anyone?
> On 19 Jul 2021, at 01:21, Vitaliy Makkoveev <m...@openbsd.org> wrote:
>
> ping?
>
> The diff below updated to the most recent source.
>
> Index: sys/netinet/ip_ipsp.h
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_ipsp.h,v
> retrieving revision 1.203
> diff -u -p -r1.203 ip_ipsp.h
> --- sys/netinet/ip_ipsp.h 18 Jul 2021 18:19:22 -0000 1.203
> +++ sys/netinet/ip_ipsp.h 18 Jul 2021 22:19:28 -0000
> @@ -45,6 +45,12 @@
> #include <sys/types.h>
> #include <netinet/in.h>
>
> +/*
> + * Locks used to protect struct members in this file:
> + * I Immutable after creation
> + * N netlock
> + */
> +
> union sockaddr_union {
> struct sockaddr sa;
> struct sockaddr_in sin;
> @@ -226,37 +232,38 @@ struct ipsec_id {
> };
>
> struct ipsec_ids {
> - LIST_ENTRY(ipsec_ids) id_gc_list;
> - RBT_ENTRY(ipsec_ids) id_node_id;
> - RBT_ENTRY(ipsec_ids) id_node_flow;
> - struct ipsec_id *id_local;
> - struct ipsec_id *id_remote;
> - u_int32_t id_flow;
> - int id_refcount;
> - u_int id_gc_ttl;
> + LIST_ENTRY(ipsec_ids) id_gc_list; /* [N] */
> + RBT_ENTRY(ipsec_ids) id_node_id; /* [N] */
> + RBT_ENTRY(ipsec_ids) id_node_flow; /* [N] */
> + struct ipsec_id *id_local; /* [I] */
> + struct ipsec_id *id_remote; /* [I] */
> + u_int32_t id_flow; /* [I] */
> + int id_refcount; /* [N] */
> + u_int id_gc_ttl; /* [N] */
> };
> RBT_HEAD(ipsec_ids_flows, ipsec_ids);
> RBT_HEAD(ipsec_ids_tree, ipsec_ids);
>
> struct ipsec_acquire {
> - union sockaddr_union ipa_addr;
> - u_int32_t ipa_seq;
> - struct sockaddr_encap ipa_info;
> - struct sockaddr_encap ipa_mask;
> + union sockaddr_union ipa_addr; /* [I] */
> + u_int32_t ipa_seq; /* [I] */
> + struct sockaddr_encap ipa_info; /* [I] */
> + struct sockaddr_encap ipa_mask; /* [I] */
> struct timeout ipa_timeout;
> - struct ipsec_policy *ipa_policy;
> - struct inpcb *ipa_pcb;
> - TAILQ_ENTRY(ipsec_acquire) ipa_ipo_next;
> - TAILQ_ENTRY(ipsec_acquire) ipa_next;
> + struct ipsec_policy *ipa_policy; /* [I] */
> + struct inpcb *ipa_pcb; /* [I] */
> + TAILQ_ENTRY(ipsec_acquire) ipa_ipo_next; /* [N] */
> + TAILQ_ENTRY(ipsec_acquire) ipa_next; /* [N] */
> };
>
> struct ipsec_policy {
> struct radix_node ipo_nodes[2]; /* radix tree glue */
> - struct sockaddr_encap ipo_addr;
> - struct sockaddr_encap ipo_mask;
> + struct sockaddr_encap ipo_addr; /* [I] */
> + struct sockaddr_encap ipo_mask; /* [I] */
>
> - union sockaddr_union ipo_src; /* Local address to use */
> - union sockaddr_union ipo_dst; /* Remote gateway -- if it's
> zeroed:
> + union sockaddr_union ipo_src; /* [N] Local address to use */
> + union sockaddr_union ipo_dst; /* [N] Remote gateway --
> + * if it's zeroed:
> * - on output, we try to
> * contact the remote host
> * directly (if needed).
> @@ -267,22 +274,28 @@ struct ipsec_policy {
> * mode was used.
> */
>
> - u_int64_t ipo_last_searched; /* Timestamp of last
> lookup */
> -
> - u_int8_t ipo_flags; /* See IPSP_POLICY_*
> definitions */
> - u_int8_t ipo_type; /* USE/ACQUIRE/... */
> - u_int8_t ipo_sproto; /* ESP/AH; if zero, use system
> dflts */
> - u_int ipo_rdomain;
> -
> - int ipo_ref_count;
> -
> - struct tdb *ipo_tdb; /* Cached entry */
> -
> - struct ipsec_ids *ipo_ids;
> + u_int64_t ipo_last_searched; /* [N] Timestamp
> + of last lookup */
>
> - TAILQ_HEAD(ipo_acquires_head, ipsec_acquire) ipo_acquires; /* List of
> acquires */
> - TAILQ_ENTRY(ipsec_policy) ipo_tdb_next; /* List TDB policies */
> - TAILQ_ENTRY(ipsec_policy) ipo_list; /* List of all policies
> */
> + u_int8_t ipo_flags; /* [N] See IPSP_POLICY_*
> + definitions */
> + u_int8_t ipo_type; /* [N] USE/ACQUIRE/... */
> + u_int8_t ipo_sproto; /* [N] ESP/AH; if zero,
> + use system dflts */
> + u_int ipo_rdomain; /* [I] */
> +
> + int ipo_ref_count; /* [N] */
> +
> + struct tdb *ipo_tdb; /* [N] Cached entry */
> +
> + struct ipsec_ids *ipo_ids; /* [N] */
> +
> + TAILQ_HEAD(ipo_acquires_head, ipsec_acquire) ipo_acquires; /* [N]
> + List of acquires */
> + TAILQ_ENTRY(ipsec_policy) ipo_tdb_next; /* [N] List TDB
> + policies */
> + TAILQ_ENTRY(ipsec_policy) ipo_list; /* [N] List of all
> + policies */
> };
>
> #define IPSP_POLICY_NONE 0x0000 /* No flags set */
>