From: bluhm Date: Wed, 1 Dec 2021 22:34:31 +0000 (+0000) Subject: Reintroduce the TDBF_DELETED flag. Checking next pointer to figure X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2400aaebddc906029d6e636ba6455b83a11692b2;p=openbsd Reintroduce the TDBF_DELETED flag. Checking next pointer to figure out whether the TDB is linked to the hash bucket does not work. This fixes removal of SAs that could not be flushed with ipsecctl -F. OK tobhe@ --- diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index c0ed3701aac..aa4c9ed3173 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.224 2021/11/29 15:39:59 bluhm Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.225 2021/12/01 22:34:31 bluhm Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -1046,8 +1046,10 @@ pfkeyv2_sa_flush(struct tdb *tdb, void *satype_vp, int last) /* keep in sync with tdb_delete() */ NET_ASSERT_LOCKED(); - if (tdb_unlink_locked(tdb) == 0) + if (tdb->tdb_flags & TDBF_DELETED) return (0); + tdb->tdb_flags |= TDBF_DELETED; + tdb_unlink_locked(tdb); tdb_unbundle(tdb); tdb_deltimeouts(tdb); tdb_unref(tdb); diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 197720d8309..4da6d060096 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.258 2021/11/29 19:19:00 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.259 2021/12/01 22:34:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -843,18 +843,15 @@ puttdb_locked(struct tdb *tdbp) ipsec_last_added = getuptime(); } -int +void tdb_unlink(struct tdb *tdbp) { - int r; - mtx_enter(&tdb_sadb_mtx); - r = tdb_unlink_locked(tdbp); + tdb_unlink_locked(tdbp); mtx_leave(&tdb_sadb_mtx); - return (r); } -int +void tdb_unlink_locked(struct tdb *tdbp) { struct tdb *tdbpp; @@ -862,9 +859,6 @@ tdb_unlink_locked(struct tdb *tdbp) MUTEX_ASSERT_LOCKED(&tdb_sadb_mtx); - if (tdbp->tdb_dnext == NULL && tdbp->tdb_snext == NULL) - return (0); - hashval = tdb_hash(tdbp->tdb_spi, &tdbp->tdb_dst, tdbp->tdb_sproto); if (tdbh[hashval] == tdbp) { @@ -921,8 +915,6 @@ tdb_unlink_locked(struct tdb *tdbp) ipsecstat_inc(ipsec_prevtunnels); } #endif /* IPSEC */ - - return (1); } void @@ -984,8 +976,10 @@ tdb_delete(struct tdb *tdbp) /* keep in sync with pfkeyv2_sa_flush() */ NET_ASSERT_LOCKED(); - if (tdb_unlink(tdbp) == 0) + if (tdbp->tdb_flags & TDBF_DELETED) return; + tdbp->tdb_flags |= TDBF_DELETED; + tdb_unlink(tdbp); /* release tdb_onext/tdb_inext references */ tdb_unbundle(tdbp); /* delete timeouts and release references */ diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index a810e382d46..70f70ca9e59 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.225 2021/12/01 12:51:09 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.226 2021/12/01 22:34:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -337,6 +337,7 @@ struct tdb { /* tunnel descriptor block */ #define TDBF_ALLOCATIONS 0x00008 /* Check the flows counters */ #define TDBF_INVALID 0x00010 /* This SPI is not valid yet/anymore */ #define TDBF_FIRSTUSE 0x00020 /* Expire after first use */ +#define TDBF_DELETED 0x00040 /* This TDB has already been deleted */ #define TDBF_SOFT_TIMER 0x00080 /* Soft expiration */ #define TDBF_SOFT_BYTES 0x00100 /* Soft expiration */ #define TDBF_SOFT_ALLOCATIONS 0x00200 /* Soft expiration */ @@ -351,7 +352,7 @@ struct tdb { /* tunnel descriptor block */ #define TDBF_BITS ("\20" \ "\1UNIQUE\2TIMER\3BYTES\4ALLOCATIONS" \ - "\5INVALID\6FIRSTUSE\10SOFT_TIMER" \ + "\5INVALID\6FIRSTUSE\7DELETED\10SOFT_TIMER" \ "\11SOFT_BYTES\12SOFT_ALLOCATIONS\13SOFT_FIRSTUSE\14PFS" \ "\15TUNNELING" \ "\21USEDTUNNEL\22UDPENCAP\23PFSYNC\24PFSYNC_RPL" \ @@ -573,8 +574,8 @@ struct tdb *tdb_ref(struct tdb *); void tdb_unref(struct tdb *); void tdb_free(struct tdb *); int tdb_init(struct tdb *, u_int16_t, struct ipsecinit *); -int tdb_unlink(struct tdb *); -int tdb_unlink_locked(struct tdb *); +void tdb_unlink(struct tdb *); +void tdb_unlink_locked(struct tdb *); void tdb_unbundle(struct tdb *); void tdb_deltimeouts(struct tdb *); int tdb_walk(u_int, int (*)(struct tdb *, void *, int), void *);