diff options
| author | Tobias Heider <tobhe@cvs.openbsd.org> | 2022-10-10 11:33:56 +0000 |
|---|---|---|
| committer | Tobias Heider <tobhe@cvs.openbsd.org> | 2022-10-10 11:33:56 +0000 |
| commit | f662978d935496bb9860f15fc0989fa5b7e3b91f (patch) | |
| tree | e8b8fe00c19dd213268572958be23c289c104e08 /sbin/iked/ikev2.c | |
| parent | 99139d51c5dbab938eec024a589b046b91a23c9a (diff) | |
Move enabling the policy refcounting from policy_ref() to config_free_policy().
In config_free_policy() the refcounting is unchanged and each SA linked to the
policy will trigger a call to policy_ref() and increase the references as
before the change. This allows unconditional calls to policy_ref() and
policy_unref() and the callers no longer have to check if IKED_POLICY_REFCNT
is set.
From and ok markus@
Diffstat (limited to 'sbin/iked/ikev2.c')
| -rw-r--r-- | sbin/iked/ikev2.c | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 0e2fb5f5f6f..9c13905d1c0 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.353 2022/09/21 22:32:10 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.354 2022/10/10 11:33:55 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -267,14 +267,8 @@ ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) if (old != sa->sa_policy) { /* Cleanup old policy */ TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); - - if (sa->sa_policy->pol_flags & IKED_POLICY_REFCNT) { - log_info("%s: sa %p old pol %p pol_refcnt %d", - __func__, sa, sa->sa_policy, sa->sa_policy->pol_refcnt); - policy_ref(env, sa->sa_policy); - } + policy_unref(env, old); + policy_ref(env, sa->sa_policy); TAILQ_INSERT_TAIL(&sa->sa_policy->pol_sapeers, sa, sa_peer_entry); } } @@ -978,15 +972,13 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, SPI_SA(sa, __func__)); ikev2_send_auth_failed(env, sa); TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); + policy_unref(env, old); return (-1); } if (msg->msg_policy != old) { /* Clean up old policy */ TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); + policy_unref(env, old); /* Update SA with new policy*/ if (sa_new(env, sa->sa_hdr.sh_ispi, @@ -1018,8 +1010,7 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, log_warnx("%s: policy mismatch", SPI_SA(sa, __func__)); ikev2_send_auth_failed(env, sa); TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); + policy_unref(env, old); return (-1); } /* restore */ @@ -5613,10 +5604,8 @@ ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); TAILQ_INSERT_TAIL(&sa->sa_policy->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); - if (sa->sa_policy->pol_flags & IKED_POLICY_REFCNT) - policy_ref(env, sa->sa_policy); + policy_unref(env, old); + policy_ref(env, sa->sa_policy); } sa_state(env, sa, IKEV2_STATE_SA_INIT); |