Keep the PFKEY sequence number at the TDB, plus a little bit of KNF

3 files changed, 29 insertions, 25 deletions

diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index b74e6526a5d..9ff9265650b 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.c,v 1.136 2001/06/26 03:52:40 angelos Exp $	*/
+/*	$OpenBSD: ip_ipsp.c,v 1.137 2001/06/26 18:34:39 angelos Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -180,7 +180,7 @@ tdb_hash(u_int32_t spi, union sockaddr_union *dst, u_int8_t proto)
  */
 u_int32_t
 reserve_spi(u_int32_t sspi, u_int32_t tspi, union sockaddr_union *src,
-    union sockaddr_union *dst, u_int8_t sproto, int *errval)
+    union sockaddr_union *dst, u_int8_t sproto, int *errval, u_int32_t seq)
 {
 	struct tdb *tdbp;
 	u_int32_t spi;
@@ -229,6 +229,7 @@ reserve_spi(u_int32_t sspi, u_int32_t tspi, union sockaddr_union *src,
 		tdbp->tdb_sproto = sproto;
 		tdbp->tdb_flags |= TDBF_INVALID; /* Mark SA invalid for now */
 		tdbp->tdb_satype = SADB_SATYPE_UNSPEC;
+		tdbp->tdb_seq = seq;
 		puttdb(tdbp);
 
 		/* Setup a "silent" expiration (since TDBF_INVALID's set) */
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index 82e7ba9008d..c0f74b15629 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.h,v 1.110 2001/06/26 03:52:42 angelos Exp $	*/
+/*	$OpenBSD: ip_ipsp.h,v 1.111 2001/06/26 18:34:40 angelos Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -287,6 +287,7 @@ struct tdb {				/* tunnel descriptor block */
 	struct timeout	tdb_stimer_tmo;
 	struct timeout	tdb_sfirst_tmo;
 
+	u_int32_t	tdb_seq;		/* Tracking number for PFKEY */
 	u_int32_t	tdb_exp_allocations;	/* Expire after so many flows */
 	u_int32_t	tdb_soft_allocations;	/* Expiration warning */
 	u_int32_t	tdb_cur_allocations;	/* Total number of allocs */
@@ -490,12 +491,12 @@ extern char *ipsp_address(union sockaddr_union);
 /* TDB management routines */
 extern void tdb_add_inp(struct tdb *, struct inpcb *, int);
 extern u_int32_t reserve_spi(u_int32_t, u_int32_t, union sockaddr_union *,
-			     union sockaddr_union *, u_int8_t, int *);
+    union sockaddr_union *, u_int8_t, int *, u_int32_t);
 extern struct tdb *gettdb(u_int32_t, union sockaddr_union *, u_int8_t);
 extern struct tdb *gettdbbyaddr(union sockaddr_union *, struct ipsec_policy *,
-				struct mbuf *, int);
+    struct mbuf *, int);
 extern struct tdb *gettdbbysrc(union sockaddr_union *, struct ipsec_policy *,
-			       struct mbuf *, int);
+    struct mbuf *, int);
 extern void puttdb(struct tdb *);
 extern void tdb_delete(struct tdb *);
 extern struct tdb *tdb_alloc(void);
@@ -520,7 +521,7 @@ extern int ip4_input6 __P((struct mbuf **, int *, int));
 
 /* XF_ETHERIP */
 extern int etherip_output(struct mbuf *, struct tdb *, struct mbuf **,
-			  int, int);
+    int, int);
 extern void etherip_input __P((struct mbuf *, ...));
 
 /* XF_AH */
@@ -569,19 +570,19 @@ extern int esp6_input_cb __P((struct mbuf *, int, int));
 /* XF_TCPSIGNATURE */
 extern int tcp_signature_tdb_attach __P((void));
 extern int tcp_signature_tdb_init __P((struct tdb *, struct xformsw *,
-				       struct ipsecinit *));
+    struct ipsecinit *));
 extern int tcp_signature_tdb_zeroize __P((struct tdb *));
 extern int tcp_signature_tdb_input __P((struct mbuf *, struct tdb *, int,
-					int));
+    int));
 extern int tcp_signature_tdb_output __P((struct mbuf *, struct tdb *,
-					 struct mbuf **, int, int));
+    struct mbuf **, int, int));
 
 /* Padding */
 extern caddr_t m_pad(struct mbuf *, int);
 
 /* Replay window */
 extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t,
-                               u_int32_t *);
+    u_int32_t *);
 
 extern unsigned char ipseczeroes[];
 
@@ -589,17 +590,15 @@ extern unsigned char ipseczeroes[];
 extern int ipsp_process_packet(struct mbuf *, struct tdb *, int, int);
 extern int ipsp_process_done(struct mbuf *, struct tdb *);
 extern struct tdb *ipsp_spd_lookup(struct mbuf *, int, int, int *, int,
-                                   struct tdb *, struct inpcb *);
+    struct tdb *, struct inpcb *);
 extern struct tdb *ipsp_spd_inp(struct mbuf *, int, int, int *, int,
     struct tdb *, struct inpcb *, struct ipsec_policy *);
 extern int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int,
-				 struct m_tag *);
+    struct m_tag *);
 extern int ipsp_acquire_sa(struct ipsec_policy *, union sockaddr_union *,
-			   union sockaddr_union *, struct sockaddr_encap *,
-			   struct mbuf *);
+    union sockaddr_union *, struct sockaddr_encap *, struct mbuf *);
 extern struct ipsec_policy *ipsec_add_policy(struct sockaddr_encap *,
-					     struct sockaddr_encap *,
-					     union sockaddr_union *, int, int);
+    struct sockaddr_encap *, union sockaddr_union *, int, int);
 extern int ipsec_delete_policy(struct ipsec_policy *);
 extern struct ipsec_acquire *ipsp_pending_acquire(union sockaddr_union *);
 extern struct ipsec_acquire *ipsec_get_acquire(u_int32_t);
diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c
index c02709425f2..a61794a2b9a 100644
--- a/sys/netinet/ip_spd.c
+++ b/sys/netinet/ip_spd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_spd.c,v 1.26 2001/06/26 03:52:42 angelos Exp $ */
+/* $OpenBSD: ip_spd.c,v 1.27 2001/06/26 18:34:40 angelos Exp $ */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
  *
@@ -399,7 +399,8 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction,
 		switch (ipo->ipo_type) {
 		case IPSP_IPSEC_REQUIRE:
 			/* Acquire SA through key management. */
-			if (ipsp_acquire_sa(ipo, dignore ? &sdst : &ipo->ipo_dst,
+			if (ipsp_acquire_sa(ipo,
+			    dignore ? &sdst : &ipo->ipo_dst,
 			    signore ? NULL : &ipo->ipo_src, ddst, m) != 0) {
 				*error = EACCES;
 				return NULL;
@@ -412,7 +413,8 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction,
 
 		case IPSP_IPSEC_ACQUIRE:
 			/* Acquire SA through key management. */
-			if (ipsp_acquire_sa(ipo, dignore ? &sdst : &ipo->ipo_dst,
+			if (ipsp_acquire_sa(ipo,
+			    dignore ? &sdst : &ipo->ipo_dst,
 			    signore ? NULL : &ipo->ipo_src, ddst, NULL) != 0) {
 				*error = EACCES;
 				return NULL;
@@ -478,7 +480,8 @@ ipsp_spd_lookup(struct mbuf *m, int af, int hlen, int *error, int direction,
 			 * policy.
 			 */
 			if (ipo->ipo_sproto == ipo->ipo_tdb->tdb_sproto &&
-			    !bcmp(&ipo->ipo_tdb->tdb_src, dignore ? &ssrc : &ipo->ipo_dst,
+			    !bcmp(&ipo->ipo_tdb->tdb_src
+				, dignore ? &ssrc : &ipo->ipo_dst,
 				ipo->ipo_tdb->tdb_src.sa.sa_len))
 				goto skipinputsearch;
 
@@ -564,7 +567,8 @@ ipsec_delete_policy(struct ipsec_policy *ipo)
 		    0, (struct rtentry **) 0);
 
 	if (ipo->ipo_tdb)
-		TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo, ipo_tdb_next);
+		TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo,
+		    ipo_tdb_next);
 
 	TAILQ_REMOVE(&ipsec_policy_head, ipo, ipo_list);
 
@@ -672,10 +676,10 @@ ipsp_clear_acquire(struct tdb *tdb)
 					    sizeof(struct ip))
 						break;
 
-					/* Same as in ip_output() --
-                                         *  massage the header.
+					/*
+					 * Same as in ip_output() --
+                                         * massage the header.
 					 */
-
 					ip->ip_len =
 					    htons((u_short) ip->ip_len);
 					ip->ip_off =