Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Jul 2007 11:39:22 +0200
From:      VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>
To:        freebsd-net@freebsd.org
Subject:   Re:  SADB_X_SPDFLUSH message handling for latest version of IPsec
Message-ID:  <20070727093922.GA981@jayce.zen.inc>
In-Reply-To: <46A9BAB4.9030309@zyxel.com.tw>
References:  <46A81171.1040107@zyxel.com.tw> <m2y7h21hi4.wl%gnn@neville-neil.com> <46A9BAB4.9030309@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jul 27, 2007 at 05:28:20PM +0800, blue wrote:
[....]
>  I was tracing the codes so had the conclusion. in key_spdflush() in key.c, 
>  the loop
> 
>     for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
>         SPTREE_LOCK();
>         LIST_FOREACH(sp, &sptree[dir], chain)
>             sp->state = IPSEC_SPSTATE_DEAD;
>         SPTREE_UNLOCK();
>     }
> 
>  only sets policy entry's status as DEAD, but not remove it from the SPD. On 
>  the other hand, in KAME implementation (known as IPSEC in previous FreeBSD 
>  version), the SP entry will be removed.
> 
>     for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
>         nextsp = TAILQ_NEXT(sp, tailq);
>         if (sp->persist)
>             continue;
>         if (sp->state == IPSEC_SPSTATE_DEAD)
>             continue;
>         key_sp_dead(sp);
>         key_sp_unlink(sp);
>         sp = NULL;
>     }

Have a look at key_sp_unlink:

static void
key_sp_unlink(sp)
	struct secpolicy *sp;
{

	/* remove from SP index */
	if (__LIST_CHAINED(sp)) {
		LIST_REMOVE(sp, chain);
		key_freesp(sp);
	}
}

For now, it has just been removed from the list.

And then have a look at key_freesp:

void
key_freesp(sp)
	struct secpolicy *sp;
{
	/* sanity check */
	if (sp == NULL)
		panic("key_freesp: NULL pointer is passed.");

	sp->refcnt--;
	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
		printf("DP freesp cause refcnt--:%d SP:%p\n",
			sp->refcnt, sp));

	if (sp->refcnt == 0)
		key_delsp(sp);

	return;
}

The SPD entry will only be "really" removed if it's reference count is
0.

In both IPSec stacks, the memory structure can't just be removed
because some other parts of the kernel may still be using it (that's
why there is a reference count).
They just use different ways to mark the SP entry as "obsolete", and
to clean the structure when it won't be used anymore...


Yvan.

-- 
NETASQ
http://www.netasq.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070727093922.GA981>