Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 2 Jan 2017 10:16:41 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r311097 - in projects/ipsec/sys: net netipsec
Message-ID:  <201701021016.v02AGfga026047@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Mon Jan  2 10:16:41 2017
New Revision: 311097
URL: https://svnweb.freebsd.org/changeset/base/311097

Log:
  Revert r309611. At least racoon depends on such notifications.
  Also fix SP reference leak.

Modified:
  projects/ipsec/sys/net/if_ipsec.c
  projects/ipsec/sys/netipsec/key.c

Modified: projects/ipsec/sys/net/if_ipsec.c
==============================================================================
--- projects/ipsec/sys/net/if_ipsec.c	Mon Jan  2 09:50:51 2017	(r311096)
+++ projects/ipsec/sys/net/if_ipsec.c	Mon Jan  2 10:16:41 2017	(r311097)
@@ -956,8 +956,11 @@ ipsec_set_tunnel(struct ipsec_softc *sc,
 	}
 
 	sc->ifp->if_drv_flags |= IFF_DRV_RUNNING;
-	if (f != 0)
+	if (f != 0) {
 		key_unregister_ifnet(oldsp, IPSEC_SPCOUNT);
+		for (i = 0; i < IPSEC_SPCOUNT; i++)
+			key_freesp(&oldsp[i]);
+	}
 	return (0);
 }
 
@@ -986,5 +989,7 @@ ipsec_delete_tunnel(struct ifnet *ifp, i
 		if (!locked)
 			IPSEC_SC_WUNLOCK();
 		key_unregister_ifnet(oldsp, IPSEC_SPCOUNT);
+		for (i = 0; i < IPSEC_SPCOUNT; i++)
+			key_freesp(&oldsp[i]);
 	}
 }

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c	Mon Jan  2 09:50:51 2017	(r311096)
+++ projects/ipsec/sys/netipsec/key.c	Mon Jan  2 10:16:41 2017	(r311097)
@@ -1132,6 +1132,7 @@ done:
 int
 key_register_ifnet(struct secpolicy **spp, u_int count)
 {
+	struct mbuf *m;
 	u_int i;
 
 	SPTREE_WLOCK();
@@ -1161,12 +1162,21 @@ key_register_ifnet(struct secpolicy **sp
 		spp[i]->state = IPSEC_SPSTATE_IFNET;
 	}
 	SPTREE_WUNLOCK();
+	/*
+	 * Notify user processes about new SP.
+	 */
+	for (i = 0; i < count; i++) {
+		m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0);
+		if (m != NULL)
+			key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
+	}
 	return (0);
 }
 
 void
 key_unregister_ifnet(struct secpolicy **spp, u_int count)
 {
+	struct mbuf *m;
 	u_int i;
 
 	SPTREE_WLOCK();
@@ -1183,6 +1193,12 @@ key_unregister_ifnet(struct secpolicy **
 		LIST_REMOVE(spp[i], idhash);
 	}
 	SPTREE_WUNLOCK();
+
+	for (i = 0; i < count; i++) {
+		m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0);
+		if (m != NULL)
+			key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
+	}
 }
 
 /*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701021016.v02AGfga026047>