Module Name: src
Committed By: martin
Date: Sat Jul 20 14:34:24 UTC 2024
Modified Files:
src/sys/netinet6 [netbsd-10]: ip6_output.c
src/sys/netipsec [netbsd-10]: ipsec.c ipsec_input.c ipsec_output.c
Log Message:
Pull up following revision(s) (requested by rin in ticket #740):
sys/netipsec/ipsec_input.c: revision 1.79
sys/netipsec/ipsec_output.c: revision 1.86
sys/netipsec/ipsec.c: revision 1.178
sys/netinet6/ip6_output.c: revision 1.232
ipsec: remove unnecessary splsoftnet
Because the code of IPsec itself is already MP-safe.
To generate a diff of this commit:
cvs rdiff -u -r1.231.2.2 -r1.231.2.3 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.177 -r1.177.2.1 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.78 -r1.78.4.1 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.85 -r1.85.4.1 src/sys/netipsec/ipsec_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.231.2.2 src/sys/netinet6/ip6_output.c:1.231.2.3
--- src/sys/netinet6/ip6_output.c:1.231.2.2 Fri Aug 4 14:28:01 2023
+++ src/sys/netinet6/ip6_output.c Sat Jul 20 14:34:24 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.231.2.2 2023/08/04 14:28:01 martin Exp $ */
+/* $NetBSD: ip6_output.c,v 1.231.2.3 2024/07/20 14:34:24 martin Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.231.2.2 2023/08/04 14:28:01 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.231.2.3 2024/07/20 14:34:24 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -490,9 +490,7 @@ ip6_output(
#ifdef IPSEC
if (needipsec) {
- int s = splsoftnet();
error = ipsec6_process_packet(m, sp->req, flags);
- splx(s);
/*
* Preserve KAME behaviour: ENOENT can be returned
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.177 src/sys/netipsec/ipsec.c:1.177.2.1
--- src/sys/netipsec/ipsec.c:1.177 Thu Dec 8 08:07:07 2022
+++ src/sys/netipsec/ipsec.c Sat Jul 20 14:34:24 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.177 2022/12/08 08:07:07 knakahara Exp $ */
+/* $NetBSD: ipsec.c,v 1.177.2.1 2024/07/20 14:34:24 martin Exp $ */
/* $FreeBSD: ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.177 2022/12/08 08:07:07 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.177.2.1 2024/07/20 14:34:24 martin Exp $");
/*
* IPsec controller part.
@@ -619,7 +619,7 @@ ipsec4_output(struct mbuf *m, struct inp
{
struct secpolicy *sp = NULL;
u_long _mtu = 0;
- int error, s;
+ int error;
/*
* Check the security policy (SP) for the packet and, if required,
@@ -632,9 +632,7 @@ ipsec4_output(struct mbuf *m, struct inp
if (ipsec_outdone(m)) {
return 0;
}
- s = splsoftnet();
if (inp && ipsec_pcb_skip_ipsec(inp->inp_sp, IPSEC_DIR_OUTBOUND)) {
- splx(s);
return 0;
}
sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, inp);
@@ -647,7 +645,6 @@ ipsec4_output(struct mbuf *m, struct inp
* sp == NULL, error != 0 discard packet, report error
*/
if (sp == NULL) {
- splx(s);
if (error) {
/*
* Hack: -EINVAL is used to signal that a packet
@@ -684,7 +681,6 @@ ipsec4_output(struct mbuf *m, struct inp
*mtu = _mtu;
*natt_frag = true;
KEY_SP_UNREF(&sp);
- splx(s);
return 0;
}
@@ -698,7 +694,6 @@ ipsec4_output(struct mbuf *m, struct inp
if (error == ENOENT)
error = 0;
KEY_SP_UNREF(&sp);
- splx(s);
*done = true;
return error;
}
@@ -707,11 +702,9 @@ int
ipsec_ip_input_checkpolicy(struct mbuf *m, bool forward)
{
struct secpolicy *sp;
- int error, s;
+ int error;
- s = splsoftnet();
error = ipsec_in_reject(m, NULL);
- splx(s);
if (error) {
return EINVAL;
}
@@ -724,14 +717,12 @@ ipsec_ip_input_checkpolicy(struct mbuf *
* Peek at the outbound SP for this packet to determine if
* it is a Fast Forward candidate.
*/
- s = splsoftnet();
sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING,
&error, NULL);
if (sp != NULL) {
m->m_flags &= ~M_CANFASTFWD;
KEY_SP_UNREF(&sp);
}
- splx(s);
return 0;
}
@@ -1801,20 +1792,16 @@ ipsec6_check_policy(struct mbuf *m, stru
int *needipsecp, int *errorp)
{
struct secpolicy *sp = NULL;
- int s;
int error = 0;
int needipsec = 0;
if (ipsec_outdone(m)) {
goto skippolicycheck;
}
- s = splsoftnet();
if (inp && ipsec_pcb_skip_ipsec(inp->inp_sp, IPSEC_DIR_OUTBOUND)) {
- splx(s);
goto skippolicycheck;
}
sp = ipsec_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, inp);
- splx(s);
/*
* There are four return cases:
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.78 src/sys/netipsec/ipsec_input.c:1.78.4.1
--- src/sys/netipsec/ipsec_input.c:1.78 Tue Aug 23 09:25:10 2022
+++ src/sys/netipsec/ipsec_input.c Sat Jul 20 14:34:24 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.78 2022/08/23 09:25:10 knakahara Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.78.4.1 2024/07/20 14:34:24 martin Exp $ */
/* $FreeBSD: ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.78 2022/08/23 09:25:10 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.78.4.1 2024/07/20 14:34:24 martin Exp $");
/*
* IPsec input processing.
@@ -220,7 +220,7 @@ ipsec_common_input(struct mbuf *m, int s
u_int32_t spi;
u_int16_t sport;
u_int16_t dport;
- int s, error;
+ int error;
IPSEC_ISTAT(sproto, ESP_STAT_INPUT, AH_STAT_INPUT,
IPCOMP_STAT_INPUT);
@@ -296,8 +296,6 @@ ipsec_common_input(struct mbuf *m, int s
return EPFNOSUPPORT;
}
- s = splsoftnet();
-
/* NB: only pass dst since key_lookup_sa follows RFC2401 */
sav = KEY_LOOKUP_SA(&dst_address, sproto, spi, sport, dport);
if (sav == NULL) {
@@ -332,7 +330,6 @@ ipsec_common_input(struct mbuf *m, int s
}
IPSEC_ISTAT(sproto, ESP_STAT_NOTDB, AH_STAT_NOTDB,
IPCOMP_STAT_NOTDB);
- splx(s);
m_freem(m);
return ENOENT;
}
@@ -345,7 +342,6 @@ ipsec_common_input(struct mbuf *m, int s
*/
error = (*sav->tdb_xform->xf_input)(m, sav, skip, protoff);
KEY_SA_UNREF(&sav);
- splx(s);
return error;
}
Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.85 src/sys/netipsec/ipsec_output.c:1.85.4.1
--- src/sys/netipsec/ipsec_output.c:1.85 Sun Apr 10 09:50:46 2022
+++ src/sys/netipsec/ipsec_output.c Sat Jul 20 14:34:24 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.85 2022/04/10 09:50:46 andvar Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.85.4.1 2024/07/20 14:34:24 martin Exp $ */
/*
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.85 2022/04/10 09:50:46 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.85.4.1 2024/07/20 14:34:24 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -488,7 +488,7 @@ ipsec4_process_packet(struct mbuf *m, co
{
struct secasvar *sav = NULL;
struct ip *ip;
- int s, error, i, off;
+ int error, i, off;
union sockaddr_union *dst;
int setdf;
@@ -496,8 +496,6 @@ ipsec4_process_packet(struct mbuf *m, co
KASSERT(m->m_nextpkt == NULL);
KASSERT(isr != NULL);
- s = splsoftnet(); /* insure SA contents don't change */
-
isr = ipsec_nextisr(m, isr, AF_INET, &error, &sav);
if (isr == NULL) {
if (error != 0) {
@@ -506,7 +504,6 @@ ipsec4_process_packet(struct mbuf *m, co
if (ipsec_register_done(m, &error) < 0)
goto bad;
- splx(s);
return ipsec_reinject_ipstack(m, AF_INET, 0);
}
}
@@ -531,7 +528,6 @@ ipsec4_process_packet(struct mbuf *m, co
goto noneed;
*mtu = sav->esp_frag;
KEY_SA_UNREF(&sav);
- splx(s);
return 0;
}
noneed:
@@ -633,13 +629,11 @@ noneed:
error = ipsec_process_done(m, isr, sav, 0);
}
KEY_SA_UNREF(&sav);
- splx(s);
return error;
unrefsav:
KEY_SA_UNREF(&sav);
bad:
- splx(s);
if (m)
m_freem(m);
return error;
@@ -738,15 +732,13 @@ ipsec6_process_packet(struct mbuf *m, co
{
struct secasvar *sav = NULL;
struct ip6_hdr *ip6;
- int s, error, i, off;
+ int error, i, off;
union sockaddr_union *dst;
KASSERT(m != NULL);
KASSERT(m->m_nextpkt == NULL);
KASSERT(isr != NULL);
- s = splsoftnet(); /* insure SA contents don't change */
-
isr = ipsec_nextisr(m, isr, AF_INET6, &error, &sav);
if (isr == NULL) {
if (error != 0) {
@@ -756,7 +748,6 @@ ipsec6_process_packet(struct mbuf *m, co
if (ipsec_register_done(m, &error) < 0)
goto bad;
- splx(s);
return ipsec_reinject_ipstack(m, AF_INET6, flags);
}
}
@@ -823,13 +814,11 @@ ipsec6_process_packet(struct mbuf *m, co
}
error = (*sav->tdb_xform->xf_output)(m, isr, sav, i, off, flags);
KEY_SA_UNREF(&sav);
- splx(s);
return error;
unrefsav:
KEY_SA_UNREF(&sav);
bad:
- splx(s);
if (m)
m_freem(m);
return error;
