet/ip_ipsp.h index 8c24fc1..47a5670 100644 --- sys/netinet/ip_ipsp.h +++ sys/netinet/ip_ipsp.h @@ -264,21 +264,21 @@ struct ipsec_policy { struct tdb { /* tunnel descriptor block */ /* * Each TDB is on three hash tables: one keyed on dst/spi/sproto, * one keyed on dst/sproto, and one keyed on src/sproto. The first * is used for finding a specific TDB, the second for finding TDBs * for outgoing policy matching, and the third for incoming * policy matching. The following three fields maintain the hash * queues in those three tables. */ struct tdb *tdb_hnext; /* dst/spi/sproto table */ - struct tdb *tdb_anext; /* dst/sproto table */ + struct tdb *tdb_dnext; /* dst/sproto table */ struct tdb *tdb_snext; /* src/sproto table */ struct tdb *tdb_inext; struct tdb *tdb_onext; struct xformsw *tdb_xform; /* Transform to use */ struct enc_xform *tdb_encalgxform; /* Enc algorithm */ struct auth_hash *tdb_authalgxform; /* Auth algorithm */ struct comp_algo *tdb_compalgxform; /* Compression algo */ #define TDBF_UNIQUE 0x00001 /* This should not be used by others */ @@ -497,21 +497,21 @@ do { \ uint8_t get_sa_require(struct inpcb *); #ifdef ENCDEBUG const char *ipsp_address(union sockaddr_union, char *, socklen_t); #endif /* ENCDEBUG */ /* TDB management routines */ void tdb_add_inp(struct tdb *, struct inpcb *, int); uint32_t reserve_spi(u_int, u_int32_t, u_int32_t, union sockaddr_union *, union sockaddr_union *, u_int8_t, int *); struct tdb *gettdb(u_int, u_int32_t, union sockaddr_union *, u_int8_t); -struct tdb *gettdbbyaddr(u_int, union sockaddr_union *, u_int8_t, +struct tdb *gettdbbydst(u_int, union sockaddr_union *, u_int8_t, struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *, struct sockaddr_encap *, struct sockaddr_encap *); struct tdb *gettdbbysrc(u_int, union sockaddr_union *, u_int8_t, struct ipsec_ref *, struct ipsec_ref *, struct sockaddr_encap *, struct sockaddr_encap *); struct tdb *gettdbbysrcdst(u_int, u_int32_t, union sockaddr_union *, union sockaddr_union *, u_int8_t); void puttdb(struct tdb *); void tdb_delete(struct tdb *); struct tdb *tdb_alloc(u_int); diff --git sys/netinet/ip_spd.c sys/netinet/ip_spd.c index 3287e2f..81e22da 100644 --- sys/netinet/ip_spd.c +++ sys/netinet/ip_spd.c @@ -393,21 +393,21 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction, * destinations exist but are not used, possibly leading to an * explosion in the number of acquired SAs). */ if (ipo->ipo_last_searched <= ipsec_last_added) { /* "Touch" the entry. */ if (dignore == 0) ipo->ipo_last_searched = time_second; /* Find an appropriate SA from the existing ones. */ ipo->ipo_tdb = - gettdbbyaddr(rdomain, + gettdbbydst(rdomain, dignore ? &sdst : &ipo->ipo_dst, ipo->ipo_sproto, srcid ? srcid : ipo->ipo_srcid, dstid ? dstid : ipo->ipo_dstid, ipo->ipo_local_cred, &ipo->ipo_addr, &ipo->ipo_mask); if (ipo->ipo_tdb) { TAILQ_INSERT_TAIL(&ipo->ipo_tdb->tdb_policy_head, ipo, ipo_tdb_next); *error = 0; @@ -1056,38 +1056,38 @@ ipsp_spd_inp(struct mbuf *m, int af, int hlen, int *error, int direction, /* XXX Only support one policy/protocol for now. */ if (inp->inp_ipo != NULL) { if (inp->inp_ipo->ipo_last_searched <= ipsec_last_added) { inp->inp_ipo->ipo_last_searched = time_second; /* Update, just in case. */ ipsec_update_policy(inp, inp->inp_ipo, af, IPSP_DIRECTION_OUT); - tdb = gettdbbyaddr(rtable_l2(inp->inp_rtableid), + tdb = gettdbbydst(rtable_l2(inp->inp_rtableid), &inp->inp_ipo->ipo_dst, inp->inp_ipo->ipo_sproto, inp->inp_ipo->ipo_srcid, inp->inp_ipo->ipo_dstid, inp->inp_ipo->ipo_local_cred, &inp->inp_ipo->ipo_addr, &inp->inp_ipo->ipo_mask); } } else { /* * Construct a pseudo-policy, with just the necessary * fields. */ ipsec_update_policy(inp, &sipon, af, IPSP_DIRECTION_OUT); - tdb = gettdbbyaddr(rtable_l2(inp->inp_rtableid), + tdb = gettdbbydst(rtable_l2(inp->inp_rtableid), &sipon.ipo_dst, IPPROTO_ESP, NULL, NULL, NULL, &sipon.ipo_addr, &sipon.ipo_mask); } /* If we found an appropriate SA... */ if (tdb != NULL) { tdb_add_inp(tdb, inp, 0); /* Latch onto PCB. */ if (ipo != NULL && ipo->ipo_tdb != NULL && ipo->ipo_tdb != inp->inp_tdb_out && m != NULL) -- 2.3.4