* SUCH DAMAGE.
*/
-#if (defined(__FreeBSD__) && __FreeBSD__ >= 3) || defined(__NetBSD__)
-#include "opt_inet.h"
-#ifdef __NetBSD__
-#include "opt_ipsec.h"
-#endif
-#endif
-
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/param.h>
#include <net/net_osdep.h>
-#if defined(__FreeBSD__) && __FreeBSD__ >= 3
+extern lck_mtx_t *sadb_mutex;
+
MALLOC_DEFINE(M_SECA, "key mgmt", "security associations, key management");
-#endif
-static void keydb_delsecasvar __P((struct secasvar *));
+// static void keydb_delsecasvar(struct secasvar *); // not used
/*
* secpolicy management
{
struct secpolicy *p;
- p = (struct secpolicy *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT);
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ p = (struct secpolicy *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
if (!p)
return p;
bzero(p, sizeof(*p));
struct secashead *p;
int i;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT);
- if (!p)
+ if (!p) {
+ lck_mtx_unlock(sadb_mutex);
+ p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
+ lck_mtx_lock(sadb_mutex);
+ }
+ if (!p)
return p;
bzero(p, sizeof(*p));
for (i = 0; i < sizeof(p->savtree)/sizeof(p->savtree[0]); i++)
return p;
}
+#if 0
void
keydb_delsecashead(p)
struct secashead *p;
_FREE(p, M_SECA);
}
-/*
+
+
+/*
* secasvar management (reference counted)
*/
struct secasvar *
{
struct secasvar *p;
- p = (struct secasvar *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT);
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ p = (struct secasvar *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
if (!p)
return p;
bzero(p, sizeof(*p));
keydb_refsecasvar(p)
struct secasvar *p;
{
- int s;
-#ifdef __NetBSD__
- s = splsoftnet();
-#else
- s = splnet();
-#endif
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
p->refcnt++;
- splx(s);
}
void
keydb_freesecasvar(p)
struct secasvar *p;
{
- int s;
-#ifdef __NetBSD__
- s = splsoftnet();
-#else
- s = splnet();
-#endif
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
p->refcnt--;
- if (p->refcnt == 0)
+ /* negative refcnt will cause panic intentionally */
+ if (p->refcnt <= 0)
keydb_delsecasvar(p);
- splx(s);
}
static void
_FREE(p, M_SECA);
}
+#endif
/*
* secreplay management
size_t wsize;
{
struct secreplay *p;
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
p = (struct secreplay *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT);
+ if (!p) {
+ lck_mtx_unlock(sadb_mutex);
+ p = (struct secreplay *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
+ lck_mtx_lock(sadb_mutex);
+ }
if (!p)
return p;
if (wsize != 0) {
p->bitmap = (caddr_t)_MALLOC(wsize, M_SECA, M_NOWAIT);
if (!p->bitmap) {
- _FREE(p, M_SECA);
- return NULL;
+ lck_mtx_unlock(sadb_mutex);
+ p->bitmap = (caddr_t)_MALLOC(wsize, M_SECA, M_WAITOK);
+ lck_mtx_lock(sadb_mutex);
+ if (!p->bitmap) {
+ _FREE(p, M_SECA);
+ return NULL;
+ }
}
bzero(p->bitmap, wsize);
}
_FREE(p, M_SECA);
}
-/*
+#if 0
+/* NOT USED
* secreg management
*/
struct secreg *
{
struct secreg *p;
- p = (struct secreg *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT);
+ p = (struct secreg *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
if (p)
bzero(p, sizeof(*p));
return p;
_FREE(p, M_SECA);
}
+#endif