| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: key.c,v 1.122 2017/05/09 05:38:50 ozaki-r Exp $ */ | | 1 | /* $NetBSD: key.c,v 1.123 2017/05/15 09:51:00 ozaki-r Exp $ */ |
| 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ | | 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
| 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ | | 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
| 4 | | | 4 | |
| 5 | /* | | 5 | /* |
| 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
| 7 | * All rights reserved. | | 7 | * All rights reserved. |
| 8 | * | | 8 | * |
| 9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
| 10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
| 11 | * are met: | | 11 | * are met: |
| 12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
| 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
| 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
| 32 | */ | | 32 | */ |
| 33 | | | 33 | |
| 34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
| 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.122 2017/05/09 05:38:50 ozaki-r Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.123 2017/05/15 09:51:00 ozaki-r Exp $"); |
| 36 | | | 36 | |
| 37 | /* | | 37 | /* |
| 38 | * This code is referd to RFC 2367 | | 38 | * This code is referd to RFC 2367 |
| 39 | */ | | 39 | */ |
| 40 | | | 40 | |
| 41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
| 42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
| 43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
| 44 | #include "opt_gateway.h" | | 44 | #include "opt_gateway.h" |
| 45 | #endif | | 45 | #endif |
| 46 | | | 46 | |
| 47 | #include <sys/types.h> | | 47 | #include <sys/types.h> |
| 48 | #include <sys/param.h> | | 48 | #include <sys/param.h> |
| @@ -4746,30 +4746,28 @@ key_timehandler(void* arg) | | | @@ -4746,30 +4746,28 @@ key_timehandler(void* arg) |
| 4746 | /* SP ACQ tree */ | | 4746 | /* SP ACQ tree */ |
| 4747 | { | | 4747 | { |
| 4748 | struct secspacq *acq, *nextacq; | | 4748 | struct secspacq *acq, *nextacq; |
| 4749 | | | 4749 | |
| 4750 | LIST_FOREACH_SAFE(acq, &spacqtree, chain, nextacq) { | | 4750 | LIST_FOREACH_SAFE(acq, &spacqtree, chain, nextacq) { |
| 4751 | if (now - acq->created > key_blockacq_lifetime | | 4751 | if (now - acq->created > key_blockacq_lifetime |
| 4752 | && __LIST_CHAINED(acq)) { | | 4752 | && __LIST_CHAINED(acq)) { |
| 4753 | LIST_REMOVE(acq, chain); | | 4753 | LIST_REMOVE(acq, chain); |
| 4754 | KFREE(acq); | | 4754 | KFREE(acq); |
| 4755 | } | | 4755 | } |
| 4756 | } | | 4756 | } |
| 4757 | } | | 4757 | } |
| 4758 | | | 4758 | |
| 4759 | #ifndef IPSEC_DEBUG2 | | | |
| 4760 | /* do exchange to tick time !! */ | | 4759 | /* do exchange to tick time !! */ |
| 4761 | callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); | | 4760 | callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); |
| 4762 | #endif /* IPSEC_DEBUG2 */ | | | |
| 4763 | | | 4761 | |
| 4764 | mutex_exit(softnet_lock); | | 4762 | mutex_exit(softnet_lock); |
| 4765 | splx(s); | | 4763 | splx(s); |
| 4766 | return; | | 4764 | return; |
| 4767 | } | | 4765 | } |
| 4768 | | | 4766 | |
| 4769 | u_long | | 4767 | u_long |
| 4770 | key_random(void) | | 4768 | key_random(void) |
| 4771 | { | | 4769 | { |
| 4772 | u_long value; | | 4770 | u_long value; |
| 4773 | | | 4771 | |
| 4774 | key_randomfill(&value, sizeof(value)); | | 4772 | key_randomfill(&value, sizeof(value)); |
| 4775 | return value; | | 4773 | return value; |
| @@ -7718,30 +7716,27 @@ key_do_init(void) | | | @@ -7718,30 +7716,27 @@ key_do_init(void) |
| 7718 | LIST_INIT(&acqtree); | | 7716 | LIST_INIT(&acqtree); |
| 7719 | #endif | | 7717 | #endif |
| 7720 | LIST_INIT(&spacqtree); | | 7718 | LIST_INIT(&spacqtree); |
| 7721 | | | 7719 | |
| 7722 | /* system default */ | | 7720 | /* system default */ |
| 7723 | ip4_def_policy.policy = IPSEC_POLICY_NONE; | | 7721 | ip4_def_policy.policy = IPSEC_POLICY_NONE; |
| 7724 | ip4_def_policy.refcnt++; /*never reclaim this*/ | | 7722 | ip4_def_policy.refcnt++; /*never reclaim this*/ |
| 7725 | | | 7723 | |
| 7726 | #ifdef INET6 | | 7724 | #ifdef INET6 |
| 7727 | ip6_def_policy.policy = IPSEC_POLICY_NONE; | | 7725 | ip6_def_policy.policy = IPSEC_POLICY_NONE; |
| 7728 | ip6_def_policy.refcnt++; /*never reclaim this*/ | | 7726 | ip6_def_policy.refcnt++; /*never reclaim this*/ |
| 7729 | #endif | | 7727 | #endif |
| 7730 | | | 7728 | |
| 7731 | | | | |
| 7732 | #ifndef IPSEC_DEBUG2 | | | |
| 7733 | callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); | | 7729 | callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); |
| 7734 | #endif /*IPSEC_DEBUG2*/ | | | |
| 7735 | | | 7730 | |
| 7736 | /* initialize key statistics */ | | 7731 | /* initialize key statistics */ |
| 7737 | keystat.getspi_count = 1; | | 7732 | keystat.getspi_count = 1; |
| 7738 | | | 7733 | |
| 7739 | aprint_verbose("IPsec: Initialized Security Association Processing.\n"); | | 7734 | aprint_verbose("IPsec: Initialized Security Association Processing.\n"); |
| 7740 | | | 7735 | |
| 7741 | return (0); | | 7736 | return (0); |
| 7742 | } | | 7737 | } |
| 7743 | | | 7738 | |
| 7744 | void | | 7739 | void |
| 7745 | key_init(void) | | 7740 | key_init(void) |
| 7746 | { | | 7741 | { |
| 7747 | static ONCE_DECL(key_init_once); | | 7742 | static ONCE_DECL(key_init_once); |