diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index cee33a52c78d..54bd29f1a5fd 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.358 2017/06/19 10:04:23 ozaki-r Exp $ */ +/* $NetBSD: tcp_input.c,v 1.359 2017/07/07 01:37:34 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.358 2017/06/19 10:04:23 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.359 2017/07/07 01:37:34 ozaki-r Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3208,7 +3208,7 @@ tcp_signature_getsav(struct mbuf *m, struct tcphdr *th) /* * Look up an SADB entry which matches the address of the peer. */ - return KEY_ALLOCSA(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI), 0, 0); + return KEY_LOOKUP_SA(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI), 0, 0); #else return NULL; #endif diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index c4990b5792d9..7c2fea1b7899 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_var.h,v 1.177 2015/02/14 22:09:53 he Exp $ */ +/* $NetBSD: tcp_var.h,v 1.178 2017/07/07 01:37:34 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -157,7 +157,7 @@ #define TCP_KEYLEN_MAX 80 /* maximum length of TCP-MD5 key */ /* * Only a single SA per host may be specified at this time. An SPI is - * needed in order for the KEY_ALLOCSA() lookup to work. + * needed in order for the KEY_LOOKUP_SA() lookup to work. */ #define TCP_SIG_SPI 0x1000 #endif /* TCP_SIGNATURE */ diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 8125ebd43c09..f97e53d26a21 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.100 2017/06/14 02:00:43 ozaki-r Exp $ */ +/* $NetBSD: ipsec.c,v 1.101 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.100 2017/06/14 02:00:43 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.101 2017/07/07 01:37:34 ozaki-r Exp $"); /* * IPsec controller part. @@ -362,7 +362,7 @@ ipsec_invalpcbcacheall(void) * Return a held reference to the default SP. */ static struct secpolicy * -key_allocsp_default(int af, const char *where, int tag) +key_get_default_sp(int af, const char *where, int tag) { struct secpolicy *sp; @@ -395,8 +395,8 @@ key_allocsp_default(int af, const char *where, int tag) sp, sp->refcnt); return sp; } -#define KEY_ALLOCSP_DEFAULT(af) \ - key_allocsp_default((af), __func__, __LINE__) +#define KEY_GET_DEFAULT_SP(af) \ + key_get_default_sp((af), __func__, __LINE__) /* * For OUTBOUND packet having a socket. Searching SPD for packet, @@ -418,9 +418,9 @@ ipsec_getpolicy(const struct tdb_ident *tdbi, u_int dir) KASSERT(tdbi != NULL); KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir); - sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir); + sp = KEY_LOOKUP_SP(tdbi->spi, &tdbi->dst, tdbi->proto, dir); if (sp == NULL) /*XXX????*/ - sp = KEY_ALLOCSP_DEFAULT(tdbi->dst.sa.sa_family); + sp = KEY_GET_DEFAULT_SP(tdbi->dst.sa.sa_family); KASSERT(sp != NULL); return sp; } @@ -515,9 +515,9 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb_hdr *inph, case IPSEC_POLICY_ENTRUST: /* look for a policy in SPD */ - sp = KEY_ALLOCSP(&currsp->spidx, dir); + sp = KEY_LOOKUP_SP_BYSPIDX(&currsp->spidx, dir); if (sp == NULL) /* no SP found */ - sp = KEY_ALLOCSP_DEFAULT(af); + sp = KEY_GET_DEFAULT_SP(af); break; default: @@ -527,7 +527,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb_hdr *inph, return NULL; } } else { /* unpriv, SPD has policy */ - sp = KEY_ALLOCSP(&currsp->spidx, dir); + sp = KEY_LOOKUP_SP_BYSPIDX(&currsp->spidx, dir); if (sp == NULL) { /* no SP found */ switch (currsp->policy) { case IPSEC_POLICY_BYPASS: @@ -538,7 +538,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb_hdr *inph, return NULL; case IPSEC_POLICY_ENTRUST: - sp = KEY_ALLOCSP_DEFAULT(af); + sp = KEY_GET_DEFAULT_SP(af); break; case IPSEC_POLICY_IPSEC: @@ -596,11 +596,11 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int flag, int *error) spidx.dir = dir; if (key_havesp(dir)) { - sp = KEY_ALLOCSP(&spidx, dir); + sp = KEY_LOOKUP_SP_BYSPIDX(&spidx, dir); } if (sp == NULL) /* no SP found, use system default */ - sp = KEY_ALLOCSP_DEFAULT(spidx.dst.sa.sa_family); + sp = KEY_GET_DEFAULT_SP(spidx.dst.sa.sa_family); KASSERT(sp != NULL); return sp; } diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index aba545ad6aa6..ae8a6fded85f 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_input.c,v 1.46 2017/07/06 09:49:46 ozaki-r Exp $ */ +/* $NetBSD: ipsec_input.c,v 1.47 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */ /* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.46 2017/07/06 09:49:46 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.47 2017/07/07 01:37:34 ozaki-r Exp $"); /* * IPsec input processing. @@ -267,8 +267,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) s = splsoftnet(); - /* NB: only pass dst since key_allocsa follows RFC2401 */ - sav = KEY_ALLOCSA(&dst_address, sproto, spi, sport, dport); + /* NB: only pass dst since key_lookup_sa follows RFC2401 */ + sav = KEY_LOOKUP_SA(&dst_address, sproto, spi, sport, dport); if (sav == NULL) { IPSECLOG(LOG_DEBUG, "no key association found for SA %s/%08lx/%u/%u\n", diff --git a/sys/netipsec/ipsec_netbsd.c b/sys/netipsec/ipsec_netbsd.c index 8c0cf968325e..450c42a6f574 100644 --- a/sys/netipsec/ipsec_netbsd.c +++ b/sys/netipsec/ipsec_netbsd.c @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_netbsd.c,v 1.43 2017/07/04 08:12:28 ozaki-r Exp $ */ +/* $NetBSD: ipsec_netbsd.c,v 1.44 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */ /* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.43 2017/07/04 08:12:28 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.44 2017/07/07 01:37:34 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -107,7 +107,7 @@ ah4_ctlinput(int cmd, const struct sockaddr *sa, void *v) * the address in the ICMP message payload. */ ah = (struct ah *)((char *)ip + (ip->ip_hl << 2)); - sav = KEY_ALLOCSA((const union sockaddr_union *)sa, + sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa, IPPROTO_AH, ah->ah_spi, 0, 0); if (sav) { @@ -152,7 +152,7 @@ esp4_ctlinput(int cmd, const struct sockaddr *sa, void *v) * the address in the ICMP message payload. */ esp = (struct esp *)((char *)ip + (ip->ip_hl << 2)); - sav = KEY_ALLOCSA((const union sockaddr_union *)sa, + sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa, IPPROTO_ESP, esp->esp_spi, 0, 0); if (sav) { @@ -231,7 +231,7 @@ ah6_ctlinput(int cmd, const struct sockaddr *sa, void *d) * Check to see if we have a valid SA corresponding * to the address in the ICMP message payload. */ - sav = KEY_ALLOCSA((const union sockaddr_union*)sa, + sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa, IPPROTO_AH, ahp->ah_spi, 0, 0); if (sav) { @@ -336,7 +336,7 @@ esp6_ctlinput(int cmd, const struct sockaddr *sa, void *d) * the address in the ICMP message payload. */ - sav = KEY_ALLOCSA((const union sockaddr_union*)sa, + sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa, IPPROTO_ESP, espp->esp_spi, 0, 0); if (sav) { diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 9c36bec20a1c..260fbe19c39a 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.167 2017/07/06 09:48:42 ozaki-r Exp $ */ +/* $NetBSD: key.c,v 1.168 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.167 2017/07/06 09:48:42 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.168 2017/07/07 01:37:34 ozaki-r Exp $"); /* * This code is referd to RFC 2367 @@ -644,7 +644,8 @@ key_havesp(u_int dir) * others: found and return the pointer. */ struct secpolicy * -key_allocsp(const struct secpolicyindex *spidx, u_int dir, const char* where, int tag) +key_lookup_sp_byspidx(const struct secpolicyindex *spidx, + u_int dir, const char* where, int tag) { struct secpolicy *sp; int s; @@ -697,7 +698,7 @@ found: * others: found and return the pointer. */ struct secpolicy * -key_allocsp2(u_int32_t spi, +key_lookup_sp(u_int32_t spi, const union sockaddr_union *dst, u_int8_t proto, u_int dir, @@ -1116,7 +1117,7 @@ key_do_allocsa_policy(struct secashead *sah, u_int state) * sport and dport are used for NAT-T. network order is always used. */ struct secasvar * -key_allocsa( +key_lookup_sa( const union sockaddr_union *dst, u_int proto, u_int32_t spi, @@ -1254,7 +1255,7 @@ key_sp_ref(struct secpolicy *sp, const char* where, int tag) } /* - * Must be called after calling key_allocsp(). + * Must be called after calling key_lookup_sp*(). * For both the packet without socket and key_freeso(). */ void @@ -1279,7 +1280,7 @@ _key_freesp(struct secpolicy **spp, const char* where, int tag) #if 0 /* - * Must be called after calling key_allocsp(). + * Must be called after calling key_lookup_sp*(). * For the packet with socket. */ static void @@ -1353,7 +1354,7 @@ key_freesp_so(struct secpolicy **sp) #endif /* - * Must be called after calling key_allocsa(). + * Must be called after calling key_lookup_sa(). * This function is called by key_freesp() to free some SA allocated * for a policy. */ diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h index 90c817ea7131..6df2053a2580 100644 --- a/sys/netipsec/key.h +++ b/sys/netipsec/key.h @@ -1,4 +1,4 @@ -/* $NetBSD: key.h,v 1.19 2017/05/30 01:31:07 ozaki-r Exp $ */ +/* $NetBSD: key.h,v 1.20 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $ */ @@ -48,9 +48,9 @@ struct secasindex; union sockaddr_union; int key_havesp(u_int dir); -struct secpolicy *key_allocsp(const struct secpolicyindex *, u_int, +struct secpolicy *key_lookup_sp_byspidx(const struct secpolicyindex *, u_int, const char*, int); -struct secpolicy *key_allocsp2(u_int32_t spi, const union sockaddr_union *dst, +struct secpolicy *key_lookup_sp(u_int32_t spi, const union sockaddr_union *dst, u_int8_t proto, u_int dir, const char*, int); struct secpolicy *key_newsp(const char*, int); struct secpolicy *key_gettunnel(const struct sockaddr *, @@ -67,10 +67,10 @@ void key_sp_ref(struct secpolicy *, const char*, int); * occur on crypto callbacks. Much of this could go away if * key_checkrequest were redone. */ -#define KEY_ALLOCSP(spidx, dir) \ - key_allocsp(spidx, dir, __func__, __LINE__) -#define KEY_ALLOCSP2(spi, dst, proto, dir) \ - key_allocsp2(spi, dst, proto, dir, __func__, __LINE__) +#define KEY_LOOKUP_SP_BYSPIDX(spidx, dir) \ + key_lookup_sp_byspidx(spidx, dir, __func__, __LINE__) +#define KEY_LOOKUP_SP(spi, dst, proto, dir) \ + key_lookup_sp(spi, dst, proto, dir, __func__, __LINE__) #define KEY_NEWSP() \ key_newsp(__func__, __LINE__) #define KEY_GETTUNNEL(osrc, odst, isrc, idst) \ @@ -80,12 +80,12 @@ void key_sp_ref(struct secpolicy *, const char*, int); #define KEY_SP_REF(sp) \ key_sp_ref(sp, __func__, __LINE__) -struct secasvar *key_allocsa(const union sockaddr_union *, +struct secasvar *key_lookup_sa(const union sockaddr_union *, u_int, u_int32_t, u_int16_t, u_int16_t, const char*, int); void key_freesav(struct secasvar **, const char*, int); -#define KEY_ALLOCSA(dst, proto, spi, sport, dport) \ - key_allocsa(dst, proto, spi, sport, dport, __func__, __LINE__) +#define KEY_LOOKUP_SA(dst, proto, spi, sport, dport) \ + key_lookup_sa(dst, proto, spi, sport, dport, __func__, __LINE__) #define KEY_FREESAV(psav) \ key_freesav(psav, __func__, __LINE__) diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 0a46c2987f6d..4a47a821b6d6 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ah.c,v 1.56 2017/07/05 03:44:59 ozaki-r Exp $ */ +/* $NetBSD: xform_ah.c,v 1.57 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ /* @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.56 2017/07/05 03:44:59 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.57 2017/07/07 01:37:34 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -800,7 +800,7 @@ ah_input_cb(struct cryptop *crp) s = splsoftnet(); mutex_enter(softnet_lock); - sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport); + sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport); if (sav == NULL) { AH_STATINC(AH_STAT_NOTDB); DPRINTF(("%s: SA expired while in crypto\n", __func__)); @@ -1179,7 +1179,7 @@ ah_output_cb(struct cryptop *crp) mutex_enter(softnet_lock); isr = tc->tc_isr; - sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0); + sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0); if (sav == NULL) { AH_STATINC(AH_STAT_NOTDB); DPRINTF(("%s: SA expired while in crypto\n", __func__)); diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 54c080ab87ce..c8f2f5f746ba 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -1,4 +1,4 @@ -/* $NetBSD: xform_esp.c,v 1.57 2017/07/05 03:44:59 ozaki-r Exp $ */ +/* $NetBSD: xform_esp.c,v 1.58 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.57 2017/07/05 03:44:59 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.58 2017/07/07 01:37:34 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -507,7 +507,7 @@ esp_input_cb(struct cryptop *crp) s = splsoftnet(); mutex_enter(softnet_lock); - sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport); + sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport); if (sav == NULL) { ESP_STATINC(ESP_STAT_NOTDB); DPRINTF(("%s: SA expired while in crypto " @@ -954,7 +954,7 @@ esp_output_cb(struct cryptop *crp) mutex_enter(softnet_lock); isr = tc->tc_isr; - sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0); + sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0); if (sav == NULL) { char buf[IPSEC_ADDRSTRLEN]; ESP_STATINC(ESP_STAT_NOTDB); diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 06fdcc5180cd..9df3590d08a1 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipcomp.c,v 1.40 2017/07/05 03:44:59 ozaki-r Exp $ */ +/* $NetBSD: xform_ipcomp.c,v 1.41 2017/07/07 01:37:34 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */ @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.40 2017/07/05 03:44:59 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.41 2017/07/07 01:37:34 ozaki-r Exp $"); /* IP payload compression protocol (IPComp), see RFC 2393 */ #if defined(_KERNEL_OPT) @@ -252,7 +252,7 @@ ipcomp_input_cb(struct cryptop *crp) s = splsoftnet(); mutex_enter(softnet_lock); - sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport); + sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport); if (sav == NULL) { IPCOMP_STATINC(IPCOMP_STAT_NOTDB); DPRINTF(("%s: SA expired while in crypto\n", __func__)); @@ -527,7 +527,7 @@ ipcomp_output_cb(struct cryptop *crp) mutex_enter(softnet_lock); isr = tc->tc_isr; - sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0); + sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0); if (sav == NULL) { IPCOMP_STATINC(IPCOMP_STAT_NOTDB); DPRINTF(("%s: SA expired while in crypto\n", __func__));