Fri Mar 13 02:43:31 2020 UTC ()
reduce unnecessary reqid of NAT-T ipsecif(4), suggested by ohishi@IIJ.


(knakahara)
diff -r1.28 -r1.29 src/sys/net/if_ipsec.c
cvs diff -r1.28 -r1.29 src/sys/net/if_ipsec.c (expand / switch to unified diff)

--- src/sys/net/if_ipsec.c 2020/03/10 10:35:14 1.28
+++ src/sys/net/if_ipsec.c 2020/03/13 02:43:31 1.29
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: if_ipsec.c,v 1.28 2020/03/10 10:35:14 knakahara Exp $ */ 1/* $NetBSD: if_ipsec.c,v 1.29 2020/03/13 02:43:31 knakahara Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2017 Internet Initiative Japan Inc. 4 * Copyright (c) 2017 Internet Initiative Japan Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -17,27 +17,27 @@ @@ -17,27 +17,27 @@
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE. 26 * POSSIBILITY OF SUCH DAMAGE.
27 */ 27 */
28 28
29#include <sys/cdefs.h> 29#include <sys/cdefs.h>
30__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.28 2020/03/10 10:35:14 knakahara Exp $"); 30__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.29 2020/03/13 02:43:31 knakahara Exp $");
31 31
32#ifdef _KERNEL_OPT 32#ifdef _KERNEL_OPT
33#include "opt_inet.h" 33#include "opt_inet.h"
34#endif 34#endif
35 35
36#include <sys/param.h> 36#include <sys/param.h>
37#include <sys/atomic.h> 37#include <sys/atomic.h>
38#include <sys/systm.h> 38#include <sys/systm.h>
39#include <sys/kernel.h> 39#include <sys/kernel.h>
40#include <sys/mbuf.h> 40#include <sys/mbuf.h>
41#include <sys/socket.h> 41#include <sys/socket.h>
42#include <sys/sockio.h> 42#include <sys/sockio.h>
43#include <sys/errno.h> 43#include <sys/errno.h>
@@ -1574,27 +1574,30 @@ if_ipsec_set_sadb_x_policy(struct sadb_x @@ -1574,27 +1574,30 @@ if_ipsec_set_sadb_x_policy(struct sadb_x
1574 xpl->sadb_x_policy_dir = dir; 1574 xpl->sadb_x_policy_dir = dir;
1575 xpl->sadb_x_policy_reserved = 0; 1575 xpl->sadb_x_policy_reserved = 0;
1576 xpl->sadb_x_policy_id = id; 1576 xpl->sadb_x_policy_id = id;
1577 xpl->sadb_x_policy_reserved2 = 0; 1577 xpl->sadb_x_policy_reserved2 = 0;
1578 1578
1579 if (policy == IPSEC_POLICY_IPSEC) { 1579 if (policy == IPSEC_POLICY_IPSEC) {
1580 xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr)); 1580 xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(sizeof(*xisr));
1581 if (src != NULL && dst != NULL) 1581 if (src != NULL && dst != NULL)
1582 xisr->sadb_x_ipsecrequest_len += 1582 xisr->sadb_x_ipsecrequest_len +=
1583 PFKEY_ALIGN8(src->sa_len + dst->sa_len); 1583 PFKEY_ALIGN8(src->sa_len + dst->sa_len);
1584 xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP; 1584 xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP;
1585 xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT; 1585 xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT;
1586 xisr->sadb_x_ipsecrequest_level = level; 1586 xisr->sadb_x_ipsecrequest_level = level;
1587 xisr->sadb_x_ipsecrequest_reqid = key_newreqid(); 1587 if (level == IPSEC_LEVEL_UNIQUE)
 1588 xisr->sadb_x_ipsecrequest_reqid = key_newreqid();
 1589 else
 1590 xisr->sadb_x_ipsecrequest_reqid = 0;
1588 } 1591 }
1589 1592
1590 return size; 1593 return size;
1591} 1594}
1592 1595
1593static inline void 1596static inline void
1594if_ipsec_set_sadb_msg(struct sadb_msg *msg, uint16_t extlen, uint8_t msgtype) 1597if_ipsec_set_sadb_msg(struct sadb_msg *msg, uint16_t extlen, uint8_t msgtype)
1595{ 1598{
1596 1599
1597 KASSERT(msg != NULL); 1600 KASSERT(msg != NULL);
1598 1601
1599 msg->sadb_msg_version = PF_KEY_V2; 1602 msg->sadb_msg_version = PF_KEY_V2;
1600 msg->sadb_msg_type = msgtype; 1603 msg->sadb_msg_type = msgtype;