Lines Matching refs:ipsa
95 static void ipsa_set_replay(ipsa_t *ipsa, uint32_t offset);
186 sadb_insertassoc(ipsa_t *ipsa, isaf_t *bucket) in sadb_insertassoc() argument
194 unspecsrc = IPSA_IS_ADDR_UNSPEC(ipsa->ipsa_srcaddr, ipsa->ipsa_addrfam); in sadb_insertassoc()
197 ASSERT(walker == NULL || ipsa->ipsa_addrfam == walker->ipsa_addrfam); in sadb_insertassoc()
210 ipsa->ipsa_dstaddr, ipsa->ipsa_addrfam)) { in sadb_insertassoc()
211 if (walker->ipsa_spi == ipsa->ipsa_spi) in sadb_insertassoc()
215 if (ipsa->ipsa_state == IPSA_STATE_MATURE && in sadb_insertassoc()
217 SA_UNIQUE_MATCH(walker, ipsa)) { in sadb_insertassoc()
236 ipsa->ipsa_next = *ptpn; in sadb_insertassoc()
237 ipsa->ipsa_ptpn = ptpn; in sadb_insertassoc()
238 if (ipsa->ipsa_next != NULL) in sadb_insertassoc()
239 ipsa->ipsa_next->ipsa_ptpn = &ipsa->ipsa_next; in sadb_insertassoc()
240 *ptpn = ipsa; in sadb_insertassoc()
241 ipsa->ipsa_linklock = &bucket->isaf_lock; in sadb_insertassoc()
253 sadb_freeassoc(ipsa_t *ipsa) in sadb_freeassoc() argument
255 ipsec_stack_t *ipss = ipsa->ipsa_netstack->netstack_ipsec; in sadb_freeassoc()
259 ASSERT(MUTEX_NOT_HELD(&ipsa->ipsa_lock)); in sadb_freeassoc()
260 ASSERT(ipsa->ipsa_refcnt == 0); in sadb_freeassoc()
261 ASSERT(ipsa->ipsa_next == NULL); in sadb_freeassoc()
262 ASSERT(ipsa->ipsa_ptpn == NULL); in sadb_freeassoc()
265 asyncmp = sadb_clear_lpkt(ipsa); in sadb_freeassoc()
272 mutex_enter(&ipsa->ipsa_lock); in sadb_freeassoc()
274 if (ipsa->ipsa_tsl != NULL) { in sadb_freeassoc()
275 label_rele(ipsa->ipsa_tsl); in sadb_freeassoc()
276 ipsa->ipsa_tsl = NULL; in sadb_freeassoc()
279 if (ipsa->ipsa_otsl != NULL) { in sadb_freeassoc()
280 label_rele(ipsa->ipsa_otsl); in sadb_freeassoc()
281 ipsa->ipsa_otsl = NULL; in sadb_freeassoc()
284 ipsec_destroy_ctx_tmpl(ipsa, IPSEC_ALG_AUTH); in sadb_freeassoc()
285 ipsec_destroy_ctx_tmpl(ipsa, IPSEC_ALG_ENCR); in sadb_freeassoc()
286 mutex_exit(&ipsa->ipsa_lock); in sadb_freeassoc()
289 if (ipsa->ipsa_authkey != NULL) { in sadb_freeassoc()
290 bzero(ipsa->ipsa_authkey, ipsa->ipsa_authkeylen); in sadb_freeassoc()
291 kmem_free(ipsa->ipsa_authkey, ipsa->ipsa_authkeylen); in sadb_freeassoc()
293 if (ipsa->ipsa_encrkey != NULL) { in sadb_freeassoc()
294 bzero(ipsa->ipsa_encrkey, ipsa->ipsa_encrkeylen); in sadb_freeassoc()
295 kmem_free(ipsa->ipsa_encrkey, ipsa->ipsa_encrkeylen); in sadb_freeassoc()
297 if (ipsa->ipsa_nonce_buf != NULL) { in sadb_freeassoc()
298 bzero(ipsa->ipsa_nonce_buf, sizeof (ipsec_nonce_t)); in sadb_freeassoc()
299 kmem_free(ipsa->ipsa_nonce_buf, sizeof (ipsec_nonce_t)); in sadb_freeassoc()
301 if (ipsa->ipsa_src_cid != NULL) { in sadb_freeassoc()
302 IPSID_REFRELE(ipsa->ipsa_src_cid); in sadb_freeassoc()
304 if (ipsa->ipsa_dst_cid != NULL) { in sadb_freeassoc()
305 IPSID_REFRELE(ipsa->ipsa_dst_cid); in sadb_freeassoc()
307 if (ipsa->ipsa_emech.cm_param != NULL) in sadb_freeassoc()
308 kmem_free(ipsa->ipsa_emech.cm_param, in sadb_freeassoc()
309 ipsa->ipsa_emech.cm_param_len); in sadb_freeassoc()
311 mutex_destroy(&ipsa->ipsa_lock); in sadb_freeassoc()
312 kmem_free(ipsa, sizeof (*ipsa)); in sadb_freeassoc()
326 sadb_unlinkassoc(ipsa_t *ipsa) in sadb_unlinkassoc() argument
328 ASSERT(ipsa->ipsa_linklock != NULL); in sadb_unlinkassoc()
329 ASSERT(MUTEX_HELD(ipsa->ipsa_linklock)); in sadb_unlinkassoc()
332 if (ipsa->ipsa_ptpn == NULL) in sadb_unlinkassoc()
336 *(ipsa->ipsa_ptpn) = ipsa->ipsa_next; in sadb_unlinkassoc()
337 if (ipsa->ipsa_next != NULL) { in sadb_unlinkassoc()
338 ipsa->ipsa_next->ipsa_ptpn = ipsa->ipsa_ptpn; in sadb_unlinkassoc()
339 ipsa->ipsa_next = NULL; in sadb_unlinkassoc()
341 ipsa->ipsa_ptpn = NULL; in sadb_unlinkassoc()
344 IPSA_REFRELE(ipsa); in sadb_unlinkassoc()
542 sadb_dump_deliver(queue_t *pfkey_q, mblk_t *original_answer, ipsa_t *ipsa, in sadb_dump_deliver() argument
550 answer->b_cont = sadb_sa2msg(ipsa, samsg); in sadb_dump_deliver()
887 sadb_cloneassoc(ipsa_t *ipsa) in sadb_cloneassoc() argument
892 ASSERT(MUTEX_NOT_HELD(&(ipsa->ipsa_lock))); in sadb_cloneassoc()
899 *newbie = *ipsa; in sadb_cloneassoc()
918 if (ipsa->ipsa_authkey != NULL) { in sadb_cloneassoc()
924 bcopy(ipsa->ipsa_authkey, newbie->ipsa_authkey, in sadb_cloneassoc()
937 if (ipsa->ipsa_encrkey != NULL) { in sadb_cloneassoc()
943 bcopy(ipsa->ipsa_encrkey, newbie->ipsa_encrkey, in sadb_cloneassoc()
955 if (ipsa->ipsa_src_cid != NULL) { in sadb_cloneassoc()
956 newbie->ipsa_src_cid = ipsa->ipsa_src_cid; in sadb_cloneassoc()
957 IPSID_REFHOLD(ipsa->ipsa_src_cid); in sadb_cloneassoc()
960 if (ipsa->ipsa_dst_cid != NULL) { in sadb_cloneassoc()
961 newbie->ipsa_dst_cid = ipsa->ipsa_dst_cid; in sadb_cloneassoc()
962 IPSID_REFHOLD(ipsa->ipsa_dst_cid); in sadb_cloneassoc()
1068 sadb_sa2msg(ipsa_t *ipsa, sadb_msg_t *samsg) in sadb_sa2msg() argument
1118 fam = ipsa->ipsa_addrfam; in sadb_sa2msg()
1136 if (ipsa->ipsa_flags & IPSA_F_NATT_REM) in sadb_sa2msg()
1138 if (ipsa->ipsa_flags & IPSA_F_NATT_LOC) in sadb_sa2msg()
1141 if (ipsa->ipsa_flags & IPSA_F_PAIRED) { in sadb_sa2msg()
1144 otherspi = ipsa->ipsa_otherspi; in sadb_sa2msg()
1150 if (ipsa->ipsa_softaddlt != 0 || ipsa->ipsa_softuselt != 0 || in sadb_sa2msg()
1151 ipsa->ipsa_softbyteslt != 0 || ipsa->ipsa_softalloc != 0) { in sadb_sa2msg()
1156 if (ipsa->ipsa_hardaddlt != 0 || ipsa->ipsa_harduselt != 0 || in sadb_sa2msg()
1157 ipsa->ipsa_hardbyteslt != 0 || ipsa->ipsa_hardalloc != 0) { in sadb_sa2msg()
1162 if (ipsa->ipsa_idleaddlt != 0 || ipsa->ipsa_idleuselt != 0) { in sadb_sa2msg()
1170 if (ipsa->ipsa_innerfam != 0) { in sadb_sa2msg()
1171 pfam = ipsa->ipsa_innerfam; in sadb_sa2msg()
1192 if (ipsa->ipsa_authkeylen != 0) { in sadb_sa2msg()
1193 authsize = roundup(sizeof (sadb_key_t) + ipsa->ipsa_authkeylen, in sadb_sa2msg()
1199 if (ipsa->ipsa_encrkeylen != 0) { in sadb_sa2msg()
1200 encrsize = roundup(sizeof (sadb_key_t) + ipsa->ipsa_encrkeylen + in sadb_sa2msg()
1201 ipsa->ipsa_nonce_len, sizeof (uint64_t)); in sadb_sa2msg()
1208 if (ipsa->ipsa_tsl != NULL) { in sadb_sa2msg()
1209 senslen = sadb_sens_len_from_label(ipsa->ipsa_tsl); in sadb_sa2msg()
1214 if (ipsa->ipsa_otsl != NULL) { in sadb_sa2msg()
1215 osenslen = sadb_sens_len_from_label(ipsa->ipsa_otsl); in sadb_sa2msg()
1224 if (ipsa->ipsa_src_cid != NULL) { in sadb_sa2msg()
1226 strlen(ipsa->ipsa_src_cid->ipsid_cid) + 1, in sadb_sa2msg()
1232 if (ipsa->ipsa_dst_cid != NULL) { in sadb_sa2msg()
1234 strlen(ipsa->ipsa_dst_cid->ipsid_cid) + 1, in sadb_sa2msg()
1240 if ((ipsa->ipsa_kmp != 0) || (ipsa->ipsa_kmc != 0)) in sadb_sa2msg()
1243 if (ipsa->ipsa_replay != 0) { in sadb_sa2msg()
1262 mutex_enter(&ipsa->ipsa_lock); /* Since I'm grabbing SA fields... */ in sadb_sa2msg()
1264 newsamsg->sadb_msg_satype = ipsa->ipsa_type; in sadb_sa2msg()
1269 assoc->sadb_sa_spi = ipsa->ipsa_spi; in sadb_sa2msg()
1270 assoc->sadb_sa_replay = ipsa->ipsa_replay_wsize; in sadb_sa2msg()
1271 assoc->sadb_sa_state = ipsa->ipsa_state; in sadb_sa2msg()
1272 assoc->sadb_sa_auth = ipsa->ipsa_auth_alg; in sadb_sa2msg()
1273 assoc->sadb_sa_encrypt = ipsa->ipsa_encr_alg; in sadb_sa2msg()
1274 assoc->sadb_sa_flags = ipsa->ipsa_flags; in sadb_sa2msg()
1281 lt->sadb_lifetime_bytes = ipsa->ipsa_bytes; in sadb_sa2msg()
1282 lt->sadb_lifetime_addtime = ipsa->ipsa_addtime; in sadb_sa2msg()
1283 lt->sadb_lifetime_usetime = ipsa->ipsa_usetime; in sadb_sa2msg()
1289 lt->sadb_lifetime_allocations = ipsa->ipsa_hardalloc; in sadb_sa2msg()
1290 lt->sadb_lifetime_bytes = ipsa->ipsa_hardbyteslt; in sadb_sa2msg()
1291 lt->sadb_lifetime_addtime = ipsa->ipsa_hardaddlt; in sadb_sa2msg()
1292 lt->sadb_lifetime_usetime = ipsa->ipsa_harduselt; in sadb_sa2msg()
1299 lt->sadb_lifetime_allocations = ipsa->ipsa_softalloc; in sadb_sa2msg()
1300 lt->sadb_lifetime_bytes = ipsa->ipsa_softbyteslt; in sadb_sa2msg()
1301 lt->sadb_lifetime_addtime = ipsa->ipsa_softaddlt; in sadb_sa2msg()
1302 lt->sadb_lifetime_usetime = ipsa->ipsa_softuselt; in sadb_sa2msg()
1309 lt->sadb_lifetime_addtime = ipsa->ipsa_idleaddlt; in sadb_sa2msg()
1310 lt->sadb_lifetime_usetime = ipsa->ipsa_idleuselt; in sadb_sa2msg()
1317 ipsa->ipsa_srcaddr, (!isrc && !idst) ? SA_SRCPORT(ipsa) : 0, in sadb_sa2msg()
1318 SA_PROTO(ipsa), 0); in sadb_sa2msg()
1326 ipsa->ipsa_dstaddr, (!isrc && !idst) ? SA_DSTPORT(ipsa) : 0, in sadb_sa2msg()
1327 SA_PROTO(ipsa), 0); in sadb_sa2msg()
1334 if (ipsa->ipsa_flags & IPSA_F_NATT_LOC) { in sadb_sa2msg()
1336 fam, &ipsa->ipsa_natt_addr_loc, ipsa->ipsa_local_nat_port, in sadb_sa2msg()
1345 if (ipsa->ipsa_flags & IPSA_F_NATT_REM) { in sadb_sa2msg()
1347 fam, &ipsa->ipsa_natt_addr_rem, ipsa->ipsa_remote_nat_port, in sadb_sa2msg()
1359 pfam, ipsa->ipsa_innersrc, SA_SRCPORT(ipsa), in sadb_sa2msg()
1360 SA_IPROTO(ipsa), ipsa->ipsa_innersrcpfx); in sadb_sa2msg()
1370 pfam, ipsa->ipsa_innerdst, SA_DSTPORT(ipsa), in sadb_sa2msg()
1371 SA_IPROTO(ipsa), ipsa->ipsa_innerdstpfx); in sadb_sa2msg()
1379 if ((ipsa->ipsa_kmp != 0) || (ipsa->ipsa_kmc != 0)) { in sadb_sa2msg()
1381 ipsa->ipsa_kmp, ipsa->ipsa_kmc); in sadb_sa2msg()
1394 key->sadb_key_bits = ipsa->ipsa_authkeybits; in sadb_sa2msg()
1396 bcopy(ipsa->ipsa_authkey, key + 1, ipsa->ipsa_authkeylen); in sadb_sa2msg()
1406 key->sadb_key_bits = ipsa->ipsa_encrkeybits; in sadb_sa2msg()
1407 key->sadb_key_reserved = ipsa->ipsa_saltbits; in sadb_sa2msg()
1409 bcopy(ipsa->ipsa_encrkey, buf_ptr, ipsa->ipsa_encrkeylen); in sadb_sa2msg()
1410 if (ipsa->ipsa_salt != NULL) { in sadb_sa2msg()
1411 buf_ptr += ipsa->ipsa_encrkeylen; in sadb_sa2msg()
1412 bcopy(ipsa->ipsa_salt, buf_ptr, ipsa->ipsa_saltlen); in sadb_sa2msg()
1422 ident->sadb_ident_type = ipsa->ipsa_src_cid->ipsid_type; in sadb_sa2msg()
1426 ipsa->ipsa_src_cid->ipsid_cid); in sadb_sa2msg()
1435 ident->sadb_ident_type = ipsa->ipsa_dst_cid->ipsid_type; in sadb_sa2msg()
1439 ipsa->ipsa_dst_cid->ipsid_cid); in sadb_sa2msg()
1447 ipsa->ipsa_tsl, senslen); in sadb_sa2msg()
1457 ipsa->ipsa_otsl, osenslen); in sadb_sa2msg()
1458 if (ipsa->ipsa_mac_exempt) in sadb_sa2msg()
1476 if (ipsa->ipsa_replay != 0) { in sadb_sa2msg()
1480 repl_ctr->sadb_x_rc_replay32 = ipsa->ipsa_replay; in sadb_sa2msg()
1487 mutex_exit(&ipsa->ipsa_lock); in sadb_sa2msg()
1627 keysock_in_t *ksi, ipsa_t *ipsa) in sadb_pfkey_echo() argument
1672 mp1 = sadb_sa2msg(ipsa, samsg); in sadb_pfkey_echo()
1683 if (ipsa == NULL) in sadb_pfkey_echo()
1689 mp1 = sadb_sa2msg(ipsa, samsg); in sadb_pfkey_echo()
4197 newbie->ipsa = assoc;
4230 newbie->ipsa = assoc;
6309 ipsa_is_replay_set(ipsa_t *ipsa, uint32_t offset) argument
6313 return ((bit & ipsa->ipsa_replay_arr[offset >> 6]) ? B_TRUE : B_FALSE);
6320 ipsa_shift_replay(ipsa_t *ipsa, uint32_t shift) argument
6328 for (i = (ipsa->ipsa_replay_wsize - 1) >> 6; i >= 0; i--) {
6329 if (i + jump <= (ipsa->ipsa_replay_wsize - 1) >> 6) {
6330 ipsa->ipsa_replay_arr[i + jump] |=
6331 ipsa->ipsa_replay_arr[i] >> (64 - (shift & 63));
6333 ipsa->ipsa_replay_arr[i] <<= shift;
6341 ipsa_set_replay(ipsa_t *ipsa, uint32_t offset) argument
6345 ipsa->ipsa_replay_arr[offset >> 6] |= bit;
6355 sadb_replay_check(ipsa_t *ipsa, uint32_t seq) argument
6360 if (ipsa->ipsa_replay_wsize == 0)
6370 mutex_enter(&ipsa->ipsa_lock);
6373 if (ipsa->ipsa_replay == 0)
6374 ipsa->ipsa_replay = 1;
6376 if (seq > ipsa->ipsa_replay) {
6381 diff = seq - ipsa->ipsa_replay;
6382 if (diff < ipsa->ipsa_replay_wsize) {
6384 ipsa_shift_replay(ipsa, diff);
6387 bzero(ipsa->ipsa_replay_arr,
6388 sizeof (ipsa->ipsa_replay_arr));
6390 ipsa_set_replay(ipsa, 0);
6391 ipsa->ipsa_replay = seq;
6395 diff = ipsa->ipsa_replay - seq;
6396 if (diff >= ipsa->ipsa_replay_wsize || ipsa_is_replay_set(ipsa, diff)) {
6401 ipsa_set_replay(ipsa, diff);
6405 mutex_exit(&ipsa->ipsa_lock);
6418 sadb_replay_peek(ipsa_t *ipsa, uint32_t seq) argument
6423 if (ipsa->ipsa_replay_wsize == 0)
6437 mutex_enter(&ipsa->ipsa_lock);
6438 if (seq < ipsa->ipsa_replay - ipsa->ipsa_replay_wsize &&
6439 ipsa->ipsa_replay >= ipsa->ipsa_replay_wsize)
6447 if (ipsa->ipsa_replay == SADB_MAX_REPLAY_VALUE) {
6452 ipsa->ipsa_hardexpiretime = (time_t)1;
6456 if (seq <= ipsa->ipsa_replay) {
6461 diff = ipsa->ipsa_replay - seq;
6462 if (ipsa_is_replay_set(ipsa, diff))
6469 mutex_exit(&ipsa->ipsa_lock);
7178 sadb_set_lpkt(ipsa_t *ipsa, mblk_t *npkt, ip_recv_attr_t *ira) argument
7182 mutex_enter(&ipsa->ipsa_lock);
7183 opkt = ipsa->ipsa_lpkt;
7184 if (ipsa->ipsa_state == IPSA_STATE_LARVAL) {
7202 ipsa->ipsa_lpkt = attrmp;
7216 ipsa->ipsa_lpkt = NULL;
7218 mutex_exit(&ipsa->ipsa_lock);
7237 sadb_clear_lpkt(ipsa_t *ipsa) argument
7241 mutex_enter(&ipsa->ipsa_lock);
7242 opkt = ipsa->ipsa_lpkt;
7243 ipsa->ipsa_lpkt = NULL;
7244 mutex_exit(&ipsa->ipsa_lock);
7252 sadb_buf_pkt(ipsa_t *ipsa, mblk_t *bpkt, ip_recv_attr_t *ira) argument
7256 in6_addr_t *srcaddr = (in6_addr_t *)(&ipsa->ipsa_srcaddr);
7257 in6_addr_t *dstaddr = (in6_addr_t *)(&ipsa->ipsa_dstaddr);
7260 ASSERT(ipsa->ipsa_state == IPSA_STATE_IDLE);
7270 (ipsa->ipsa_type == SADB_SATYPE_AH) ? IPPROTO_AH : IPPROTO_ESP,
7271 ipsa->ipsa_spi, ipsa->ipsa_addrfam, *srcaddr, *dstaddr, NULL);
7282 mutex_enter(&ipsa->ipsa_lock);
7283 ipsa->ipsa_mblkcnt++;
7284 if (ipsa->ipsa_bpkt_head == NULL) {
7285 ipsa->ipsa_bpkt_head = ipsa->ipsa_bpkt_tail = bpkt;
7287 ipsa->ipsa_bpkt_tail->b_next = bpkt;
7288 ipsa->ipsa_bpkt_tail = bpkt;
7289 if (ipsa->ipsa_mblkcnt > SADB_MAX_IDLEPKTS) {
7292 tmp = ipsa->ipsa_bpkt_head;
7293 ipsa->ipsa_bpkt_head = ipsa->ipsa_bpkt_head->b_next;
7298 ipsa->ipsa_mblkcnt --;
7301 mutex_exit(&ipsa->ipsa_lock);
7885 dying = haspeerlist->ipsa;