out whether the TDB is linked to the hash bucket does not work.
This fixes removal of SAs that could not be flushed with ipsecctl -F.
OK tobhe@
-/* $OpenBSD: pfkeyv2.c,v 1.224 2021/11/29 15:39:59 bluhm Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.225 2021/12/01 22:34:31 bluhm Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
/* keep in sync with tdb_delete() */
NET_ASSERT_LOCKED();
- if (tdb_unlink_locked(tdb) == 0)
+ if (tdb->tdb_flags & TDBF_DELETED)
return (0);
+ tdb->tdb_flags |= TDBF_DELETED;
+ tdb_unlink_locked(tdb);
tdb_unbundle(tdb);
tdb_deltimeouts(tdb);
tdb_unref(tdb);
-/* $OpenBSD: ip_ipsp.c,v 1.258 2021/11/29 19:19:00 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.259 2021/12/01 22:34:31 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
ipsec_last_added = getuptime();
}
-int
+void
tdb_unlink(struct tdb *tdbp)
{
- int r;
-
mtx_enter(&tdb_sadb_mtx);
- r = tdb_unlink_locked(tdbp);
+ tdb_unlink_locked(tdbp);
mtx_leave(&tdb_sadb_mtx);
- return (r);
}
-int
+void
tdb_unlink_locked(struct tdb *tdbp)
{
struct tdb *tdbpp;
MUTEX_ASSERT_LOCKED(&tdb_sadb_mtx);
- if (tdbp->tdb_dnext == NULL && tdbp->tdb_snext == NULL)
- return (0);
-
hashval = tdb_hash(tdbp->tdb_spi, &tdbp->tdb_dst, tdbp->tdb_sproto);
if (tdbh[hashval] == tdbp) {
ipsecstat_inc(ipsec_prevtunnels);
}
#endif /* IPSEC */
-
- return (1);
}
void
/* keep in sync with pfkeyv2_sa_flush() */
NET_ASSERT_LOCKED();
- if (tdb_unlink(tdbp) == 0)
+ if (tdbp->tdb_flags & TDBF_DELETED)
return;
+ tdbp->tdb_flags |= TDBF_DELETED;
+ tdb_unlink(tdbp);
/* release tdb_onext/tdb_inext references */
tdb_unbundle(tdbp);
/* delete timeouts and release references */
-/* $OpenBSD: ip_ipsp.h,v 1.225 2021/12/01 12:51:09 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.226 2021/12/01 22:34:31 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
#define TDBF_ALLOCATIONS 0x00008 /* Check the flows counters */
#define TDBF_INVALID 0x00010 /* This SPI is not valid yet/anymore */
#define TDBF_FIRSTUSE 0x00020 /* Expire after first use */
+#define TDBF_DELETED 0x00040 /* This TDB has already been deleted */
#define TDBF_SOFT_TIMER 0x00080 /* Soft expiration */
#define TDBF_SOFT_BYTES 0x00100 /* Soft expiration */
#define TDBF_SOFT_ALLOCATIONS 0x00200 /* Soft expiration */
#define TDBF_BITS ("\20" \
"\1UNIQUE\2TIMER\3BYTES\4ALLOCATIONS" \
- "\5INVALID\6FIRSTUSE\10SOFT_TIMER" \
+ "\5INVALID\6FIRSTUSE\7DELETED\10SOFT_TIMER" \
"\11SOFT_BYTES\12SOFT_ALLOCATIONS\13SOFT_FIRSTUSE\14PFS" \
"\15TUNNELING" \
"\21USEDTUNNEL\22UDPENCAP\23PFSYNC\24PFSYNC_RPL" \
void tdb_unref(struct tdb *);
void tdb_free(struct tdb *);
int tdb_init(struct tdb *, u_int16_t, struct ipsecinit *);
-int tdb_unlink(struct tdb *);
-int tdb_unlink_locked(struct tdb *);
+void tdb_unlink(struct tdb *);
+void tdb_unlink_locked(struct tdb *);
void tdb_unbundle(struct tdb *);
void tdb_deltimeouts(struct tdb *);
int tdb_walk(u_int, int (*)(struct tdb *, void *, int), void *);
projects / openbsd / commitdiff