Lines Matching refs:sav
102 void (*ipsec_accel_sa_newkey_p)(struct secasvar *sav);
103 void (*ipsec_accel_forget_sav_p)(struct secasvar *sav);
106 int (*ipsec_accel_sa_lifetime_op_p)(struct secasvar *sav,
110 bool (*ipsec_accel_is_accel_sav_p)(struct secasvar *sav);
111 struct mbuf *(*ipsec_accel_key_setaccelif_p)(struct secasvar *sav);
113 void (*ipsec_accel_drv_sa_lifetime_update_p)(struct secasvar *sav, if_t ifp,
115 int (*ipsec_accel_drv_sa_lifetime_fetch_p)(struct secasvar *sav, if_t ifp,
1027 struct secasvar *sav; in key_allocsa_tcpmd5() local
1047 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); in key_allocsa_tcpmd5()
1049 sav = TAILQ_FIRST(&sah->savtree_alive); in key_allocsa_tcpmd5()
1050 if (sav != NULL) in key_allocsa_tcpmd5()
1051 SAV_ADDREF(sav); in key_allocsa_tcpmd5()
1053 sav = NULL; in key_allocsa_tcpmd5()
1056 if (sav != NULL) { in key_allocsa_tcpmd5()
1058 printf("%s: return SA(%p)\n", __func__, sav)); in key_allocsa_tcpmd5()
1059 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); in key_allocsa_tcpmd5()
1065 return (sav); in key_allocsa_tcpmd5()
1080 struct secasvar *sav; in key_allocsa_policy() local
1108 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); in key_allocsa_policy()
1110 sav = TAILQ_FIRST(&sah->savtree_alive); in key_allocsa_policy()
1111 if (sav != NULL) in key_allocsa_policy()
1112 SAV_ADDREF(sav); in key_allocsa_policy()
1114 sav = NULL; in key_allocsa_policy()
1117 if (sav != NULL) { in key_allocsa_policy()
1121 sav, sp)); in key_allocsa_policy()
1122 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); in key_allocsa_policy()
1123 return (sav); /* return referenced SA */ in key_allocsa_policy()
1157 struct secasvar *sav; in key_allocsa() local
1164 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { in key_allocsa()
1165 if (sav->spi == spi) in key_allocsa()
1172 if (sav != NULL) { in key_allocsa()
1173 if (sav->state != SADB_SASTATE_LARVAL && in key_allocsa()
1174 sav->sah->saidx.proto == proto && in key_allocsa()
1176 &sav->sah->saidx.dst.sa, 0) == 0) in key_allocsa()
1177 SAV_ADDREF(sav); in key_allocsa()
1179 sav = NULL; in key_allocsa()
1183 if (sav == NULL) { in key_allocsa()
1191 printf("%s: return SA(%p)\n", __func__, sav)); in key_allocsa()
1192 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); in key_allocsa()
1194 return (sav); in key_allocsa()
1204 struct secasvar *sav; in key_allocsa_tunnel() local
1212 sav = NULL; in key_allocsa_tunnel()
1225 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); in key_allocsa_tunnel()
1227 sav = TAILQ_FIRST(&sah->savtree_alive); in key_allocsa_tunnel()
1228 if (sav != NULL) { in key_allocsa_tunnel()
1229 SAV_ADDREF(sav); in key_allocsa_tunnel()
1235 printf("%s: return SA(%p)\n", __func__, sav)); in key_allocsa_tunnel()
1236 if (sav != NULL) in key_allocsa_tunnel()
1237 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); in key_allocsa_tunnel()
1238 return (sav); in key_allocsa_tunnel()
1423 struct secasvar *sav = *psav; in key_freesav() local
1425 IPSEC_ASSERT(sav != NULL, ("null sav")); in key_freesav()
1427 if (SAV_DELREF(sav) == 0) in key_freesav()
1431 printf("%s: last reference to SA(%p)\n", __func__, sav)); in key_freesav()
1434 key_delsav(sav); in key_freesav()
1443 key_unlinksav(struct secasvar *sav) in key_unlinksav() argument
1448 printf("%s: SA(%p)\n", __func__, sav)); in key_unlinksav()
1453 if (sav->state == SADB_SASTATE_DEAD) { in key_unlinksav()
1459 if (sav->state == SADB_SASTATE_LARVAL) in key_unlinksav()
1460 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); in key_unlinksav()
1462 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); in key_unlinksav()
1464 LIST_REMOVE(sav, spihash); in key_unlinksav()
1465 sav->state = SADB_SASTATE_DEAD; in key_unlinksav()
1466 ipsec_accel_forget_sav(sav); in key_unlinksav()
1467 sah = sav->sah; in key_unlinksav()
1469 key_freesav(&sav); in key_unlinksav()
3040 struct secasvar *sav; in key_newsav() local
3048 sav = NULL; in key_newsav()
3068 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); in key_newsav()
3069 if (sav == NULL) { in key_newsav()
3073 sav->lock = malloc_aligned(max(sizeof(struct rmlock), in key_newsav()
3076 if (sav->lock == NULL) { in key_newsav()
3080 rm_init(sav->lock, "ipsec association"); in key_newsav()
3081 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); in key_newsav()
3082 if (sav->lft_c == NULL) { in key_newsav()
3087 sav->spi = spi; in key_newsav()
3088 sav->seq = mhp->msg->sadb_msg_seq; in key_newsav()
3089 sav->state = SADB_SASTATE_LARVAL; in key_newsav()
3090 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; in key_newsav()
3091 SAV_INITREF(sav); in key_newsav()
3093 CK_LIST_INIT(&sav->accel_ifps); in key_newsav()
3094 sav->accel_forget_tq = 0; in key_newsav()
3095 sav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone, in key_newsav()
3097 if (sav->accel_lft_sw == NULL) { in key_newsav()
3107 sav->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if), in key_newsav()
3109 if (sav->accel_ifname == NULL) { in key_newsav()
3113 strncpy(__DECONST(char *, sav->accel_ifname), in key_newsav()
3133 sav->sah = sah; in key_newsav()
3135 sav->created = time_second; in key_newsav()
3136 } else if (sav->state == SADB_SASTATE_LARVAL) { in key_newsav()
3141 *errp = key_setsaval(sav, mhp); in key_newsav()
3144 sav->state = SADB_SASTATE_MATURE; in key_newsav()
3181 if (sav->state == SADB_SASTATE_MATURE) { in key_newsav()
3182 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); in key_newsav()
3183 ipsec_accel_sa_newkey(sav); in key_newsav()
3185 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); in key_newsav()
3187 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); in key_newsav()
3192 if (sav != NULL) { in key_newsav()
3193 if (sav->lock != NULL) { in key_newsav()
3194 rm_destroy(sav->lock); in key_newsav()
3195 free(sav->lock, M_IPSEC_MISC); in key_newsav()
3197 if (sav->lft_c != NULL) in key_newsav()
3198 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); in key_newsav()
3200 if (sav->accel_lft_sw != NULL) in key_newsav()
3202 sav->accel_lft_sw); in key_newsav()
3203 free(__DECONST(char *, sav->accel_ifname), in key_newsav()
3206 free(sav, M_IPSEC_SA), sav = NULL; in key_newsav()
3216 return (sav); in key_newsav()
3223 key_cleansav(struct secasvar *sav) in key_cleansav() argument
3226 if (sav->natt != NULL) { in key_cleansav()
3227 free(sav->natt, M_IPSEC_MISC); in key_cleansav()
3228 sav->natt = NULL; in key_cleansav()
3230 if (sav->flags & SADB_X_EXT_F_CLONED) in key_cleansav()
3232 if (sav->tdb_xform != NULL) { in key_cleansav()
3233 sav->tdb_xform->xf_cleanup(sav); in key_cleansav()
3234 sav->tdb_xform = NULL; in key_cleansav()
3236 if (sav->key_auth != NULL) { in key_cleansav()
3237 zfree(sav->key_auth->key_data, M_IPSEC_MISC); in key_cleansav()
3238 free(sav->key_auth, M_IPSEC_MISC); in key_cleansav()
3239 sav->key_auth = NULL; in key_cleansav()
3241 if (sav->key_enc != NULL) { in key_cleansav()
3242 zfree(sav->key_enc->key_data, M_IPSEC_MISC); in key_cleansav()
3243 free(sav->key_enc, M_IPSEC_MISC); in key_cleansav()
3244 sav->key_enc = NULL; in key_cleansav()
3246 if (sav->replay != NULL) { in key_cleansav()
3247 mtx_destroy(&sav->replay->lock); in key_cleansav()
3248 if (sav->replay->bitmap != NULL) in key_cleansav()
3249 free(sav->replay->bitmap, M_IPSEC_MISC); in key_cleansav()
3250 free(sav->replay, M_IPSEC_MISC); in key_cleansav()
3251 sav->replay = NULL; in key_cleansav()
3253 if (sav->lft_h != NULL) { in key_cleansav()
3254 free(sav->lft_h, M_IPSEC_MISC); in key_cleansav()
3255 sav->lft_h = NULL; in key_cleansav()
3257 if (sav->lft_s != NULL) { in key_cleansav()
3258 free(sav->lft_s, M_IPSEC_MISC); in key_cleansav()
3259 sav->lft_s = NULL; in key_cleansav()
3267 key_delsav(struct secasvar *sav) in key_delsav() argument
3269 IPSEC_ASSERT(sav != NULL, ("null sav")); in key_delsav()
3270 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, in key_delsav()
3271 ("attempt to free non DEAD SA %p", sav)); in key_delsav()
3272 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", in key_delsav()
3273 sav->refcnt)); in key_delsav()
3275 KASSERT(CK_LIST_EMPTY(&sav->accel_ifps), in key_delsav()
3276 ("key_unlinksav: sav %p still offloaded", sav)); in key_delsav()
3284 key_cleansav(sav); in key_delsav()
3285 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { in key_delsav()
3286 rm_destroy(sav->lock); in key_delsav()
3287 free(sav->lock, M_IPSEC_MISC); in key_delsav()
3288 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); in key_delsav()
3292 uma_zfree_pcpu(ipsec_key_lft_zone, sav->accel_lft_sw); in key_delsav()
3293 free(__DECONST(char *, sav->accel_ifname), M_IPSEC_MISC); in key_delsav()
3295 free(sav, M_IPSEC_SA); in key_delsav()
3331 struct secasvar *sav; in key_checkspidup() local
3335 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { in key_checkspidup()
3336 if (sav->spi == spi) in key_checkspidup()
3340 return (sav != NULL); in key_checkspidup()
3353 struct secasvar *sav; in key_getsavbyspi() local
3357 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { in key_getsavbyspi()
3358 if (sav->spi != spi) in key_getsavbyspi()
3360 SAV_ADDREF(sav); in key_getsavbyspi()
3364 return (sav); in key_getsavbyspi()
3368 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) in key_updatelifetimes() argument
3379 if (sav->state == SADB_SASTATE_MATURE) { in key_updatelifetimes()
3417 if (sav->state != SADB_SASTATE_LARVAL) { in key_updatelifetimes()
3422 SECASVAR_WLOCK(sav); in key_updatelifetimes()
3423 tmp = sav->lft_h; in key_updatelifetimes()
3424 sav->lft_h = lft_h; in key_updatelifetimes()
3427 tmp = sav->lft_s; in key_updatelifetimes()
3428 sav->lft_s = lft_s; in key_updatelifetimes()
3430 SECASVAR_WUNLOCK(sav); in key_updatelifetimes()
3438 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); in key_updatelifetimes()
3439 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); in key_updatelifetimes()
3440 sav->lft_h = lft_h; in key_updatelifetimes()
3441 sav->lft_s = lft_s; in key_updatelifetimes()
3452 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) in key_setsaval() argument
3462 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, in key_setsaval()
3466 error = key_setident(sav->sah, mhp); in key_setsaval()
3477 sav->alg_auth = sa0->sadb_sa_auth; in key_setsaval()
3478 sav->alg_enc = sa0->sadb_sa_encrypt; in key_setsaval()
3479 sav->flags = sa0->sadb_sa_flags; in key_setsaval()
3480 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { in key_setsaval()
3483 sav->flags)); in key_setsaval()
3510 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, in key_setsaval()
3512 if (sav->replay == NULL) { in key_setsaval()
3519 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF); in key_setsaval()
3535 sav->replay->bitmap = malloc( in key_setsaval()
3538 if (sav->replay->bitmap == NULL) { in key_setsaval()
3545 sav->replay->bitmap_size = bitmap_size; in key_setsaval()
3546 sav->replay->wsize = replay; in key_setsaval()
3564 sav->alg_auth != SADB_X_AALG_NULL) in key_setsaval()
3581 sav->key_auth = key_dup_keymsg(key0, M_IPSEC_MISC); in key_setsaval()
3582 if (sav->key_auth == NULL ) { in key_setsaval()
3603 sav->alg_enc != SADB_EALG_NULL) { in key_setsaval()
3612 sav->key_enc = key_dup_keymsg(key0, M_IPSEC_MISC); in key_setsaval()
3613 if (sav->key_enc == NULL) { in key_setsaval()
3624 sav->key_enc = NULL; /*just in case*/ in key_setsaval()
3640 sav->ivlen = 0; in key_setsaval()
3643 if (sav->flags & SADB_X_EXT_DERIV) { in key_setsaval()
3649 if (sav->alg_enc != SADB_EALG_NONE) { in key_setsaval()
3655 error = xform_init(sav, XF_AH); in key_setsaval()
3658 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == in key_setsaval()
3665 error = xform_init(sav, XF_ESP); in key_setsaval()
3668 if (sav->alg_auth != SADB_AALG_NONE) { in key_setsaval()
3674 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && in key_setsaval()
3675 ntohl(sav->spi) >= 0x10000) { in key_setsaval()
3681 error = xform_init(sav, XF_IPCOMP); in key_setsaval()
3684 if (sav->alg_enc != SADB_EALG_NONE) { in key_setsaval()
3690 error = xform_init(sav, XF_TCPSIGNATURE); in key_setsaval()
3704 error = key_setnatt(sav, mhp); in key_setsaval()
3709 sav->firstused = 0; in key_setsaval()
3710 sav->created = time_second; in key_setsaval()
3713 error = key_updatelifetimes(sav, mhp); in key_setsaval()
3717 key_cleansav(sav); in key_setsaval()
3725 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, in key_setdumpsa() argument
3754 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); in key_setdumpsa()
3763 m = key_setsadbsa(sav); in key_setdumpsa()
3769 SECASVAR_RLOCK(sav); in key_setdumpsa()
3770 replay_count = sav->replay ? sav->replay->count : 0; in key_setdumpsa()
3771 SECASVAR_RUNLOCK(sav); in key_setdumpsa()
3772 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, in key_setdumpsa()
3773 sav->sah->saidx.reqid); in key_setdumpsa()
3779 if (sav->replay == NULL || in key_setdumpsa()
3780 sav->replay->wsize <= UINT8_MAX) in key_setdumpsa()
3783 m = key_setsadbxsareplay(sav->replay->wsize); in key_setdumpsa()
3790 &sav->sah->saidx.src.sa, in key_setdumpsa()
3798 &sav->sah->saidx.dst.sa, in key_setdumpsa()
3805 if (!sav->key_auth) in key_setdumpsa()
3807 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); in key_setdumpsa()
3813 if (!sav->key_enc) in key_setdumpsa()
3815 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); in key_setdumpsa()
3821 lft_c.addtime = sav->created; in key_setdumpsa()
3823 sav->lft_c_allocations); in key_setdumpsa()
3824 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); in key_setdumpsa()
3825 lft_c.usetime = sav->firstused; in key_setdumpsa()
3832 if (!sav->lft_h) in key_setdumpsa()
3834 m = key_setlifetime(sav->lft_h, in key_setdumpsa()
3841 if (!sav->lft_s) in key_setdumpsa()
3843 m = key_setlifetime(sav->lft_s, in key_setdumpsa()
3851 if (sav->natt == NULL) in key_setdumpsa()
3859 if (sav->natt == NULL) in key_setdumpsa()
3861 m = key_setsadbxport(sav->natt->dport, in key_setdumpsa()
3868 if (sav->natt == NULL) in key_setdumpsa()
3870 m = key_setsadbxport(sav->natt->sport, in key_setdumpsa()
3877 if (sav->natt == NULL || in key_setdumpsa()
3878 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) in key_setdumpsa()
3881 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); in key_setdumpsa()
3886 if (sav->natt == NULL || in key_setdumpsa()
3887 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) in key_setdumpsa()
3890 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); in key_setdumpsa()
3899 if (!ipsec_accel_is_accel_sav(sav)) in key_setdumpsa()
3901 SAV_ADDREF(sav); in key_setdumpsa()
3902 error = ipsec_accel_sa_lifetime_op(sav, &lft_c, in key_setdumpsa()
3911 key_freesav(&sav); in key_setdumpsa()
3912 if (sav == NULL) { in key_setdumpsa()
3918 if (!ipsec_accel_is_accel_sav(sav)) in key_setdumpsa()
3921 lft_c.bytes = sav->accel_hw_octets; in key_setdumpsa()
3922 lft_c.allocations = sav->accel_hw_allocs; in key_setdumpsa()
3928 if (!ipsec_accel_is_accel_sav(sav)) in key_setdumpsa()
3930 m = ipsec_accel_key_setaccelif(sav); in key_setdumpsa()
4014 key_setsadbsa(struct secasvar *sav) in key_setsadbsa() argument
4030 p->sadb_sa_spi = sav->spi; in key_setsadbsa()
4031 p->sadb_sa_replay = sav->replay ? in key_setsadbsa()
4032 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : in key_setsadbsa()
4033 sav->replay->wsize): 0; in key_setsadbsa()
4034 p->sadb_sa_state = sav->state; in key_setsadbsa()
4035 p->sadb_sa_auth = sav->alg_auth; in key_setsadbsa()
4036 p->sadb_sa_encrypt = sav->alg_enc; in key_setsadbsa()
4037 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; in key_setsadbsa()
4711 struct secasvar *sav, *nextsav; in key_flush_sad() local
4730 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { in key_flush_sad()
4731 if (now - sav->created < V_key_larval_lifetime) in key_flush_sad()
4733 SAV_ADDREF(sav); in key_flush_sad()
4734 LIST_INSERT_HEAD(&drainq, sav, drainq); in key_flush_sad()
4736 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { in key_flush_sad()
4738 if (sav->lft_h == NULL) in key_flush_sad()
4740 SECASVAR_RLOCK(sav); in key_flush_sad()
4745 if (sav->lft_h == NULL) { in key_flush_sad()
4746 SECASVAR_RUNLOCK(sav); in key_flush_sad()
4757 if ((sav->lft_h->addtime != 0 && in key_flush_sad()
4758 now - sav->created > sav->lft_h->addtime) || in key_flush_sad()
4759 (sav->lft_h->usetime != 0 && sav->firstused && in key_flush_sad()
4760 now - sav->firstused > sav->lft_h->usetime) || in key_flush_sad()
4761 (sav->lft_h->bytes != 0 && counter_u64_fetch( in key_flush_sad()
4762 sav->lft_c_bytes) > sav->lft_h->bytes)) { in key_flush_sad()
4763 SECASVAR_RUNLOCK(sav); in key_flush_sad()
4764 SAV_ADDREF(sav); in key_flush_sad()
4765 LIST_INSERT_HEAD(&hexpireq, sav, drainq); in key_flush_sad()
4769 if (sav->state == SADB_SASTATE_MATURE && ( in key_flush_sad()
4770 (sav->lft_s->addtime != 0 && in key_flush_sad()
4771 now - sav->created > sav->lft_s->addtime) || in key_flush_sad()
4772 (sav->lft_s->usetime != 0 && sav->firstused && in key_flush_sad()
4773 now - sav->firstused > sav->lft_s->usetime) || in key_flush_sad()
4774 (sav->lft_s->bytes != 0 && counter_u64_fetch( in key_flush_sad()
4775 sav->lft_c_bytes) > sav->lft_s->bytes) || in key_flush_sad()
4776 (!(sav->flags & SADB_X_SAFLAGS_ESN) && in key_flush_sad()
4777 (sav->replay != NULL) && ( in key_flush_sad()
4778 (sav->replay->count > UINT32_80PCT) || in key_flush_sad()
4779 (sav->replay->last > UINT32_80PCT))))) { in key_flush_sad()
4780 SECASVAR_RUNLOCK(sav); in key_flush_sad()
4781 SAV_ADDREF(sav); in key_flush_sad()
4782 LIST_INSERT_HEAD(&sexpireq, sav, drainq); in key_flush_sad()
4785 SECASVAR_RUNLOCK(sav); in key_flush_sad()
4797 sav = LIST_FIRST(&drainq); in key_flush_sad()
4798 while (sav != NULL) { in key_flush_sad()
4799 nextsav = LIST_NEXT(sav, drainq); in key_flush_sad()
4801 if (sav->state != SADB_SASTATE_LARVAL) { in key_flush_sad()
4802 LIST_REMOVE(sav, drainq); in key_flush_sad()
4803 LIST_INSERT_HEAD(&freeq, sav, drainq); in key_flush_sad()
4804 sav = nextsav; in key_flush_sad()
4807 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); in key_flush_sad()
4808 LIST_REMOVE(sav, spihash); in key_flush_sad()
4809 sav->state = SADB_SASTATE_DEAD; in key_flush_sad()
4810 ipsec_accel_forget_sav(sav); in key_flush_sad()
4811 sav = nextsav; in key_flush_sad()
4814 sav = LIST_FIRST(&hexpireq); in key_flush_sad()
4815 while (sav != NULL) { in key_flush_sad()
4816 nextsav = LIST_NEXT(sav, drainq); in key_flush_sad()
4818 if (sav->state == SADB_SASTATE_DEAD) { in key_flush_sad()
4819 LIST_REMOVE(sav, drainq); in key_flush_sad()
4820 LIST_INSERT_HEAD(&freeq, sav, drainq); in key_flush_sad()
4821 sav = nextsav; in key_flush_sad()
4824 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); in key_flush_sad()
4825 LIST_REMOVE(sav, spihash); in key_flush_sad()
4826 sav->state = SADB_SASTATE_DEAD; in key_flush_sad()
4827 ipsec_accel_forget_sav(sav); in key_flush_sad()
4828 sav = nextsav; in key_flush_sad()
4831 sav = LIST_FIRST(&sexpireq); in key_flush_sad()
4832 while (sav != NULL) { in key_flush_sad()
4833 nextsav = LIST_NEXT(sav, drainq); in key_flush_sad()
4835 if (sav->state == SADB_SASTATE_DEAD) { in key_flush_sad()
4836 LIST_REMOVE(sav, drainq); in key_flush_sad()
4837 LIST_INSERT_HEAD(&freeq, sav, drainq); in key_flush_sad()
4838 sav = nextsav; in key_flush_sad()
4844 sav->state = SADB_SASTATE_DYING; in key_flush_sad()
4845 sav = nextsav; in key_flush_sad()
4868 sav = LIST_FIRST(&hexpireq); in key_flush_sad()
4869 while (sav != NULL) { in key_flush_sad()
4870 nextsav = LIST_NEXT(sav, drainq); in key_flush_sad()
4871 key_expire(sav, 1); in key_flush_sad()
4872 key_freesah(&sav->sah); /* release reference from SAV */ in key_flush_sad()
4873 key_freesav(&sav); /* release extra reference */ in key_flush_sad()
4874 key_freesav(&sav); /* release last reference */ in key_flush_sad()
4875 sav = nextsav; in key_flush_sad()
4877 sav = LIST_FIRST(&sexpireq); in key_flush_sad()
4878 while (sav != NULL) { in key_flush_sad()
4879 nextsav = LIST_NEXT(sav, drainq); in key_flush_sad()
4880 key_expire(sav, 0); in key_flush_sad()
4881 key_freesav(&sav); /* release extra reference */ in key_flush_sad()
4882 sav = nextsav; in key_flush_sad()
4885 sav = LIST_FIRST(&drainq); in key_flush_sad()
4886 while (sav != NULL) { in key_flush_sad()
4887 nextsav = LIST_NEXT(sav, drainq); in key_flush_sad()
4888 key_freesah(&sav->sah); /* release reference from SAV */ in key_flush_sad()
4889 key_freesav(&sav); /* release extra reference */ in key_flush_sad()
4890 key_freesav(&sav); /* release last reference */ in key_flush_sad()
4891 sav = nextsav; in key_flush_sad()
4894 sav = LIST_FIRST(&freeq); in key_flush_sad()
4895 while (sav != NULL) { in key_flush_sad()
4896 nextsav = LIST_NEXT(sav, drainq); in key_flush_sad()
4897 key_freesav(&sav); /* release extra reference */ in key_flush_sad()
4898 sav = nextsav; in key_flush_sad()
5054 struct secasvar *sav; in key_getspi() local
5136 sav = key_newsav(mhp, &saidx, spi, &error); in key_getspi()
5138 if (sav == NULL) in key_getspi()
5141 if (sav->seq != 0) { in key_getspi()
5158 key_acqdone(&saidx, sav->seq); in key_getspi()
5161 printf("%s: SA(%p)\n", __func__, sav)); in key_getspi()
5162 KEYDBG(KEY_DATA, kdebug_secasv(sav)); in key_getspi()
5215 newmsg->sadb_msg_seq = sav->seq; in key_getspi()
5306 struct secasvar *sav; in key_getsav_tcpmd5() local
5319 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); in key_getsav_tcpmd5()
5321 sav = TAILQ_FIRST(&sah->savtree_alive); in key_getsav_tcpmd5()
5322 if (sav != NULL) { in key_getsav_tcpmd5()
5323 SAV_ADDREF(sav); in key_getsav_tcpmd5()
5325 return (sav); in key_getsav_tcpmd5()
5334 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { in key_getsav_tcpmd5()
5335 if (sav->spi == *spi) in key_getsav_tcpmd5()
5338 if (sav == NULL) { in key_getsav_tcpmd5()
5351 const struct sadb_msghdr *mhp, struct secasvar *sav, in key_updateaddresses() argument
5401 if (sav->sah->saidx.proto != IPPROTO_ESP || in key_updateaddresses()
5411 sah = sav->sah; in key_updateaddresses()
5425 bcopy(sav, newsav, offsetof(struct secasvar, chain)); in key_updateaddresses()
5435 if (sav->accel_ifname != NULL) { in key_updateaddresses()
5444 strncpy(__DECONST(char *, sav->accel_ifname), in key_updateaddresses()
5464 if (sav->state == SADB_SASTATE_DEAD) { in key_updateaddresses()
5472 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, in key_updateaddresses()
5474 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || in key_updateaddresses()
5475 sav->state == SADB_SASTATE_DYING, in key_updateaddresses()
5476 ("Wrong SA state %u\n", sav->state)); in key_updateaddresses()
5477 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); in key_updateaddresses()
5478 LIST_REMOVE(sav, spihash); in key_updateaddresses()
5479 sav->state = SADB_SASTATE_DEAD; in key_updateaddresses()
5480 ipsec_accel_forget_sav(sav); in key_updateaddresses()
5510 SECASVAR_WLOCK(sav); in key_updateaddresses()
5512 newsav->cntr = sav->cntr; in key_updateaddresses()
5513 sav->flags |= SADB_X_EXT_F_CLONED; in key_updateaddresses()
5514 SECASVAR_WUNLOCK(sav); in key_updateaddresses()
5520 __func__, sav, newsav)); in key_updateaddresses()
5523 key_freesav(&sav); /* release last reference */ in key_updateaddresses()
5568 struct secasvar *sav; in key_update() local
5641 sav = key_getsavbyspi(sa0->sadb_sa_spi); in key_update()
5642 if (sav == NULL) { in key_update()
5651 if (sav->pid != mhp->msg->sadb_msg_pid) { in key_update()
5654 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); in key_update()
5655 key_freesav(&sav); in key_update()
5659 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { in key_update()
5661 __func__, ntohl(sav->spi))); in key_update()
5662 key_freesav(&sav); in key_update()
5666 if (sav->state == SADB_SASTATE_LARVAL) { in key_update()
5674 key_freesav(&sav); in key_update()
5680 error = key_setsaval(sav, mhp); in key_update()
5682 key_freesav(&sav); in key_update()
5687 if (sav->state != SADB_SASTATE_LARVAL) { in key_update()
5690 key_freesav(&sav); in key_update()
5699 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); in key_update()
5700 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); in key_update()
5701 sav->state = SADB_SASTATE_MATURE; in key_update()
5711 key_freesav(&sav); in key_update()
5714 error = key_updatelifetimes(sav, mhp); in key_update()
5716 key_freesav(&sav); in key_update()
5730 sav->natt != NULL) { in key_update()
5731 error = key_updateaddresses(so, m, mhp, sav, &saidx); in key_update()
5732 key_freesav(&sav); in key_update()
5739 if (sav->state == SADB_SASTATE_DEAD) { in key_update()
5742 key_freesav(&sav); in key_update()
5750 sav->state = SADB_SASTATE_MATURE; in key_update()
5754 printf("%s: SA(%p)\n", __func__, sav)); in key_update()
5755 KEYDBG(KEY_DATA, kdebug_secasv(sav)); in key_update()
5756 ipsec_accel_sa_newkey(sav); in key_update()
5757 key_freesav(&sav); in key_update()
5795 struct secasvar *sav; in key_add() local
5882 sav = key_getsav_tcpmd5(&saidx, &spi); in key_add()
5883 if (sav == NULL && spi == 0) { in key_add()
5893 sav = key_getsavbyspi(spi); in key_add()
5895 if (sav != NULL) { in key_add()
5897 key_freesav(&sav); in key_add()
5902 sav = key_newsav(mhp, &saidx, spi, &error); in key_add()
5904 if (sav == NULL) in key_add()
5907 printf("%s: return SA(%p)\n", __func__, sav)); in key_add()
5908 KEYDBG(KEY_DATA, kdebug_secasv(sav)); in key_add()
5909 ipsec_accel_sa_newkey(sav); in key_add()
5914 if (sav->seq != 0) in key_add()
5915 key_acqdone(&saidx, sav->seq); in key_add()
5961 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) in key_setnatt() argument
5971 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); in key_setnatt()
5975 if (sav->sah->saidx.proto != IPPROTO_ESP) in key_setnatt()
6002 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, in key_setnatt()
6004 if (sav->natt == NULL) { in key_setnatt()
6015 sav->natt->sport = port->sadb_x_nat_t_port_port; in key_setnatt()
6022 sav->natt->dport = port->sadb_x_nat_t_port_port; in key_setnatt()
6053 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { in key_setnatt()
6068 sav->sah->saidx.src.sin.sin_addr.s_addr) { in key_setnatt()
6069 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); in key_setnatt()
6070 sav->natt->flags |= IPSEC_NATT_F_OAI; in key_setnatt()
6072 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; in key_setnatt()
6075 addr = sav->natt->oai.sin.sin_addr.s_addr; in key_setnatt()
6091 &sav->sah->saidx.src.sin6.sin6_addr.s6_addr, in key_setnatt()
6093 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); in key_setnatt()
6094 sav->natt->flags |= IPSEC_NATT_F_OAI; in key_setnatt()
6098 ~sav->sah->saidx.src.sin6.sin6_addr.s6_addr16[i]); in key_setnatt()
6100 sav->natt->oai.sin6.sin6_addr.s6_addr16[i]); in key_setnatt()
6125 sav->sah->saidx.dst.sin.sin_addr.s_addr) { in key_setnatt()
6126 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); in key_setnatt()
6127 sav->natt->flags |= IPSEC_NATT_F_OAR; in key_setnatt()
6129 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; in key_setnatt()
6132 addr = sav->natt->oar.sin.sin_addr.s_addr; in key_setnatt()
6148 &sav->sah->saidx.dst.sin6.sin6_addr.s6_addr, 16) != 0) { in key_setnatt()
6149 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); in key_setnatt()
6150 sav->natt->flags |= IPSEC_NATT_F_OAR; in key_setnatt()
6154 ~sav->sah->saidx.dst.sin6.sin6_addr.s6_addr16[i]); in key_setnatt()
6156 sav->natt->oar.sin6.sin6_addr.s6_addr16[i]); in key_setnatt()
6168 sav->natt->cksum = cksum; in key_setnatt()
6295 struct secasvar *sav; in key_delete() local
6347 sav = key_getsav_tcpmd5(&saidx, NULL); in key_delete()
6349 sav = key_getsavbyspi(sa0->sadb_sa_spi); in key_delete()
6351 if (sav == NULL) { in key_delete()
6356 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { in key_delete()
6358 __func__, ntohl(sav->spi))); in key_delete()
6359 key_freesav(&sav); in key_delete()
6363 printf("%s: SA(%p)\n", __func__, sav)); in key_delete()
6364 KEYDBG(KEY_DATA, kdebug_secasv(sav)); in key_delete()
6365 key_unlinksav(sav); in key_delete()
6366 key_freesav(&sav); in key_delete()
6401 struct secasvar *sav, *nextsav; in key_delete_all() local
6412 TAILQ_FOREACH(sav, &drainq, chain) { in key_delete_all()
6413 sav->state = SADB_SASTATE_DEAD; in key_delete_all()
6414 ipsec_accel_forget_sav(sav); in key_delete_all()
6415 LIST_REMOVE(sav, spihash); in key_delete_all()
6419 sav = TAILQ_FIRST(&drainq); in key_delete_all()
6420 while (sav != NULL) { in key_delete_all()
6422 printf("%s: SA(%p)\n", __func__, sav)); in key_delete_all()
6423 KEYDBG(KEY_DATA, kdebug_secasv(sav)); in key_delete_all()
6424 nextsav = TAILQ_NEXT(sav, chain); in key_delete_all()
6425 key_freesah(&sav->sah); /* release reference from SAV */ in key_delete_all()
6426 key_freesav(&sav); /* release last reference */ in key_delete_all()
6427 sav = nextsav; in key_delete_all()
6464 struct secasvar *sav, *nextsav; in key_delete_xform() local
6469 sav = TAILQ_FIRST(&sah->savtree_alive); in key_delete_xform()
6470 if (sav == NULL) in key_delete_xform()
6472 if (sav->tdb_xform != xsp) in key_delete_xform()
6481 TAILQ_FOREACH(sav, &drainq, chain) { in key_delete_xform()
6482 sav->state = SADB_SASTATE_DEAD; in key_delete_xform()
6483 ipsec_accel_forget_sav(sav); in key_delete_xform()
6484 LIST_REMOVE(sav, spihash); in key_delete_xform()
6489 sav = TAILQ_FIRST(&drainq); in key_delete_xform()
6490 while (sav != NULL) { in key_delete_xform()
6492 printf("%s: SA(%p)\n", __func__, sav)); in key_delete_xform()
6493 KEYDBG(KEY_DATA, kdebug_secasv(sav)); in key_delete_xform()
6494 nextsav = TAILQ_NEXT(sav, chain); in key_delete_xform()
6495 key_freesah(&sav->sah); /* release reference from SAV */ in key_delete_xform()
6496 key_freesav(&sav); /* release last reference */ in key_delete_xform()
6497 sav = nextsav; in key_delete_xform()
6519 struct secasvar *sav; in key_get() local
6563 sav = key_getsav_tcpmd5(&saidx, NULL); in key_get()
6565 sav = key_getsavbyspi(sa0->sadb_sa_spi); in key_get()
6567 if (sav == NULL) { in key_get()
6571 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { in key_get()
6574 key_freesav(&sav); in key_get()
6583 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { in key_get()
6586 key_freesav(&sav); in key_get()
6591 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, in key_get()
6594 key_freesav(&sav); in key_get()
7598 key_expire(struct secasvar *sav, int hard) in key_expire() argument
7608 IPSEC_ASSERT (sav != NULL, ("null sav")); in key_expire()
7609 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); in key_expire()
7613 sav, hard ? "hard": "soft")); in key_expire()
7614 KEYDBG(KEY_DATA, kdebug_secasv(sav)); in key_expire()
7616 satype = key_proto2satype(sav->sah->saidx.proto); in key_expire()
7618 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); in key_expire()
7626 m = key_setsadbsa(sav); in key_expire()
7634 SECASVAR_RLOCK(sav); in key_expire()
7635 replay_count = sav->replay ? sav->replay->count : 0; in key_expire()
7636 SECASVAR_RUNLOCK(sav); in key_expire()
7638 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, in key_expire()
7639 sav->sah->saidx.reqid); in key_expire()
7646 if (sav->replay && sav->replay->wsize > UINT8_MAX) { in key_expire()
7647 m = key_setsadbxsareplay(sav->replay->wsize); in key_expire()
7669 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); in key_expire()
7671 counter_u64_fetch(sav->lft_c_bytes); in key_expire()
7672 lt->sadb_lifetime_addtime = sav->created; in key_expire()
7673 lt->sadb_lifetime_usetime = sav->firstused; in key_expire()
7678 lt->sadb_lifetime_allocations = sav->lft_h->allocations; in key_expire()
7679 lt->sadb_lifetime_bytes = sav->lft_h->bytes; in key_expire()
7680 lt->sadb_lifetime_addtime = sav->lft_h->addtime; in key_expire()
7681 lt->sadb_lifetime_usetime = sav->lft_h->usetime; in key_expire()
7684 lt->sadb_lifetime_allocations = sav->lft_s->allocations; in key_expire()
7685 lt->sadb_lifetime_bytes = sav->lft_s->bytes; in key_expire()
7686 lt->sadb_lifetime_addtime = sav->lft_s->addtime; in key_expire()
7687 lt->sadb_lifetime_usetime = sav->lft_s->usetime; in key_expire()
7693 &sav->sah->saidx.src.sa, in key_expire()
7703 &sav->sah->saidx.dst.sa, in key_expire()
7749 struct secasvar *sav, *nextsav; in key_freesah_flushed() local
7753 sav = TAILQ_FIRST(&sah->savtree_larval); in key_freesah_flushed()
7754 while (sav != NULL) { in key_freesah_flushed()
7755 nextsav = TAILQ_NEXT(sav, chain); in key_freesah_flushed()
7756 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); in key_freesah_flushed()
7757 key_freesav(&sav); /* release last reference */ in key_freesah_flushed()
7759 sav = nextsav; in key_freesah_flushed()
7761 sav = TAILQ_FIRST(&sah->savtree_alive); in key_freesah_flushed()
7762 while (sav != NULL) { in key_freesah_flushed()
7763 nextsav = TAILQ_NEXT(sav, chain); in key_freesah_flushed()
7764 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); in key_freesah_flushed()
7765 key_freesav(&sav); /* release last reference */ in key_freesah_flushed()
7767 sav = nextsav; in key_freesah_flushed()
7793 struct secasvar *sav; in key_flush() local
7832 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { in key_flush()
7833 sav->state = SADB_SASTATE_DEAD; in key_flush()
7834 ipsec_accel_forget_sav(sav); in key_flush()
7836 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { in key_flush()
7837 sav->state = SADB_SASTATE_DEAD; in key_flush()
7838 ipsec_accel_forget_sav(sav); in key_flush()
7857 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { in key_flush()
7858 LIST_REMOVE(sav, spihash); in key_flush()
7859 sav->state = SADB_SASTATE_DEAD; in key_flush()
7860 ipsec_accel_forget_sav(sav); in key_flush()
7862 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { in key_flush()
7863 LIST_REMOVE(sav, spihash); in key_flush()
7864 sav->state = SADB_SASTATE_DEAD; in key_flush()
7865 ipsec_accel_forget_sav(sav); in key_flush()
7910 struct secasvar *sav; in key_dump() local
7936 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) in key_dump()
7938 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) in key_dump()
7962 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { in key_dump()
7963 n = key_setdumpsa(sav, SADB_DUMP, satype, in key_dump()
7972 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { in key_dump()
7973 n = key_setdumpsa(sav, SADB_DUMP, satype, in key_dump()
8681 struct secasvar *sav; in key_vnet_destroy() local
8716 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { in key_vnet_destroy()
8717 sav->state = SADB_SASTATE_DEAD; in key_vnet_destroy()
8718 ipsec_accel_forget_sav(sav); in key_vnet_destroy()
8720 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { in key_vnet_destroy()
8721 sav->state = SADB_SASTATE_DEAD; in key_vnet_destroy()
8722 ipsec_accel_forget_sav(sav); in key_vnet_destroy()
8801 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) in key_sa_recordxfer() argument
8803 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); in key_sa_recordxfer()
8810 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); in key_sa_recordxfer()
8817 counter_u64_add(sav->lft_c_allocations, 1); in key_sa_recordxfer()
8830 if (sav->firstused == 0) in key_sa_recordxfer()
8831 sav->firstused = time_second; in key_sa_recordxfer()
8999 ipsec_accel_drv_sa_lifetime_update(struct secasvar *sav, if_t ifp, in ipsec_accel_drv_sa_lifetime_update() argument
9002 void (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi, in ipsec_accel_drv_sa_lifetime_update()
9007 p(sav, ifp, drv_spi, octets, allocs); in ipsec_accel_drv_sa_lifetime_update()
9011 ipsec_accel_drv_sa_lifetime_fetch(struct secasvar *sav, in ipsec_accel_drv_sa_lifetime_fetch() argument
9014 int (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi, in ipsec_accel_drv_sa_lifetime_fetch()
9020 return (p(sav, ifp, drv_spi, octets, allocs)); in ipsec_accel_drv_sa_lifetime_fetch()