From 0a6c1d4242d4d23328bf77b152fe0864e2db7f35 Mon Sep 17 00:00:00 2001 From: sam Date: Mon, 29 Sep 2003 22:57:43 +0000 Subject: MFp4: portability work, general cleanup, locking fixes change 38496 o add ipsec_osdep.h that holds os-specific definitions for portability o s/KASSERT/IPSEC_ASSERT/ for portability o s/SPLASSERT/IPSEC_SPLASSERT/ for portability o remove function names from ASSERT strings since line#+file pinpints the location o use __func__ uniformly to reduce string storage o convert some random #ifdef DIAGNOSTIC code to assertions o remove some debuggging assertions no longer needed change 38498 o replace numerous bogus panic's with equally bogus assertions that at least go away on a production system change 38502 + 38530 o change explicit mtx operations to #defines to simplify future changes to a different lock type change 38531 o hookup ipv4 ctlinput paths to a noop routine; we should be handling path mtu changes at least o correct potential null pointer deref in ipsec4_common_input_cb chnage 38685 o fix locking for bundled SA's and for when key exchange is required change 38770 o eliminate recursion on the SAHTREE lock change 38804 o cleanup some types: long -> time_t o remove refrence to dead #define change 38805 o correct some types: long -> time_t o add scan generation # to secpolicy to deal with locking issues change 38806 o use LIST_FOREACH_SAFE instead of handrolled code o change key_flush_spd to drop the sptree lock before purging an entry to avoid lock recursion and to avoid holding the lock over a long-running operation o misc cleanups of tangled and twisty code There is still much to do here but for now things look to be working again. Supported by: FreeBSD Foundation --- sys/netipsec/keydb.h | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'sys/netipsec/keydb.h') diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h index 93773fb..1ba8eb1 100644 --- a/sys/netipsec/keydb.h +++ b/sys/netipsec/keydb.h @@ -102,7 +102,7 @@ struct secasvar { size_t schedlen; struct secreplay *replay; /* replay prevention */ - long created; /* for lifetime */ + time_t created; /* for lifetime */ struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ struct sadb_lifetime *lft_h; /* HARD lifetime */ @@ -125,6 +125,13 @@ struct secasvar { u_int64_t tdb_cryptoid; /* crypto session id */ }; +#define SECASVAR_LOCK_INIT(_sav) \ + mtx_init(&(_sav)->lock, "ipsec association", NULL, MTX_DEF) +#define SECASVAR_LOCK(_sav) mtx_lock(&(_sav)->lock) +#define SECASVAR_UNLOCK(_sav) mtx_unlock(&(_sav)->lock) +#define SECASVAR_LOCK_DESTROY(_sav) mtx_destroy(&(_sav)->lock) +#define SECASVAR_LOCK_ASSERT(_sav) mtx_assert(&(_sav)->lock, MA_OWNED) + /* replay prevention */ struct secreplay { u_int32_t count; @@ -142,7 +149,6 @@ struct secreg { struct socket *so; }; -#ifndef IPSEC_NONBLOCK_ACQUIRE /* acquiring list table. */ struct secacq { LIST_ENTRY(secacq) chain; @@ -150,10 +156,9 @@ struct secacq { struct secasindex saidx; u_int32_t seq; /* sequence number */ - long created; /* for lifetime */ + time_t created; /* for lifetime */ int count; /* for lifetime */ }; -#endif /* Sensitivity Level Specification */ /* nothing */ -- cgit v1.1