svn commit: r309000 - projects/ipsec/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Tue Nov 22 13:58:26 UTC 2016
Author: ae
Date: Tue Nov 22 13:58:24 2016
New Revision: 309000
URL: https://svnweb.freebsd.org/changeset/base/309000
Log:
Update key_checkspidup() to use SPI hash.
Modified:
projects/ipsec/sys/netipsec/key.c
Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c Tue Nov 22 13:56:22 2016 (r308999)
+++ projects/ipsec/sys/netipsec/key.c Tue Nov 22 13:58:24 2016 (r309000)
@@ -2780,38 +2780,25 @@ key_getsah(struct secasindex *saidx)
}
/*
- * check not to be duplicated SPI.
- * NOTE: this function is too slow due to searching all SAD.
+ * Check not to be duplicated SPI.
* OUT:
- * NULL : not found
- * others : found, pointer to a SA.
+ * 0 : not found
+ * 1 : found SA with given SPI.
*/
-static struct secasvar *
-key_checkspidup(struct secasindex *saidx, u_int32_t spi)
+static int
+key_checkspidup(uint32_t spi)
{
- struct secashead *sah;
+ SAHTREE_RLOCK_TRACKER;
struct secasvar *sav;
- /* check address family */
- if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
- ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
- __func__));
- return NULL;
- }
-
- sav = NULL;
- /* check all SAD */
- SAHTREE_LOCK();
- LIST_FOREACH(sah, &V_sahtree, chain) {
- if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
- continue;
- sav = key_getsavbyspi(sah, spi);
- if (sav != NULL)
+ /* Assume SPI is in network byte order */
+ SAHTREE_RLOCK();
+ LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
+ if (sav->spi == spi)
break;
}
- SAHTREE_UNLOCK();
-
- return sav;
+ SAHTREE_RUNLOCK();
+ return (sav != NULL);
}
/*
More information about the svn-src-projects
mailing list