Print this page
First attempt at further IPsec cluster cleanup
@@ -1085,12 +1085,11 @@
dst = (struct sockaddr_in *)(dstext + 1);
/* Sundry ADD-specific reality checks. */
/* XXX STATS : Logging/stats here? */
- if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) &&
- (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
+ if (assoc->sadb_sa_state != SADB_SASTATE_MATURE) {
*diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
return (EINVAL);
}
if (assoc->sadb_sa_encrypt != SADB_EALG_NONE) {
*diagnostic = SADB_X_DIAGNOSTIC_ENCR_NOTSUPP;
@@ -1164,34 +1163,21 @@
*/
static int
ah_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
{
- sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
sadb_address_t *dstext =
(sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
- mblk_t *buf_pkt;
- int rcode;
if (dstext == NULL) {
*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
return (EINVAL);
}
- rcode = sadb_update_sa(mp, ksi, &buf_pkt, &ahstack->ah_sadb,
- diagnostic, ahstack->ah_pfkey_q, ah_add_sa,
- ahstack->ipsecah_netstack, sadb_msg_type);
-
- if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) ||
- (rcode != 0)) {
- return (rcode);
- }
-
- HANDLE_BUF_PKT(ah_taskq, ahstack->ipsecah_netstack->netstack_ipsec,
- ahstack->ah_dropper, buf_pkt);
-
- return (rcode);
+ return (sadb_update_sa(mp, ksi, &ahstack->ah_sadb, diagnostic,
+ ahstack->ah_pfkey_q, ah_add_sa, ahstack->ipsecah_netstack,
+ sadb_msg_type));
}
/* Refactor me */
/*
* Delete a security association. This is REALLY likely to be code common to
@@ -1334,11 +1320,10 @@
}
/* else ah_add_sa() took care of things. */
break;
case SADB_DELETE:
case SADB_X_DELPAIR:
- case SADB_X_DELPAIR_STATE:
error = ah_del_sa(mp, ksi, &diagnostic, ahstack,
samsg->sadb_msg_type);
if (error != 0) {
sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
diagnostic, ksi->ks_in_serial);
@@ -1908,11 +1893,11 @@
/*
* Randomly generate a proposed SPI value.
*/
(void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t));
newbie = sadb_getspi(ksi, newspi, &diagnostic,
- ahstack->ipsecah_netstack, IPPROTO_AH);
+ ahstack->ipsecah_netstack);
if (newbie == NULL) {
sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM, diagnostic,
ksi->ks_in_serial);
return;
@@ -3832,19 +3817,10 @@
BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
return (NULL);
}
}
- if (assoc->ipsa_state == IPSA_STATE_IDLE) {
- /*
- * Cluster buffering case. Tell caller that we're
- * handling the packet.
- */
- sadb_buf_pkt(assoc, mp, ira);
- return (NULL);
- }
-
return (mp);
ah_in_discard:
IP_AH_BUMP_STAT(ipss, in_discards);
ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill, counter,