| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: key.c,v 1.211 2017/08/07 03:30:45 ozaki-r Exp $ */ | | 1 | /* $NetBSD: key.c,v 1.212 2017/08/07 07:45:45 ozaki-r Exp $ */ |
2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ | | 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ | | 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
32 | */ | | 32 | */ |
33 | | | 33 | |
34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.211 2017/08/07 03:30:45 ozaki-r Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.212 2017/08/07 07:45:45 ozaki-r Exp $"); |
36 | | | 36 | |
37 | /* | | 37 | /* |
38 | * This code is referd to RFC 2367 | | 38 | * This code is referd to RFC 2367 |
39 | */ | | 39 | */ |
40 | | | 40 | |
41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
44 | #include "opt_gateway.h" | | 44 | #include "opt_gateway.h" |
45 | #include "opt_net_mpsafe.h" | | 45 | #include "opt_net_mpsafe.h" |
46 | #endif | | 46 | #endif |
47 | | | 47 | |
48 | #include <sys/types.h> | | 48 | #include <sys/types.h> |
| @@ -5443,27 +5443,29 @@ key_api_update(struct socket *so, struct | | | @@ -5443,27 +5443,29 @@ key_api_update(struct socket *so, struct |
5443 | goto error; | | 5443 | goto error; |
5444 | } | | 5444 | } |
5445 | | | 5445 | |
5446 | error = key_init_xform(newsav); | | 5446 | error = key_init_xform(newsav); |
5447 | if (error != 0) { | | 5447 | if (error != 0) { |
5448 | key_delsav(newsav); | | 5448 | key_delsav(newsav); |
5449 | goto error; | | 5449 | goto error; |
5450 | } | | 5450 | } |
5451 | | | 5451 | |
5452 | /* add to satree */ | | 5452 | /* add to satree */ |
5453 | newsav->refcnt = 1; | | 5453 | newsav->refcnt = 1; |
5454 | newsav->state = SADB_SASTATE_MATURE; | | 5454 | newsav->state = SADB_SASTATE_MATURE; |
5455 | SAVLIST_ENTRY_INIT(newsav); | | 5455 | SAVLIST_ENTRY_INIT(newsav); |
| | | 5456 | mutex_enter(&key_sad.lock); |
5456 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); | | 5457 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); |
| | | 5458 | mutex_exit(&key_sad.lock); |
5457 | key_validate_savlist(sah, SADB_SASTATE_MATURE); | | 5459 | key_validate_savlist(sah, SADB_SASTATE_MATURE); |
5458 | | | 5460 | |
5459 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); | | 5461 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
5460 | KEY_FREESAV(&sav); | | 5462 | KEY_FREESAV(&sav); |
5461 | KEY_FREESAV(&sav); | | 5463 | KEY_FREESAV(&sav); |
5462 | | | 5464 | |
5463 | { | | 5465 | { |
5464 | struct mbuf *n; | | 5466 | struct mbuf *n; |
5465 | | | 5467 | |
5466 | /* set msg buf from mhp */ | | 5468 | /* set msg buf from mhp */ |
5467 | n = key_getmsgbuf_x1(m, mhp); | | 5469 | n = key_getmsgbuf_x1(m, mhp); |
5468 | if (n == NULL) { | | 5470 | if (n == NULL) { |
5469 | IPSECLOG(LOG_DEBUG, "No more memory.\n"); | | 5471 | IPSECLOG(LOG_DEBUG, "No more memory.\n"); |
| @@ -5634,27 +5636,29 @@ key_api_add(struct socket *so, struct mb | | | @@ -5634,27 +5636,29 @@ key_api_add(struct socket *so, struct mb |
5634 | return key_senderror(so, m, EINVAL); | | 5636 | return key_senderror(so, m, EINVAL); |
5635 | } | | 5637 | } |
5636 | | | 5638 | |
5637 | error = key_init_xform(newsav); | | 5639 | error = key_init_xform(newsav); |
5638 | if (error != 0) { | | 5640 | if (error != 0) { |
5639 | key_delsav(newsav); | | 5641 | key_delsav(newsav); |
5640 | return key_senderror(so, m, error); | | 5642 | return key_senderror(so, m, error); |
5641 | } | | 5643 | } |
5642 | | | 5644 | |
5643 | /* add to satree */ | | 5645 | /* add to satree */ |
5644 | newsav->refcnt = 1; | | 5646 | newsav->refcnt = 1; |
5645 | newsav->state = SADB_SASTATE_MATURE; | | 5647 | newsav->state = SADB_SASTATE_MATURE; |
5646 | SAVLIST_ENTRY_INIT(newsav); | | 5648 | SAVLIST_ENTRY_INIT(newsav); |
| | | 5649 | mutex_enter(&key_sad.lock); |
5647 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); | | 5650 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); |
| | | 5651 | mutex_exit(&key_sad.lock); |
5648 | key_validate_savlist(sah, SADB_SASTATE_MATURE); | | 5652 | key_validate_savlist(sah, SADB_SASTATE_MATURE); |
5649 | | | 5653 | |
5650 | /* | | 5654 | /* |
5651 | * don't call key_freesav() here, as we would like to keep the SA | | 5655 | * don't call key_freesav() here, as we would like to keep the SA |
5652 | * in the database on success. | | 5656 | * in the database on success. |
5653 | */ | | 5657 | */ |
5654 | | | 5658 | |
5655 | { | | 5659 | { |
5656 | struct mbuf *n; | | 5660 | struct mbuf *n; |
5657 | | | 5661 | |
5658 | /* set msg buf from mhp */ | | 5662 | /* set msg buf from mhp */ |
5659 | n = key_getmsgbuf_x1(m, mhp); | | 5663 | n = key_getmsgbuf_x1(m, mhp); |
5660 | if (n == NULL) { | | 5664 | if (n == NULL) { |