Lines Matching refs:ipss
149 void ipsec_fragcache_uninit(ipsec_fragcache_t *, ipsec_stack_t *ipss);
361 ipsec_stack_t *ipss = (ipsec_stack_t *)arg; in ipsec_stack_fini() local
364 netstack_t *ns = ipss->ipsec_netstack; in ipsec_stack_fini()
368 ipsec_loader_destroy(ipss); in ipsec_stack_fini()
370 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER); in ipsec_stack_fini()
379 avl_destroy_nodes(&ipss->ipsec_tunnel_policies, in ipsec_stack_fini()
383 avl_destroy(&ipss->ipsec_tunnel_policies); in ipsec_stack_fini()
384 rw_exit(&ipss->ipsec_tunnel_policy_lock); in ipsec_stack_fini()
385 rw_destroy(&ipss->ipsec_tunnel_policy_lock); in ipsec_stack_fini()
389 ipsec_kstat_destroy(ipss); in ipsec_stack_fini()
391 ip_drop_unregister(&ipss->ipsec_dropper); in ipsec_stack_fini()
393 ip_drop_unregister(&ipss->ipsec_spd_dropper); in ipsec_stack_fini()
394 ip_drop_destroy(ipss); in ipsec_stack_fini()
399 ipsec_polhead_destroy(&ipss->ipsec_system_policy); in ipsec_stack_fini()
400 ASSERT(ipss->ipsec_system_policy.iph_refs == 1); in ipsec_stack_fini()
401 ipsec_polhead_destroy(&ipss->ipsec_inactive_policy); in ipsec_stack_fini()
402 ASSERT(ipss->ipsec_inactive_policy.iph_refs == 1); in ipsec_stack_fini()
405 ipsec_action_free_table(ipss->ipsec_action_hash[i].hash_head); in ipsec_stack_fini()
406 ipss->ipsec_action_hash[i].hash_head = NULL; in ipsec_stack_fini()
407 mutex_destroy(&(ipss->ipsec_action_hash[i].hash_lock)); in ipsec_stack_fini()
410 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) { in ipsec_stack_fini()
411 ASSERT(ipss->ipsec_sel_hash[i].hash_head == NULL); in ipsec_stack_fini()
412 mutex_destroy(&(ipss->ipsec_sel_hash[i].hash_lock)); in ipsec_stack_fini()
415 mutex_enter(&ipss->ipsec_alg_lock); in ipsec_stack_fini()
417 int nalgs = ipss->ipsec_nalgs[algtype]; in ipsec_stack_fini()
420 if (ipss->ipsec_alglists[algtype][i] != NULL) in ipsec_stack_fini()
424 mutex_exit(&ipss->ipsec_alg_lock); in ipsec_stack_fini()
425 mutex_destroy(&ipss->ipsec_alg_lock); in ipsec_stack_fini()
430 (void) ipsec_free_tables(ipss); in ipsec_stack_fini()
431 kmem_free(ipss, sizeof (*ipss)); in ipsec_stack_fini()
452 ipsec_free_tables(ipsec_stack_t *ipss) in ipsec_free_tables() argument
456 if (ipss->ipsec_sel_hash != NULL) { in ipsec_free_tables()
457 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) { in ipsec_free_tables()
458 ASSERT(ipss->ipsec_sel_hash[i].hash_head == NULL); in ipsec_free_tables()
460 kmem_free(ipss->ipsec_sel_hash, ipss->ipsec_spd_hashsize * in ipsec_free_tables()
461 sizeof (*ipss->ipsec_sel_hash)); in ipsec_free_tables()
462 ipss->ipsec_sel_hash = NULL; in ipsec_free_tables()
463 ipss->ipsec_spd_hashsize = 0; in ipsec_free_tables()
465 ipsec_polhead_free_table(&ipss->ipsec_system_policy); in ipsec_free_tables()
466 ipsec_polhead_free_table(&ipss->ipsec_inactive_policy); in ipsec_free_tables()
503 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alloc_tables() local
505 error = ipsec_alloc_table(&ipss->ipsec_system_policy, in ipsec_alloc_tables()
506 ipss->ipsec_spd_hashsize, kmflag, B_TRUE, ns); in ipsec_alloc_tables()
510 error = ipsec_alloc_table(&ipss->ipsec_inactive_policy, in ipsec_alloc_tables()
511 ipss->ipsec_spd_hashsize, kmflag, B_TRUE, ns); in ipsec_alloc_tables()
515 ipss->ipsec_sel_hash = kmem_zalloc(ipss->ipsec_spd_hashsize * in ipsec_alloc_tables()
516 sizeof (*ipss->ipsec_sel_hash), kmflag); in ipsec_alloc_tables()
518 if (ipss->ipsec_sel_hash == NULL) in ipsec_alloc_tables()
519 return (ipsec_free_tables(ipss)); in ipsec_alloc_tables()
548 ipsec_kstat_init(ipsec_stack_t *ipss) in ipsec_kstat_init() argument
550 ipss->ipsec_ksp = kstat_create_netstack("ip", 0, "ipsec_stat", "net", in ipsec_kstat_init()
552 KSTAT_FLAG_PERSISTENT, ipss->ipsec_netstack->netstack_stackid); in ipsec_kstat_init()
554 if (ipss->ipsec_ksp == NULL || ipss->ipsec_ksp->ks_data == NULL) in ipsec_kstat_init()
557 ipss->ipsec_kstats = ipss->ipsec_ksp->ks_data; in ipsec_kstat_init()
559 #define KI(x) kstat_named_init(&ipss->ipsec_kstats->x, #x, KSTAT_DATA_UINT64) in ipsec_kstat_init()
570 kstat_install(ipss->ipsec_ksp); in ipsec_kstat_init()
575 ipsec_kstat_destroy(ipsec_stack_t *ipss) in ipsec_kstat_destroy() argument
577 kstat_delete_netstack(ipss->ipsec_ksp, in ipsec_kstat_destroy()
578 ipss->ipsec_netstack->netstack_stackid); in ipsec_kstat_destroy()
579 ipss->ipsec_kstats = NULL; in ipsec_kstat_destroy()
590 ipsec_stack_t *ipss; in ipsec_stack_init() local
593 ipss = (ipsec_stack_t *)kmem_zalloc(sizeof (*ipss), KM_SLEEP); in ipsec_stack_init()
594 ipss->ipsec_netstack = ns; in ipsec_stack_init()
605 ns->netstack_ipsec = ipss; in ipsec_stack_init()
612 ipss->ipsec_spd_hashsize = (ipsec_spd_hashsize == 0) ? in ipsec_stack_init()
618 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
619 ipss->ipsec_spd_hashsize = IPSEC_SPDHASH_DEFAULT; in ipsec_stack_init()
621 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
626 ipss->ipsec_tun_spd_hashsize = (tun_spd_hashsize == 0) ? in ipsec_stack_init()
634 ipss->ipsec_system_policy.iph_refs = 1; in ipsec_stack_init()
635 ipss->ipsec_inactive_policy.iph_refs = 1; in ipsec_stack_init()
636 ipsec_polhead_init(&ipss->ipsec_system_policy, in ipsec_stack_init()
637 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
638 ipsec_polhead_init(&ipss->ipsec_inactive_policy, in ipsec_stack_init()
639 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
640 rw_init(&ipss->ipsec_tunnel_policy_lock, NULL, RW_DEFAULT, NULL); in ipsec_stack_init()
641 avl_create(&ipss->ipsec_tunnel_policies, tunnel_compare, in ipsec_stack_init()
644 ipss->ipsec_next_policy_index = 1; in ipsec_stack_init()
646 rw_init(&ipss->ipsec_system_policy.iph_lock, NULL, RW_DEFAULT, NULL); in ipsec_stack_init()
647 rw_init(&ipss->ipsec_inactive_policy.iph_lock, NULL, RW_DEFAULT, NULL); in ipsec_stack_init()
650 mutex_init(&(ipss->ipsec_action_hash[i].hash_lock), in ipsec_stack_init()
653 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) in ipsec_stack_init()
654 mutex_init(&(ipss->ipsec_sel_hash[i].hash_lock), in ipsec_stack_init()
657 mutex_init(&ipss->ipsec_alg_lock, NULL, MUTEX_DEFAULT, NULL); in ipsec_stack_init()
659 ipss->ipsec_nalgs[i] = 0; in ipsec_stack_init()
662 ip_drop_init(ipss); in ipsec_stack_init()
663 ip_drop_register(&ipss->ipsec_spd_dropper, "IPsec SPD"); in ipsec_stack_init()
666 ip_drop_register(&ipss->ipsec_dropper, "IP IPsec processing"); in ipsec_stack_init()
668 (void) ipsec_kstat_init(ipss); in ipsec_stack_init()
670 ipsec_loader_init(ipss); in ipsec_stack_init()
671 ipsec_loader_start(ipss); in ipsec_stack_init()
673 return (ipss); in ipsec_stack_init()
712 ipsec_stack_t *ipss = ns->netstack_ipsec; in alg_insert_sortlist() local
713 ipsec_alginfo_t *ai = ipss->ipsec_alglists[at][algid]; in alg_insert_sortlist()
716 uint_t count = ipss->ipsec_nalgs[at]; in alg_insert_sortlist()
720 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in alg_insert_sortlist()
727 alt = ipss->ipsec_alglists[at][ipss->ipsec_sortlist[at][i]]; in alg_insert_sortlist()
734 swap = ipss->ipsec_sortlist[at][i]; in alg_insert_sortlist()
735 ipss->ipsec_sortlist[at][i] = holder; in alg_insert_sortlist()
742 ipss->ipsec_sortlist[at][i] = holder; in alg_insert_sortlist()
754 ipsec_stack_t *ipss = ns->netstack_ipsec; in alg_remove_sortlist() local
755 int newcount = ipss->ipsec_nalgs[at]; in alg_remove_sortlist()
757 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in alg_remove_sortlist()
761 ipss->ipsec_sortlist[at][i-1] = in alg_remove_sortlist()
762 ipss->ipsec_sortlist[at][i]; in alg_remove_sortlist()
763 } else if (ipss->ipsec_sortlist[at][i] == algid) { in alg_remove_sortlist()
776 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alg_reg() local
778 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in ipsec_alg_reg()
780 ASSERT(ipss->ipsec_alglists[algtype][alg->alg_id] == NULL); in ipsec_alg_reg()
782 ipss->ipsec_alglists[algtype][alg->alg_id] = alg; in ipsec_alg_reg()
784 ipss->ipsec_nalgs[algtype]++; in ipsec_alg_reg()
795 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alg_unreg() local
797 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in ipsec_alg_unreg()
799 ASSERT(ipss->ipsec_alglists[algtype][algid] != NULL); in ipsec_alg_unreg()
800 ipsec_alg_free(ipss->ipsec_alglists[algtype][algid]); in ipsec_alg_unreg()
801 ipss->ipsec_alglists[algtype][algid] = NULL; in ipsec_alg_unreg()
803 ipss->ipsec_nalgs[algtype]--; in ipsec_alg_unreg()
814 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_system_policy() local
815 ipsec_policy_head_t *h = &ipss->ipsec_system_policy; in ipsec_system_policy()
824 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_inactive_policy() local
825 ipsec_policy_head_t *h = &ipss->ipsec_inactive_policy; in ipsec_inactive_policy()
889 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_swap_global_policy() local
891 ipsec_swap_policy(&ipss->ipsec_system_policy, in ipsec_swap_global_policy()
892 &ipss->ipsec_inactive_policy, ns); in ipsec_swap_global_policy()
1011 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_clone_system_policy() local
1013 return (ipsec_copy_polhead(&ipss->ipsec_system_policy, in ipsec_clone_system_policy()
1014 &ipss->ipsec_inactive_policy, ns)); in ipsec_clone_system_policy()
1030 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_log_policy_failure() local
1045 ipss->ipsec_policy_failure_count[type]++; in ipsec_log_policy_failure()
1064 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_rl_strlog() local
1075 if (ipss->ipsec_policy_failure_last + in ipsec_rl_strlog()
1080 ipss->ipsec_policy_failure_last = current; in ipsec_rl_strlog()
1088 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_config_flush() local
1090 rw_enter(&ipss->ipsec_system_policy.iph_lock, RW_WRITER); in ipsec_config_flush()
1091 ipsec_polhead_flush(&ipss->ipsec_system_policy, ns); in ipsec_config_flush()
1092 ipss->ipsec_next_policy_index = 1; in ipsec_config_flush()
1093 rw_exit(&ipss->ipsec_system_policy.iph_lock); in ipsec_config_flush()
1094 ipsec_action_reclaim_stack(ipss); in ipsec_config_flush()
1105 ipsec_stack_t *ipss = ns->netstack_ipsec; in act_alg_adjust() local
1106 ipsec_alginfo_t *algp = ipss->ipsec_alglists[algtype][algid]; in act_alg_adjust()
1141 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_action() local
1146 ipss->ipsec_alglists[IPSEC_ALG_AUTH][ipp->ipp_auth_alg] == NULL) { in ipsec_check_action()
1151 ipss->ipsec_alglists[IPSEC_ALG_AUTH][ipp->ipp_esp_auth_alg] == in ipsec_check_action()
1157 ipss->ipsec_alglists[IPSEC_ALG_ENCR][ipp->ipp_encr_alg] == NULL) { in ipsec_check_action()
1223 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_act_wildcard_expand() local
1264 #define SET_EXP_MINMAX(type, wild, alg, min, max, ipss) \ in ipsec_act_wildcard_expand() argument
1266 int nalgs = ipss->ipsec_nalgs[type]; \ in ipsec_act_wildcard_expand()
1267 if (ipss->ipsec_alglists[type][alg] != NULL) \ in ipsec_act_wildcard_expand()
1271 max = ipss->ipsec_nalgs[type] - 1; \ in ipsec_act_wildcard_expand()
1275 auth_min, auth_max, ipss); in ipsec_act_wildcard_expand()
1277 eauth_min, eauth_max, ipss); in ipsec_act_wildcard_expand()
1279 encr_min, encr_max, ipss); in ipsec_act_wildcard_expand()
1303 #define WHICH_ALG(type, wild, idx, ipss) \ in ipsec_act_wildcard_expand() argument
1304 ((wild)?(ipss->ipsec_sortlist[type][idx]):(idx)) in ipsec_act_wildcard_expand()
1307 encr_alg = WHICH_ALG(IPSEC_ALG_ENCR, wild_encr, encr_idx, ipss); in ipsec_act_wildcard_expand()
1312 auth_idx, ipss); in ipsec_act_wildcard_expand()
1318 wild_eauth, eauth_idx, ipss); in ipsec_act_wildcard_expand()
1528 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_unique() local
1552 *counter = DROPPER(ipss, ipds_spd_ah_innermismatch); in ipsec_check_ipsecin_unique()
1558 *counter = DROPPER(ipss, ipds_spd_esp_innermismatch); in ipsec_check_ipsecin_unique()
1574 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_action() local
1592 *counter = DROPPER(ipss, ipds_spd_loopback_mismatch); in ipsec_check_ipsecin_action()
1608 *counter = DROPPER(ipss, ipds_spd_explicit); in ipsec_check_ipsecin_action()
1614 *counter = DROPPER(ipss, ipds_spd_got_secure); in ipsec_check_ipsecin_action()
1632 *counter = DROPPER(ipss, ipds_spd_got_clear); in ipsec_check_ipsecin_action()
1641 *counter = DROPPER(ipss, ipds_spd_bad_ahalg); in ipsec_check_ipsecin_action()
1651 *counter = DROPPER(ipss, ipds_spd_got_ah); in ipsec_check_ipsecin_action()
1660 *counter = DROPPER(ipss, ipds_spd_got_clear); in ipsec_check_ipsecin_action()
1669 *counter = DROPPER(ipss, ipds_spd_bad_espealg); in ipsec_check_ipsecin_action()
1681 *counter = DROPPER(ipss, in ipsec_check_ipsecin_action()
1693 *counter = DROPPER(ipss, ipds_spd_got_esp); in ipsec_check_ipsecin_action()
1704 *counter = DROPPER(ipss, in ipsec_check_ipsecin_action()
1717 *counter = DROPPER(ipss, ipds_spd_got_selfencap); in ipsec_check_ipsecin_action()
1803 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_latch() local
1817 *counter = DROPPER(ipss, ipds_spd_ah_badid); in ipsec_check_ipsecin_latch()
1826 *counter = DROPPER(ipss, ipds_spd_esp_badid); in ipsec_check_ipsecin_latch()
1863 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_policy() local
1866 counter = DROPPER(ipss, ipds_spd_got_secure); in ipsec_check_ipsecin_policy()
1889 counter = DROPPER(ipss, ipds_spd_ahesp_diffid); in ipsec_check_ipsecin_policy()
1918 &ipss->ipsec_spd_dropper); in ipsec_check_ipsecin_policy()
2089 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_find_policy() local
2091 p = ipsec_find_policy_head(NULL, &ipss->ipsec_system_policy, in ipsec_find_policy()
2124 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_global_policy() local
2132 policy_present = ipss->ipsec_inbound_v4_policy_present; in ipsec_check_global_policy()
2134 policy_present = ipss->ipsec_inbound_v6_policy_present; in ipsec_check_global_policy()
2167 counter = DROPPER(ipss, ipds_spd_nomem); in ipsec_check_global_policy()
2196 counter = DROPPER(ipss, ipds_spd_got_secure); in ipsec_check_global_policy()
2220 counter = DROPPER(ipss, ipds_spd_got_clear); in ipsec_check_global_policy()
2224 &ipss->ipsec_spd_dropper); in ipsec_check_global_policy()
2461 ipsec_stack_t *ipss; in ipsec_check_inbound_policy() local
2469 ipss = ns->netstack_ipsec; in ipsec_check_inbound_policy()
2485 DROPPER(ipss, ipds_spd_got_clear), in ipsec_check_inbound_policy()
2486 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2513 DROPPER(ipss, ipds_spd_got_clear), in ipsec_check_inbound_policy()
2514 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2551 DROPPER(ipss, ipds_spd_got_clear), in ipsec_check_inbound_policy()
2552 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2607 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2816 ip6_t *ip6h, int outer_hdr_len, ipsec_stack_t *ipss) in ipsec_init_outbound_ports() argument
2852 DROPPER(ipss, ipds_spd_nomem), in ipsec_init_outbound_ports()
2853 &ipss->ipsec_spd_dropper); in ipsec_init_outbound_ports()
2890 DROPPER(ipss, ipds_spd_nomem), in ipsec_init_outbound_ports()
2891 &ipss->ipsec_spd_dropper); in ipsec_init_outbound_ports()
3128 ipsec_stack_t *ipss = ns->netstack_ipsec; in selkey_hash() local
3136 ipss->ipsec_spd_hashsize)); in selkey_hash()
3142 ipss->ipsec_spd_hashsize)); in selkey_hash()
3174 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_act_find() local
3183 HASH_LOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3186 ipss->ipsec_action_hash, hval)) { in ipsec_act_find()
3194 HASH_UNLOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3203 HASH_UNLOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3208 HASH_INSERT(ap, ipa_hash, ipss->ipsec_action_hash, hval); in ipsec_act_find()
3239 HASH_UNLOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3305 ipsec_stack_t *ipss; in ipsec_action_reclaim() local
3313 if ((ipss = ns->netstack_ipsec) == NULL) { in ipsec_action_reclaim()
3317 ipsec_action_reclaim_stack(ipss); in ipsec_action_reclaim()
3335 ipsec_action_reclaim_stack(ipsec_stack_t *ipss) in ipsec_action_reclaim_stack() argument
3343 if (ipss->ipsec_action_hash[i].hash_head == NULL) in ipsec_action_reclaim_stack()
3346 HASH_LOCK(ipss->ipsec_action_hash, i); in ipsec_action_reclaim_stack()
3347 for (ap = ipss->ipsec_action_hash[i].hash_head; in ipsec_action_reclaim_stack()
3354 ipss->ipsec_action_hash, i); in ipsec_action_reclaim_stack()
3357 HASH_UNLOCK(ipss->ipsec_action_hash, i); in ipsec_action_reclaim_stack()
3370 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_find_sel() local
3384 ASSERT(!HASH_LOCKED(ipss->ipsec_sel_hash, bucket)); in ipsec_find_sel()
3385 HASH_LOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3387 for (HASH_ITERATE(sp, ipsl_hash, ipss->ipsec_sel_hash, bucket)) { in ipsec_find_sel()
3395 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3401 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3405 HASH_INSERT(sp, ipsl_hash, ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3414 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3424 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_sel_rel() local
3431 ASSERT(!HASH_LOCKED(ipss->ipsec_sel_hash, hval)); in ipsec_sel_rel()
3432 HASH_LOCK(ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3434 HASH_UNCHAIN(sp, ipsl_hash, ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3436 HASH_UNLOCK(ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3443 HASH_UNLOCK(ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3473 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_policy_create() local
3476 index_ptr = &ipss->ipsec_next_policy_index; in ipsec_policy_create()
3507 ipsec_update_present_flags(ipsec_stack_t *ipss) in ipsec_update_present_flags() argument
3511 hashpol = (avl_numnodes(&ipss->ipsec_system_policy.iph_rulebyid) > 0); in ipsec_update_present_flags()
3514 ipss->ipsec_outbound_v4_policy_present = B_TRUE; in ipsec_update_present_flags()
3515 ipss->ipsec_outbound_v6_policy_present = B_TRUE; in ipsec_update_present_flags()
3516 ipss->ipsec_inbound_v4_policy_present = B_TRUE; in ipsec_update_present_flags()
3517 ipss->ipsec_inbound_v6_policy_present = B_TRUE; in ipsec_update_present_flags()
3521 ipss->ipsec_outbound_v4_policy_present = (NULL != in ipsec_update_present_flags()
3522 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_OUTBOUND]. in ipsec_update_present_flags()
3524 ipss->ipsec_outbound_v6_policy_present = (NULL != in ipsec_update_present_flags()
3525 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_OUTBOUND]. in ipsec_update_present_flags()
3527 ipss->ipsec_inbound_v4_policy_present = (NULL != in ipsec_update_present_flags()
3528 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_INBOUND]. in ipsec_update_present_flags()
3530 ipss->ipsec_inbound_v6_policy_present = (NULL != in ipsec_update_present_flags()
3531 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_INBOUND]. in ipsec_update_present_flags()
4204 ipsec_stack_t *ipss = ns->netstack_ipsec; in ip_output_attach_policy() local
4207 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen; in ip_output_attach_policy()
4212 policy_present = ipss->ipsec_outbound_v4_policy_present; in ip_output_attach_policy()
4214 policy_present = ipss->ipsec_outbound_v6_policy_present; in ip_output_attach_policy()
4232 if (!ipsec_init_outbound_ports(&sel, mp, ipha, ip6h, 0, ipss)) { in ip_output_attach_policy()
4279 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_conn_cache_policy() local
4282 ipss->ipsec_system_policy.iph_gen; in ipsec_conn_cache_policy()
4317 (ipss->ipsec_outbound_v4_policy_present || in ipsec_conn_cache_policy()
4318 ipss->ipsec_inbound_v4_policy_present) : in ipsec_conn_cache_policy()
4319 (ipss->ipsec_outbound_v6_policy_present || in ipsec_conn_cache_policy()
4320 ipss->ipsec_inbound_v6_policy_present); in ipsec_conn_cache_policy()
4412 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_cache_outbound_policy() local
4414 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen; in ipsec_cache_outbound_policy()
4436 (ipss->ipsec_outbound_v4_policy_present || in ipsec_cache_outbound_policy()
4437 ipss->ipsec_inbound_v4_policy_present) : in ipsec_cache_outbound_policy()
4438 (ipss->ipsec_outbound_v6_policy_present || in ipsec_cache_outbound_policy()
4439 ipss->ipsec_inbound_v6_policy_present); in ipsec_cache_outbound_policy()
4501 ipsec_stack_t *ipss = ixa->ixa_ipst->ips_netstack->netstack_ipsec; in ipsec_outbound_policy_current() local
4506 return (ixa->ixa_ipsec_policy_gen == ipss->ipsec_system_policy.iph_gen); in ipsec_outbound_policy_current()
4561 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_lookup() local
4564 bucket = &ipss->ipsec_ipsid_buckets[ipsid_hash(idtype, idstring)]; in ipsid_lookup()
4616 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_gc() local
4619 bucket = &ipss->ipsec_ipsid_buckets[i]; in ipsid_gc()
4664 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_init() local
4667 bucket = &ipss->ipsec_ipsid_buckets[i]; in ipsid_init()
4680 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_fini() local
4683 bucket = &ipss->ipsec_ipsid_buckets[i]; in ipsid_fini()
4704 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alg_fix_min_max() local
4706 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in ipsec_alg_fix_min_max()
5041 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_prov_update_callback_stack() local
5059 mutex_enter(&ipss->ipsec_alg_lock); in ipsec_prov_update_callback_stack()
5061 for (algidx = 0; algidx < ipss->ipsec_nalgs[algtype]; in ipsec_prov_update_callback_stack()
5064 algid = ipss->ipsec_sortlist[algtype][algidx]; in ipsec_prov_update_callback_stack()
5065 alg = ipss->ipsec_alglists[algtype][algid]; in ipsec_prov_update_callback_stack()
5122 mutex_exit(&ipss->ipsec_alg_lock); in ipsec_prov_update_callback_stack()
5193 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_tun_outbound() local
5240 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_outbound()
5241 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5279 outer_hdr_len, ipss); in ipsec_tun_outbound()
5299 DROPPER(ipss, in ipsec_tun_outbound()
5301 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5326 DROPPER(ipss, in ipsec_tun_outbound()
5328 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5343 inner_ipv4, inner_ipv6, outer_hdr_len, ipss)) { in ipsec_tun_outbound()
5389 DROPPER(ipss, ipds_spd_explicit), in ipsec_tun_outbound()
5390 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5557 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_tun_inbound() local
5563 global_present = ipss->ipsec_inbound_v4_policy_present; in ipsec_tun_inbound()
5566 global_present = ipss->ipsec_inbound_v6_policy_present; in ipsec_tun_inbound()
5607 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5608 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5617 DROPPER(ipss, ipds_spd_got_clear), in ipsec_tun_inbound()
5618 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5633 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5634 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5666 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5667 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5672 mp, data_mp, outer_hdr_len, ipss); in ipsec_tun_inbound()
5722 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5723 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5727 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_tun_inbound()
5728 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5792 DROPPER(ipss, ipds_spd_got_clear), in ipsec_tun_inbound()
5793 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5837 DROPPER(ipss, ipds_spd_explicit), in ipsec_tun_inbound()
5838 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5862 DROPPER(ipss, ipds_spd_got_secure), in ipsec_tun_inbound()
5863 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5953 ipsec_stack_t *ipss = ns->netstack_ipsec; in itp_unlink() local
5955 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER); in itp_unlink()
5956 ipss->ipsec_tunnel_policy_gen++; in itp_unlink()
5957 ipsec_fragcache_uninit(&node->itp_fragcache, ipss); in itp_unlink()
5958 avl_remove(&ipss->ipsec_tunnel_policies, node); in itp_unlink()
5959 rw_exit(&ipss->ipsec_tunnel_policy_lock); in itp_unlink()
5971 ipsec_stack_t *ipss = ns->netstack_ipsec; in get_tunnel_policy() local
5975 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_READER); in get_tunnel_policy()
5976 node = (ipsec_tun_pol_t *)avl_find(&ipss->ipsec_tunnel_policies, in get_tunnel_policy()
5981 rw_exit(&ipss->ipsec_tunnel_policy_lock); in get_tunnel_policy()
5995 ipsec_stack_t *ipss = ns->netstack_ipsec; in itp_walk() local
5997 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_READER); in itp_walk()
5998 for (node = avl_first(&ipss->ipsec_tunnel_policies); node != NULL; in itp_walk()
5999 node = AVL_NEXT(&ipss->ipsec_tunnel_policies, node)) { in itp_walk()
6002 rw_exit(&ipss->ipsec_tunnel_policy_lock); in itp_walk()
6011 ipsec_stack_t *ipss = ns->netstack_ipsec; in tunnel_polhead_init() local
6016 if (ipsec_alloc_table(iph, ipss->ipsec_tun_spd_hashsize, in tunnel_polhead_init()
6021 ipsec_polhead_init(iph, ipss->ipsec_tun_spd_hashsize); in tunnel_polhead_init()
6035 ipsec_stack_t *ipss = ns->netstack_ipsec; in create_tunnel_policy() local
6050 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER); in create_tunnel_policy()
6051 existing = (ipsec_tun_pol_t *)avl_find(&ipss->ipsec_tunnel_policies, in create_tunnel_policy()
6056 rw_exit(&ipss->ipsec_tunnel_policy_lock); in create_tunnel_policy()
6059 ipss->ipsec_tunnel_policy_gen++; in create_tunnel_policy()
6060 *gen = ipss->ipsec_tunnel_policy_gen; in create_tunnel_policy()
6063 avl_insert(&ipss->ipsec_tunnel_policies, newbie, where); in create_tunnel_policy()
6085 rw_exit(&ipss->ipsec_tunnel_policy_lock); in create_tunnel_policy()
6207 ipsec_fragcache_uninit(ipsec_fragcache_t *frag, ipsec_stack_t *ipss) in ipsec_fragcache_uninit() argument
6219 fep = fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_uninit()
6256 int outer_hdr_len, ipsec_stack_t *ipss) in ipsec_fragcache_add() argument
6287 DROPPER(ipss, ipds_spd_nomem), in ipsec_fragcache_add()
6288 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6316 DROPPER(ipss, ipds_spd_malformed_packet), in ipsec_fragcache_add()
6317 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6335 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6336 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6357 ipsec_fragcache_clean(frag, ipss); in ipsec_fragcache_add()
6412 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6415 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6416 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6426 ipsec_fragcache_clean(frag, ipss); in ipsec_fragcache_add()
6430 DROPPER(ipss, ipds_spd_nomem), in ipsec_fragcache_add()
6431 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6532 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6533 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6573 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6576 DROPPER(ipss, ipds_spd_overlap_frag), in ipsec_fragcache_add()
6577 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6595 DROPPER(ipss, ipds_spd_evil_frag), in ipsec_fragcache_add()
6596 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6637 ipss); in ipsec_fragcache_add()
6640 DROPPER(ipss, in ipsec_fragcache_add()
6642 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6679 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6685 DROPPER(ipss, ipds_spd_max_frags), in ipsec_fragcache_add()
6686 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6738 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6739 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6788 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6797 DROPPER(ipss, ipds_spd_evil_frag), in ipsec_fragcache_add()
6798 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6827 ipsec_fragcache_clean(ipsec_fragcache_t *frag, ipsec_stack_t *ipss) in ipsec_fragcache_clean() argument
6846 fep = fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_clean()
6862 (void) fragcache_delentry(earlyi, earlyfep, frag, ipss); in ipsec_fragcache_clean()
6867 ipsec_fragcache_t *frag, ipsec_stack_t *ipss) in fragcache_delentry() argument
6878 DROPPER(ipss, ipds_spd_expired_frags), in fragcache_delentry()
6879 &ipss->ipsec_spd_dropper); in fragcache_delentry()