diff options
| author | sam <sam@FreeBSD.org> | 2003-09-29 22:57:43 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2003-09-29 22:57:43 +0000 |
| commit | 0a6c1d4242d4d23328bf77b152fe0864e2db7f35 (patch) | |
| tree | 8a7531562577bbc1732a8f3b1aa8301245449cab /sys/netipsec/keydb.h | |
| parent | 9dc7c620e432a011a3fdcfb8183076ad041baeac (diff) | |
| download | FreeBSD-src-0a6c1d4242d4d23328bf77b152fe0864e2db7f35.zip FreeBSD-src-0a6c1d4242d4d23328bf77b152fe0864e2db7f35.tar.gz | |
MFp4: portability work, general cleanup, locking fixes
change 38496
o add ipsec_osdep.h that holds os-specific definitions for portability
o s/KASSERT/IPSEC_ASSERT/ for portability
o s/SPLASSERT/IPSEC_SPLASSERT/ for portability
o remove function names from ASSERT strings since line#+file pinpints
the location
o use __func__ uniformly to reduce string storage
o convert some random #ifdef DIAGNOSTIC code to assertions
o remove some debuggging assertions no longer needed
change 38498
o replace numerous bogus panic's with equally bogus assertions
that at least go away on a production system
change 38502 + 38530
o change explicit mtx operations to #defines to simplify
future changes to a different lock type
change 38531
o hookup ipv4 ctlinput paths to a noop routine; we should be
handling path mtu changes at least
o correct potential null pointer deref in ipsec4_common_input_cb
chnage 38685
o fix locking for bundled SA's and for when key exchange is required
change 38770
o eliminate recursion on the SAHTREE lock
change 38804
o cleanup some types: long -> time_t
o remove refrence to dead #define
change 38805
o correct some types: long -> time_t
o add scan generation # to secpolicy to deal with locking issues
change 38806
o use LIST_FOREACH_SAFE instead of handrolled code
o change key_flush_spd to drop the sptree lock before purging
an entry to avoid lock recursion and to avoid holding the lock
over a long-running operation
o misc cleanups of tangled and twisty code
There is still much to do here but for now things look to be
working again.
Supported by: FreeBSD Foundation
Diffstat (limited to 'sys/netipsec/keydb.h')
| -rw-r--r-- | sys/netipsec/keydb.h | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h index 93773fb..1ba8eb1 100644 --- a/sys/netipsec/keydb.h +++ b/sys/netipsec/keydb.h @@ -102,7 +102,7 @@ struct secasvar { size_t schedlen; struct secreplay *replay; /* replay prevention */ - long created; /* for lifetime */ + time_t created; /* for lifetime */ struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ struct sadb_lifetime *lft_h; /* HARD lifetime */ @@ -125,6 +125,13 @@ struct secasvar { u_int64_t tdb_cryptoid; /* crypto session id */ }; +#define SECASVAR_LOCK_INIT(_sav) \ + mtx_init(&(_sav)->lock, "ipsec association", NULL, MTX_DEF) +#define SECASVAR_LOCK(_sav) mtx_lock(&(_sav)->lock) +#define SECASVAR_UNLOCK(_sav) mtx_unlock(&(_sav)->lock) +#define SECASVAR_LOCK_DESTROY(_sav) mtx_destroy(&(_sav)->lock) +#define SECASVAR_LOCK_ASSERT(_sav) mtx_assert(&(_sav)->lock, MA_OWNED) + /* replay prevention */ struct secreplay { u_int32_t count; @@ -142,7 +149,6 @@ struct secreg { struct socket *so; }; -#ifndef IPSEC_NONBLOCK_ACQUIRE /* acquiring list table. */ struct secacq { LIST_ENTRY(secacq) chain; @@ -150,10 +156,9 @@ struct secacq { struct secasindex saidx; u_int32_t seq; /* sequence number */ - long created; /* for lifetime */ + time_t created; /* for lifetime */ int count; /* for lifetime */ }; -#endif /* Sensitivity Level Specification */ /* nothing */ |
