8529 Sdiff usr/src/uts/common/inet/sadb.h

Print this page

C. Fraire's code review fixes
8529 Extended and regular SADB_ACQUIREs should share address extension code
Portions contributed by: Bayard Bell <buffer.g.overflow@gmail.com>

 551 } iacqf_t;
 552 
 553 /*
 554  * A (network protocol, ipsec protocol) specific SADB.
 555  * (i.e., one each for {ah, esp} and {v4, v6}.
 556  *
 557  * Keep outbound assocs in a simple hash table for now.
 558  * One danger point, multiple SAs for a single dest will clog a bucket.
 559  * For the future, consider two-level hashing (2nd hash on IPC?), then probe.
 560  */
 561 
 562 typedef struct sadb_s
 563 {
 564         isaf_t  *sdb_of;
 565         isaf_t  *sdb_if;
 566         iacqf_t *sdb_acq;
 567         int     sdb_hashsize;
 568 } sadb_t;
 569 
 570 /*
 571  * A pair of SADB's (one for v4, one for v6), and related state (including
 572  * acquire callbacks).
 573  */
 574 
 575 typedef struct sadbp_s
 576 {
 577         uint32_t        s_satype;
 578         uint32_t        *s_acquire_timeout;
 579         void            (*s_acqfn)(ipsacq_t *, mblk_t *, netstack_t *);
 580         sadb_t          s_v4;
 581         sadb_t          s_v6;
 582         uint32_t        s_addflags;
 583         uint32_t        s_updateflags;
 584 } sadbp_t;
 585 
 586 /*
 587  * A pair of SA's for a single connection, the structure contains a
 588  * pointer to a SA and the SA its paired with (opposite direction) as well
 589  * as the SA's respective hash buckets.
 590  */
 591 typedef struct ipsap_s
 592 {
 593         boolean_t       in_inbound_table;
 594         isaf_t          *ipsap_bucket;
 595         ipsa_t          *ipsap_sa_ptr;
 596         isaf_t          *ipsap_pbucket;
 597         ipsa_t          *ipsap_psa_ptr;
 598 } ipsap_t;
 599

 756 
 757 int sadb_purge_sa(mblk_t *, keysock_in_t *, sadb_t *, int *, queue_t *);
 758 int sadb_common_add(queue_t *, mblk_t *, sadb_msg_t *,
 759     keysock_in_t *, isaf_t *, isaf_t *, ipsa_t *, boolean_t, boolean_t, int *,
 760     netstack_t *, sadbp_t *);
 761 void sadb_set_usetime(ipsa_t *);
 762 boolean_t sadb_age_bytes(queue_t *, ipsa_t *, uint64_t, boolean_t);
 763 int sadb_update_sa(mblk_t *, keysock_in_t *, mblk_t **, sadbp_t *,
 764     int *, queue_t *, int (*)(mblk_t *, keysock_in_t *, int *, netstack_t *),
 765     netstack_t *, uint8_t);
 766 void sadb_acquire(mblk_t *, ip_xmit_attr_t *, boolean_t, boolean_t);
 767 void gcm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
 768     crypto_data_t *);
 769 void ccm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
 770     crypto_data_t *);
 771 void cbc_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
 772     crypto_data_t *);
 773 
 774 void sadb_destroy_acquire(ipsacq_t *, netstack_t *);
 775 struct ipsec_stack;
 776 mblk_t *sadb_setup_acquire(ipsacq_t *, uint8_t, struct ipsec_stack *);
 777 ipsa_t *sadb_getspi(keysock_in_t *, uint32_t, int *, netstack_t *, uint_t);
 778 void sadb_in_acquire(sadb_msg_t *, sadbp_t *, queue_t *, netstack_t *);
 779 boolean_t sadb_replay_check(ipsa_t *, uint32_t);
 780 boolean_t sadb_replay_peek(ipsa_t *, uint32_t);
 781 int sadb_dump(queue_t *, mblk_t *, keysock_in_t *, sadb_t *);
 782 void sadb_replay_delete(ipsa_t *);
 783 void sadb_ager(sadb_t *, queue_t *, int, netstack_t *);
 784 
 785 timeout_id_t sadb_retimeout(hrtime_t, queue_t *, void (*)(void *), void *,
 786     uint_t *, uint_t, short);
 787 void sadb_sa_refrele(void *target);
 788 mblk_t *sadb_set_lpkt(ipsa_t *, mblk_t *, ip_recv_attr_t *);
 789 mblk_t *sadb_clear_lpkt(ipsa_t *);
 790 void sadb_buf_pkt(ipsa_t *, mblk_t *, ip_recv_attr_t *);
 791 void sadb_clear_buf_pkt(void *ipkt);
 792 
 793 /* Note that buf_pkt is the product of ip_recv_attr_to_mblk() */
 794 #define HANDLE_BUF_PKT(taskq, stack, dropper, buf_pkt)                  \
 795 {                                                                       \
 796         if (buf_pkt != NULL) {                                          \

 551 } iacqf_t;
 552 
 553 /*
 554  * A (network protocol, ipsec protocol) specific SADB.
 555  * (i.e., one each for {ah, esp} and {v4, v6}.
 556  *
 557  * Keep outbound assocs in a simple hash table for now.
 558  * One danger point, multiple SAs for a single dest will clog a bucket.
 559  * For the future, consider two-level hashing (2nd hash on IPC?), then probe.
 560  */
 561 
 562 typedef struct sadb_s
 563 {
 564         isaf_t  *sdb_of;
 565         isaf_t  *sdb_if;
 566         iacqf_t *sdb_acq;
 567         int     sdb_hashsize;
 568 } sadb_t;
 569 
 570 /*
 571  * A pair of SADB's (one for v4, one for v6), and related state.

 572  */
 573 
 574 typedef struct sadbp_s
 575 {
 576         uint32_t        s_satype;
 577         uint32_t        *s_acquire_timeout;

 578         sadb_t          s_v4;
 579         sadb_t          s_v6;
 580         uint32_t        s_addflags;
 581         uint32_t        s_updateflags;
 582 } sadbp_t;
 583 
 584 /*
 585  * A pair of SA's for a single connection, the structure contains a
 586  * pointer to a SA and the SA its paired with (opposite direction) as well
 587  * as the SA's respective hash buckets.
 588  */
 589 typedef struct ipsap_s
 590 {
 591         boolean_t       in_inbound_table;
 592         isaf_t          *ipsap_bucket;
 593         ipsa_t          *ipsap_sa_ptr;
 594         isaf_t          *ipsap_pbucket;
 595         ipsa_t          *ipsap_psa_ptr;
 596 } ipsap_t;
 597

 754 
 755 int sadb_purge_sa(mblk_t *, keysock_in_t *, sadb_t *, int *, queue_t *);
 756 int sadb_common_add(queue_t *, mblk_t *, sadb_msg_t *,
 757     keysock_in_t *, isaf_t *, isaf_t *, ipsa_t *, boolean_t, boolean_t, int *,
 758     netstack_t *, sadbp_t *);
 759 void sadb_set_usetime(ipsa_t *);
 760 boolean_t sadb_age_bytes(queue_t *, ipsa_t *, uint64_t, boolean_t);
 761 int sadb_update_sa(mblk_t *, keysock_in_t *, mblk_t **, sadbp_t *,
 762     int *, queue_t *, int (*)(mblk_t *, keysock_in_t *, int *, netstack_t *),
 763     netstack_t *, uint8_t);
 764 void sadb_acquire(mblk_t *, ip_xmit_attr_t *, boolean_t, boolean_t);
 765 void gcm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
 766     crypto_data_t *);
 767 void ccm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
 768     crypto_data_t *);
 769 void cbc_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
 770     crypto_data_t *);
 771 
 772 void sadb_destroy_acquire(ipsacq_t *, netstack_t *);
 773 struct ipsec_stack;

 774 ipsa_t *sadb_getspi(keysock_in_t *, uint32_t, int *, netstack_t *, uint_t);
 775 void sadb_in_acquire(sadb_msg_t *, sadbp_t *, queue_t *, netstack_t *);
 776 boolean_t sadb_replay_check(ipsa_t *, uint32_t);
 777 boolean_t sadb_replay_peek(ipsa_t *, uint32_t);
 778 int sadb_dump(queue_t *, mblk_t *, keysock_in_t *, sadb_t *);
 779 void sadb_replay_delete(ipsa_t *);
 780 void sadb_ager(sadb_t *, queue_t *, int, netstack_t *);
 781 
 782 timeout_id_t sadb_retimeout(hrtime_t, queue_t *, void (*)(void *), void *,
 783     uint_t *, uint_t, short);
 784 void sadb_sa_refrele(void *target);
 785 mblk_t *sadb_set_lpkt(ipsa_t *, mblk_t *, ip_recv_attr_t *);
 786 mblk_t *sadb_clear_lpkt(ipsa_t *);
 787 void sadb_buf_pkt(ipsa_t *, mblk_t *, ip_recv_attr_t *);
 788 void sadb_clear_buf_pkt(void *ipkt);
 789 
 790 /* Note that buf_pkt is the product of ip_recv_attr_to_mblk() */
 791 #define HANDLE_BUF_PKT(taskq, stack, dropper, buf_pkt)                  \
 792 {                                                                       \
 793         if (buf_pkt != NULL) {                                          \