4022 ipsec_in_to_out(ip_recv_attr_t *ira, ip_xmit_attr_t *ixa, mblk_t *data_mp,  in ipsec_in_to_out()  argument
4027 	netstack_t	*ns = ixa->ixa_ipst->ips_netstack;  in ipsec_in_to_out()
4048 	ixa->ixa_ipsec_action = reflect_action;  in ipsec_in_to_out()
4055 	ixa->ixa_ipsec_src_port = sel.ips_local_port;  in ipsec_in_to_out()
4056 	ixa->ixa_ipsec_dst_port = sel.ips_remote_port;  in ipsec_in_to_out()
4057 	ixa->ixa_ipsec_proto = sel.ips_protocol;  in ipsec_in_to_out()
4058 	ixa->ixa_ipsec_icmp_type = sel.ips_icmp_type;  in ipsec_in_to_out()
4059 	ixa->ixa_ipsec_icmp_code = sel.ips_icmp_code;  in ipsec_in_to_out()
4068 		ixa->ixa_flags |= IXAF_IPSEC_SECURE;  in ipsec_in_to_out()
4070 		ixa->ixa_flags |= IXAF_NO_IPSEC;  in ipsec_in_to_out()
4076 ipsec_out_release_refs(ip_xmit_attr_t *ixa)  in ipsec_out_release_refs()  argument
4078 	if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE))  in ipsec_out_release_refs()
4081 	if (ixa->ixa_ipsec_ah_sa != NULL) {  in ipsec_out_release_refs()
4082 		IPSA_REFRELE(ixa->ixa_ipsec_ah_sa);  in ipsec_out_release_refs()
4083 		ixa->ixa_ipsec_ah_sa = NULL;  in ipsec_out_release_refs()
4085 	if (ixa->ixa_ipsec_esp_sa != NULL) {  in ipsec_out_release_refs()
4086 		IPSA_REFRELE(ixa->ixa_ipsec_esp_sa);  in ipsec_out_release_refs()
4087 		ixa->ixa_ipsec_esp_sa = NULL;  in ipsec_out_release_refs()
4089 	if (ixa->ixa_ipsec_policy != NULL) {  in ipsec_out_release_refs()
4090 		IPPOL_REFRELE(ixa->ixa_ipsec_policy);  in ipsec_out_release_refs()
4091 		ixa->ixa_ipsec_policy = NULL;  in ipsec_out_release_refs()
4093 	if (ixa->ixa_ipsec_action != NULL) {  in ipsec_out_release_refs()
4094 		IPACT_REFRELE(ixa->ixa_ipsec_action);  in ipsec_out_release_refs()
4095 		ixa->ixa_ipsec_action = NULL;  in ipsec_out_release_refs()
4097 	if (ixa->ixa_ipsec_latch) {  in ipsec_out_release_refs()
4098 		IPLATCH_REFRELE(ixa->ixa_ipsec_latch);  in ipsec_out_release_refs()
4099 		ixa->ixa_ipsec_latch = NULL;  in ipsec_out_release_refs()
4102 	ixa->ixa_ipsec_ref[0].ipsr_sa = NULL;  in ipsec_out_release_refs()
4103 	ixa->ixa_ipsec_ref[0].ipsr_bucket = NULL;  in ipsec_out_release_refs()
4104 	ixa->ixa_ipsec_ref[0].ipsr_gen = 0;  in ipsec_out_release_refs()
4105 	ixa->ixa_ipsec_ref[1].ipsr_sa = NULL;  in ipsec_out_release_refs()
4106 	ixa->ixa_ipsec_ref[1].ipsr_bucket = NULL;  in ipsec_out_release_refs()
4107 	ixa->ixa_ipsec_ref[1].ipsr_gen = 0;  in ipsec_out_release_refs()
4108 	ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;  in ipsec_out_release_refs()
4139 ipsec_out_to_in(ip_xmit_attr_t *ixa, ill_t *ill, ip_recv_attr_t *ira)  in ipsec_out_to_in()  argument
4146 	ira->ira_zoneid = ixa->ixa_zoneid;  in ipsec_out_to_in()
4147 	ira->ira_cred = ixa->ixa_cred;  in ipsec_out_to_in()
4148 	ira->ira_cpid = ixa->ixa_cpid;  in ipsec_out_to_in()
4149 	ira->ira_tsl = ixa->ixa_tsl;  in ipsec_out_to_in()
4151 	ira->ira_flags = ixa->ixa_flags & IAF_MASK;  in ipsec_out_to_in()
4152 	ira->ira_no_loop_zoneid = ixa->ixa_no_loop_zoneid;  in ipsec_out_to_in()
4153 	ira->ira_pktlen = ixa->ixa_pktlen;  in ipsec_out_to_in()
4154 	ira->ira_ip_hdr_length = ixa->ixa_ip_hdr_length;  in ipsec_out_to_in()
4155 	ira->ira_protocol = ixa->ixa_protocol;  in ipsec_out_to_in()
4160 	ira->ira_sqp = ixa->ixa_sqp;  in ipsec_out_to_in()
4166 	if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE))  in ipsec_out_to_in()
4174 	act = ixa->ixa_ipsec_action;  in ipsec_out_to_in()
4176 		pol = ixa->ixa_ipsec_policy;  in ipsec_out_to_in()
4182 	ixa->ixa_ipsec_action = NULL;  in ipsec_out_to_in()
4198     const conn_t *connp, ip_xmit_attr_t *ixa)  in ip_output_attach_policy()  argument
4202 	ip_stack_t	*ipst = ixa->ixa_ipst;  in ip_output_attach_policy()
4207 	ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen;  in ip_output_attach_policy()
4230 	sel.ips_protocol = ixa->ixa_protocol;  in ip_output_attach_policy()
4242 	ASSERT(ixa->ixa_ipsec_policy == NULL);  in ip_output_attach_policy()
4244 	ixa->ixa_ipsec_policy = p;  in ip_output_attach_policy()
4246 		ixa->ixa_flags |= IXAF_IPSEC_SECURE;  in ip_output_attach_policy()
4248 			ixa->ixa_flags |= IXAF_IPSEC_GLOBAL_POLICY;  in ip_output_attach_policy()
4250 		ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;  in ip_output_attach_policy()
4256 	ixa->ixa_ipsec_src_port = sel.ips_local_port;  in ip_output_attach_policy()
4257 	ixa->ixa_ipsec_dst_port = sel.ips_remote_port;  in ip_output_attach_policy()
4258 	ixa->ixa_ipsec_icmp_type = sel.ips_icmp_type;  in ip_output_attach_policy()
4259 	ixa->ixa_ipsec_icmp_code = sel.ips_icmp_code;  in ip_output_attach_policy()
4260 	ixa->ixa_ipsec_proto = sel.ips_protocol;  in ip_output_attach_policy()
4407     const in6_addr_t *v6dst, in_port_t dstport, ip_xmit_attr_t *ixa)  in ipsec_cache_outbound_policy()  argument
4409 	boolean_t	isv4 = (ixa->ixa_flags & IXAF_IS_IPV4) != 0;  in ipsec_cache_outbound_policy()
4414 	ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen;  in ipsec_cache_outbound_policy()
4423 		ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;  in ipsec_cache_outbound_policy()
4424 		if (ixa->ixa_ipsec_policy != NULL) {  in ipsec_cache_outbound_policy()
4425 			IPPOL_REFRELE(ixa->ixa_ipsec_policy);  in ipsec_cache_outbound_policy()
4426 			ixa->ixa_ipsec_policy = NULL;  in ipsec_cache_outbound_policy()
4428 		if (ixa->ixa_ipsec_action != NULL) {  in ipsec_cache_outbound_policy()
4429 			IPACT_REFRELE(ixa->ixa_ipsec_action);  in ipsec_cache_outbound_policy()
4430 			ixa->ixa_ipsec_action = NULL;  in ipsec_cache_outbound_policy()
4461 		if (ixa->ixa_ipsec_policy != NULL)  in ipsec_cache_outbound_policy()
4462 			IPPOL_REFRELE(ixa->ixa_ipsec_policy);  in ipsec_cache_outbound_policy()
4463 		ixa->ixa_ipsec_policy = p;  in ipsec_cache_outbound_policy()
4465 			ixa->ixa_flags |= IXAF_IPSEC_SECURE;  in ipsec_cache_outbound_policy()
4467 				ixa->ixa_flags |= IXAF_IPSEC_GLOBAL_POLICY;  in ipsec_cache_outbound_policy()
4469 			ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;  in ipsec_cache_outbound_policy()
4472 		if (ixa->ixa_ipsec_action != NULL) {  in ipsec_cache_outbound_policy()
4473 			IPACT_REFRELE(ixa->ixa_ipsec_action);  in ipsec_cache_outbound_policy()
4474 			ixa->ixa_ipsec_action = NULL;  in ipsec_cache_outbound_policy()
4477 		ixa->ixa_ipsec_src_port = sel.ips_local_port;  in ipsec_cache_outbound_policy()
4478 		ixa->ixa_ipsec_dst_port = sel.ips_remote_port;  in ipsec_cache_outbound_policy()
4479 		ixa->ixa_ipsec_icmp_type = sel.ips_icmp_type;  in ipsec_cache_outbound_policy()
4480 		ixa->ixa_ipsec_icmp_code = sel.ips_icmp_code;  in ipsec_cache_outbound_policy()
4481 		ixa->ixa_ipsec_proto = sel.ips_protocol;  in ipsec_cache_outbound_policy()
4483 		ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;  in ipsec_cache_outbound_policy()
4484 		if (ixa->ixa_ipsec_policy != NULL) {  in ipsec_cache_outbound_policy()
4485 			IPPOL_REFRELE(ixa->ixa_ipsec_policy);  in ipsec_cache_outbound_policy()
4486 			ixa->ixa_ipsec_policy = NULL;  in ipsec_cache_outbound_policy()
4488 		if (ixa->ixa_ipsec_action != NULL) {  in ipsec_cache_outbound_policy()
4489 			IPACT_REFRELE(ixa->ixa_ipsec_action);  in ipsec_cache_outbound_policy()
4490 			ixa->ixa_ipsec_action = NULL;  in ipsec_cache_outbound_policy()
4499 ipsec_outbound_policy_current(ip_xmit_attr_t *ixa)  in ipsec_outbound_policy_current()  argument
4501 	ipsec_stack_t	*ipss = ixa->ixa_ipst->ips_netstack->netstack_ipsec;  in ipsec_outbound_policy_current()
4503 	if (!(ixa->ixa_flags & IXAF_IPSEC_GLOBAL_POLICY))  in ipsec_outbound_policy_current()
4506 	return (ixa->ixa_ipsec_policy_gen == ipss->ipsec_system_policy.iph_gen);  in ipsec_outbound_policy_current()
5183     ip_xmit_attr_t *ixa)  in ipsec_tun_outbound()  argument
5199 	if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE)) {  in ipsec_tun_outbound()
5200 		ASSERT(ixa->ixa_ipsec_policy == NULL);  in ipsec_tun_outbound()
5201 		ASSERT(ixa->ixa_ipsec_latch == NULL);  in ipsec_tun_outbound()
5202 		ASSERT(ixa->ixa_ipsec_action == NULL);  in ipsec_tun_outbound()
5203 		ASSERT(ixa->ixa_ipsec_ah_sa == NULL);  in ipsec_tun_outbound()
5204 		ASSERT(ixa->ixa_ipsec_esp_sa == NULL);  in ipsec_tun_outbound()
5400 	ixa->ixa_ipsec_policy = pol;  in ipsec_tun_outbound()
5406 	ixa->ixa_zoneid = iptun->iptun_connp->conn_zoneid;  in ipsec_tun_outbound()
5408 	ASSERT((outer_ipv4 != NULL) ? (ixa->ixa_flags & IXAF_IS_IPV4) :  in ipsec_tun_outbound()
5409 	    !(ixa->ixa_flags & IXAF_IS_IPV4));  in ipsec_tun_outbound()
5410 	ASSERT(ixa->ixa_ipsec_policy != NULL);  in ipsec_tun_outbound()
5411 	ixa->ixa_flags |= IXAF_IPSEC_SECURE;  in ipsec_tun_outbound()
5415 		ixa->ixa_ipsec_proto = (inner_ipv4 != NULL) ? IPPROTO_ENCAP :  in ipsec_tun_outbound()
5421 	ixa->ixa_flags |= IXAF_IPSEC_TUNNEL;  in ipsec_tun_outbound()
5424 		ixa->ixa_ipsec_inaf = AF_INET;  in ipsec_tun_outbound()
5425 		ixa->ixa_ipsec_insrc[0] =  in ipsec_tun_outbound()
5427 		ixa->ixa_ipsec_indst[0] =  in ipsec_tun_outbound()
5430 		ixa->ixa_ipsec_inaf = AF_INET6;  in ipsec_tun_outbound()
5431 		ixa->ixa_ipsec_insrc[0] =  in ipsec_tun_outbound()
5433 		ixa->ixa_ipsec_insrc[1] =  in ipsec_tun_outbound()
5435 		ixa->ixa_ipsec_insrc[2] =  in ipsec_tun_outbound()
5437 		ixa->ixa_ipsec_insrc[3] =  in ipsec_tun_outbound()
5439 		ixa->ixa_ipsec_indst[0] =  in ipsec_tun_outbound()
5441 		ixa->ixa_ipsec_indst[1] =  in ipsec_tun_outbound()
5443 		ixa->ixa_ipsec_indst[2] =  in ipsec_tun_outbound()
5445 		ixa->ixa_ipsec_indst[3] =  in ipsec_tun_outbound()
5448 	ixa->ixa_ipsec_insrcpfx = pol->ipsp_sel->ipsl_key.ipsl_local_pfxlen;  in ipsec_tun_outbound()
5449 	ixa->ixa_ipsec_indstpfx = pol->ipsp_sel->ipsl_key.ipsl_remote_pfxlen;  in ipsec_tun_outbound()
5451 	ixa->ixa_ipsec_src_port = pol->ipsp_sel->ipsl_key.ipsl_lport;  in ipsec_tun_outbound()
5452 	ixa->ixa_ipsec_dst_port = pol->ipsp_sel->ipsl_key.ipsl_rport;  in ipsec_tun_outbound()
5453 	ixa->ixa_ipsec_proto = pol->ipsp_sel->ipsl_key.ipsl_proto;  in ipsec_tun_outbound()