Lines Matching refs:sa
119 tcpsig_sa_t *sa; in tcpsig_fini() local
122 while ((sa = list_remove_head(&db->td_salist)) != NULL) in tcpsig_fini()
123 tcpsig_sa_free(sa); in tcpsig_fini()
151 const tcpsig_sa_t *sa) in tcpsig_make_sa_ext() argument
163 assoc->sadb_sa_auth = sa->ts_key.sak_algid; in tcpsig_make_sa_ext()
165 assoc->sadb_sa_state = sa->ts_state; in tcpsig_make_sa_ext()
171 tcpsig_addr_extsize(const tcpsig_sa_t *sa) in tcpsig_addr_extsize() argument
175 switch (sa->ts_family) { in tcpsig_addr_extsize()
242 #define SET_EXPIRE(sa, delta, exp) do { \ argument
243 if (((sa)->ts_ ## delta) != 0) { \
244 (sa)->ts_ ## exp = tcpsig_add_time((sa)->ts_addtime, \
245 (sa)->ts_ ## delta); \
249 #define UPDATE_EXPIRE(sa, delta, exp) do { \ argument
250 if (((sa)->ts_ ## delta) != 0) { \
251 time_t tmp = tcpsig_add_time((sa)->ts_usetime, \
252 (sa)->ts_ ## delta); \
253 if (((sa)->ts_ ## exp) == 0) \
254 (sa)->ts_ ## exp = tmp; \
256 (sa)->ts_ ## exp = MIN((sa)->ts_ ## exp, tmp); \
260 #define EXPIRED(sa, exp, now) \ argument
261 ((sa)->ts_ ## exp != 0 && sa->ts_ ## exp < (now))
316 tcpsig_update_lifetimes(tcpsig_sa_t *sa, sadb_lifetime_t *hard, in tcpsig_update_lifetimes() argument
321 mutex_enter(&sa->ts_lock); in tcpsig_update_lifetimes()
325 sa->ts_harduselt = hard->sadb_lifetime_usetime; in tcpsig_update_lifetimes()
327 sa->ts_hardaddlt = hard->sadb_lifetime_addtime; in tcpsig_update_lifetimes()
328 if (sa->ts_hardaddlt != 0) in tcpsig_update_lifetimes()
329 SET_EXPIRE(sa, hardaddlt, hardexpiretime); in tcpsig_update_lifetimes()
330 if (sa->ts_harduselt != 0 && sa->ts_usetime != 0) in tcpsig_update_lifetimes()
331 UPDATE_EXPIRE(sa, harduselt, hardexpiretime); in tcpsig_update_lifetimes()
332 if (sa->ts_state == SADB_SASTATE_DEAD && in tcpsig_update_lifetimes()
333 !EXPIRED(sa, hardexpiretime, now)) { in tcpsig_update_lifetimes()
334 sa->ts_state = SADB_SASTATE_MATURE; in tcpsig_update_lifetimes()
340 sa->ts_softuselt = MIN(sa->ts_harduselt, in tcpsig_update_lifetimes()
344 sa->ts_softaddlt = MIN(sa->ts_hardaddlt, in tcpsig_update_lifetimes()
347 if (sa->ts_softaddlt != 0) in tcpsig_update_lifetimes()
348 SET_EXPIRE(sa, softaddlt, softexpiretime); in tcpsig_update_lifetimes()
349 if (sa->ts_softuselt != 0 && sa->ts_usetime != 0) in tcpsig_update_lifetimes()
350 UPDATE_EXPIRE(sa, softuselt, softexpiretime); in tcpsig_update_lifetimes()
351 if (sa->ts_state == SADB_SASTATE_DYING && in tcpsig_update_lifetimes()
352 !EXPIRED(sa, softexpiretime, now)) { in tcpsig_update_lifetimes()
353 sa->ts_state = SADB_SASTATE_MATURE; in tcpsig_update_lifetimes()
357 mutex_exit(&sa->ts_lock); in tcpsig_update_lifetimes()
361 tcpsig_sa_touch(tcpsig_sa_t *sa) in tcpsig_sa_touch() argument
365 mutex_enter(&sa->ts_lock); in tcpsig_sa_touch()
366 sa->ts_lastuse = now; in tcpsig_sa_touch()
368 if (sa->ts_usetime == 0) { in tcpsig_sa_touch()
369 sa->ts_usetime = now; in tcpsig_sa_touch()
371 UPDATE_EXPIRE(sa, softuselt, softexpiretime); in tcpsig_sa_touch()
372 UPDATE_EXPIRE(sa, harduselt, hardexpiretime); in tcpsig_sa_touch()
374 mutex_exit(&sa->ts_lock); in tcpsig_sa_touch()
378 tcpsig_sa_expiremsg(keysock_t *ks, const tcpsig_sa_t *sa, int ltt) in tcpsig_sa_expiremsg() argument
388 2 * sizeof (sadb_lifetime_t) + 2 * tcpsig_addr_extsize(sa); in tcpsig_sa_expiremsg()
409 cur = tcpsig_make_sa_ext(cur, end, sa); in tcpsig_sa_expiremsg()
411 sa->ts_family, &sa->ts_src); in tcpsig_sa_expiremsg()
413 sa->ts_family, &sa->ts_dst); in tcpsig_sa_expiremsg()
425 lt->sadb_lifetime_addtime = sa->ts_addtime; in tcpsig_sa_expiremsg()
426 lt->sadb_lifetime_usetime = sa->ts_usetime; in tcpsig_sa_expiremsg()
433 lt->sadb_lifetime_addtime = sa->ts_hardaddlt; in tcpsig_sa_expiremsg()
434 lt->sadb_lifetime_usetime = sa->ts_harduselt; in tcpsig_sa_expiremsg()
450 tcpsig_sa_t *sa = nextsa; in tcpsig_sa_age() local
452 nextsa = list_next(&db->td_salist, sa); in tcpsig_sa_age()
454 mutex_enter(&sa->ts_lock); in tcpsig_sa_age()
456 if (sa->ts_tombstoned) { in tcpsig_sa_age()
457 mutex_exit(&sa->ts_lock); in tcpsig_sa_age()
461 if (EXPIRED(sa, hardexpiretime, now)) { in tcpsig_sa_age()
462 sa->ts_state = IPSA_STATE_DEAD; in tcpsig_sa_age()
463 tcpsig_sa_expiremsg(ks, sa, SADB_EXT_LIFETIME_HARD); in tcpsig_sa_age()
464 if (sa->ts_refcnt > 0) { in tcpsig_sa_age()
465 sa->ts_tombstoned = true; in tcpsig_sa_age()
466 mutex_exit(&sa->ts_lock); in tcpsig_sa_age()
468 list_remove(&db->td_salist, sa); in tcpsig_sa_age()
469 mutex_exit(&sa->ts_lock); in tcpsig_sa_age()
470 tcpsig_sa_free(sa); in tcpsig_sa_age()
475 if (EXPIRED(sa, softexpiretime, now) && in tcpsig_sa_age()
476 sa->ts_state == IPSA_STATE_MATURE) { in tcpsig_sa_age()
477 sa->ts_state = IPSA_STATE_DYING; in tcpsig_sa_age()
478 tcpsig_sa_expiremsg(ks, sa, SADB_EXT_LIFETIME_SOFT); in tcpsig_sa_age()
481 mutex_exit(&sa->ts_lock); in tcpsig_sa_age()
488 tcpsig_sa_free(tcpsig_sa_t *sa) in tcpsig_sa_free() argument
490 ASSERT0(sa->ts_refcnt); in tcpsig_sa_free()
491 mutex_destroy(&sa->ts_lock); in tcpsig_sa_free()
492 kmem_free(sa->ts_key.sak_key, sa->ts_key.sak_keylen); in tcpsig_sa_free()
493 kmem_free(sa, sizeof (*sa)); in tcpsig_sa_free()
497 tcpsig_sa_rele(tcpsig_sa_t *sa) in tcpsig_sa_rele() argument
499 mutex_enter(&sa->ts_lock); in tcpsig_sa_rele()
500 VERIFY3U(sa->ts_refcnt, >, 0); in tcpsig_sa_rele()
501 sa->ts_refcnt--; in tcpsig_sa_rele()
507 if (sa->ts_tombstoned && sa->ts_refcnt == 0) { in tcpsig_sa_rele()
508 tcpsig_db_t *db = tcpsig_db(sa->ts_stack); in tcpsig_sa_rele()
516 sa->ts_refcnt++; in tcpsig_sa_rele()
517 mutex_exit(&sa->ts_lock); in tcpsig_sa_rele()
519 mutex_enter(&sa->ts_lock); in tcpsig_sa_rele()
520 sa->ts_refcnt--; in tcpsig_sa_rele()
521 mutex_exit(&sa->ts_lock); in tcpsig_sa_rele()
523 list_remove(&db->td_salist, sa); in tcpsig_sa_rele()
526 tcpsig_sa_free(sa); in tcpsig_sa_rele()
528 mutex_exit(&sa->ts_lock); in tcpsig_sa_rele()
533 tcpsig_sa_match4(tcpsig_sa_t *sa, struct sockaddr_storage *src_s, in tcpsig_sa_match4() argument
544 if (sa->ts_family == AF_INET6) { in tcpsig_sa_match4()
545 sin6_t *sasrc6 = (sin6_t *)&sa->ts_src; in tcpsig_sa_match4()
546 sin6_t *sadst6 = (sin6_t *)&sa->ts_dst; in tcpsig_sa_match4()
565 sasrc = (sin_t *)&sa->ts_src; in tcpsig_sa_match4()
566 sadst = (sin_t *)&sa->ts_dst; in tcpsig_sa_match4()
583 tcpsig_sa_match6(tcpsig_sa_t *sa, struct sockaddr_storage *src_s, in tcpsig_sa_match6() argument
588 if (src_s->ss_family != AF_INET6 || sa->ts_src.ss_family != AF_INET6) in tcpsig_sa_match6()
594 sasrc = (sin6_t *)&sa->ts_src; in tcpsig_sa_match6()
595 sadst = (sin6_t *)&sa->ts_dst; in tcpsig_sa_match6()
615 tcpsig_sa_t *sa = NULL; in tcpsig_sa_find_held() local
623 for (sa = list_head(&db->td_salist); sa != NULL; in tcpsig_sa_find_held()
624 sa = list_next(&db->td_salist, sa)) { in tcpsig_sa_find_held()
625 mutex_enter(&sa->ts_lock); in tcpsig_sa_find_held()
630 if (sa->ts_tombstoned || EXPIRED(sa, hardexpiretime, now)) { in tcpsig_sa_find_held()
631 mutex_exit(&sa->ts_lock); in tcpsig_sa_find_held()
634 if (tcpsig_sa_match4(sa, src, dst) || in tcpsig_sa_find_held()
635 tcpsig_sa_match6(sa, src, dst)) { in tcpsig_sa_find_held()
636 sa->ts_refcnt++; in tcpsig_sa_find_held()
637 mutex_exit(&sa->ts_lock); in tcpsig_sa_find_held()
640 mutex_exit(&sa->ts_lock); in tcpsig_sa_find_held()
643 return (sa); in tcpsig_sa_find_held()
651 tcpsig_sa_t *sa; in tcpsig_sa_find() local
654 sa = tcpsig_sa_find_held(src, dst, tcps); in tcpsig_sa_find()
657 return (sa); in tcpsig_sa_find()
669 tcpsig_sa_t *sa = nextsa; in tcpsig_sa_flush() local
671 nextsa = list_next(&db->td_salist, sa); in tcpsig_sa_flush()
673 mutex_enter(&sa->ts_lock); in tcpsig_sa_flush()
674 if (sa->ts_refcnt > 0) { in tcpsig_sa_flush()
675 sa->ts_tombstoned = true; in tcpsig_sa_flush()
676 mutex_exit(&sa->ts_lock); in tcpsig_sa_flush()
680 list_remove(&db->td_salist, sa); in tcpsig_sa_flush()
682 mutex_exit(&sa->ts_lock); in tcpsig_sa_flush()
683 tcpsig_sa_free(sa); in tcpsig_sa_flush()
701 tcpsig_sa_t *sa, *dupsa; in tcpsig_sa_add() local
763 sa = kmem_zalloc(sizeof (*sa), KM_NOSLEEP_LAZY); in tcpsig_sa_add()
764 if (sa == NULL) in tcpsig_sa_add()
767 sa->ts_stack = tcps; in tcpsig_sa_add()
768 sa->ts_family = src->ss_family; in tcpsig_sa_add()
769 if (sa->ts_family == AF_INET6) { in tcpsig_sa_add()
770 bcopy(src, (sin6_t *)&sa->ts_src, sizeof (sin6_t)); in tcpsig_sa_add()
771 bcopy(dst, (sin6_t *)&sa->ts_dst, sizeof (sin6_t)); in tcpsig_sa_add()
773 bcopy(src, (sin_t *)&sa->ts_src, sizeof (sin_t)); in tcpsig_sa_add()
774 bcopy(dst, (sin_t *)&sa->ts_dst, sizeof (sin_t)); in tcpsig_sa_add()
777 sa->ts_key.sak_algid = assoc->sadb_sa_auth; in tcpsig_sa_add()
778 sa->ts_key.sak_keylen = SADB_1TO8(key->sadb_key_bits); in tcpsig_sa_add()
779 sa->ts_key.sak_keybits = key->sadb_key_bits; in tcpsig_sa_add()
781 sa->ts_key.sak_key = kmem_alloc(sa->ts_key.sak_keylen, in tcpsig_sa_add()
783 if (sa->ts_key.sak_key == NULL) { in tcpsig_sa_add()
784 kmem_free(sa, sizeof (*sa)); in tcpsig_sa_add()
787 bcopy(key + 1, sa->ts_key.sak_key, sa->ts_key.sak_keylen); in tcpsig_sa_add()
788 bzero(key + 1, sa->ts_key.sak_keylen); in tcpsig_sa_add()
790 mutex_init(&sa->ts_lock, NULL, MUTEX_DEFAULT, NULL); in tcpsig_sa_add()
792 sa->ts_state = SADB_SASTATE_MATURE; in tcpsig_sa_add()
793 sa->ts_addtime = gethrestime_sec(); in tcpsig_sa_add()
794 sa->ts_usetime = 0; in tcpsig_sa_add()
796 sa->ts_softaddlt = soft->sadb_lifetime_addtime; in tcpsig_sa_add()
797 sa->ts_softuselt = soft->sadb_lifetime_usetime; in tcpsig_sa_add()
798 SET_EXPIRE(sa, softaddlt, softexpiretime); in tcpsig_sa_add()
802 sa->ts_hardaddlt = hard->sadb_lifetime_addtime; in tcpsig_sa_add()
803 sa->ts_harduselt = hard->sadb_lifetime_usetime; in tcpsig_sa_add()
804 SET_EXPIRE(sa, hardaddlt, hardexpiretime); in tcpsig_sa_add()
807 sa->ts_refcnt = 0; in tcpsig_sa_add()
808 sa->ts_tombstoned = false; in tcpsig_sa_add()
814 tcpsig_sa_free(sa); in tcpsig_sa_add()
818 list_insert_tail(&db->td_salist, sa); in tcpsig_sa_add()
836 tcpsig_sa_t *sa; in tcpsig_sa_update() local
862 sa = tcpsig_sa_find(src, dst, tcps); in tcpsig_sa_update()
864 if (sa == NULL) { in tcpsig_sa_update()
869 tcpsig_update_lifetimes(sa, hard, soft); in tcpsig_sa_update()
870 tcpsig_sa_rele(sa); in tcpsig_sa_update()
882 tcpsig_dump_one(const tcpsig_sa_t *sa, sadb_msg_t *samsg) in tcpsig_dump_one() argument
892 ASSERT(MUTEX_HELD(&sa->ts_lock)); in tcpsig_dump_one()
895 2 * tcpsig_addr_extsize(sa); in tcpsig_dump_one()
897 if (sa->ts_softaddlt != 0 || sa->ts_softuselt != 0) { in tcpsig_dump_one()
902 if (sa->ts_hardaddlt != 0 || sa->ts_harduselt != 0) { in tcpsig_dump_one()
911 keysize = roundup(sizeof (sadb_key_t) + sa->ts_key.sak_keylen, in tcpsig_dump_one()
929 cur = tcpsig_make_sa_ext(cur, end, sa); in tcpsig_dump_one()
931 sa->ts_family, &sa->ts_src); in tcpsig_dump_one()
933 sa->ts_family, &sa->ts_dst); in tcpsig_dump_one()
947 lt->sadb_lifetime_addtime = sa->ts_addtime; in tcpsig_dump_one()
948 lt->sadb_lifetime_usetime = sa->ts_usetime; in tcpsig_dump_one()
956 lt->sadb_lifetime_addtime = sa->ts_softaddlt; in tcpsig_dump_one()
957 lt->sadb_lifetime_usetime = sa->ts_softuselt; in tcpsig_dump_one()
965 lt->sadb_lifetime_addtime = sa->ts_hardaddlt; in tcpsig_dump_one()
966 lt->sadb_lifetime_usetime = sa->ts_harduselt; in tcpsig_dump_one()
976 key->sadb_key_bits = sa->ts_key.sak_keybits; in tcpsig_dump_one()
978 bcopy(sa->ts_key.sak_key, (uint8_t *)(key + 1), sa->ts_key.sak_keylen); in tcpsig_dump_one()
987 tcpsig_sa_t *sa; in tcpsig_sa_dump() local
992 for (sa = list_head(&db->td_salist); sa != NULL; in tcpsig_sa_dump()
993 sa = list_next(&db->td_salist, sa)) { in tcpsig_sa_dump()
996 mutex_enter(&sa->ts_lock); in tcpsig_sa_dump()
997 if (sa->ts_tombstoned) { in tcpsig_sa_dump()
998 mutex_exit(&sa->ts_lock); in tcpsig_sa_dump()
1001 mp = tcpsig_dump_one(sa, samsg); in tcpsig_sa_dump()
1002 mutex_exit(&sa->ts_lock); in tcpsig_sa_dump()
1026 tcpsig_sa_t *sa; in tcpsig_sa_delget() local
1045 sa = tcpsig_sa_find(src, dst, tcps); in tcpsig_sa_delget()
1047 if (sa == NULL) { in tcpsig_sa_delget()
1053 mutex_enter(&sa->ts_lock); in tcpsig_sa_delget()
1054 mp = tcpsig_dump_one(sa, samsg); in tcpsig_sa_delget()
1055 mutex_exit(&sa->ts_lock); in tcpsig_sa_delget()
1058 tcpsig_sa_rele(sa); in tcpsig_sa_delget()
1063 tcpsig_sa_rele(sa); in tcpsig_sa_delget()
1076 mutex_enter(&sa->ts_lock); in tcpsig_sa_delget()
1077 sa->ts_tombstoned = true; in tcpsig_sa_delget()
1078 mutex_exit(&sa->ts_lock); in tcpsig_sa_delget()
1079 tcpsig_sa_rele(sa); in tcpsig_sa_delget()
1131 tcpsig_sa_t *sa; in tcpsig_sa_exists() local
1182 sa = tcpsig_sa_find(&src, &dst, tcps); in tcpsig_sa_exists()
1184 if (sa == NULL) in tcpsig_sa_exists()
1188 *sap = sa; in tcpsig_sa_exists()
1190 tcpsig_sa_rele(sa); in tcpsig_sa_exists()
1255 tcpsig_sa_t *sa; in tcpsig_signature() local
1268 sa = inbound ? tcp->tcp_sig_sa_in : tcp->tcp_sig_sa_out; in tcpsig_signature()
1269 if (sa == NULL) { in tcpsig_signature()
1270 if (!tcpsig_sa_exists(tcp, inbound, &sa)) { in tcpsig_signature()
1280 tcp->tcp_sig_sa_in = sa; in tcpsig_signature()
1282 tcp->tcp_sig_sa_out = sa; in tcpsig_signature()
1285 tcpsig_sa_touch(sa); in tcpsig_signature()
1287 VERIFY3U(sa->ts_key.sak_algid, ==, SADB_AALG_MD5); in tcpsig_signature()
1316 MD5Update(&context, sa->ts_key.sak_key, sa->ts_key.sak_keylen); in tcpsig_signature()