Browse files

revisit logic on the use of spihash

  • Loading branch information...
1 parent fcd28fb commit bda6a360d0da2b2f7184b68c9ea0aec857c49a40 itojun committed Sep 7, 2003
Showing with 91 additions and 81 deletions.
  1. +91 −81 kame/sys/netkey/key.c
View
172 kame/sys/netkey/key.c
@@ -1,4 +1,4 @@
-/* $KAME: key.c,v 1.307 2003/09/07 15:12:09 itojun Exp $ */
+/* $KAME: key.c,v 1.308 2003/09/07 20:35:59 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -997,8 +997,8 @@ key_allocsa(family, src, dst, proto, spi)
caddr_t src, dst;
u_int32_t spi;
{
- struct secasvar *sav;
- u_int stateidx, state;
+ struct secasvar *sav, *match;
+ u_int stateidx, state, tmpidx, matchidx;
struct sockaddr_in sin;
int s;
const u_int *saorder_state_valid;
@@ -1040,85 +1040,96 @@ key_allocsa(family, src, dst, proto, spi)
* search a valid state list for inbound packet.
* the search order is not important.
*/
- for (stateidx = 0; stateidx < arraysize; stateidx++) {
- state = saorder_state_valid[stateidx];
- LIST_FOREACH(sav, &spihash[spi % SPIHASHSIZE], spihash) {
- if (sav->spi != spi)
- continue;
- if (sav->state != state)
- continue;
- if (proto != sav->sah->saidx.proto)
- continue;
- if (family != sav->sah->saidx.src.ss_family ||
- family != sav->sah->saidx.dst.ss_family)
- continue;
+ match = NULL;
+ matchidx = arraysize;
+ LIST_FOREACH(sav, &spihash[spi % SPIHASHSIZE], spihash) {
+ if (sav->spi != spi)
+ continue;
+ if (proto != sav->sah->saidx.proto)
+ continue;
+ if (family != sav->sah->saidx.src.ss_family ||
+ family != sav->sah->saidx.dst.ss_family)
+ continue;
+ tmpidx = arraysize;
+ for (stateidx = 0; stateidx < matchidx; stateidx++) {
+ state = saorder_state_valid[stateidx];
+ if (sav->state == state) {
+ tmpidx = stateidx;
+ break;
+ }
+ }
+ if (tmpidx >= matchidx)
+ continue;
#if 0 /* don't check src */
- /* check src address */
- switch (family) {
- case AF_INET:
- bzero(&sin, sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_len = sizeof(sin);
- bcopy(src, &sin.sin_addr,
- sizeof(sin.sin_addr));
- if (key_sockaddrcmp((struct sockaddr*)&sin,
- (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
- continue;
+ /* check src address */
+ switch (family) {
+ case AF_INET:
+ bzero(&sin, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_len = sizeof(sin);
+ bcopy(src, &sin.sin_addr,
+ sizeof(sin.sin_addr));
+ if (key_sockaddrcmp((struct sockaddr*)&sin,
+ (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
+ continue;
- break;
- case AF_INET6:
- if (key_sockaddrcmp((struct sockaddr *)src,
- (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
- continue;
- break;
- default:
- ipseclog((LOG_DEBUG, "key_allocsa: "
- "unknown address family=%d.\n",
- family));
+ break;
+ case AF_INET6:
+ if (key_sockaddrcmp((struct sockaddr *)src,
+ (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
continue;
- }
+ break;
+ default:
+ ipseclog((LOG_DEBUG, "key_allocsa: "
+ "unknown address family=%d.\n",
+ family));
+ continue;
+ }
#endif
- /* check dst address */
- switch (family) {
- case AF_INET:
- bzero(&sin, sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_len = sizeof(sin);
- bcopy(dst, &sin.sin_addr,
- sizeof(sin.sin_addr));
- if (key_sockaddrcmp((struct sockaddr*)&sin,
- (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
- continue;
-
- break;
- case AF_INET6:
- if (key_sockaddrcmp((struct sockaddr *)dst,
- (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
- continue;
- break;
- default:
- ipseclog((LOG_DEBUG, "key_allocsa: "
- "unknown address family=%d.\n", family));
+ /* check dst address */
+ switch (family) {
+ case AF_INET:
+ bzero(&sin, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_len = sizeof(sin);
+ bcopy(dst, &sin.sin_addr,
+ sizeof(sin.sin_addr));
+ if (key_sockaddrcmp((struct sockaddr*)&sin,
+ (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
continue;
- }
- goto found;
+ break;
+ case AF_INET6:
+ if (key_sockaddrcmp((struct sockaddr *)dst,
+ (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
+ continue;
+ break;
+ default:
+ ipseclog((LOG_DEBUG, "key_allocsa: "
+ "unknown address family=%d.\n", family));
+ continue;
}
+
+ match = sav;
+ matchidx = tmpidx;
}
+ if (match)
+ goto found;
+
/* not found */
splx(s);
return NULL;
found:
- sav->refcnt++;
+ match->refcnt++;
splx(s);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP allocsa cause refcnt++:%d SA:%p\n",
- sav->refcnt, sav));
- return sav;
+ match->refcnt, match));
+ return match;
}
/*
@@ -3076,28 +3087,27 @@ key_getsavbyspi(sah, spi)
struct secashead *sah;
u_int32_t spi;
{
- struct secasvar *sav;
- u_int stateidx, state;
+ struct secasvar *sav, *match;
+ u_int stateidx, state, matchidx;
- /* search all status */
- for (stateidx = 0;
- stateidx < _ARRAYLEN(saorder_state_alive);
- stateidx++) {
-
- state = saorder_state_alive[stateidx];
- LIST_FOREACH(sav, &spihash[spi % SPIHASHSIZE], spihash) {
- if (sav->spi != spi)
- continue;
- if (sav->state != state)
- continue;
- if (sav->sah != sah)
- continue;
-
- return sav;
+ match = NULL;
+ matchidx = _ARRAYLEN(saorder_state_alive);
+ LIST_FOREACH(sav, &spihash[spi % SPIHASHSIZE], spihash) {
+ if (sav->spi != spi)
+ continue;
+ if (sav->sah != sah)
+ continue;
+ for (stateidx = 0; stateidx < matchidx; stateidx++) {
+ state = saorder_state_alive[stateidx];
+ if (sav->state == state) {
+ match = sav;
+ matchidx = stateidx;
+ break;
+ }
}
}
- return NULL;
+ return match;
}
/*

0 comments on commit bda6a36

Please sign in to comment.