- cleanup SP refcnt issue.

- share policy-on-socket for listening socket. - don't copy policy-on-socket at all. secpolicy no longer contain spidx, which saves a lot of memory. - deep-copy pcb policy if it is an ipsec policy. assign ID field to all SPD entries. make it possible for racoon to grab SPD entry on pcb. - fixed the order of searching SA table for packets. - fixed to get a security association header. a mode is always needed to compare them. - fixed that the incorrect time was set to sadb_comb_{hard|soft}_usetime. - disallow port spec for tunnel mode policy (as we don't reassemble). - an user can define a policy-id. - clear enc/auth key before freeing. - fixed that the kernel crashed when key_spdacquire() was called because key_spdacquire() had been implemented imcopletely. - preparation for 64bit sequence number. - maintain ordered list of SA, based on SA id. - cleanup secasvar management; refcnt is key.c responsibility; alloc/free is keydb.c responsibility. - cleanup, avoid double-loop. - use hash for spi-based lookup. - mark persistent SP "persistent". XXX in theory refcnt should do the right thing, however, we have "spdflush" which would touch all SPs. another solution would be to de-register persistent SPs from sptree. - u_short -> u_int16_t - reduce kernel stack usage by auto variable secasindex. - clarify function name confusion. ipsec_*_policy -> ipsec_*_pcbpolicy. - avoid variable name confusion. (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct secpolicy *) - count number of ipsec encapsulations on ipsec4_output, so that we can tell ip_output() how to handle the packet further. - When the value of the ul_proto is ICMP or ICMPV6, the port field in "src" of the spidx specifies ICMP type, and the port field in "dst" of the spidx specifies ICMP code. - avoid from applying IPsec transport mode to the packets when the kernel forwards the packets. Tested by: nork Obtained from: KAME
author: ume <ume@FreeBSD.org> 2003-11-04 16:02:05 +0000
committer: ume <ume@FreeBSD.org> 2003-11-04 16:02:05 +0000
commit: 373abd94036be0e5643f5134aa9fb8bb694d1624 (patch)
tree: fdad404b77778d90d4bdccd4cb96415d0821c8d5 /sys/netkey/key_debug.c
parent: b5882bdf826f86fe99c8ba32265622dcc6139367 (diff)
download: FreeBSD-src-373abd94036be0e5643f5134aa9fb8bb694d1624.zip
FreeBSD-src-373abd94036be0e5643f5134aa9fb8bb694d1624.tar.gz
1 files changed, 13 insertions, 12 deletions
diff --git a/sys/netkey/key_debug.c b/sys/netkey/key_debug.c
index 35ed02f..a0de240 100644
--- a/sys/netkey/key_debug.c
+++ b/sys/netkey/key_debug.c
@@ -1,4 +1,4 @@
-/*	$KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $	*/
+/*	$KAME: key_debug.c,v 1.38 2003/09/06 05:15:44 itojun Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -562,10 +562,11 @@ kdebug_secpolicy(sp)
 	if (sp == NULL)
 		panic("kdebug_secpolicy: NULL pointer was passed.");
 
-	printf("secpolicy{ refcnt=%u state=%u policy=%u\n",
-		sp->refcnt, sp->state, sp->policy);
+	printf("secpolicy{ refcnt=%u state=%u policy=%u dir=%u\n",
+		sp->refcnt, sp->state, sp->policy, sp->dir);
 
-	kdebug_secpolicyindex(&sp->spidx);
+	if (sp->spidx)
+		kdebug_secpolicyindex(sp->spidx);
 
 	switch (sp->policy) {
 	case IPSEC_POLICY_DISCARD:
@@ -611,8 +612,8 @@ kdebug_secpolicyindex(spidx)
 	if (spidx == NULL)
 		panic("kdebug_secpolicyindex: NULL pointer was passed.");
 
-	printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n",
-		spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto);
+	printf("secpolicyindex{ prefs=%u prefd=%u ul_proto=%u\n",
+	    spidx->prefs, spidx->prefd, spidx->ul_proto);
 
 	ipsec_hexdump((caddr_t)&spidx->src,
 		((struct sockaddr *)&spidx->src)->sa_len);
@@ -632,8 +633,7 @@ kdebug_secasindex(saidx)
 	if (saidx == NULL)
 		panic("kdebug_secpolicyindex: NULL pointer was passed.");
 
-	printf("secasindex{ mode=%u proto=%u\n",
-		saidx->mode, saidx->proto);
+	printf("secasindex{ mode=%u proto=%u\n", saidx->mode, saidx->proto);
 
 	ipsec_hexdump((caddr_t)&saidx->src,
 		((struct sockaddr *)&saidx->src)->sa_len);
@@ -697,8 +697,9 @@ kdebug_secreplay(rpl)
 	if (rpl == NULL)
 		panic("kdebug_secreplay: NULL pointer was passed.");
 
-	printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u",
-	    rpl->count, rpl->wsize, rpl->seq, rpl->lastseq);
+	printf(" secreplay{ count=%llu wsize=%u seq=%llu lastseq=%llu",
+	    (unsigned long long)rpl->count, rpl->wsize,
+	    (unsigned long long)rpl->seq, (unsigned long long)rpl->lastseq);
 
 	if (rpl->bitmap == NULL) {
 		printf(" }\n");
@@ -736,9 +737,9 @@ kdebug_mbufhdr(m)
 
 	if (m->m_flags & M_EXT) {
 		printf("  m_ext{ ext_buf:%p ext_free:%p "
-		       "ext_size:%u ref_cnt:%p }\n",
+		       "ext_size:%u }\n",
 			m->m_ext.ext_buf, m->m_ext.ext_free,
-			m->m_ext.ext_size, m->m_ext.ref_cnt);
+			m->m_ext.ext_size);
 	}
 
 	return;
author	ume <ume@FreeBSD.org>	2003-11-04 16:02:05 +0000
committer	ume <ume@FreeBSD.org>	2003-11-04 16:02:05 +0000
commit	373abd94036be0e5643f5134aa9fb8bb694d1624 (patch)
tree	fdad404b77778d90d4bdccd4cb96415d0821c8d5 /sys/netkey/key_debug.c
parent	b5882bdf826f86fe99c8ba32265622dcc6139367 (diff)
download	FreeBSD-src-373abd94036be0e5643f5134aa9fb8bb694d1624.zip FreeBSD-src-373abd94036be0e5643f5134aa9fb8bb694d1624.tar.gz