Module Name: src Committed By: martin Date: Mon Apr 16 14:31:44 UTC 2018
Modified Files: src/sys/netipsec [netbsd-8]: key.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #766): sys/netipsec/key.c: revision 1.250 Removed the unnecessary order check of key_lookup_sa key_prefered_oldsa flag can change the sa to use if an sah has multiple sav. However the multiple saves whose protocol is ah, esp, or tcp cannot exist because their duplications are checked by the spi value. Although the multiple saves can exist in the case of ipcomp, the values using in the post processing are same between the saves. For those reasons, it is no need to select an sav by its lifetime. In addition, FreeBSD has already remove this. reviewed by ozaki-r@n.o, thanks. To generate a diff of this commit: cvs rdiff -u -r1.163.2.7 -r1.163.2.8 src/sys/netipsec/key.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/key.c diff -u src/sys/netipsec/key.c:1.163.2.7 src/sys/netipsec/key.c:1.163.2.8 --- src/sys/netipsec/key.c:1.163.2.7 Wed Mar 7 13:46:41 2018 +++ src/sys/netipsec/key.c Mon Apr 16 14:31:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.163.2.7 2018/03/07 13:46:41 martin Exp $ */ +/* $NetBSD: key.c,v 1.163.2.8 2018/04/16 14:31:44 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.7 2018/03/07 13:46:41 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.8 2018/04/16 14:31:44 martin Exp $"); /* * This code is referred to RFC 2367 @@ -427,6 +427,12 @@ static const u_int saorder_state_any[] = _i < __arraycount(saorder_state_any) ? \ (s) = saorder_state_any[_i], true : false; \ _i++) +#define SASTATE_USABLE_FOREACH(s) \ + for (int _i = 0; \ + _i < __arraycount(saorder_state_valid_prefer_new) ? \ + (s) = saorder_state_valid_prefer_new[_i], \ + true : false; \ + _i++) static const int minsize[] = { sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ @@ -1199,9 +1205,8 @@ key_lookup_sa( { struct secashead *sah; struct secasvar *sav; - u_int stateidx, state; - const u_int *saorder_state_valid; - int arraysize, chkport; + u_int state; + int chkport; int s; int must_check_spi = 1; @@ -1245,18 +1250,10 @@ key_lookup_sa( * IPsec tunnel packet is received. But ESP tunnel mode is * encrypted so we can't check internal IP header. */ - if (key_prefered_oldsa) { - saorder_state_valid = saorder_state_valid_prefer_old; - arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); - } else { - saorder_state_valid = saorder_state_valid_prefer_new; - arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); - } s = pserialize_read_enter(); SAHLIST_READER_FOREACH(sah) { /* search valid state */ - for (stateidx = 0; stateidx < arraysize; stateidx++) { - state = saorder_state_valid[stateidx]; + SASTATE_USABLE_FOREACH(state) { SAVLIST_READER_FOREACH(sav, sah, state) { KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "try match spi %#x, %#x\n",