-/* $OpenBSD: pfkeyv2.c,v 1.226 2021/12/03 19:04:49 tobhe Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.227 2021/12/08 14:24:18 bluhm Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
int rval, i;
void *p;
+ NET_ASSERT_LOCKED();
+
/* Find how much space we need */
i = sizeof(struct sadb_sa) + sizeof(struct sadb_lifetime) +
sizeof(struct sadb_x_counter);
int rval = 0;
int i;
+ NET_ASSERT_LOCKED();
+
switch (tdb->tdb_sproto) {
case IPPROTO_AH:
case IPPROTO_ESP:
-/* $OpenBSD: ip_ipsp.c,v 1.262 2021/12/07 17:28:46 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.263 2021/12/08 14:24:18 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
u_int32_t spi;
int nums;
- NET_ASSERT_LOCKED();
-
/* Don't accept ranges only encompassing reserved SPIs. */
if (sproto != IPPROTO_IPCOMP &&
(tspi < sspi || tspi <= SPI_RESERVED_MAX)) {
u_int32_t hashval;
struct tdb *tdbp;
+ NET_ASSERT_LOCKED();
+
mtx_enter(&tdb_sadb_mtx);
hashval = tdb_hash(spi, dst, proto);
mtx_enter(&tdb_sadb_mtx);
hashval = tdb_hash(0, src, proto);
- for (tdbp = tdbsrc[hashval]; tdbp != NULL; tdbp = tdbp->tdb_snext)
+ for (tdbp = tdbsrc[hashval]; tdbp != NULL; tdbp = tdbp->tdb_snext) {
if (tdbp->tdb_sproto == proto &&
(spi == 0 || tdbp->tdb_spi == spi) &&
((!reverse && tdbp->tdb_rdomain == rdomain) ||
!memcmp(&tdbp->tdb_dst, dst, dst->sa.sa_len)) &&
!memcmp(&tdbp->tdb_src, src, src->sa.sa_len))
break;
-
+ }
if (tdbp != NULL) {
tdb_ref(tdbp);
mtx_leave(&tdb_sadb_mtx);
su_null.sa.sa_len = sizeof(struct sockaddr);
hashval = tdb_hash(0, &su_null, proto);
- for (tdbp = tdbsrc[hashval]; tdbp != NULL; tdbp = tdbp->tdb_snext)
+ for (tdbp = tdbsrc[hashval]; tdbp != NULL; tdbp = tdbp->tdb_snext) {
if (tdbp->tdb_sproto == proto &&
(spi == 0 || tdbp->tdb_spi == spi) &&
((!reverse && tdbp->tdb_rdomain == rdomain) ||
!memcmp(&tdbp->tdb_dst, dst, dst->sa.sa_len)) &&
tdbp->tdb_src.sa.sa_family == AF_UNSPEC)
break;
-
+ }
tdb_ref(tdbp);
mtx_leave(&tdb_sadb_mtx);
return tdbp;
mtx_enter(&tdb_sadb_mtx);
hashval = tdb_hash(0, src, sproto);
- for (tdbp = tdbsrc[hashval]; tdbp != NULL; tdbp = tdbp->tdb_snext)
+ for (tdbp = tdbsrc[hashval]; tdbp != NULL; tdbp = tdbp->tdb_snext) {
if ((tdbp->tdb_sproto == sproto) &&
(tdbp->tdb_rdomain == rdomain) &&
((tdbp->tdb_flags & TDBF_INVALID) == 0) &&
continue;
break;
}
-
+ }
tdb_ref(tdbp);
mtx_leave(&tdb_sadb_mtx);
return tdbp;
if (tdbsrc[hashval] == tdbp) {
tdbsrc[hashval] = tdbp->tdb_snext;
- }
- else {
+ } else {
for (tdbpp = tdbsrc[hashval]; tdbpp != NULL;
tdbpp = tdbpp->tdb_snext) {
if (tdbpp->tdb_snext == tdbp) {
{
struct tdb *tdbp;
- NET_ASSERT_LOCKED();
-
tdbp = pool_get(&tdb_pool, PR_WAITOK | PR_ZERO);
refcnt_init(&tdbp->tdb_refcnt);
-/* $OpenBSD: ip_ipsp.h,v 1.228 2021/12/07 17:28:46 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.229 2021/12/08 14:24:18 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
#define IPSP_IDENTITY_USERFQDN 3
#define IPSP_IDENTITY_ASN1_DN 4
+/*
+ * Locks used to protect struct members in this file:
+ * I immutable after creation
+ * N net lock
+ * s tdb_sadb_mtx
+ */
struct tdb { /* tunnel descriptor block */
/*
* Each TDB is on three hash tables: one keyed on dst/spi/sproto,
* policy matching. The following three fields maintain the hash
* queues in those three tables.
*/
- struct tdb *tdb_hnext; /* dst/spi/sproto table */
- struct tdb *tdb_dnext; /* dst/sproto table */
- struct tdb *tdb_snext; /* src/sproto table */
+ struct tdb *tdb_hnext; /* [s] dst/spi/sproto table */
+ struct tdb *tdb_dnext; /* [s] dst/sproto table */
+ struct tdb *tdb_snext; /* [s] src/sproto table */
struct tdb *tdb_inext;
struct tdb *tdb_onext;
struct tdb_data tdb_data; /* stats about this TDB */
u_int64_t tdb_cryptoid; /* Crypto session ID */
- u_int32_t tdb_spi; /* SPI */
+ u_int32_t tdb_spi; /* [I] SPI */
u_int16_t tdb_amxkeylen; /* Raw authentication key length */
u_int16_t tdb_emxkeylen; /* Raw encryption key length */
u_int16_t tdb_ivlen; /* IV length */
- u_int8_t tdb_sproto; /* IPsec protocol */
+ u_int8_t tdb_sproto; /* [I] IPsec protocol */
u_int8_t tdb_wnd; /* Replay window */
u_int8_t tdb_satype; /* SA type (RFC2367, PF_KEY) */
u_int8_t tdb_updates; /* pfsync update counter */
- union sockaddr_union tdb_dst; /* Destination address */
- union sockaddr_union tdb_src; /* Source address */
+ union sockaddr_union tdb_dst; /* [N] Destination address */
+ union sockaddr_union tdb_src; /* [N] Source address */
u_int8_t *tdb_amxkey; /* Raw authentication key */
u_int8_t *tdb_emxkey; /* Raw encryption key */
u_int16_t tdb_tag; /* Packet filter tag */
u_int32_t tdb_tap; /* Alternate enc(4) interface */
- u_int tdb_rdomain; /* Routing domain */
- u_int tdb_rdomain_post; /* Change domain */
+ u_int tdb_rdomain; /* [I] Routing domain */
+ u_int tdb_rdomain_post; /* [I] Change domain */
struct sockaddr_encap tdb_filter; /* What traffic is acceptable */
struct sockaddr_encap tdb_filtermask; /* And the mask */
-/* $OpenBSD: ipsec_input.c,v 1.196 2021/12/02 13:46:42 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.197 2021/12/08 14:24:18 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
first = gettdbbysrcdst_rev(rdomain, 0, su_src, su_dst, IPPROTO_ESP);
+ mtx_enter(&tdb_sadb_mtx);
for (tdbp = first; tdbp != NULL; tdbp = tdbp->tdb_snext) {
if (tdbp->tdb_sproto == IPPROTO_ESP &&
((tdbp->tdb_flags & (TDBF_INVALID|TDBF_UDPENCAP)) ==
TDBF_UDPENCAP) &&
!memcmp(&tdbp->tdb_dst, &dst, su_dst->sa.sa_len) &&
- !memcmp(&tdbp->tdb_src, &src, su_src->sa.sa_len)) {
+ !memcmp(&tdbp->tdb_src, &src, su_src->sa.sa_len))
ipsec_set_mtu(tdbp, mtu);
- }
}
+ mtx_leave(&tdb_sadb_mtx);
tdb_unref(first);
}
projects / openbsd / commitdiff