Lines Matching refs:ipsa
94 static void ipsa_set_replay(ipsa_t *ipsa, uint32_t offset);
193 sadb_insertassoc(ipsa_t *ipsa, isaf_t *bucket) in sadb_insertassoc() argument
201 unspecsrc = IPSA_IS_ADDR_UNSPEC(ipsa->ipsa_srcaddr, ipsa->ipsa_addrfam); in sadb_insertassoc()
204 ASSERT(walker == NULL || ipsa->ipsa_addrfam == walker->ipsa_addrfam); in sadb_insertassoc()
217 ipsa->ipsa_dstaddr, ipsa->ipsa_addrfam)) { in sadb_insertassoc()
218 if (walker->ipsa_spi == ipsa->ipsa_spi) in sadb_insertassoc()
222 if (ipsa->ipsa_state == IPSA_STATE_MATURE && in sadb_insertassoc()
224 SA_UNIQUE_MATCH(walker, ipsa)) { in sadb_insertassoc()
243 ipsa->ipsa_next = *ptpn; in sadb_insertassoc()
244 ipsa->ipsa_ptpn = ptpn; in sadb_insertassoc()
245 if (ipsa->ipsa_next != NULL) in sadb_insertassoc()
246 ipsa->ipsa_next->ipsa_ptpn = &ipsa->ipsa_next; in sadb_insertassoc()
247 *ptpn = ipsa; in sadb_insertassoc()
248 ipsa->ipsa_linklock = &bucket->isaf_lock; in sadb_insertassoc()
260 sadb_freeassoc(ipsa_t *ipsa) in sadb_freeassoc() argument
262 ipsec_stack_t *ipss = ipsa->ipsa_netstack->netstack_ipsec; in sadb_freeassoc()
266 ASSERT(MUTEX_NOT_HELD(&ipsa->ipsa_lock)); in sadb_freeassoc()
267 ASSERT(ipsa->ipsa_refcnt == 0); in sadb_freeassoc()
268 ASSERT(ipsa->ipsa_next == NULL); in sadb_freeassoc()
269 ASSERT(ipsa->ipsa_ptpn == NULL); in sadb_freeassoc()
272 asyncmp = sadb_clear_lpkt(ipsa); in sadb_freeassoc()
279 mutex_enter(&ipsa->ipsa_lock); in sadb_freeassoc()
281 if (ipsa->ipsa_tsl != NULL) { in sadb_freeassoc()
282 label_rele(ipsa->ipsa_tsl); in sadb_freeassoc()
283 ipsa->ipsa_tsl = NULL; in sadb_freeassoc()
286 if (ipsa->ipsa_otsl != NULL) { in sadb_freeassoc()
287 label_rele(ipsa->ipsa_otsl); in sadb_freeassoc()
288 ipsa->ipsa_otsl = NULL; in sadb_freeassoc()
291 ipsec_destroy_ctx_tmpl(ipsa, IPSEC_ALG_AUTH); in sadb_freeassoc()
292 ipsec_destroy_ctx_tmpl(ipsa, IPSEC_ALG_ENCR); in sadb_freeassoc()
293 mutex_exit(&ipsa->ipsa_lock); in sadb_freeassoc()
296 if (ipsa->ipsa_authkey != NULL) { in sadb_freeassoc()
297 bzero(ipsa->ipsa_authkey, ipsa->ipsa_authkeylen); in sadb_freeassoc()
298 kmem_free(ipsa->ipsa_authkey, ipsa->ipsa_authkeylen); in sadb_freeassoc()
300 if (ipsa->ipsa_encrkey != NULL) { in sadb_freeassoc()
301 bzero(ipsa->ipsa_encrkey, ipsa->ipsa_encrkeylen); in sadb_freeassoc()
302 kmem_free(ipsa->ipsa_encrkey, ipsa->ipsa_encrkeylen); in sadb_freeassoc()
304 if (ipsa->ipsa_nonce_buf != NULL) { in sadb_freeassoc()
305 bzero(ipsa->ipsa_nonce_buf, sizeof (ipsec_nonce_t)); in sadb_freeassoc()
306 kmem_free(ipsa->ipsa_nonce_buf, sizeof (ipsec_nonce_t)); in sadb_freeassoc()
308 if (ipsa->ipsa_src_cid != NULL) { in sadb_freeassoc()
309 IPSID_REFRELE(ipsa->ipsa_src_cid); in sadb_freeassoc()
311 if (ipsa->ipsa_dst_cid != NULL) { in sadb_freeassoc()
312 IPSID_REFRELE(ipsa->ipsa_dst_cid); in sadb_freeassoc()
314 if (ipsa->ipsa_emech.cm_param != NULL) in sadb_freeassoc()
315 kmem_free(ipsa->ipsa_emech.cm_param, in sadb_freeassoc()
316 ipsa->ipsa_emech.cm_param_len); in sadb_freeassoc()
318 mutex_destroy(&ipsa->ipsa_lock); in sadb_freeassoc()
319 kmem_free(ipsa, sizeof (*ipsa)); in sadb_freeassoc()
333 sadb_unlinkassoc(ipsa_t *ipsa) in sadb_unlinkassoc() argument
335 ASSERT(ipsa->ipsa_linklock != NULL); in sadb_unlinkassoc()
336 ASSERT(MUTEX_HELD(ipsa->ipsa_linklock)); in sadb_unlinkassoc()
339 *(ipsa->ipsa_ptpn) = ipsa->ipsa_next; in sadb_unlinkassoc()
340 if (ipsa->ipsa_next != NULL) { in sadb_unlinkassoc()
341 ipsa->ipsa_next->ipsa_ptpn = ipsa->ipsa_ptpn; in sadb_unlinkassoc()
342 ipsa->ipsa_next = NULL; in sadb_unlinkassoc()
345 ipsa->ipsa_ptpn = NULL; in sadb_unlinkassoc()
348 IPSA_REFRELE(ipsa); in sadb_unlinkassoc()
546 sadb_dump_deliver(queue_t *pfkey_q, mblk_t *original_answer, ipsa_t *ipsa, in sadb_dump_deliver() argument
554 answer->b_cont = sadb_sa2msg(ipsa, samsg); in sadb_dump_deliver()
891 sadb_cloneassoc(ipsa_t *ipsa) in sadb_cloneassoc() argument
896 ASSERT(MUTEX_NOT_HELD(&(ipsa->ipsa_lock))); in sadb_cloneassoc()
903 *newbie = *ipsa; in sadb_cloneassoc()
922 if (ipsa->ipsa_authkey != NULL) { in sadb_cloneassoc()
928 bcopy(ipsa->ipsa_authkey, newbie->ipsa_authkey, in sadb_cloneassoc()
941 if (ipsa->ipsa_encrkey != NULL) { in sadb_cloneassoc()
947 bcopy(ipsa->ipsa_encrkey, newbie->ipsa_encrkey, in sadb_cloneassoc()
959 if (ipsa->ipsa_src_cid != NULL) { in sadb_cloneassoc()
960 newbie->ipsa_src_cid = ipsa->ipsa_src_cid; in sadb_cloneassoc()
961 IPSID_REFHOLD(ipsa->ipsa_src_cid); in sadb_cloneassoc()
964 if (ipsa->ipsa_dst_cid != NULL) { in sadb_cloneassoc()
965 newbie->ipsa_dst_cid = ipsa->ipsa_dst_cid; in sadb_cloneassoc()
966 IPSID_REFHOLD(ipsa->ipsa_dst_cid); in sadb_cloneassoc()
1073 sadb_sa2msg(ipsa_t *ipsa, sadb_msg_t *samsg) in sadb_sa2msg() argument
1113 fam = ipsa->ipsa_addrfam; in sadb_sa2msg()
1131 if (ipsa->ipsa_flags & IPSA_F_NATT_REM) in sadb_sa2msg()
1133 if (ipsa->ipsa_flags & IPSA_F_NATT_LOC) in sadb_sa2msg()
1136 if (ipsa->ipsa_flags & IPSA_F_PAIRED) { in sadb_sa2msg()
1139 otherspi = ipsa->ipsa_otherspi; in sadb_sa2msg()
1145 if (ipsa->ipsa_softaddlt != 0 || ipsa->ipsa_softuselt != 0 || in sadb_sa2msg()
1146 ipsa->ipsa_softbyteslt != 0 || ipsa->ipsa_softalloc != 0) { in sadb_sa2msg()
1151 if (ipsa->ipsa_hardaddlt != 0 || ipsa->ipsa_harduselt != 0 || in sadb_sa2msg()
1152 ipsa->ipsa_hardbyteslt != 0 || ipsa->ipsa_hardalloc != 0) { in sadb_sa2msg()
1157 if (ipsa->ipsa_idleaddlt != 0 || ipsa->ipsa_idleuselt != 0) { in sadb_sa2msg()
1165 if (ipsa->ipsa_innerfam != 0) { in sadb_sa2msg()
1166 pfam = ipsa->ipsa_innerfam; in sadb_sa2msg()
1187 if (ipsa->ipsa_authkeylen != 0) { in sadb_sa2msg()
1188 authsize = roundup(sizeof (sadb_key_t) + ipsa->ipsa_authkeylen, in sadb_sa2msg()
1194 if (ipsa->ipsa_encrkeylen != 0) { in sadb_sa2msg()
1195 encrsize = roundup(sizeof (sadb_key_t) + ipsa->ipsa_encrkeylen + in sadb_sa2msg()
1196 ipsa->ipsa_nonce_len, sizeof (uint64_t)); in sadb_sa2msg()
1203 if (ipsa->ipsa_tsl != NULL) { in sadb_sa2msg()
1204 senslen = sadb_sens_len_from_label(ipsa->ipsa_tsl); in sadb_sa2msg()
1209 if (ipsa->ipsa_otsl != NULL) { in sadb_sa2msg()
1210 osenslen = sadb_sens_len_from_label(ipsa->ipsa_otsl); in sadb_sa2msg()
1219 if (ipsa->ipsa_src_cid != NULL) { in sadb_sa2msg()
1221 strlen(ipsa->ipsa_src_cid->ipsid_cid) + 1, in sadb_sa2msg()
1227 if (ipsa->ipsa_dst_cid != NULL) { in sadb_sa2msg()
1229 strlen(ipsa->ipsa_dst_cid->ipsid_cid) + 1, in sadb_sa2msg()
1235 if ((ipsa->ipsa_kmp != 0) || (ipsa->ipsa_kmc != 0)) in sadb_sa2msg()
1238 if (ipsa->ipsa_replay != 0) { in sadb_sa2msg()
1257 mutex_enter(&ipsa->ipsa_lock); /* Since I'm grabbing SA fields... */ in sadb_sa2msg()
1259 newsamsg->sadb_msg_satype = ipsa->ipsa_type; in sadb_sa2msg()
1264 assoc->sadb_sa_spi = ipsa->ipsa_spi; in sadb_sa2msg()
1265 assoc->sadb_sa_replay = ipsa->ipsa_replay_wsize; in sadb_sa2msg()
1266 assoc->sadb_sa_state = ipsa->ipsa_state; in sadb_sa2msg()
1267 assoc->sadb_sa_auth = ipsa->ipsa_auth_alg; in sadb_sa2msg()
1268 assoc->sadb_sa_encrypt = ipsa->ipsa_encr_alg; in sadb_sa2msg()
1269 assoc->sadb_sa_flags = ipsa->ipsa_flags; in sadb_sa2msg()
1276 lt->sadb_lifetime_bytes = ipsa->ipsa_bytes; in sadb_sa2msg()
1277 lt->sadb_lifetime_addtime = ipsa->ipsa_addtime; in sadb_sa2msg()
1278 lt->sadb_lifetime_usetime = ipsa->ipsa_usetime; in sadb_sa2msg()
1284 lt->sadb_lifetime_allocations = ipsa->ipsa_hardalloc; in sadb_sa2msg()
1285 lt->sadb_lifetime_bytes = ipsa->ipsa_hardbyteslt; in sadb_sa2msg()
1286 lt->sadb_lifetime_addtime = ipsa->ipsa_hardaddlt; in sadb_sa2msg()
1287 lt->sadb_lifetime_usetime = ipsa->ipsa_harduselt; in sadb_sa2msg()
1294 lt->sadb_lifetime_allocations = ipsa->ipsa_softalloc; in sadb_sa2msg()
1295 lt->sadb_lifetime_bytes = ipsa->ipsa_softbyteslt; in sadb_sa2msg()
1296 lt->sadb_lifetime_addtime = ipsa->ipsa_softaddlt; in sadb_sa2msg()
1297 lt->sadb_lifetime_usetime = ipsa->ipsa_softuselt; in sadb_sa2msg()
1304 lt->sadb_lifetime_addtime = ipsa->ipsa_idleaddlt; in sadb_sa2msg()
1305 lt->sadb_lifetime_usetime = ipsa->ipsa_idleuselt; in sadb_sa2msg()
1312 ipsa->ipsa_srcaddr, (!isrc && !idst) ? SA_SRCPORT(ipsa) : 0, in sadb_sa2msg()
1313 SA_PROTO(ipsa), 0); in sadb_sa2msg()
1321 ipsa->ipsa_dstaddr, (!isrc && !idst) ? SA_DSTPORT(ipsa) : 0, in sadb_sa2msg()
1322 SA_PROTO(ipsa), 0); in sadb_sa2msg()
1329 if (ipsa->ipsa_flags & IPSA_F_NATT_LOC) { in sadb_sa2msg()
1331 fam, &ipsa->ipsa_natt_addr_loc, ipsa->ipsa_local_nat_port, in sadb_sa2msg()
1340 if (ipsa->ipsa_flags & IPSA_F_NATT_REM) { in sadb_sa2msg()
1342 fam, &ipsa->ipsa_natt_addr_rem, ipsa->ipsa_remote_nat_port, in sadb_sa2msg()
1354 pfam, ipsa->ipsa_innersrc, SA_SRCPORT(ipsa), in sadb_sa2msg()
1355 SA_IPROTO(ipsa), ipsa->ipsa_innersrcpfx); in sadb_sa2msg()
1365 pfam, ipsa->ipsa_innerdst, SA_DSTPORT(ipsa), in sadb_sa2msg()
1366 SA_IPROTO(ipsa), ipsa->ipsa_innerdstpfx); in sadb_sa2msg()
1374 if ((ipsa->ipsa_kmp != 0) || (ipsa->ipsa_kmc != 0)) { in sadb_sa2msg()
1376 ipsa->ipsa_kmp, ipsa->ipsa_kmc); in sadb_sa2msg()
1389 key->sadb_key_bits = ipsa->ipsa_authkeybits; in sadb_sa2msg()
1391 bcopy(ipsa->ipsa_authkey, key + 1, ipsa->ipsa_authkeylen); in sadb_sa2msg()
1401 key->sadb_key_bits = ipsa->ipsa_encrkeybits; in sadb_sa2msg()
1402 key->sadb_key_reserved = ipsa->ipsa_saltbits; in sadb_sa2msg()
1404 bcopy(ipsa->ipsa_encrkey, buf_ptr, ipsa->ipsa_encrkeylen); in sadb_sa2msg()
1405 if (ipsa->ipsa_salt != NULL) { in sadb_sa2msg()
1406 buf_ptr += ipsa->ipsa_encrkeylen; in sadb_sa2msg()
1407 bcopy(ipsa->ipsa_salt, buf_ptr, ipsa->ipsa_saltlen); in sadb_sa2msg()
1417 ident->sadb_ident_type = ipsa->ipsa_src_cid->ipsid_type; in sadb_sa2msg()
1421 ipsa->ipsa_src_cid->ipsid_cid); in sadb_sa2msg()
1430 ident->sadb_ident_type = ipsa->ipsa_dst_cid->ipsid_type; in sadb_sa2msg()
1434 ipsa->ipsa_dst_cid->ipsid_cid); in sadb_sa2msg()
1442 ipsa->ipsa_tsl, senslen); in sadb_sa2msg()
1452 ipsa->ipsa_otsl, osenslen); in sadb_sa2msg()
1453 if (ipsa->ipsa_mac_exempt) in sadb_sa2msg()
1471 if (ipsa->ipsa_replay != 0) { in sadb_sa2msg()
1475 repl_ctr->sadb_x_rc_replay32 = ipsa->ipsa_replay; in sadb_sa2msg()
1482 mutex_exit(&ipsa->ipsa_lock); in sadb_sa2msg()
1622 keysock_in_t *ksi, ipsa_t *ipsa) in sadb_pfkey_echo() argument
1667 mp1 = sadb_sa2msg(ipsa, samsg); in sadb_pfkey_echo()
1678 if (ipsa == NULL) in sadb_pfkey_echo()
1684 mp1 = sadb_sa2msg(ipsa, samsg); in sadb_pfkey_echo()
4166 newbie->ipsa = assoc;
4199 newbie->ipsa = assoc;
6048 ipsa_is_replay_set(ipsa_t *ipsa, uint32_t offset) argument
6052 return ((bit & ipsa->ipsa_replay_arr[offset >> 6]) ? B_TRUE : B_FALSE);
6059 ipsa_shift_replay(ipsa_t *ipsa, uint32_t shift) argument
6067 for (i = (ipsa->ipsa_replay_wsize - 1) >> 6; i >= 0; i--) {
6068 if (i + jump <= (ipsa->ipsa_replay_wsize - 1) >> 6) {
6069 ipsa->ipsa_replay_arr[i + jump] |=
6070 ipsa->ipsa_replay_arr[i] >> (64 - (shift & 63));
6072 ipsa->ipsa_replay_arr[i] <<= shift;
6080 ipsa_set_replay(ipsa_t *ipsa, uint32_t offset) argument
6084 ipsa->ipsa_replay_arr[offset >> 6] |= bit;
6094 sadb_replay_check(ipsa_t *ipsa, uint32_t seq) argument
6099 if (ipsa->ipsa_replay_wsize == 0)
6109 mutex_enter(&ipsa->ipsa_lock);
6112 if (ipsa->ipsa_replay == 0)
6113 ipsa->ipsa_replay = 1;
6115 if (seq > ipsa->ipsa_replay) {
6120 diff = seq - ipsa->ipsa_replay;
6121 if (diff < ipsa->ipsa_replay_wsize) {
6123 ipsa_shift_replay(ipsa, diff);
6126 bzero(ipsa->ipsa_replay_arr,
6127 sizeof (ipsa->ipsa_replay_arr));
6129 ipsa_set_replay(ipsa, 0);
6130 ipsa->ipsa_replay = seq;
6134 diff = ipsa->ipsa_replay - seq;
6135 if (diff >= ipsa->ipsa_replay_wsize || ipsa_is_replay_set(ipsa, diff)) {
6140 ipsa_set_replay(ipsa, diff);
6144 mutex_exit(&ipsa->ipsa_lock);
6157 sadb_replay_peek(ipsa_t *ipsa, uint32_t seq) argument
6162 if (ipsa->ipsa_replay_wsize == 0)
6176 mutex_enter(&ipsa->ipsa_lock);
6177 if (seq < ipsa->ipsa_replay - ipsa->ipsa_replay_wsize &&
6178 ipsa->ipsa_replay >= ipsa->ipsa_replay_wsize)
6186 if (ipsa->ipsa_replay == SADB_MAX_REPLAY_VALUE) {
6191 ipsa->ipsa_hardexpiretime = (time_t)1;
6195 if (seq <= ipsa->ipsa_replay) {
6200 diff = ipsa->ipsa_replay - seq;
6201 if (ipsa_is_replay_set(ipsa, diff))
6208 mutex_exit(&ipsa->ipsa_lock);
6897 sadb_set_lpkt(ipsa_t *ipsa, mblk_t *npkt, ip_recv_attr_t *ira) argument
6901 mutex_enter(&ipsa->ipsa_lock);
6902 opkt = ipsa->ipsa_lpkt;
6903 if (ipsa->ipsa_state == IPSA_STATE_LARVAL) {
6921 ipsa->ipsa_lpkt = attrmp;
6935 ipsa->ipsa_lpkt = NULL;
6937 mutex_exit(&ipsa->ipsa_lock);
6956 sadb_clear_lpkt(ipsa_t *ipsa) argument
6960 mutex_enter(&ipsa->ipsa_lock);
6961 opkt = ipsa->ipsa_lpkt;
6962 ipsa->ipsa_lpkt = NULL;
6963 mutex_exit(&ipsa->ipsa_lock);
6971 sadb_buf_pkt(ipsa_t *ipsa, mblk_t *bpkt, ip_recv_attr_t *ira) argument
6975 in6_addr_t *srcaddr = (in6_addr_t *)(&ipsa->ipsa_srcaddr);
6976 in6_addr_t *dstaddr = (in6_addr_t *)(&ipsa->ipsa_dstaddr);
6979 ASSERT(ipsa->ipsa_state == IPSA_STATE_IDLE);
6989 (ipsa->ipsa_type == SADB_SATYPE_AH) ? IPPROTO_AH : IPPROTO_ESP,
6990 ipsa->ipsa_spi, ipsa->ipsa_addrfam, *srcaddr, *dstaddr, NULL);
7001 mutex_enter(&ipsa->ipsa_lock);
7002 ipsa->ipsa_mblkcnt++;
7003 if (ipsa->ipsa_bpkt_head == NULL) {
7004 ipsa->ipsa_bpkt_head = ipsa->ipsa_bpkt_tail = bpkt;
7006 ipsa->ipsa_bpkt_tail->b_next = bpkt;
7007 ipsa->ipsa_bpkt_tail = bpkt;
7008 if (ipsa->ipsa_mblkcnt > SADB_MAX_IDLEPKTS) {
7011 tmp = ipsa->ipsa_bpkt_head;
7012 ipsa->ipsa_bpkt_head = ipsa->ipsa_bpkt_head->b_next;
7017 ipsa->ipsa_mblkcnt --;
7020 mutex_exit(&ipsa->ipsa_lock);
7604 dying = haspeerlist->ipsa;