141 #define	RESET_SPDSOCK_DUMP_POLHEAD(ss, iph) { \  argument
142 	ASSERT(RW_READ_HELD(&(iph)->iph_lock)); \
143 	(ss)->spdsock_dump_head = (iph); \
144 	(ss)->spdsock_dump_gen = (iph)->iph_gen; \
574 	ipsec_policy_head_t *iph;  in spdsock_flush_node()  local
576 	iph = active ? itp->itp_policy : itp->itp_inactive;  in spdsock_flush_node()
577 	IPPH_REFHOLD(iph);  in spdsock_flush_node()
579 	spdsock_flush_one(iph, ns);  /* Releases iph refhold. */  in spdsock_flush_node()
593 spdsock_flush_one(ipsec_policy_head_t *iph, netstack_t *ns)  in spdsock_flush_one()  argument
595 	rw_enter(&iph->iph_lock, RW_WRITER);  in spdsock_flush_one()
596 	ipsec_polhead_flush(iph, ns);  in spdsock_flush_one()
597 	rw_exit(&iph->iph_lock);  in spdsock_flush_one()
598 	IPPH_REFRELE(iph, ns);  in spdsock_flush_one()
602 spdsock_flush(queue_t *q, ipsec_policy_head_t *iph, ipsec_tun_pol_t *itp,  in spdsock_flush()  argument
610 	if (iph != ALL_ACTIVE_POLHEADS && iph != ALL_INACTIVE_POLHEADS) {  in spdsock_flush()
611 		spdsock_flush_one(iph, ns);  in spdsock_flush()
623 		active = (iph == ALL_ACTIVE_POLHEADS);  in spdsock_flush()
982 mkrule(ipsec_policy_head_t *iph, struct spd_rule *rule,  in mkrule()  argument
1000 	if (!ipsec_check_policy(iph, pol, dir))  in mkrule()
1008 mkrulepair(ipsec_policy_head_t *iph, struct spd_rule *rule,  in mkrulepair()  argument
1015 		error = mkrule(iph, rule, sel, actp, nact, dir, IPSL_IPV4, rp,  in mkrulepair()
1021 		error = mkrule(iph, rule, sel, actp, nact, dir, IPSL_IPV6, rp,  in mkrulepair()
1031 spdsock_addrule(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp,  in spdsock_addrule()  argument
1066 		ASSERT(itp->itp_policy == iph || itp->itp_inactive == iph);  in spdsock_addrule()
1067 		active = (itp->itp_policy == iph);  in spdsock_addrule()
1068 		if (ITP_P_ISACTIVE(itp, iph)) {  in spdsock_addrule()
1070 			if ((tunnel_mode && !ITP_P_ISTUNNEL(itp, iph)) ||  in spdsock_addrule()
1071 			    (!tunnel_mode && ITP_P_ISTUNNEL(itp, iph))) {  in spdsock_addrule()
1132 	rw_enter(&iph->iph_lock, RW_WRITER);  in spdsock_addrule()
1135 		error = mkrulepair(iph, rule, &sel, actp, nact,  in spdsock_addrule()
1142 		error = mkrulepair(iph, rule, &sel, actp, nact,  in spdsock_addrule()
1149 		ipsec_enter_policy(iph, rulep->pol, rulep->dir,  in spdsock_addrule()
1152 	rw_exit(&iph->iph_lock);  in spdsock_addrule()
1171 	rw_exit(&iph->iph_lock);  in spdsock_addrule()
1195 spdsock_deleterule(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp,  in spdsock_deleterule()  argument
1230 		if (ipsec_policy_delete_index(iph, rule->spd_rule_index, ns) !=  in spdsock_deleterule()
1242 		    !ipsec_policy_delete(iph, &sel, IPSEC_TYPE_INBOUND, ns)) {  in spdsock_deleterule()
1248 		    !ipsec_policy_delete(iph, &sel, IPSEC_TYPE_OUTBOUND, ns)) {  in spdsock_deleterule()
1255 		ASSERT(iph == itp->itp_policy || iph == itp->itp_inactive);  in spdsock_deleterule()
1256 		rw_enter(&iph->iph_lock, RW_READER);  in spdsock_deleterule()
1257 		if (avl_numnodes(&iph->iph_rulebyid) == 0) {  in spdsock_deleterule()
1258 			if (iph == itp->itp_policy)  in spdsock_deleterule()
1264 		rw_exit(&iph->iph_lock);  in spdsock_deleterule()
1404 spdsock_lookup(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp,  in spdsock_lookup()  argument
1412 spdsock_dump_ruleset(mblk_t *req, ipsec_policy_head_t *iph,  in spdsock_dump_ruleset()  argument
1420 	ASSERT(RW_READ_HELD(&iph->iph_lock));  in spdsock_dump_ruleset()
1437 	ruleset->spd_ruleset_version = iph->iph_gen;  in spdsock_dump_ruleset()
1445 	ipsec_policy_head_t *iph = ss->spdsock_dump_head;  in spdsock_dump_finish()  local
1449 	rw_enter(&iph->iph_lock, RW_READER);  in spdsock_dump_finish()
1450 	m = spdsock_dump_ruleset(req, iph, ss->spdsock_dump_count, error);  in spdsock_dump_finish()
1451 	rw_exit(&iph->iph_lock);  in spdsock_dump_finish()
1452 	IPPH_REFRELE(iph, ns);  in spdsock_dump_finish()
1858 spdsock_dump_next_in_chain(spdsock_t *ss, ipsec_policy_head_t *iph,  in spdsock_dump_next_in_chain()  argument
1861 	ASSERT(RW_READ_HELD(&iph->iph_lock));  in spdsock_dump_next_in_chain()
1869 spdsock_dump_next_rule(spdsock_t *ss, ipsec_policy_head_t *iph)  in spdsock_dump_next_rule()  argument
1875 	ASSERT(RW_READ_HELD(&iph->iph_lock));  in spdsock_dump_next_rule()
1880 		return (spdsock_dump_next_in_chain(ss, iph, cur));  in spdsock_dump_next_rule()
1886 	ipr = &iph->iph_root[type];  in spdsock_dump_next_rule()
1894 			return (spdsock_dump_next_in_chain(ss, iph, cur));  in spdsock_dump_next_rule()
1905 			return (spdsock_dump_next_in_chain(ss, iph, cur));  in spdsock_dump_next_rule()
1954 	ipsec_policy_head_t *iph;  in spdsock_dump_next_record()  local
1961 	iph = ss->spdsock_dump_head;  in spdsock_dump_next_record()
1963 	ASSERT(iph != NULL);  in spdsock_dump_next_record()
1965 	rw_enter(&iph->iph_lock, RW_READER);  in spdsock_dump_next_record()
1967 	if (iph->iph_gen != ss->spdsock_dump_gen) {  in spdsock_dump_next_record()
1968 		rw_exit(&iph->iph_lock);  in spdsock_dump_next_record()
1972 	while ((rule = spdsock_dump_next_rule(ss, iph)) == NULL) {  in spdsock_dump_next_record()
1973 		rw_exit(&iph->iph_lock);  in spdsock_dump_next_record()
2004 			iph = itp->itp_policy;  in spdsock_dump_next_record()
2008 			iph = itp->itp_inactive;  in spdsock_dump_next_record()
2010 		IPPH_REFHOLD(iph);  in spdsock_dump_next_record()
2013 		rw_enter(&iph->iph_lock, RW_READER);  in spdsock_dump_next_record()
2014 		RESET_SPDSOCK_DUMP_POLHEAD(ss, iph);  in spdsock_dump_next_record()
2021 	rw_exit(&iph->iph_lock);  in spdsock_dump_next_record()
2061 spdsock_dump(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp)  in spdsock_dump()  argument
2069 	if (iph == ALL_ACTIVE_POLHEADS || iph == ALL_INACTIVE_POLHEADS) {  in spdsock_dump()
2075 		if (iph == ALL_ACTIVE_POLHEADS) {  in spdsock_dump()
2076 			iph = ipsec_system_policy(ns);  in spdsock_dump()
2079 			iph = ipsec_inactive_policy(ns);  in spdsock_dump()
2087 	rw_enter(&iph->iph_lock, RW_READER);  in spdsock_dump()
2089 	mr = spdsock_dump_ruleset(mp, iph, 0, 0);  in spdsock_dump()
2092 		rw_exit(&iph->iph_lock);  in spdsock_dump()
2098 	RESET_SPDSOCK_DUMP_POLHEAD(ss, iph);  in spdsock_dump()
2100 	rw_exit(&iph->iph_lock);  in spdsock_dump()
2890 	ipsec_policy_head_t *iph;  in get_appropriate_polhead()  local
2958 		iph = (itp == NULL) ? ipsec_system_policy(ns) : itp->itp_policy;  in get_appropriate_polhead()
2960 		iph = (itp == NULL) ? ipsec_inactive_policy(ns) :  in get_appropriate_polhead()
2963 	ASSERT(iph != NULL);  in get_appropriate_polhead()
2965 		IPPH_REFHOLD(iph);  in get_appropriate_polhead()
2968 	return (iph);  in get_appropriate_polhead()
2977 	ipsec_policy_head_t *iph;  in spdsock_parse()  local
3096 	iph = get_appropriate_polhead(q, mp, tunname, spmsg->spd_msg_spdid,  in spdsock_parse()
3098 	if (iph == NULL)  in spdsock_parse()
3113 		spdsock_flush(q, iph, itp, mp);  in spdsock_parse()
3124 		spdsock_dump(q, iph, mp);  in spdsock_parse()
3128 	if (iph == ALL_ACTIVE_POLHEADS || iph == ALL_INACTIVE_POLHEADS) {  in spdsock_parse()
3136 		spdsock_addrule(q, iph, mp, extv, itp);  in spdsock_parse()
3139 		spdsock_deleterule(q, iph, mp, extv, itp);  in spdsock_parse()
3142 		spdsock_lookup(q, iph, mp, extv, itp);  in spdsock_parse()
3149 	IPPH_REFRELE(iph, ns);  in spdsock_parse()