| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: key.c,v 1.226 2017/09/27 07:27:29 ozaki-r Exp $ */ | | 1 | /* $NetBSD: key.c,v 1.227 2017/09/27 09:55:52 ozaki-r Exp $ */ |
2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ | | 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ | | 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
32 | */ | | 32 | */ |
33 | | | 33 | |
34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.226 2017/09/27 07:27:29 ozaki-r Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.227 2017/09/27 09:55:52 ozaki-r Exp $"); |
36 | | | 36 | |
37 | /* | | 37 | /* |
38 | * This code is referd to RFC 2367 | | 38 | * This code is referd to RFC 2367 |
39 | */ | | 39 | */ |
40 | | | 40 | |
41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
44 | #include "opt_gateway.h" | | 44 | #include "opt_gateway.h" |
45 | #include "opt_net_mpsafe.h" | | 45 | #include "opt_net_mpsafe.h" |
46 | #endif | | 46 | #endif |
47 | | | 47 | |
48 | #include <sys/types.h> | | 48 | #include <sys/types.h> |
| @@ -794,43 +794,45 @@ static void key_timehandler(void *); | | | @@ -794,43 +794,45 @@ static void key_timehandler(void *); |
794 | static void key_timehandler_work(struct work *, void *); | | 794 | static void key_timehandler_work(struct work *, void *); |
795 | static struct callout key_timehandler_ch; | | 795 | static struct callout key_timehandler_ch; |
796 | static struct workqueue *key_timehandler_wq; | | 796 | static struct workqueue *key_timehandler_wq; |
797 | static struct work key_timehandler_wk; | | 797 | static struct work key_timehandler_wk; |
798 | | | 798 | |
799 | u_int | | 799 | u_int |
800 | key_sp_refcnt(const struct secpolicy *sp) | | 800 | key_sp_refcnt(const struct secpolicy *sp) |
801 | { | | 801 | { |
802 | | | 802 | |
803 | /* FIXME */ | | 803 | /* FIXME */ |
804 | return 0; | | 804 | return 0; |
805 | } | | 805 | } |
806 | | | 806 | |
| | | 807 | #ifdef NET_MPSAFE |
807 | static void | | 808 | static void |
808 | key_spd_pserialize_perform(void) | | 809 | key_spd_pserialize_perform(void) |
809 | { | | 810 | { |
810 | | | 811 | |
811 | KASSERT(mutex_owned(&key_spd.lock)); | | 812 | KASSERT(mutex_owned(&key_spd.lock)); |
812 | | | 813 | |
813 | while (key_spd.psz_performing) | | 814 | while (key_spd.psz_performing) |
814 | cv_wait(&key_spd.cv_psz, &key_spd.lock); | | 815 | cv_wait(&key_spd.cv_psz, &key_spd.lock); |
815 | key_spd.psz_performing = true; | | 816 | key_spd.psz_performing = true; |
816 | mutex_exit(&key_spd.lock); | | 817 | mutex_exit(&key_spd.lock); |
817 | | | 818 | |
818 | pserialize_perform(key_spd.psz); | | 819 | pserialize_perform(key_spd.psz); |
819 | | | 820 | |
820 | mutex_enter(&key_spd.lock); | | 821 | mutex_enter(&key_spd.lock); |
821 | key_spd.psz_performing = false; | | 822 | key_spd.psz_performing = false; |
822 | cv_broadcast(&key_spd.cv_psz); | | 823 | cv_broadcast(&key_spd.cv_psz); |
823 | } | | 824 | } |
| | | 825 | #endif |
824 | | | 826 | |
825 | /* | | 827 | /* |
826 | * Remove the sp from the key_spd.splist and wait for references to the sp | | 828 | * Remove the sp from the key_spd.splist and wait for references to the sp |
827 | * to be released. key_spd.lock must be held. | | 829 | * to be released. key_spd.lock must be held. |
828 | */ | | 830 | */ |
829 | static void | | 831 | static void |
830 | key_unlink_sp(struct secpolicy *sp) | | 832 | key_unlink_sp(struct secpolicy *sp) |
831 | { | | 833 | { |
832 | | | 834 | |
833 | KASSERT(mutex_owned(&key_spd.lock)); | | 835 | KASSERT(mutex_owned(&key_spd.lock)); |
834 | | | 836 | |
835 | sp->state = IPSEC_SPSTATE_DEAD; | | 837 | sp->state = IPSEC_SPSTATE_DEAD; |
836 | SPLIST_WRITER_REMOVE(sp); | | 838 | SPLIST_WRITER_REMOVE(sp); |
| @@ -1487,43 +1489,45 @@ key_freesp_so(struct secpolicy **sp) | | | @@ -1487,43 +1489,45 @@ key_freesp_so(struct secpolicy **sp) |
1487 | KASSERT(sp != NULL); | | 1489 | KASSERT(sp != NULL); |
1488 | KASSERT(*sp != NULL); | | 1490 | KASSERT(*sp != NULL); |
1489 | | | 1491 | |
1490 | if ((*sp)->policy == IPSEC_POLICY_ENTRUST || | | 1492 | if ((*sp)->policy == IPSEC_POLICY_ENTRUST || |
1491 | (*sp)->policy == IPSEC_POLICY_BYPASS) | | 1493 | (*sp)->policy == IPSEC_POLICY_BYPASS) |
1492 | return; | | 1494 | return; |
1493 | | | 1495 | |
1494 | KASSERTMSG((*sp)->policy == IPSEC_POLICY_IPSEC, | | 1496 | KASSERTMSG((*sp)->policy == IPSEC_POLICY_IPSEC, |
1495 | "invalid policy %u", (*sp)->policy); | | 1497 | "invalid policy %u", (*sp)->policy); |
1496 | KEY_SP_UNREF(&sp); | | 1498 | KEY_SP_UNREF(&sp); |
1497 | } | | 1499 | } |
1498 | #endif | | 1500 | #endif |
1499 | | | 1501 | |
| | | 1502 | #ifdef NET_MPSAFE |
1500 | static void | | 1503 | static void |
1501 | key_sad_pserialize_perform(void) | | 1504 | key_sad_pserialize_perform(void) |
1502 | { | | 1505 | { |
1503 | | | 1506 | |
1504 | KASSERT(mutex_owned(&key_sad.lock)); | | 1507 | KASSERT(mutex_owned(&key_sad.lock)); |
1505 | | | 1508 | |
1506 | while (key_sad.psz_performing) | | 1509 | while (key_sad.psz_performing) |
1507 | cv_wait(&key_sad.cv_psz, &key_sad.lock); | | 1510 | cv_wait(&key_sad.cv_psz, &key_sad.lock); |
1508 | key_sad.psz_performing = true; | | 1511 | key_sad.psz_performing = true; |
1509 | mutex_exit(&key_sad.lock); | | 1512 | mutex_exit(&key_sad.lock); |
1510 | | | 1513 | |
1511 | pserialize_perform(key_sad.psz); | | 1514 | pserialize_perform(key_sad.psz); |
1512 | | | 1515 | |
1513 | mutex_enter(&key_sad.lock); | | 1516 | mutex_enter(&key_sad.lock); |
1514 | key_sad.psz_performing = false; | | 1517 | key_sad.psz_performing = false; |
1515 | cv_broadcast(&key_sad.cv_psz); | | 1518 | cv_broadcast(&key_sad.cv_psz); |
1516 | } | | 1519 | } |
| | | 1520 | #endif |
1517 | | | 1521 | |
1518 | /* | | 1522 | /* |
1519 | * Remove the sav from the savlist of its sah and wait for references to the sav | | 1523 | * Remove the sav from the savlist of its sah and wait for references to the sav |
1520 | * to be released. key_sad.lock must be held. | | 1524 | * to be released. key_sad.lock must be held. |
1521 | */ | | 1525 | */ |
1522 | static void | | 1526 | static void |
1523 | key_unlink_sav(struct secasvar *sav) | | 1527 | key_unlink_sav(struct secasvar *sav) |
1524 | { | | 1528 | { |
1525 | | | 1529 | |
1526 | KASSERT(mutex_owned(&key_sad.lock)); | | 1530 | KASSERT(mutex_owned(&key_sad.lock)); |
1527 | | | 1531 | |
1528 | SAVLIST_WRITER_REMOVE(sav); | | 1532 | SAVLIST_WRITER_REMOVE(sav); |
1529 | | | 1533 | |