Changeset View
Changeset View
Standalone View
Standalone View
sys/netipsec/key.c
Context not available. | |||||
#endif | #endif | ||||
static struct secasvar *key_allocsa_policy(const struct secasindex *); | static struct secasvar *key_allocsa_policy(const struct secasindex *); | ||||
static void key_freesp_so(struct secpolicy **); | |||||
static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int); | static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int); | ||||
static void key_unlink(struct secpolicy *); | static void key_unlink(struct secpolicy *); | ||||
static struct secpolicy *key_getsp(struct secpolicyindex *); | static struct secpolicy *key_getsp(struct secpolicyindex *); | ||||
Context not available. | |||||
/* | /* | ||||
* Must be called after calling key_allocsp(). | * Must be called after calling key_allocsp(). | ||||
* For both the packet without socket and key_freeso(). | |||||
*/ | */ | ||||
void | void | ||||
_key_freesp(struct secpolicy **spp, const char* where, int tag) | _key_freesp(struct secpolicy **spp, const char* where, int tag) | ||||
Context not available. | |||||
KEY_FREESP(&sp); | KEY_FREESP(&sp); | ||||
} | } | ||||
/* | |||||
* Must be called after calling key_allocsp(). | |||||
* For the packet with socket. | |||||
*/ | |||||
void | void | ||||
key_freeso(struct socket *so) | |||||
{ | |||||
IPSEC_ASSERT(so != NULL, ("null so")); | |||||
switch (so->so_proto->pr_domain->dom_family) { | |||||
#if defined(INET) || defined(INET6) | |||||
#ifdef INET | |||||
case PF_INET: | |||||
#endif | |||||
#ifdef INET6 | |||||
case PF_INET6: | |||||
#endif | |||||
{ | |||||
struct inpcb *pcb = sotoinpcb(so); | |||||
/* Does it have a PCB ? */ | |||||
if (pcb == NULL) | |||||
return; | |||||
key_freesp_so(&pcb->inp_sp->sp_in); | |||||
key_freesp_so(&pcb->inp_sp->sp_out); | |||||
} | |||||
break; | |||||
#endif /* INET || INET6 */ | |||||
default: | |||||
ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n", | |||||
__func__, so->so_proto->pr_domain->dom_family)); | |||||
return; | |||||
} | |||||
} | |||||
static void | |||||
key_freesp_so(struct secpolicy **sp) | |||||
{ | |||||
IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp")); | |||||
if ((*sp)->policy == IPSEC_POLICY_ENTRUST || | |||||
(*sp)->policy == IPSEC_POLICY_BYPASS) | |||||
return; | |||||
IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, | |||||
("invalid policy %u", (*sp)->policy)); | |||||
KEY_FREESP(sp); | |||||
} | |||||
void | |||||
key_addrefsa(struct secasvar *sav, const char* where, int tag) | key_addrefsa(struct secasvar *sav, const char* where, int tag) | ||||
{ | { | ||||
Context not available. |