summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_ipsp.c73
-rw-r--r--sys/netinet/ip_ipsp.h11
2 files changed, 50 insertions, 34 deletions
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index bca994aa8f8..2abf7f2b289 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.c,v 1.73 2000/01/11 03:10:04 angelos Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.74 2000/01/13 00:34:31 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -1019,11 +1019,16 @@ tdb_expiration(struct tdb *tdb, int flags)
struct flow *
find_flow(union sockaddr_union *src, union sockaddr_union *srcmask,
union sockaddr_union *dst, union sockaddr_union *dstmask,
- u_int8_t proto, struct tdb *tdb)
+ u_int8_t proto, struct tdb *tdb, int ingress)
{
struct flow *flow;
- for (flow = tdb->tdb_flow; flow; flow = flow->flow_next)
+ if (ingress)
+ flow = tdb->tdb_access;
+ else
+ flow = tdb->tdb_flow;
+
+ for (; flow; flow = flow->flow_next)
if (!bcmp(&src->sa, &flow->flow_src.sa, SA_LEN(&src->sa)) &&
!bcmp(&dst->sa, &flow->flow_dst.sa, SA_LEN(&dst->sa)) &&
!bcmp(&srcmask->sa, &flow->flow_srcmask.sa, SA_LEN(&srcmask->sa)) &&
@@ -1051,15 +1056,15 @@ find_global_flow(union sockaddr_union *src, union sockaddr_union *srcmask,
return (struct flow *) NULL;
if (tdb_bypass != NULL)
- if ((flow = find_flow(src, srcmask, dst, dstmask, proto, tdb_bypass))
- != (struct flow *) NULL)
+ if ((flow = find_flow(src, srcmask, dst, dstmask, proto,
+ tdb_bypass, FLOW_EGRESS)) != (struct flow *) NULL)
return flow;
for (i = 0; i <= tdb_hashmask; i++)
{
for (tdb = tdbh[i]; tdb != NULL; tdb = tdb->tdb_hnext)
- if ((flow = find_flow(src, srcmask, dst, dstmask, proto, tdb)) !=
- (struct flow *) NULL)
+ if ((flow = find_flow(src, srcmask, dst, dstmask, proto,
+ tdb, FLOW_EGRESS)) != (struct flow *) NULL)
return flow;
}
return (struct flow *) NULL;
@@ -1131,17 +1136,24 @@ puttdb(struct tdb *tdbp)
*/
void
-put_flow(struct flow *flow, struct tdb *tdb)
+put_flow(struct flow *flow, struct tdb *tdb, int ingress)
{
- flow->flow_next = tdb->tdb_flow;
- flow->flow_prev = (struct flow *) NULL;
-
- tdb->tdb_flow = flow;
-
- flow->flow_sa = tdb;
+ if (ingress)
+ {
+ flow->flow_next = tdb->tdb_access;
+ tdb->tdb_access = flow;
+ }
+ else
+ {
+ flow->flow_next = tdb->tdb_flow;
+ tdb->tdb_flow = flow;
+ }
if (flow->flow_next)
flow->flow_next->flow_prev = flow;
+
+ flow->flow_sa = tdb;
+ flow->flow_prev = (struct flow *) NULL;
}
/*
@@ -1149,25 +1161,26 @@ put_flow(struct flow *flow, struct tdb *tdb)
*/
void
-delete_flow(struct flow *flow, struct tdb *tdb)
+delete_flow(struct flow *flow, struct tdb *tdb, int ingress)
{
if (tdb)
{
- if (tdb->tdb_flow == flow)
- {
- tdb->tdb_flow = flow->flow_next;
- if (tdb->tdb_flow)
- tdb->tdb_flow->flow_prev = (struct flow *) NULL;
- }
+ if (ingress && (tdb->tdb_access == flow))
+ tdb->tdb_access = flow->flow_next;
else
- {
- flow->flow_prev->flow_next = flow->flow_next;
- if (flow->flow_next)
- flow->flow_next->flow_prev = flow->flow_prev;
- }
+ if (!ingress && (tdb->tdb_flow == flow))
+ tdb->tdb_flow = flow->flow_next;
+
+ if (flow->flow_prev)
+ flow->flow_prev->flow_next = flow->flow_next;
+
+ if (flow->flow_next)
+ flow->flow_next->flow_prev = flow->flow_prev;
}
- ipsec_in_use--;
+ if (!ingress)
+ ipsec_in_use--;
+
FREE(flow, M_TDB);
}
@@ -1229,7 +1242,7 @@ tdb_delete(struct tdb *tdbp, int delchain, int expflags)
(*(tdbp->tdb_xform->xf_zeroize))(tdbp);
while (tdbp->tdb_access)
- delete_flow(tdbp->tdb_access, tdbp);
+ delete_flow(tdbp->tdb_access, tdbp, FLOW_INGRESS);
while (tdbp->tdb_flow)
{
@@ -1296,7 +1309,7 @@ tdb_delete(struct tdb *tdbp, int delchain, int expflags)
#ifdef DIAGNOSTIC
panic("tdb_delete(): SA %s/%08x/%d has flow of unknown type %d", ipsp_address(tdbp->tdb_dst), ntohl(tdbp->tdb_spi), tdbp->tdb_sproto, tdbp->tdb_flow->flow_src.sa.sa_family);
#endif /* DIAGNOSTIC */
- delete_flow(tdbp->tdb_flow, tdbp);
+ delete_flow(tdbp->tdb_flow, tdbp, FLOW_EGRESS);
continue;
}
@@ -1309,7 +1322,7 @@ tdb_delete(struct tdb *tdbp, int delchain, int expflags)
(struct sockaddr *) &encapnetmask,
0, (struct rtentry **) 0);
- delete_flow(tdbp->tdb_flow, tdbp);
+ delete_flow(tdbp->tdb_flow, tdbp, FLOW_EGRESS);
}
/* Cleanup SA-Bindings */
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index fc9efeac2ee..6df506c0725 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.55 2000/01/10 06:59:23 angelos Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.56 2000/01/13 00:34:31 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -61,6 +61,9 @@ union sockaddr_union
struct sockaddr_in6 sin6;
};
+#define FLOW_EGRESS 0
+#define FLOW_INGRESS 1
+
/* HMAC key sizes */
#define MD5HMAC96_KEYSIZE 16
#define SHA1HMAC96_KEYSIZE 20
@@ -530,11 +533,11 @@ extern void handle_expirations(void *);
/* Flow management routines */
extern struct flow *get_flow(void);
-extern void put_flow(struct flow *, struct tdb *);
-extern void delete_flow(struct flow *, struct tdb *);
+extern void put_flow(struct flow *, struct tdb *, int);
+extern void delete_flow(struct flow *, struct tdb *, int);
extern struct flow *find_flow(union sockaddr_union *, union sockaddr_union *,
union sockaddr_union *, union sockaddr_union *,
- u_int8_t, struct tdb *);
+ u_int8_t, struct tdb *, int);
extern struct flow *find_global_flow(union sockaddr_union *,
union sockaddr_union *,
union sockaddr_union *,