Print this page
First attempt at further IPsec cluster cleanup
*** 1085,1096 ****
dst = (struct sockaddr_in *)(dstext + 1);
/* Sundry ADD-specific reality checks. */
/* XXX STATS : Logging/stats here? */
! if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) &&
! (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
*diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
return (EINVAL);
}
if (assoc->sadb_sa_encrypt != SADB_EALG_NONE) {
*diagnostic = SADB_X_DIAGNOSTIC_ENCR_NOTSUPP;
--- 1085,1095 ----
dst = (struct sockaddr_in *)(dstext + 1);
/* Sundry ADD-specific reality checks. */
/* XXX STATS : Logging/stats here? */
! if (assoc->sadb_sa_state != SADB_SASTATE_MATURE) {
*diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
return (EINVAL);
}
if (assoc->sadb_sa_encrypt != SADB_EALG_NONE) {
*diagnostic = SADB_X_DIAGNOSTIC_ENCR_NOTSUPP;
*** 1164,1197 ****
*/
static int
ah_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
{
- sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
sadb_address_t *dstext =
(sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
- mblk_t *buf_pkt;
- int rcode;
if (dstext == NULL) {
*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
return (EINVAL);
}
! rcode = sadb_update_sa(mp, ksi, &buf_pkt, &ahstack->ah_sadb,
! diagnostic, ahstack->ah_pfkey_q, ah_add_sa,
! ahstack->ipsecah_netstack, sadb_msg_type);
!
! if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) ||
! (rcode != 0)) {
! return (rcode);
! }
!
! HANDLE_BUF_PKT(ah_taskq, ahstack->ipsecah_netstack->netstack_ipsec,
! ahstack->ah_dropper, buf_pkt);
!
! return (rcode);
}
/* Refactor me */
/*
* Delete a security association. This is REALLY likely to be code common to
--- 1163,1183 ----
*/
static int
ah_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
{
sadb_address_t *dstext =
(sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
if (dstext == NULL) {
*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
return (EINVAL);
}
! return (sadb_update_sa(mp, ksi, &ahstack->ah_sadb, diagnostic,
! ahstack->ah_pfkey_q, ah_add_sa, ahstack->ipsecah_netstack,
! sadb_msg_type));
}
/* Refactor me */
/*
* Delete a security association. This is REALLY likely to be code common to
*** 1334,1344 ****
}
/* else ah_add_sa() took care of things. */
break;
case SADB_DELETE:
case SADB_X_DELPAIR:
- case SADB_X_DELPAIR_STATE:
error = ah_del_sa(mp, ksi, &diagnostic, ahstack,
samsg->sadb_msg_type);
if (error != 0) {
sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
diagnostic, ksi->ks_in_serial);
--- 1320,1329 ----
*** 1908,1918 ****
/*
* Randomly generate a proposed SPI value.
*/
(void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t));
newbie = sadb_getspi(ksi, newspi, &diagnostic,
! ahstack->ipsecah_netstack, IPPROTO_AH);
if (newbie == NULL) {
sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM, diagnostic,
ksi->ks_in_serial);
return;
--- 1893,1903 ----
/*
* Randomly generate a proposed SPI value.
*/
(void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t));
newbie = sadb_getspi(ksi, newspi, &diagnostic,
! ahstack->ipsecah_netstack);
if (newbie == NULL) {
sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM, diagnostic,
ksi->ks_in_serial);
return;
*** 3832,3850 ****
BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
return (NULL);
}
}
- if (assoc->ipsa_state == IPSA_STATE_IDLE) {
- /*
- * Cluster buffering case. Tell caller that we're
- * handling the packet.
- */
- sadb_buf_pkt(assoc, mp, ira);
- return (NULL);
- }
-
return (mp);
ah_in_discard:
IP_AH_BUMP_STAT(ipss, in_discards);
ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill, counter,
--- 3817,3826 ----