From f662978d935496bb9860f15fc0989fa5b7e3b91f Mon Sep 17 00:00:00 2001 From: Tobias Heider Date: Mon, 10 Oct 2022 11:33:56 +0000 Subject: Move enabling the policy refcounting from policy_ref() to config_free_policy(). In config_free_policy() the refcounting is unchanged and each SA linked to the policy will trigger a call to policy_ref() and increase the references as before the change. This allows unconditional calls to policy_ref() and policy_unref() and the callers no longer have to check if IKED_POLICY_REFCNT is set. From and ok markus@ --- sbin/iked/config.c | 9 +++++++-- sbin/iked/ikev2.c | 27 ++++++++------------------- sbin/iked/policy.c | 13 ++++--------- 3 files changed, 19 insertions(+), 30 deletions(-) (limited to 'sbin/iked') diff --git a/sbin/iked/config.c b/sbin/iked/config.c index dd1c865a77b..c8afd9702d2 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.87 2022/09/19 20:54:02 tobhe Exp $ */ +/* $OpenBSD: config.c,v 1.88 2022/10/10 11:33:55 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -217,10 +217,15 @@ config_free_policy(struct iked *env, struct iked_policy *pol) if (pol->pol_flags & IKED_POLICY_REFCNT) goto remove; + /* + * Remove policy from the sc_policies list, but increment + * refcount for every SA linked for the policy. + */ + pol->pol_flags |= IKED_POLICY_REFCNT; + TAILQ_REMOVE(&env->sc_policies, pol, pol_entry); TAILQ_FOREACH(sa, &pol->pol_sapeers, sa_peer_entry) { - /* Remove from the policy list, but keep for existing SAs */ if (sa->sa_policy == pol) policy_ref(env, pol); else diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 0e2fb5f5f6f..9c13905d1c0 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.353 2022/09/21 22:32:10 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.354 2022/10/10 11:33:55 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -267,14 +267,8 @@ ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) if (old != sa->sa_policy) { /* Cleanup old policy */ TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); - - if (sa->sa_policy->pol_flags & IKED_POLICY_REFCNT) { - log_info("%s: sa %p old pol %p pol_refcnt %d", - __func__, sa, sa->sa_policy, sa->sa_policy->pol_refcnt); - policy_ref(env, sa->sa_policy); - } + policy_unref(env, old); + policy_ref(env, sa->sa_policy); TAILQ_INSERT_TAIL(&sa->sa_policy->pol_sapeers, sa, sa_peer_entry); } } @@ -978,15 +972,13 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, SPI_SA(sa, __func__)); ikev2_send_auth_failed(env, sa); TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); + policy_unref(env, old); return (-1); } if (msg->msg_policy != old) { /* Clean up old policy */ TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); + policy_unref(env, old); /* Update SA with new policy*/ if (sa_new(env, sa->sa_hdr.sh_ispi, @@ -1018,8 +1010,7 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, log_warnx("%s: policy mismatch", SPI_SA(sa, __func__)); ikev2_send_auth_failed(env, sa); TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); + policy_unref(env, old); return (-1); } /* restore */ @@ -5613,10 +5604,8 @@ ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); TAILQ_INSERT_TAIL(&sa->sa_policy->pol_sapeers, sa, sa_peer_entry); - if (old->pol_flags & IKED_POLICY_REFCNT) - policy_unref(env, old); - if (sa->sa_policy->pol_flags & IKED_POLICY_REFCNT) - policy_ref(env, sa->sa_policy); + policy_unref(env, old); + policy_ref(env, sa->sa_policy); } sa_state(env, sa, IKEV2_STATE_SA_INIT); diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index a4cdc277355..4486a78c740 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.91 2022/09/19 20:54:02 tobhe Exp $ */ +/* $OpenBSD: policy.c,v 1.92 2022/10/10 11:33:55 tobhe Exp $ */ /* * Copyright (c) 2020-2021 Tobias Heider @@ -355,8 +355,8 @@ policy_calc_skip_steps(struct iked_policies *policies) void policy_ref(struct iked *env, struct iked_policy *pol) { - pol->pol_refcnt++; - pol->pol_flags |= IKED_POLICY_REFCNT; + if (pol->pol_flags & IKED_POLICY_REFCNT) + pol->pol_refcnt++; } void @@ -521,12 +521,7 @@ sa_new(struct iked *env, uint64_t ispi, uint64_t rspi, if (pol == NULL && sa->sa_policy == NULL) fatalx("%s: sa %p no policy", __func__, sa); else if (sa->sa_policy == NULL) { - /* Increment refcount if the policy has refcounting enabled. */ - if (pol->pol_flags & IKED_POLICY_REFCNT) { - log_info("%s: sa %p old pol %p pol_refcnt %d", - __func__, sa, pol, pol->pol_refcnt); - policy_ref(env, pol); - } + policy_ref(env, pol); sa->sa_policy = pol; TAILQ_INSERT_TAIL(&pol->pol_sapeers, sa, sa_peer_entry); } else -- cgit v1.2.3