svn commit: r308998 - projects/ipsec/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Tue Nov 22 13:53:39 UTC 2016
Author: ae
Date: Tue Nov 22 13:53:37 2016
New Revision: 308998
URL: https://svnweb.freebsd.org/changeset/base/308998
Log:
Update key_delsav() and key_cleansav() to reflect changes in SADB.
Also remove unused sched field from SA.
Modified:
projects/ipsec/sys/netipsec/key.c
Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c Tue Nov 22 13:43:06 2016 (r308997)
+++ projects/ipsec/sys/netipsec/key.c Tue Nov 22 13:53:37 2016 (r308998)
@@ -2697,6 +2697,7 @@ done:
static void
key_cleansav(struct secasvar *sav)
{
+
/*
* Cleanup xform state. Note that zeroize'ing causes the
* keys to be cleared; otherwise we must do it ourself.
@@ -2722,19 +2723,10 @@ key_cleansav(struct secasvar *sav)
free(sav->key_enc, M_IPSEC_MISC);
sav->key_enc = NULL;
}
- if (sav->sched) {
- bzero(sav->sched, sav->schedlen);
- free(sav->sched, M_IPSEC_MISC);
- sav->sched = NULL;
- }
if (sav->replay != NULL) {
free(sav->replay, M_IPSEC_MISC);
sav->replay = NULL;
}
- if (sav->lft_c != NULL) {
- free(sav->lft_c, M_IPSEC_MISC);
- sav->lft_c = NULL;
- }
if (sav->lft_h != NULL) {
free(sav->lft_h, M_IPSEC_MISC);
sav->lft_h = NULL;
@@ -2752,16 +2744,17 @@ static void
key_delsav(struct secasvar *sav)
{
IPSEC_ASSERT(sav != NULL, ("null sav"));
- IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt));
+ IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD,
+ ("attempt to free non DEAD SA %p", sav));
+ IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0",
+ sav->refcnt));
- /* remove from SA header */
- if (__LIST_CHAINED(sav))
- LIST_REMOVE(sav, chain);
+ /* SA must be unlinked from the chain and hashtbl */
key_cleansav(sav);
SECASVAR_LOCK_DESTROY(sav);
+ uma_zfree(V_key_lft_zone, sav->lft_c);
free(sav, M_IPSEC_SA);
}
-
/*
* search SAD.
* OUT:
More information about the svn-src-projects
mailing list