Lines Matching refs:newbie
374 ipsa_t *newbie; in sadb_makelarvalassoc() local
380 newbie = (ipsa_t *)kmem_zalloc(sizeof (ipsa_t), KM_NOSLEEP); in sadb_makelarvalassoc()
381 if (newbie == NULL) { in sadb_makelarvalassoc()
387 newbie->ipsa_spi = spi; in sadb_makelarvalassoc()
388 newbie->ipsa_netstack = ns; /* No netstack_hold */ in sadb_makelarvalassoc()
394 IPSA_COPY_ADDR(newbie->ipsa_srcaddr, src, addrfam); in sadb_makelarvalassoc()
395 IPSA_COPY_ADDR(newbie->ipsa_dstaddr, dst, addrfam); in sadb_makelarvalassoc()
397 newbie->ipsa_addrfam = addrfam; in sadb_makelarvalassoc()
402 mutex_init(&newbie->ipsa_lock, NULL, MUTEX_DEFAULT, NULL); in sadb_makelarvalassoc()
403 newbie->ipsa_state = IPSA_STATE_LARVAL; in sadb_makelarvalassoc()
404 newbie->ipsa_refcnt = 1; in sadb_makelarvalassoc()
405 newbie->ipsa_freefunc = sadb_freeassoc; in sadb_makelarvalassoc()
412 return (newbie); in sadb_makelarvalassoc()
893 ipsa_t *newbie; in sadb_cloneassoc() local
898 newbie = kmem_alloc(sizeof (ipsa_t), KM_NOSLEEP); in sadb_cloneassoc()
899 if (newbie == NULL) in sadb_cloneassoc()
903 *newbie = *ipsa; in sadb_cloneassoc()
906 mutex_init(&newbie->ipsa_lock, NULL, MUTEX_DEFAULT, NULL); in sadb_cloneassoc()
908 if (newbie->ipsa_tsl != NULL) in sadb_cloneassoc()
909 label_hold(newbie->ipsa_tsl); in sadb_cloneassoc()
911 if (newbie->ipsa_otsl != NULL) in sadb_cloneassoc()
912 label_hold(newbie->ipsa_otsl); in sadb_cloneassoc()
923 newbie->ipsa_authkey = kmem_alloc(newbie->ipsa_authkeylen, in sadb_cloneassoc()
925 if (newbie->ipsa_authkey == NULL) { in sadb_cloneassoc()
928 bcopy(ipsa->ipsa_authkey, newbie->ipsa_authkey, in sadb_cloneassoc()
929 newbie->ipsa_authkeylen); in sadb_cloneassoc()
931 newbie->ipsa_kcfauthkey.ck_data = in sadb_cloneassoc()
932 newbie->ipsa_authkey; in sadb_cloneassoc()
935 if (newbie->ipsa_amech.cm_param != NULL) { in sadb_cloneassoc()
936 newbie->ipsa_amech.cm_param = in sadb_cloneassoc()
937 (char *)&newbie->ipsa_mac_len; in sadb_cloneassoc()
942 newbie->ipsa_encrkey = kmem_alloc(newbie->ipsa_encrkeylen, in sadb_cloneassoc()
944 if (newbie->ipsa_encrkey == NULL) { in sadb_cloneassoc()
947 bcopy(ipsa->ipsa_encrkey, newbie->ipsa_encrkey, in sadb_cloneassoc()
948 newbie->ipsa_encrkeylen); in sadb_cloneassoc()
950 newbie->ipsa_kcfencrkey.ck_data = in sadb_cloneassoc()
951 newbie->ipsa_encrkey; in sadb_cloneassoc()
955 newbie->ipsa_authtmpl = NULL; in sadb_cloneassoc()
956 newbie->ipsa_encrtmpl = NULL; in sadb_cloneassoc()
957 newbie->ipsa_haspeer = B_TRUE; in sadb_cloneassoc()
960 newbie->ipsa_src_cid = ipsa->ipsa_src_cid; in sadb_cloneassoc()
965 newbie->ipsa_dst_cid = ipsa->ipsa_dst_cid; in sadb_cloneassoc()
970 sadb_freeassoc(newbie); in sadb_cloneassoc()
974 return (newbie); in sadb_cloneassoc()
2783 sadb_nat_calculations(ipsa_t *newbie, sadb_address_t *natt_loc_ext, in sadb_nat_calculations() argument
2803 newbie->ipsa_remote_nat_port = natt_rem->sin_port; in sadb_nat_calculations()
2808 newbie->ipsa_natt_addr_rem = *natt_rem_ptr; in sadb_nat_calculations()
2837 newbie->ipsa_local_nat_port = natt_loc->sin_port; in sadb_nat_calculations()
2840 newbie->ipsa_natt_addr_loc = *natt_loc_ptr; in sadb_nat_calculations()
2868 newbie->ipsa_inbound_cksum = running_sum; in sadb_nat_calculations()
2892 ipsa_t *newbie, boolean_t clone, boolean_t is_inbound, int *diagnostic, argument
2932 boolean_t isupdate = (newbie != NULL);
3006 newbie = sadb_makelarvalassoc(assoc->sadb_sa_spi,
3008 if (newbie == NULL)
3012 mutex_enter(&newbie->ipsa_lock);
3022 mutex_exit(&newbie->ipsa_lock);
3045 mutex_exit(&newbie->ipsa_lock);
3061 newbie->ipsa_innerfam = isrc->sin_family;
3063 IPSA_COPY_ADDR(newbie->ipsa_innersrc, isrc_addr_ptr,
3064 newbie->ipsa_innerfam);
3065 IPSA_COPY_ADDR(newbie->ipsa_innerdst, idst_addr_ptr,
3066 newbie->ipsa_innerfam);
3067 newbie->ipsa_innersrcpfx = isrcext->sadb_address_prefixlen;
3068 newbie->ipsa_innerdstpfx = idstext->sadb_address_prefixlen;
3071 newbie->ipsa_unique_id = SA_UNIQUE_ID(isrc->sin_port,
3074 newbie->ipsa_unique_mask = SA_UNIQUE_MASK(isrc->sin_port,
3079 newbie->ipsa_unique_id = SA_UNIQUE_ID(src->sin_port,
3081 newbie->ipsa_unique_mask = SA_UNIQUE_MASK(src->sin_port,
3084 if (newbie->ipsa_unique_mask != (uint64_t)0)
3085 newbie->ipsa_flags |= IPSA_F_UNIQUE;
3087 sadb_nat_calculations(newbie,
3092 newbie->ipsa_type = samsg->sadb_msg_satype;
3096 newbie->ipsa_auth_alg = assoc->sadb_sa_auth;
3097 newbie->ipsa_encr_alg = assoc->sadb_sa_encrypt;
3099 newbie->ipsa_flags |= assoc->sadb_sa_flags;
3100 if (newbie->ipsa_flags & SADB_X_SAFLAGS_NATT_LOC &&
3102 mutex_exit(&newbie->ipsa_lock);
3107 if (newbie->ipsa_flags & SADB_X_SAFLAGS_NATT_REM &&
3109 mutex_exit(&newbie->ipsa_lock);
3114 if (newbie->ipsa_flags & SADB_X_SAFLAGS_TUNNEL &&
3116 mutex_exit(&newbie->ipsa_lock);
3128 newbie->ipsa_replay_wsize = assoc->sadb_sa_replay;
3130 newbie->ipsa_replay_wsize = 0;
3132 newbie->ipsa_addtime = gethrestime_sec();
3135 newbie->ipsa_kmp = kmcext->sadb_x_kmc_proto;
3136 newbie->ipsa_kmc = kmcext->sadb_x_kmc_cookie;
3146 newbie->ipsa_softaddlt = soft->sadb_lifetime_addtime;
3147 newbie->ipsa_softuselt = soft->sadb_lifetime_usetime;
3148 newbie->ipsa_softbyteslt = soft->sadb_lifetime_bytes;
3149 newbie->ipsa_softalloc = soft->sadb_lifetime_allocations;
3150 SET_EXPIRE(newbie, softaddlt, softexpiretime);
3153 newbie->ipsa_hardaddlt = hard->sadb_lifetime_addtime;
3154 newbie->ipsa_harduselt = hard->sadb_lifetime_usetime;
3155 newbie->ipsa_hardbyteslt = hard->sadb_lifetime_bytes;
3156 newbie->ipsa_hardalloc = hard->sadb_lifetime_allocations;
3157 SET_EXPIRE(newbie, hardaddlt, hardexpiretime);
3160 newbie->ipsa_idleaddlt = idle->sadb_lifetime_addtime;
3161 newbie->ipsa_idleuselt = idle->sadb_lifetime_usetime;
3162 newbie->ipsa_idleexpiretime = newbie->ipsa_addtime +
3163 newbie->ipsa_idleaddlt;
3164 newbie->ipsa_idletime = newbie->ipsa_idleaddlt;
3167 newbie->ipsa_authtmpl = NULL;
3168 newbie->ipsa_encrtmpl = NULL;
3171 if (akey != NULL && newbie->ipsa_auth_alg != SADB_AALG_NONE) {
3178 newbie->ipsa_authkeybits = akey->sadb_key_bits;
3179 newbie->ipsa_authkeylen = SADB_1TO8(akey->sadb_key_bits);
3182 newbie->ipsa_authkeylen++;
3183 newbie->ipsa_authkey = kmem_alloc(newbie->ipsa_authkeylen,
3185 if (newbie->ipsa_authkey == NULL) {
3187 mutex_exit(&newbie->ipsa_lock);
3190 bcopy(akey + 1, newbie->ipsa_authkey, newbie->ipsa_authkeylen);
3191 bzero(akey + 1, newbie->ipsa_authkeylen);
3197 newbie->ipsa_kcfauthkey.ck_format = CRYPTO_KEY_RAW;
3198 newbie->ipsa_kcfauthkey.ck_length = newbie->ipsa_authkeybits;
3199 newbie->ipsa_kcfauthkey.ck_data = newbie->ipsa_authkey;
3203 [newbie->ipsa_auth_alg];
3205 newbie->ipsa_amech.cm_type = alg->alg_mech_type;
3206 newbie->ipsa_amech.cm_param =
3207 (char *)&newbie->ipsa_mac_len;
3208 newbie->ipsa_amech.cm_param_len = sizeof (size_t);
3209 newbie->ipsa_mac_len = (size_t)alg->alg_datalen;
3211 newbie->ipsa_amech.cm_type = CRYPTO_MECHANISM_INVALID;
3213 error = ipsec_create_ctx_tmpl(newbie, IPSEC_ALG_AUTH);
3216 mutex_exit(&newbie->ipsa_lock);
3235 [newbie->ipsa_encr_alg];
3238 newbie->ipsa_emech.cm_type = alg->alg_mech_type;
3239 newbie->ipsa_datalen = alg->alg_datalen;
3241 newbie->ipsa_flags |= IPSA_F_COUNTERMODE;
3244 newbie->ipsa_flags |= IPSA_F_COMBINED;
3245 newbie->ipsa_mac_len = alg->alg_icvlen;
3249 newbie->ipsa_noncefunc = ccm_params_init;
3251 newbie->ipsa_noncefunc = gcm_params_init;
3252 else newbie->ipsa_noncefunc = cbc_params_init;
3254 newbie->ipsa_saltlen = alg->alg_saltlen;
3255 newbie->ipsa_saltbits = SADB_8TO1(newbie->ipsa_saltlen);
3256 newbie->ipsa_iv_len = alg->alg_ivlen;
3257 newbie->ipsa_nonce_len = newbie->ipsa_saltlen +
3258 newbie->ipsa_iv_len;
3259 newbie->ipsa_emech.cm_param = NULL;
3260 newbie->ipsa_emech.cm_param_len = 0;
3262 newbie->ipsa_emech.cm_type = CRYPTO_MECHANISM_INVALID;
3283 newbie->ipsa_encrkeybits = ekey->sadb_key_bits;
3284 newbie->ipsa_encrkeybits -= ekey->sadb_key_reserved;
3285 newbie->ipsa_encrkeybits -= newbie->ipsa_saltbits;
3286 newbie->ipsa_encrkeylen = SADB_1TO8(newbie->ipsa_encrkeybits);
3290 newbie->ipsa_encrkeylen++;
3292 newbie->ipsa_encrkey = kmem_alloc(newbie->ipsa_encrkeylen,
3294 if (newbie->ipsa_encrkey == NULL) {
3296 mutex_exit(&newbie->ipsa_lock);
3301 bcopy(buf_ptr, newbie->ipsa_encrkey, newbie->ipsa_encrkeylen);
3303 if (newbie->ipsa_flags & IPSA_F_COMBINED) {
3313 newbie->ipsa_nonce_buf = kmem_alloc(
3315 if (newbie->ipsa_nonce_buf == NULL) {
3317 mutex_exit(&newbie->ipsa_lock);
3328 newbie->ipsa_iv = &newbie->ipsa_nonce_buf->iv;
3329 newbie->ipsa_salt = (uint8_t *)newbie->ipsa_nonce_buf;
3330 newbie->ipsa_nonce = newbie->ipsa_salt;
3331 if (newbie->ipsa_saltlen != 0) {
3333 newbie->ipsa_saltlen;
3334 newbie->ipsa_salt = (uint8_t *)
3335 &newbie->ipsa_nonce_buf->salt[salt_offset];
3336 newbie->ipsa_nonce = newbie->ipsa_salt;
3337 buf_ptr += newbie->ipsa_encrkeylen;
3338 bcopy(buf_ptr, newbie->ipsa_salt,
3339 newbie->ipsa_saltlen);
3352 buf_ptr += newbie->ipsa_saltlen;
3353 bcopy(buf_ptr, (uint8_t *)newbie->
3358 (uint8_t *)newbie->ipsa_iv,
3359 newbie->ipsa_iv_len);
3361 newbie->ipsa_iv_softexpire =
3362 (*newbie->ipsa_iv) << 9;
3363 newbie->ipsa_iv_hardexpire = *newbie->ipsa_iv;
3372 newbie->ipsa_kcfencrkey.ck_format = CRYPTO_KEY_RAW;
3373 newbie->ipsa_kcfencrkey.ck_length = newbie->ipsa_encrkeybits;
3374 newbie->ipsa_kcfencrkey.ck_data = newbie->ipsa_encrkey;
3377 error = ipsec_create_ctx_tmpl(newbie, IPSEC_ALG_ENCR);
3380 mutex_exit(&newbie->ipsa_lock);
3388 newbie->ipsa_flags |= IPSA_F_ASYNC;
3393 if (newbie->ipsa_type == SADB_SATYPE_ESP)
3394 ipsecesp_init_funcs(newbie);
3396 ipsecah_init_funcs(newbie);
3397 ASSERT(newbie->ipsa_output_func != NULL &&
3398 newbie->ipsa_input_func != NULL);
3411 newbie->ipsa_src_cid = ipsid_lookup(id->sadb_ident_type,
3413 if (newbie->ipsa_src_cid == NULL) {
3415 mutex_exit(&newbie->ipsa_lock);
3428 newbie->ipsa_dst_cid = ipsid_lookup(id->sadb_ident_type,
3430 if (newbie->ipsa_dst_cid == NULL) {
3432 mutex_exit(&newbie->ipsa_lock);
3445 newbie->ipsa_tsl = sadb_label_from_sens(sens, bitmap);
3461 newbie->ipsa_mac_exempt = CONN_MAC_DEFAULT;
3464 newbie->ipsa_mac_exempt = CONN_MAC_IMPLICIT;
3469 newbie->ipsa_mac_exempt, B_TRUE, &effective_tsl);
3472 mutex_exit(&newbie->ipsa_lock);
3481 newbie->ipsa_otsl = tsl;
3498 newbie->ipsa_opt_storage, ipst);
3501 *peer_addr_ptr, newbie->ipsa_opt_storage, ipst);
3504 mutex_exit(&newbie->ipsa_lock);
3515 mutex_exit(&newbie->ipsa_lock);
3518 newbie->ipsa_replay = replayext->sadb_x_rc_replay32;
3522 newbie->ipsa_state = assoc->sadb_sa_state;
3525 newbie->ipsa_haspeer = B_TRUE;
3528 lifetime_fuzz(newbie);
3535 mutex_exit(&newbie->ipsa_lock);
3538 newbie_clone = sadb_cloneassoc(newbie);
3569 IPSA_REFHOLD(newbie);
3575 ASSERT(newbie->ipsa_linklock == &primary->isaf_lock ||
3576 newbie->ipsa_linklock == &secondary->isaf_lock);
3577 sadb_unlinkassoc(newbie);
3580 mutex_enter(&newbie->ipsa_lock);
3581 error = sadb_insertassoc(newbie, primary);
3582 mutex_exit(&newbie->ipsa_lock);
3590 IPSA_REFRELE(newbie);
3600 sadb_unlinkassoc(newbie); /* This does REFRELE. */
3606 scratch = ipsec_getassocbyspi(secondary, newbie->ipsa_spi,
3607 ALL_ZEROES_PTR, newbie->ipsa_dstaddr, af);
3610 sadb_unlinkassoc(newbie); /* This does REFRELE. */
3619 ASSERT(MUTEX_NOT_HELD(&newbie->ipsa_lock));
3657 if (newbie != NULL) {
3660 mutex_enter(&newbie->ipsa_lock);
3661 newbie->ipsa_state = IPSA_STATE_DEAD;
3662 newbie->ipsa_hardexpiretime = 1;
3663 mutex_exit(&newbie->ipsa_lock);
3665 IPSA_REFRELE(newbie);
3679 assoc->sadb_sa_flags = newbie->ipsa_flags;
4113 templist_t *haspeerlist, *newbie; local
4156 newbie = kmem_alloc(sizeof (*newbie),
4158 if (newbie == NULL) {
4165 newbie->next = haspeerlist;
4166 newbie->ipsa = assoc;
4167 haspeerlist = newbie;
4189 newbie = kmem_alloc(sizeof (*newbie),
4191 if (newbie == NULL) {
4198 newbie->next = haspeerlist;
4199 newbie->ipsa = assoc;
4200 haspeerlist = newbie;
4862 ipsacq_t *newbie; local
4960 newbie = sadb_checkacquire(bucket, ap, pp, src, dst, isrc, idst,
4963 if (newbie == NULL) {
4967 newbie = kmem_zalloc(sizeof (*newbie), KM_NOSLEEP);
4968 if (newbie == NULL) {
4975 newbie->ipsacq_policy = pp;
4980 newbie->ipsacq_act = ap;
4981 newbie->ipsacq_linklock = &bucket->iacqf_lock;
4982 newbie->ipsacq_next = bucket->iacqf_ipsacq;
4983 newbie->ipsacq_ptpn = &bucket->iacqf_ipsacq;
4984 if (newbie->ipsacq_next != NULL)
4985 newbie->ipsacq_next->ipsacq_ptpn = &newbie->ipsacq_next;
4987 bucket->iacqf_ipsacq = newbie;
4988 mutex_init(&newbie->ipsacq_lock, NULL, MUTEX_DEFAULT, NULL);
4989 mutex_enter(&newbie->ipsacq_lock);
5010 ASSERT(MUTEX_HELD(&newbie->ipsacq_lock));
5033 } else if (newbie->ipsacq_numpackets == 0) {
5035 newbie->ipsacq_mp = asyncmp;
5036 newbie->ipsacq_numpackets = 1;
5037 newbie->ipsacq_expire = gethrestime_sec();
5042 newbie->ipsacq_expire += *spp->s_acquire_timeout;
5043 newbie->ipsacq_seq = seq;
5044 newbie->ipsacq_addrfam = af;
5046 newbie->ipsacq_srcport = ixa->ixa_ipsec_src_port;
5047 newbie->ipsacq_dstport = ixa->ixa_ipsec_dst_port;
5048 newbie->ipsacq_icmp_type = ixa->ixa_ipsec_icmp_type;
5049 newbie->ipsacq_icmp_code = ixa->ixa_ipsec_icmp_code;
5051 newbie->ipsacq_inneraddrfam = ixa->ixa_ipsec_inaf;
5052 newbie->ipsacq_proto = ixa->ixa_ipsec_inaf == AF_INET6 ?
5054 newbie->ipsacq_innersrcpfx = ixa->ixa_ipsec_insrcpfx;
5055 newbie->ipsacq_innerdstpfx = ixa->ixa_ipsec_indstpfx;
5056 IPSA_COPY_ADDR(newbie->ipsacq_innersrc,
5058 IPSA_COPY_ADDR(newbie->ipsacq_innerdst,
5061 newbie->ipsacq_proto = ixa->ixa_ipsec_proto;
5063 newbie->ipsacq_unique_id = unique_id;
5067 newbie->ipsacq_tsl = ixa->ixa_tsl;
5071 mblk_t *lastone = newbie->ipsacq_mp;
5076 if (newbie->ipsacq_numpackets++ == ipsacq_maxpackets) {
5077 newbie->ipsacq_numpackets = ipsacq_maxpackets;
5078 lastone = newbie->ipsacq_mp;
5079 newbie->ipsacq_mp = lastone->b_next;
5089 newbie->ipsacq_numpackets);
5099 newbie->ipsacq_srcaddr = src;
5100 newbie->ipsacq_dstaddr = dst;
5106 if (newbie->ipsacq_seq != seq || newbie->ipsacq_numpackets > 1) {
5108 mutex_exit(&newbie->ipsacq_lock);
5173 (*spp->s_acqfn)(newbie, extended, ns);
5177 (*spp->s_acqfn)(newbie, NULL, ns);