Reintroduce the TDBF_DELETED flag. Checking next pointer to figure

out whether the TDB is linked to the hash bucket does not work.
This fixes removal of SAs that could not be flushed with ipsecctl -F.
OK tobhe@

1 files changed, 5 insertions, 4 deletions

diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index a810e382d46..70f70ca9e59 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.h,v 1.225 2021/12/01 12:51:09 bluhm Exp $	*/
+/*	$OpenBSD: ip_ipsp.h,v 1.226 2021/12/01 22:34:31 bluhm Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -337,6 +337,7 @@ struct tdb {				/* tunnel descriptor block */
 #define	TDBF_ALLOCATIONS	0x00008	/* Check the flows counters */
 #define	TDBF_INVALID		0x00010	/* This SPI is not valid yet/anymore */
 #define	TDBF_FIRSTUSE		0x00020	/* Expire after first use */
+#define	TDBF_DELETED		0x00040	/* This TDB has already been deleted */
 #define	TDBF_SOFT_TIMER		0x00080	/* Soft expiration */
 #define	TDBF_SOFT_BYTES		0x00100	/* Soft expiration */
 #define	TDBF_SOFT_ALLOCATIONS	0x00200	/* Soft expiration */
@@ -351,7 +352,7 @@ struct tdb {				/* tunnel descriptor block */
 
 #define TDBF_BITS ("\20" \
 	"\1UNIQUE\2TIMER\3BYTES\4ALLOCATIONS" \
-	"\5INVALID\6FIRSTUSE\10SOFT_TIMER" \
+	"\5INVALID\6FIRSTUSE\7DELETED\10SOFT_TIMER" \
 	"\11SOFT_BYTES\12SOFT_ALLOCATIONS\13SOFT_FIRSTUSE\14PFS" \
 	"\15TUNNELING" \
 	"\21USEDTUNNEL\22UDPENCAP\23PFSYNC\24PFSYNC_RPL" \
@@ -573,8 +574,8 @@ struct	tdb *tdb_ref(struct tdb *);
 void	tdb_unref(struct tdb *);
 void	tdb_free(struct tdb *);
 int	tdb_init(struct tdb *, u_int16_t, struct ipsecinit *);
-int	tdb_unlink(struct tdb *);
-int	tdb_unlink_locked(struct tdb *);
+void	tdb_unlink(struct tdb *);
+void	tdb_unlink_locked(struct tdb *);
 void	tdb_unbundle(struct tdb *);
 void	tdb_deltimeouts(struct tdb *);
 int	tdb_walk(u_int, int (*)(struct tdb *, void *, int), void *);