| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: key.c,v 1.243 2017/11/22 05:43:28 ozaki-r Exp $ */ | | 1 | /* $NetBSD: key.c,v 1.244 2017/11/30 02:43:49 ozaki-r Exp $ */ |
2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ | | 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ | | 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
32 | */ | | 32 | */ |
33 | | | 33 | |
34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.243 2017/11/22 05:43:28 ozaki-r Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.244 2017/11/30 02:43:49 ozaki-r Exp $"); |
36 | | | 36 | |
37 | /* | | 37 | /* |
38 | * This code is referred to RFC 2367 | | 38 | * This code is referred to RFC 2367 |
39 | */ | | 39 | */ |
40 | | | 40 | |
41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
44 | #include "opt_gateway.h" | | 44 | #include "opt_gateway.h" |
45 | #include "opt_net_mpsafe.h" | | 45 | #include "opt_net_mpsafe.h" |
46 | #endif | | 46 | #endif |
47 | | | 47 | |
48 | #include <sys/types.h> | | 48 | #include <sys/types.h> |
| @@ -827,27 +827,27 @@ key_spd_pserialize_perform(void) | | | @@ -827,27 +827,27 @@ key_spd_pserialize_perform(void) |
827 | static void | | 827 | static void |
828 | key_unlink_sp(struct secpolicy *sp) | | 828 | key_unlink_sp(struct secpolicy *sp) |
829 | { | | 829 | { |
830 | | | 830 | |
831 | KASSERT(mutex_owned(&key_spd.lock)); | | 831 | KASSERT(mutex_owned(&key_spd.lock)); |
832 | | | 832 | |
833 | sp->state = IPSEC_SPSTATE_DEAD; | | 833 | sp->state = IPSEC_SPSTATE_DEAD; |
834 | SPLIST_WRITER_REMOVE(sp); | | 834 | SPLIST_WRITER_REMOVE(sp); |
835 | | | 835 | |
836 | /* Invalidate all cached SPD pointers in the PCBs. */ | | 836 | /* Invalidate all cached SPD pointers in the PCBs. */ |
837 | ipsec_invalpcbcacheall(); | | 837 | ipsec_invalpcbcacheall(); |
838 | | | 838 | |
839 | #ifdef NET_MPSAFE | | 839 | #ifdef NET_MPSAFE |
840 | KASSERT(mutex_ownable(softnet_lock)); | | 840 | KDASSERT(mutex_ownable(softnet_lock)); |
841 | key_spd_pserialize_perform(); | | 841 | key_spd_pserialize_perform(); |
842 | #endif | | 842 | #endif |
843 | | | 843 | |
844 | localcount_drain(&sp->localcount, &key_spd.cv_lc, &key_spd.lock); | | 844 | localcount_drain(&sp->localcount, &key_spd.cv_lc, &key_spd.lock); |
845 | } | | 845 | } |
846 | | | 846 | |
847 | /* | | 847 | /* |
848 | * Return 0 when there are known to be no SP's for the specified | | 848 | * Return 0 when there are known to be no SP's for the specified |
849 | * direction. Otherwise return 1. This is used by IPsec code | | 849 | * direction. Otherwise return 1. This is used by IPsec code |
850 | * to optimize performance. | | 850 | * to optimize performance. |
851 | */ | | 851 | */ |
852 | int | | 852 | int |
853 | key_havesp(u_int dir) | | 853 | key_havesp(u_int dir) |
| @@ -1516,27 +1516,27 @@ key_sad_pserialize_perform(void) | | | @@ -1516,27 +1516,27 @@ key_sad_pserialize_perform(void) |
1516 | /* | | 1516 | /* |
1517 | * Remove the sav from the savlist of its sah and wait for references to the sav | | 1517 | * Remove the sav from the savlist of its sah and wait for references to the sav |
1518 | * to be released. key_sad.lock must be held. | | 1518 | * to be released. key_sad.lock must be held. |
1519 | */ | | 1519 | */ |
1520 | static void | | 1520 | static void |
1521 | key_unlink_sav(struct secasvar *sav) | | 1521 | key_unlink_sav(struct secasvar *sav) |
1522 | { | | 1522 | { |
1523 | | | 1523 | |
1524 | KASSERT(mutex_owned(&key_sad.lock)); | | 1524 | KASSERT(mutex_owned(&key_sad.lock)); |
1525 | | | 1525 | |
1526 | SAVLIST_WRITER_REMOVE(sav); | | 1526 | SAVLIST_WRITER_REMOVE(sav); |
1527 | | | 1527 | |
1528 | #ifdef NET_MPSAFE | | 1528 | #ifdef NET_MPSAFE |
1529 | KASSERT(mutex_ownable(softnet_lock)); | | 1529 | KDASSERT(mutex_ownable(softnet_lock)); |
1530 | key_sad_pserialize_perform(); | | 1530 | key_sad_pserialize_perform(); |
1531 | #endif | | 1531 | #endif |
1532 | | | 1532 | |
1533 | localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); | | 1533 | localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); |
1534 | } | | 1534 | } |
1535 | | | 1535 | |
1536 | /* | | 1536 | /* |
1537 | * Destroy an sav where the sav must be unlinked from an sah | | 1537 | * Destroy an sav where the sav must be unlinked from an sah |
1538 | * by say key_unlink_sav. | | 1538 | * by say key_unlink_sav. |
1539 | */ | | 1539 | */ |
1540 | static void | | 1540 | static void |
1541 | key_destroy_sav(struct secasvar *sav) | | 1541 | key_destroy_sav(struct secasvar *sav) |
1542 | { | | 1542 | { |
| @@ -1558,27 +1558,27 @@ key_destroy_sav_with_ref(struct secasvar | | | @@ -1558,27 +1558,27 @@ key_destroy_sav_with_ref(struct secasvar |
1558 | | | 1558 | |
1559 | ASSERT_SLEEPABLE(); | | 1559 | ASSERT_SLEEPABLE(); |
1560 | | | 1560 | |
1561 | mutex_enter(&key_sad.lock); | | 1561 | mutex_enter(&key_sad.lock); |
1562 | sav->state = SADB_SASTATE_DEAD; | | 1562 | sav->state = SADB_SASTATE_DEAD; |
1563 | SAVLIST_WRITER_REMOVE(sav); | | 1563 | SAVLIST_WRITER_REMOVE(sav); |
1564 | mutex_exit(&key_sad.lock); | | 1564 | mutex_exit(&key_sad.lock); |
1565 | | | 1565 | |
1566 | /* We cannot unref with holding key_sad.lock */ | | 1566 | /* We cannot unref with holding key_sad.lock */ |
1567 | KEY_SA_UNREF(&sav); | | 1567 | KEY_SA_UNREF(&sav); |
1568 | | | 1568 | |
1569 | mutex_enter(&key_sad.lock); | | 1569 | mutex_enter(&key_sad.lock); |
1570 | #ifdef NET_MPSAFE | | 1570 | #ifdef NET_MPSAFE |
1571 | KASSERT(mutex_ownable(softnet_lock)); | | 1571 | KDASSERT(mutex_ownable(softnet_lock)); |
1572 | key_sad_pserialize_perform(); | | 1572 | key_sad_pserialize_perform(); |
1573 | #endif | | 1573 | #endif |
1574 | localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); | | 1574 | localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock); |
1575 | mutex_exit(&key_sad.lock); | | 1575 | mutex_exit(&key_sad.lock); |
1576 | | | 1576 | |
1577 | key_destroy_sav(sav); | | 1577 | key_destroy_sav(sav); |
1578 | } | | 1578 | } |
1579 | | | 1579 | |
1580 | /* %%% SPD management */ | | 1580 | /* %%% SPD management */ |
1581 | /* | | 1581 | /* |
1582 | * free security policy entry. | | 1582 | * free security policy entry. |
1583 | */ | | 1583 | */ |
1584 | static void | | 1584 | static void |
| @@ -3039,27 +3039,27 @@ key_sah_has_sav(struct secashead *sah) | | | @@ -3039,27 +3039,27 @@ key_sah_has_sav(struct secashead *sah) |
3039 | | | 3039 | |
3040 | static void | | 3040 | static void |
3041 | key_unlink_sah(struct secashead *sah) | | 3041 | key_unlink_sah(struct secashead *sah) |
3042 | { | | 3042 | { |
3043 | | | 3043 | |
3044 | KASSERT(!cpu_softintr_p()); | | 3044 | KASSERT(!cpu_softintr_p()); |
3045 | KASSERT(mutex_owned(&key_sad.lock)); | | 3045 | KASSERT(mutex_owned(&key_sad.lock)); |
3046 | KASSERT(sah->state == SADB_SASTATE_DEAD); | | 3046 | KASSERT(sah->state == SADB_SASTATE_DEAD); |
3047 | | | 3047 | |
3048 | /* Remove from the sah list */ | | 3048 | /* Remove from the sah list */ |
3049 | SAHLIST_WRITER_REMOVE(sah); | | 3049 | SAHLIST_WRITER_REMOVE(sah); |
3050 | | | 3050 | |
3051 | #ifdef NET_MPSAFE | | 3051 | #ifdef NET_MPSAFE |
3052 | KASSERT(mutex_ownable(softnet_lock)); | | 3052 | KDASSERT(mutex_ownable(softnet_lock)); |
3053 | key_sad_pserialize_perform(); | | 3053 | key_sad_pserialize_perform(); |
3054 | #endif | | 3054 | #endif |
3055 | | | 3055 | |
3056 | localcount_drain(&sah->localcount, &key_sad.cv_lc, &key_sad.lock); | | 3056 | localcount_drain(&sah->localcount, &key_sad.cv_lc, &key_sad.lock); |
3057 | } | | 3057 | } |
3058 | | | 3058 | |
3059 | static void | | 3059 | static void |
3060 | key_destroy_sah(struct secashead *sah) | | 3060 | key_destroy_sah(struct secashead *sah) |
3061 | { | | 3061 | { |
3062 | | | 3062 | |
3063 | rtcache_free(&sah->sa_route); | | 3063 | rtcache_free(&sah->sa_route); |
3064 | | | 3064 | |
3065 | SAHLIST_ENTRY_DESTROY(sah); | | 3065 | SAHLIST_ENTRY_DESTROY(sah); |