Module Name: src
Committed By: ozaki-r
Date: Thu Aug 3 06:32:51 UTC 2017
Modified Files:
src/sys/netinet: tcp_input.c tcp_output.c
src/sys/netipsec: ipsec.c ipsec_input.c ipsec_netbsd.c ipsec_output.c
key.c key.h xform_ah.c xform_esp.c xform_ipcomp.c
Log Message:
Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be
actually freed in the future
KEY_SA_UNREF is still key_freesav so no functional change for now.
This change reduces diff of further changes.
To generate a diff of this commit:
cvs rdiff -u -r1.359 -r1.360 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.196 -r1.197 src/sys/netinet/tcp_output.c
cvs rdiff -u -r1.115 -r1.116 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.44 -r1.45 src/sys/netipsec/ipsec_netbsd.c
cvs rdiff -u -r1.57 -r1.58 src/sys/netipsec/ipsec_output.c
cvs rdiff -u -r1.205 -r1.206 src/sys/netipsec/key.c
cvs rdiff -u -r1.26 -r1.27 src/sys/netipsec/key.h
cvs rdiff -u -r1.70 -r1.71 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.68 -r1.69 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/xform_ipcomp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/tcp_input.c
diff -u src/sys/netinet/tcp_input.c:1.359 src/sys/netinet/tcp_input.c:1.360
--- src/sys/netinet/tcp_input.c:1.359 Fri Jul 7 01:37:34 2017
+++ src/sys/netinet/tcp_input.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.359 2017/07/07 01:37:34 ozaki-r Exp $ */
+/* $NetBSD: tcp_input.c,v 1.360 2017/08/03 06:32:51 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -148,7 +148,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.359 2017/07/07 01:37:34 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.360 2017/08/03 06:32:51 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -3448,12 +3448,12 @@ tcp_dooptions(struct tcpcb *tp, const u_
TCP_STATINC(TCP_STAT_GOODSIG);
key_sa_recordxfer(sav, m);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
return 0;
out:
if (sav != NULL)
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
return -1;
#endif
}
@@ -4714,7 +4714,7 @@ syn_cache_respond(struct syn_cache *sc,
if (sav) {
(void)tcp_signature(m, th, hlen, sav, sigp);
key_sa_recordxfer(sav, m);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
#endif
Index: src/sys/netinet/tcp_output.c
diff -u src/sys/netinet/tcp_output.c:1.196 src/sys/netinet/tcp_output.c:1.197
--- src/sys/netinet/tcp_output.c:1.196 Fri Jun 2 03:41:20 2017
+++ src/sys/netinet/tcp_output.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_output.c,v 1.196 2017/06/02 03:41:20 ozaki-r Exp $ */
+/* $NetBSD: tcp_output.c,v 1.197 2017/08/03 06:32:51 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -135,7 +135,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.196 2017/06/02 03:41:20 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.197 2017/08/03 06:32:51 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1505,7 +1505,7 @@ reset: TCP_REASS_UNLOCK(tp);
tcp_signature(m, th, (char *)th - mtod(m, char *), sav, sigp);
key_sa_recordxfer(sav, m);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
#endif
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.115 src/sys/netipsec/ipsec.c:1.116
--- src/sys/netipsec/ipsec.c:1.115 Wed Aug 2 04:03:28 2017
+++ src/sys/netipsec/ipsec.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.115 2017/08/02 04:03:28 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.116 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.115 2017/08/02 04:03:28 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.116 2017/08/03 06:32:51 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -815,7 +815,7 @@ ipsec4_forward(struct mbuf *m, int *dest
*destmtu -= ipsechdr;
}
rtcache_unref(rt, ro);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
KEY_SP_UNREF(&sp);
return 0;
@@ -1911,7 +1911,7 @@ ipsec_hdrsiz(const struct secpolicy *sp)
error = key_checkrequest(isr, &sav);
if (error == 0) {
clen = esp_hdrsiz(sav);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
} else
clen = esp_hdrsiz(NULL);
break;
@@ -1919,7 +1919,7 @@ ipsec_hdrsiz(const struct secpolicy *sp)
error = key_checkrequest(isr, &sav);
if (error == 0) {
clen = ah_hdrsiz(sav);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
} else
clen = ah_hdrsiz(NULL);
break;
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.50 src/sys/netipsec/ipsec_input.c:1.51
--- src/sys/netipsec/ipsec_input.c:1.50 Thu Aug 3 04:42:26 2017
+++ src/sys/netipsec/ipsec_input.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.50 2017/08/03 04:42:26 ozaki-r Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.51 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.50 2017/08/03 04:42:26 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.51 2017/08/03 06:32:51 ozaki-r Exp $");
/*
* IPsec input processing.
@@ -288,7 +288,7 @@ ipsec_common_input(struct mbuf *m, int s
* everything else.
*/
error = (*sav->tdb_xform->xf_input)(m, sav, skip, protoff);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
splx(s);
return error;
}
Index: src/sys/netipsec/ipsec_netbsd.c
diff -u src/sys/netipsec/ipsec_netbsd.c:1.44 src/sys/netipsec/ipsec_netbsd.c:1.45
--- src/sys/netipsec/ipsec_netbsd.c:1.44 Fri Jul 7 01:37:34 2017
+++ src/sys/netipsec/ipsec_netbsd.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_netbsd.c,v 1.44 2017/07/07 01:37:34 ozaki-r Exp $ */
+/* $NetBSD: ipsec_netbsd.c,v 1.45 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */
/* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.44 2017/07/07 01:37:34 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.45 2017/08/03 06:32:51 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -123,7 +123,7 @@ ah4_ctlinput(int cmd, const struct socka
offsetof(struct icmp, icmp_ip));
icmp_mtudisc(icp, ip->ip_dst);
}
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
}
return NULL;
@@ -168,7 +168,7 @@ esp4_ctlinput(int cmd, const struct sock
offsetof(struct icmp, icmp_ip));
icmp_mtudisc(icp, ip->ip_dst);
}
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
}
return NULL;
@@ -237,7 +237,7 @@ ah6_ctlinput(int cmd, const struct socka
if (sav) {
if (SADB_SASTATE_USABLE_P(sav))
valid++;
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
/* XXX Further validation? */
@@ -342,7 +342,7 @@ esp6_ctlinput(int cmd, const struct sock
if (sav) {
if (SADB_SASTATE_USABLE_P(sav))
valid++;
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
}
/* XXX Further validation? */
Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.57 src/sys/netipsec/ipsec_output.c:1.58
--- src/sys/netipsec/ipsec_output.c:1.57 Thu Jul 27 06:59:28 2017
+++ src/sys/netipsec/ipsec_output.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.57 2017/07/27 06:59:28 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.58 2017/08/03 06:32:51 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.57 2017/07/27 06:59:28 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.58 2017/08/03 06:32:51 ozaki-r Exp $");
/*
* IPsec output processing.
@@ -428,7 +428,7 @@ again:
" to policy (check your sysctls)\n");
IPSEC_OSTAT(PDROPS);
*error = EHOSTUNREACH;
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
goto bad;
}
@@ -491,7 +491,7 @@ ipsec4_process_packet(struct mbuf *m, st
if (ntohs(ip->ip_len) <= sav->esp_frag)
goto noneed;
*mtu = sav->esp_frag;
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
splx(s);
return 0;
}
@@ -605,11 +605,11 @@ noneed:
} else {
error = ipsec_process_done(m, isr, sav);
}
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
splx(s);
return error;
unrefsav:
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
bad:
splx(s);
if (m)
@@ -791,11 +791,11 @@ ipsec6_process_packet(
compute_ipsec_pos(m, &i, &off);
}
error = (*sav->tdb_xform->xf_output)(m, isr, sav, NULL, i, off);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
splx(s);
return error;
unrefsav:
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
bad:
splx(s);
if (m)
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.205 src/sys/netipsec/key.c:1.206
--- src/sys/netipsec/key.c:1.205 Thu Aug 3 06:31:58 2017
+++ src/sys/netipsec/key.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.205 2017/08/03 06:31:58 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.206 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.205 2017/08/03 06:31:58 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.206 2017/08/03 06:32:51 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -3147,7 +3147,7 @@ key_checkspidup(const struct secasindex
continue;
sav = key_getsavbyspi(sah, spi);
if (sav != NULL) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
return true;
}
}
@@ -5439,7 +5439,7 @@ key_api_update(struct socket *so, struct
return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
}
error:
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
return key_senderror(so, m, error);
}
@@ -5580,7 +5580,7 @@ key_api_add(struct socket *so, struct mb
/* We can create new SA only if SPI is differenct. */
sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
if (sav != NULL) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSECLOG(LOG_DEBUG, "SA already exists.\n");
return key_senderror(so, m, EEXIST);
}
@@ -5987,7 +5987,7 @@ key_api_get(struct socket *so, struct mb
/* map proto to satype */
satype = key_proto2satype(sah->saidx.proto);
if (satype == 0) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSECLOG(LOG_DEBUG, "there was invalid proto in SAD.\n");
return key_senderror(so, m, EINVAL);
}
@@ -5995,7 +5995,7 @@ key_api_get(struct socket *so, struct mb
/* create new sadb_msg to reply. */
n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
mhp->msg->sadb_msg_pid);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
if (!n)
return key_senderror(so, m, ENOBUFS);
Index: src/sys/netipsec/key.h
diff -u src/sys/netipsec/key.h:1.26 src/sys/netipsec/key.h:1.27
--- src/sys/netipsec/key.h:1.26 Wed Aug 2 01:28:03 2017
+++ src/sys/netipsec/key.h Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.h,v 1.26 2017/08/02 01:28:03 ozaki-r Exp $ */
+/* $NetBSD: key.h,v 1.27 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $ */
@@ -83,6 +83,8 @@ void key_socksplist_add(struct secpolicy
key_sp_ref(sp, __func__, __LINE__)
#define KEY_SA_REF(sav) \
key_sa_ref(sav, __func__, __LINE__)
+#define KEY_SA_UNREF(psav) \
+ key_freesav(psav, __func__, __LINE__)
struct secasvar *key_lookup_sa(const union sockaddr_union *,
u_int, u_int32_t, u_int16_t, u_int16_t, const char*, int);
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.70 src/sys/netipsec/xform_ah.c:1.71
--- src/sys/netipsec/xform_ah.c:1.70 Wed Aug 2 01:28:03 2017
+++ src/sys/netipsec/xform_ah.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.70 2017/08/02 01:28:03 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.71 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.70 2017/08/02 01:28:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.71 2017/08/03 06:32:51 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -817,7 +817,7 @@ ah_input_cb(struct cryptop *crp)
sav = tc->tc_sav;
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
sport, dport);
if (sav == NULL) {
@@ -932,12 +932,12 @@ ah_input_cb(struct cryptop *crp)
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
if (m != NULL)
m_freem(m);
@@ -1215,7 +1215,7 @@ ah_output_cb(struct cryptop *crp)
goto bad;
}
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
if (sav == NULL) {
AH_STATINC(AH_STAT_NOTDB);
@@ -1269,13 +1269,13 @@ ah_output_cb(struct cryptop *crp)
/* NB: m is reclaimed by ipsec_process_done. */
err = ipsec_process_done(m, isr, sav);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
KEY_SP_UNREF(&isr->sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
return err;
bad:
if (sav)
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
KEY_SP_UNREF(&isr->sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.68 src/sys/netipsec/xform_esp.c:1.69
--- src/sys/netipsec/xform_esp.c:1.68 Wed Aug 2 01:28:03 2017
+++ src/sys/netipsec/xform_esp.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.68 2017/08/02 01:28:03 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.69 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.68 2017/08/02 01:28:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.69 2017/08/03 06:32:51 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -521,7 +521,7 @@ esp_input_cb(struct cryptop *crp)
sav = tc->tc_sav;
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
sport, dport);
if (sav == NULL) {
@@ -549,7 +549,7 @@ esp_input_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -673,12 +673,12 @@ esp_input_cb(struct cryptop *crp)
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
if (m != NULL)
m_freem(m);
@@ -987,7 +987,7 @@ esp_output_cb(struct cryptop *crp)
goto bad;
}
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
if (sav == NULL) {
char buf[IPSEC_ADDRSTRLEN];
@@ -1046,13 +1046,13 @@ esp_output_cb(struct cryptop *crp)
/* NB: m is reclaimed by ipsec_process_done. */
err = ipsec_process_done(m, isr, sav);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
KEY_SP_UNREF(&isr->sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
return err;
bad:
if (sav)
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
KEY_SP_UNREF(&isr->sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.49 src/sys/netipsec/xform_ipcomp.c:1.50
--- src/sys/netipsec/xform_ipcomp.c:1.49 Wed Aug 2 01:28:03 2017
+++ src/sys/netipsec/xform_ipcomp.c Thu Aug 3 06:32:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.49 2017/08/02 01:28:03 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.50 2017/08/03 06:32:51 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.49 2017/08/02 01:28:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.50 2017/08/03 06:32:51 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -259,7 +259,7 @@ ipcomp_input_cb(struct cryptop *crp)
sav = tc->tc_sav;
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi,
sport, dport);
if (sav == NULL) {
@@ -282,7 +282,7 @@ ipcomp_input_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -348,12 +348,12 @@ ipcomp_input_cb(struct cryptop *crp)
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
m_freem(m);
@@ -555,7 +555,7 @@ ipcomp_output_cb(struct cryptop *crp)
goto bad;
}
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
if (sav == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
@@ -660,13 +660,13 @@ ipcomp_output_cb(struct cryptop *crp)
/* NB: m is reclaimed by ipsec_process_done. */
error = ipsec_process_done(m, isr, sav);
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
KEY_SP_UNREF(&isr->sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
- KEY_FREESAV(&sav);
+ KEY_SA_UNREF(&sav);
KEY_SP_UNREF(&isr->sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
