diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-10-27 08:27:15 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-10-27 08:27:15 +0000 |
| commit | d3bf0afe08cb2e34167651ce64ea95480b5c337e (patch) | |
| tree | d44a39bff4911345c8cdbc473b11e3417920c71a /sys | |
| parent | be067d186ada17ab1cb7366a3f925da9177b2a79 (diff) | |
Dump IPsec flows by iterating over the rafdix-tree.
This enforces an order and will allow us to get rid of the global list.
ok millert@, visa@, markus@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pfkeyv2.c | 25 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.h | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_spd.c | 16 |
4 files changed, 24 insertions, 25 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index 4edfd3df3a9..ac593e4d5f1 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.168 2017/10/16 08:22:25 mpi Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.169 2017/10/27 08:27:14 mpi Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -165,6 +165,7 @@ int pfkeyv2_usrreq(struct socket *, int, struct mbuf *, struct mbuf *, int pfkeyv2_output(struct mbuf *, struct socket *, struct sockaddr *, struct mbuf *); int pfkey_sendup(struct keycb *, struct mbuf *, int); +int pfkeyv2_sysctl_policydumper(struct ipsec_policy *, void *, unsigned int); /* * Wrapper around m_devget(); copy data from contiguous buffer to mbuf @@ -2324,24 +2325,8 @@ ret: } int -pfkeyv2_ipo_walk(u_int rdomain, int (*walker)(struct ipsec_policy *, void *), - void *arg) -{ - int rval = 0; - struct ipsec_policy *ipo; - - NET_ASSERT_LOCKED(); - - TAILQ_FOREACH(ipo, &ipsec_policy_head, ipo_list) { - if (ipo->ipo_rdomain != rdomain) - continue; - rval = walker(ipo, (void *)arg); - } - return (rval); -} - -int -pfkeyv2_sysctl_policydumper(struct ipsec_policy *ipo, void *arg) +pfkeyv2_sysctl_policydumper(struct ipsec_policy *ipo, void *arg, + unsigned int tableid) { struct pfkeyv2_sysctl_walk *w = (struct pfkeyv2_sysctl_walk *)arg; void *buffer = 0; @@ -2433,7 +2418,7 @@ pfkeyv2_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, case NET_KEY_SPD_DUMP: NET_LOCK(); - error = pfkeyv2_ipo_walk(rdomain, + error = spd_table_walk(rdomain, pfkeyv2_sysctl_policydumper, &w); NET_UNLOCK(); if (oldp) diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 04d701b1aa8..2aa57abf4d6 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.h,v 1.77 2017/05/29 14:28:01 claudio Exp $ */ +/* $OpenBSD: pfkeyv2.h,v 1.78 2017/10/27 08:27:14 mpi Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) January 1998 * @@ -382,9 +382,7 @@ int pfkeyv2_flush_walker(struct tdb *, void *, int); int pfkeyv2_get_proto_alg(u_int8_t, u_int8_t *, int *); int pfkeyv2_sysctl(int *, u_int, void *, size_t *, void *, size_t); int pfkeyv2_sysctl_walker(struct tdb *, void *, int); -int pfkeyv2_ipo_walk(u_int, int (*)(struct ipsec_policy *, void *), void *); int pfkeyv2_sysctl_dump(void *); -int pfkeyv2_sysctl_policydumper(struct ipsec_policy *, void *); int pfdatatopacket(void *, int, struct mbuf **); diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index cd6d58e9d8f..e67b7088a2b 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.184 2017/10/16 08:22:25 mpi Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.185 2017/10/27 08:27:14 mpi Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -449,6 +449,8 @@ const char *ipsp_address(union sockaddr_union *, char *, socklen_t); /* SPD tables */ struct radix_node_head *spd_table_add(unsigned int); struct radix_node_head *spd_table_get(unsigned int); +int spd_table_walk(unsigned int, + int (*walker)(struct ipsec_policy *, void *, unsigned int), void *); /* TDB management routines */ uint32_t reserve_spi(u_int, u_int32_t, u_int32_t, union sockaddr_union *, diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index 8a26e990b6c..f87b5de5111 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.93 2017/10/16 08:22:25 mpi Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.94 2017/10/27 08:27:14 mpi Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -115,6 +115,20 @@ spd_table_add(unsigned int rtableid) return (spd_tables[rdomain]); } +int +spd_table_walk(unsigned int rtableid, + int (*walker)(struct ipsec_policy *, void *, unsigned int), void *arg) +{ + struct radix_node_head *rnh; + + rnh = spd_table_get(rtableid); + if (rnh == NULL) + return (0); + + return (rn_walktree(rnh, + (int (*)(struct radix_node *, void *, u_int))walker, arg)); +} + /* * Lookup at the SPD based on the headers contained on the mbuf. The second * argument indicates what protocol family the header at the beginning of |