-/* $OpenBSD: pfkeyv2_convert.c,v 1.76 2021/11/25 13:46:02 bluhm Exp $ */
+/* $OpenBSD: pfkeyv2_convert.c,v 1.77 2021/12/11 16:33:46 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
*
if (!sadb_sa)
return;
+ mtx_enter(&tdb->tdb_mtx);
if (ii) {
ii->ii_encalg = sadb_sa->sadb_sa_encrypt;
ii->ii_authalg = sadb_sa->sadb_sa_auth;
if (sadb_sa->sadb_sa_state != SADB_SASTATE_MATURE)
tdb->tdb_flags |= TDBF_INVALID;
+ mtx_leave(&tdb->tdb_mtx);
}
/*
if (!sadb_lifetime)
return;
+ mtx_enter(&tdb->tdb_mtx);
switch (type) {
case PFKEYV2_LIFETIME_HARD:
if ((tdb->tdb_exp_allocations =
tdb->tdb_established = sadb_lifetime->sadb_lifetime_addtime;
tdb->tdb_first_use = sadb_lifetime->sadb_lifetime_usetime;
}
+ mtx_leave(&tdb->tdb_mtx);
}
/*
-/* $OpenBSD: ip_ah.c,v 1.168 2021/12/02 12:39:15 bluhm Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.169 2021/12/11 16:33:46 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
ahstat_add(ahs_ibytes, ibytes);
/* Hard expiration. */
- if (tdb->tdb_flags & TDBF_BYTES &&
- tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes) {
+ if ((tdb->tdb_flags & TDBF_BYTES) &&
+ (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) {
ipsecstat_inc(ipsec_exctdb);
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb);
}
/* Notify on expiration. */
- if (tdb->tdb_flags & TDBF_SOFT_BYTES &&
- tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes) {
+ mtx_enter(&tdb->tdb_mtx);
+ if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
+ (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) {
+ tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
+ mtx_leave(&tdb->tdb_mtx);
+ /* may sleep in solock() for the pfkey socket */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking. */
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
/* Get crypto descriptors. */
crp = crypto_getreq(1);
ahstat_add(ahs_obytes, m->m_pkthdr.len - skip);
/* Hard expiration. */
- if (tdb->tdb_flags & TDBF_BYTES &&
- tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes) {
+ if ((tdb->tdb_flags & TDBF_BYTES) &&
+ (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) {
ipsecstat_inc(ipsec_exctdb);
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb);
}
/* Notify on expiration. */
- if (tdb->tdb_flags & TDBF_SOFT_BYTES &&
- tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes) {
+ mtx_enter(&tdb->tdb_mtx);
+ if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
+ (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) {
+ tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
+ mtx_leave(&tdb->tdb_mtx);
+ /* may sleep in solock() for the pfkey socket */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
/*
* Loop through mbuf chain; if we find a readonly mbuf,
-/* $OpenBSD: ip_esp.c,v 1.188 2021/11/21 16:17:48 mvs Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.189 2021/12/11 16:33:47 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
}
/* Notify on soft expiration */
+ mtx_enter(&tdb->tdb_mtx);
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) {
+ tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
+ mtx_leave(&tdb->tdb_mtx);
+ /* may sleep in solock() for the pfkey socket */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
/* Get crypto descriptors */
crp = crypto_getreq(esph && espx ? 2 : 1);
espstat_add(esps_obytes, m->m_pkthdr.len - skip);
/* Hard byte expiration. */
- if (tdb->tdb_flags & TDBF_BYTES &&
- tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes) {
+ if ((tdb->tdb_flags & TDBF_BYTES) &&
+ (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) {
ipsecstat_inc(ipsec_exctdb);
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb);
}
/* Soft byte expiration. */
- if (tdb->tdb_flags & TDBF_SOFT_BYTES &&
- tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes) {
+ mtx_enter(&tdb->tdb_mtx);
+ if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
+ (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) {
+ tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
+ mtx_leave(&tdb->tdb_mtx);
+ /* may sleep in solock() for the pfkey socket */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking. */
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
/*
* Loop through mbuf chain; if we find a readonly mbuf,
-/* $OpenBSD: ip_ipcomp.c,v 1.88 2021/11/21 16:17:48 mvs Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.89 2021/12/11 16:33:47 bluhm Exp $ */
/*
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
goto drop;
}
/* Notify on soft expiration */
+ mtx_enter(&tdb->tdb_mtx);
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) {
+ tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
+ mtx_leave(&tdb->tdb_mtx);
+ /* may sleep in solock() for the pfkey socket */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
/* In case it's not done already, adjust the size of the mbuf chain */
m->m_pkthdr.len = clen + hlen + skip;
error = EINVAL;
goto drop;
}
+
/* Soft byte expiration */
+ mtx_enter(&tdb->tdb_mtx);
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) {
+ tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
+ mtx_leave(&tdb->tdb_mtx);
+ /* may sleep in solock() for the pfkey socket */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
+
/*
* Loop through mbuf chain; if we find a readonly mbuf,
* copy the packet.
-/* $OpenBSD: ip_ipsp.c,v 1.263 2021/12/08 14:24:18 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.264 2021/12/11 16:33:47 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
#ifdef IPSEC
/* Setup a "silent" expiration (since TDBF_INVALID's set). */
if (ipsec_keep_invalid > 0) {
+ mtx_enter(&tdbp->tdb_mtx);
tdbp->tdb_flags |= TDBF_TIMER;
tdbp->tdb_exp_timeout = ipsec_keep_invalid;
if (timeout_add_sec(&tdbp->tdb_timer_tmo,
ipsec_keep_invalid))
tdb_ref(tdbp);
+ mtx_leave(&tdbp->tdb_mtx);
}
#endif
struct tdb *tdb = v;
NET_LOCK();
+ mtx_enter(&tdb->tdb_mtx);
if (tdb->tdb_flags & TDBF_SOFT_TIMER) {
+ tdb->tdb_flags &= ~TDBF_SOFT_TIMER;
+ mtx_leave(&tdb->tdb_mtx);
/* Soft expirations. */
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_TIMER;
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
/* decrement refcount of the timeout argument */
tdb_unref(tdb);
NET_UNLOCK();
struct tdb *tdb = v;
NET_LOCK();
+ mtx_enter(&tdb->tdb_mtx);
if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) {
+ tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;
+ mtx_leave(&tdb->tdb_mtx);
/* If the TDB hasn't been used, don't renew it. */
if (tdb->tdb_first_use != 0)
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
- tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;
- }
+ } else
+ mtx_leave(&tdb->tdb_mtx);
/* decrement refcount of the timeout argument */
tdb_unref(tdb);
NET_UNLOCK();
void
tdb_deltimeouts(struct tdb *tdbp)
{
+ mtx_enter(&tdbp->tdb_mtx);
+ tdbp->tdb_flags &= ~(TDBF_FIRSTUSE | TDBF_SOFT_FIRSTUSE | TDBF_TIMER |
+ TDBF_SOFT_TIMER);
if (timeout_del(&tdbp->tdb_timer_tmo))
tdb_unref(tdbp);
if (timeout_del(&tdbp->tdb_first_tmo))
tdb_unref(tdbp);
if (timeout_del(&tdbp->tdb_sfirst_tmo))
tdb_unref(tdbp);
+ mtx_leave(&tdbp->tdb_mtx);
}
struct tdb *
{
NET_ASSERT_LOCKED();
- if (tdbp->tdb_flags & TDBF_DELETED)
+ mtx_enter(&tdbp->tdb_mtx);
+ if (tdbp->tdb_flags & TDBF_DELETED) {
+ mtx_leave(&tdbp->tdb_mtx);
return;
+ }
tdbp->tdb_flags |= TDBF_DELETED;
+ mtx_leave(&tdbp->tdb_mtx);
if (locked)
tdb_unlink_locked(tdbp);
else
tdbp = pool_get(&tdb_pool, PR_WAITOK | PR_ZERO);
refcnt_init(&tdbp->tdb_refcnt);
+ mtx_init(&tdbp->tdb_mtx, IPL_SOFTNET);
TAILQ_INIT(&tdbp->tdb_policy_head);
/* Record establishment time. */
KASSERT(tdbp->tdb_inext == NULL);
/* Remove expiration timeouts. */
- tdbp->tdb_flags &= ~(TDBF_FIRSTUSE | TDBF_SOFT_FIRSTUSE | TDBF_TIMER |
- TDBF_SOFT_TIMER);
KASSERT(timeout_pending(&tdbp->tdb_timer_tmo) == 0);
KASSERT(timeout_pending(&tdbp->tdb_first_tmo) == 0);
KASSERT(timeout_pending(&tdbp->tdb_stimer_tmo) == 0);
-/* $OpenBSD: ip_ipsp.h,v 1.229 2021/12/08 14:24:18 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.230 2021/12/11 16:33:47 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
* I immutable after creation
* N net lock
* s tdb_sadb_mtx
+ * m tdb_mtx
*/
struct tdb { /* tunnel descriptor block */
/*
struct tdb *tdb_onext;
struct refcnt tdb_refcnt;
+ struct mutex tdb_mtx;
const struct xformsw *tdb_xform; /* Transform to use */
const struct enc_xform *tdb_encalgxform; /* Enc algorithm */
"\21USEDTUNNEL\22UDPENCAP\23PFSYNC\24PFSYNC_RPL" \
"\25ESN")
- u_int32_t tdb_flags; /* Flags related to this TDB */
+ u_int32_t tdb_flags; /* [m] Flags related to this TDB */
struct timeout tdb_timer_tmo;
struct timeout tdb_first_tmo;
-/* $OpenBSD: ipsec_output.c,v 1.93 2021/12/02 12:39:15 bluhm Exp $ */
+/* $OpenBSD: ipsec_output.c,v 1.94 2021/12/11 16:33:47 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
}
/* Remember that we appended a tunnel header. */
+ mtx_enter(&tdb->tdb_mtx);
tdb->tdb_flags |= TDBF_USEDTUNNEL;
+ mtx_leave(&tdb->tdb_mtx);
}
}
projects / openbsd / commitdiff