From owner-svn-src-projects@freebsd.org  Tue Nov 22 10:20:07 2016
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A386AC4F92C
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Tue, 22 Nov 2016 10:20:07 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5DAD8215;
 Tue, 22 Nov 2016 10:20:07 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uAMAK6ad075863;
 Tue, 22 Nov 2016 10:20:06 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uAMAK62q075861;
 Tue, 22 Nov 2016 10:20:06 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201611221020.uAMAK62q075861@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Tue, 22 Nov 2016 10:20:06 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r308972 - projects/ipsec/sys/netipsec
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2016 10:20:07 -0000

Author: ae
Date: Tue Nov 22 10:20:06 2016
New Revision: 308972
URL: https://svnweb.freebsd.org/changeset/base/308972

Log:
  Update key_allocsa_tunnel() to use SAHADDRHASH.

Modified:
  projects/ipsec/sys/netipsec/key.c

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c	Tue Nov 22 10:18:00 2016	(r308971)
+++ projects/ipsec/sys/netipsec/key.c	Tue Nov 22 10:20:06 2016	(r308972)
@@ -928,61 +928,45 @@ key_allocsa(union sockaddr_union *dst, u
 
 struct secasvar *
 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst,
-    u_int proto, const char* where, int tag)
+    uint8_t proto)
 {
+	SAHTREE_RLOCK_TRACKER;
+	struct secasindex saidx;
 	struct secashead *sah;
 	struct secasvar *sav;
-	u_int stateidx, arraysize, state;
-	const u_int *saorder_state_valid;
 
 	IPSEC_ASSERT(src != NULL, ("null src address"));
 	IPSEC_ASSERT(dst != NULL, ("null dst address"));
-	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-		printf("DP %s from %s:%u\n", __func__, where, tag));
 
-	SAHTREE_LOCK();
-	if (V_key_preferred_oldsa) {
-		saorder_state_valid = saorder_state_valid_prefer_old;
-		arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
-	} else {
-		saorder_state_valid = saorder_state_valid_prefer_new;
-		arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
-	}
-	LIST_FOREACH(sah, &V_sahtree, chain) {
-		/* search valid state */
-		for (stateidx = 0; stateidx < arraysize; stateidx++) {
-			state = saorder_state_valid[stateidx];
-			LIST_FOREACH(sav, &sah->savtree[state], chain) {
-				/* sanity check */
-				KEY_CHKSASTATE(sav->state, state, __func__);
-				/* do not return entries w/ unusable state */
-				if (sav->state != SADB_SASTATE_MATURE &&
-				    sav->state != SADB_SASTATE_DYING)
-					continue;
-				if (IPSEC_MODE_TUNNEL != sav->sah->saidx.mode)
-					continue;
-				if (proto != sav->sah->saidx.proto)
-					continue;
-				/* check src address */
-				if (key_sockaddrcmp(&src->sa,
-				    &sav->sah->saidx.src.sa, 0) != 0)
-					continue;
-				/* check dst address */
-				if (key_sockaddrcmp(&dst->sa,
-				    &sav->sah->saidx.dst.sa, 0) != 0)
-					continue;
-				sa_addref(sav);
-				goto done;
-			}
+	KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa,
+	    &dst->sa, &saidx);
+
+	sav = NULL;
+	SAHTREE_RLOCK();
+	LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) {
+		if (IPSEC_MODE_TUNNEL != sah->saidx.mode)
+			continue;
+		if (proto != sah->saidx.proto)
+			continue;
+		if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, 0) != 0)
+			continue;
+		if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, 0) != 0)
+			continue;
+		/* XXXAE: is key_preferred_oldsa reasonably?*/
+		if (V_key_preferred_oldsa)
+			sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
+		else
+			sav = TAILQ_FIRST(&sah->savtree_alive);
+		if (sav != NULL) {
+			SAV_ADDREF(sav);
+			break;
 		}
 	}
-	sav = NULL;
-done:
-	SAHTREE_UNLOCK();
-
-	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-		printf("DP %s return SA:%p; refcnt %u\n", __func__,
-			sav, sav ? sav->refcnt : 0));
+	SAHTREE_RUNLOCK();
+	KEYDBG(IPSEC_STAMP,
+	    printf("%s: return SA(%p)\n", __func__, sav));
+	if (sav != NULL)
+		KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
 	return (sav);
 }