K 10
svn:author
V 2
ae
K 8
svn:date
V 27
2016-11-19T15:37:12.864079Z
K 7
svn:log
V 1327
Change some IPsec structures.

Change struct secashead. Replace chain LIST with TAILQ and add two new
LIST entries. addrhash will be used for lookup in hash by secasindex.
drainq will be used by flush callout.
Remove savtree field. Instead two TAILQ will be used. One to keep LARVAL
SAs, another to keep alive (MATURE and DYING) SAs. Also add refcnt field.

Change struct secasvar. Use TAILQ instead of LIST to keep SAs in a chain.
Add spihash field for lookups by SPI. drainq field will be used by flush
callout. Replace CURRENT lifetime expiring counters with PCPU counters
to avoid locking for updates.

Add two hash entries to struct secacq.

Get rid of tdb_ident and tdb_crypto structures. Instead add two new
structures xform_history and xform_data.

struct xform_history will be used to store in the mbuf tag information
about used SA. It contains all needed info to check that INBOUND security
policy was fully applied to decrypted packet. In case of SA bundle,
resulting mbuf will have several mbuf tags with such structures.

struct xform_data will be used by crypto callbacks to store and obtain
needed information before and after crypto processing.

Change prototype of xform output callback. Now it will take as arguments
referenced security policy, referenced security association and current
transform's index.

END