Lines Matching defs:an

208 	 * of the list unless there's an unspecified source address, then
329  * the bucket if they use sadb_unlinkassoc to permanetly remove an SA which
440  * Call me to initialize an acquire fanout
463  * Attempt to initialize an SADB instance.  On failure, return ENOMEM;
485  * Call me to initialize an SADB instance; fall back to default size on failure.
513  * Initialize an SADB-pair.
588  * Perform an SADB_DUMP, spewing out every SA in an array of SA fanouts
604 	 *	- Walk each entry, doing an sadb_dump_deliver() on it.
652  * Dump an entire SADB; outbound first, then inbound.
713  * an SADB_FLUSH message), or destroying everything (forever == B_TRUE,
811  * soft lifetimes > hard lifetimes) return an appropriate diagnostic for
1068  * Given an original message header with sufficient space following it, and an
1568  * AH needs to send an error to PF_KEY.	 Assume mp points to an M_CTL
1569  * followed by an M_DATA with a PF_KEY message in it.  The serial of
1599 	 * Only send the base message up in the event of an error.
1616  * Often, an SA is associated with the reply message, it's passed in if needed,
1790 			 * Convert to an AF_INET sockaddr.  This means the
1834 			 * Overload "mp" to be an sadb_msg pointer.
1983 		 * Local NAT-T addresses never use an IRE_LOCAL, so it should
2008 		 * Remote NAT-T addresses never use an IRE_LOCAL, so it should
2103 	 * With the exception of an unspec IPv6 source and an IPv4
2126  * Set the results in "addrtype", given an IRE as requested by
2371  * Match an initialized query structure with a security association;
2424  * Common code to purge an SA with a matching src or dst address.
2478 	 * The isaf_t *, which is passed in , is always an outbound bucket,
2537  * Common code to delete/get an SA.
2877  * time.  (For example, an SA with an unspecified source, and a multicast
2878  * destination will primarily be an outbound SA.  OTOH, if that destination
3123 	 * This is because an SA that has multiple sources of secure
3140 	 * XXX CURRENT lifetime checks MAY BE needed for an UPDATE.
3345 			 * wraps back to the initial value. If an Initial IV
3532 	 * The less locks I hold when doing an insertion and possible cloning,
3886  * Send an SADB_EXPIRE message if appropriate.	Return B_TRUE if there was
3939  * "Torch" an individual SA.  Returns NULL, so it can be tail-called from
3989  * Return "assoc" if haspeer is true and I send an expire.  This allows
3990  * the consumers' aging functions to tidy up an expired SA's peer.
4154 				 * effectively doing an IPSA_REFHOLD().
4187 				 * effectively doing an IPSA_REFHOLD().
4263  * Update the lifetime values of an SA.	 This is the path an SADB_UPDATE
4273 	 * XXX RFC 2367 mentions how an SADB_EXT_LIFETIME_CURRENT can be
4274 	 * passed in during an update message.	We currently don't handle
4476  * Common code to update an SA.
4526 	 * At this point we have an UPDATE to a MATURE SA. There should
4647 			 * If an inbound SA, update the replay counter
4791  * for an outbound datagram, that datagram is queued up on an ACQUIRE record,
4792  * and an SADB_ACQUIRE message is sent up.  Presumably, a user-space key
4794  * an SPI value and a larval SA, then SADB_UPDATE the larval SA, and ADD the
4799  * Check the ACQUIRE lists.  If there's an existing ACQUIRE record,
4910 	 * Set up an ACQUIRE record.
4955 	 * Check buckets to see if there is an existing entry.  If so,
5096 	 * at an mblk still attached to the acquire list.
5104 	 * already sent an ACQUIRE, and don't need to repeat ourself.
5107 		/* I have an acquire outstanding already! */
5115 	 * Construct an extended ACQUIRE.  There are logging
5169 	 * Send an ACQUIRE message (and possible an extended ACQUIRE) based on
5181  * Unlink and free an acquire record.
5233  * Destroy an acquire list fanout.
5261  * Create an algorithm descriptor for an extended ACQUIRE.  Filter crypto
5308  * Convert the given ipsec_action_t into an ecomb starting at *ecomb
5482  * Construct an extended ACQUIRE message based on a selector and the resulting
5500 	ipsec_action_t *ap, *an;
5509 	an = NULL;
5516 			an = ap->ipa_next;
5688 	for (; ap != NULL; ap = an) {
5689 		an = (pol != NULL) ? ap->ipa_next : NULL;
5718 		 * Construct an error message.
5742  * Generic setup of an RFC 2367 ACQUIRE message.  Caller sets satype.
5868  * Given an SADB_GETSPI message, find an appropriately ranged SA and
5869  * allocate an SA.  If there are message improprieties, return (ipsa_t *)-1.
5954  * Locate an ACQUIRE and nuke it.  If I have an samsg that's larger than the
5956  * and scan for the sequence number in question.  I may wish to accept an
6038  * The following functions work with the replay windows of an SA.  They assume
6039  * the ipsa->ipsa_replay_arr is an array of uint64_t, and that the bit vector
6150  * running an authentication check on the sequence number passed in.
6552  * - Lookup tun_t by address and look for an associated
6614 		 * or "negotiate transport" with ipsecconf(1m).  We have an
6687  * Construct an inverse ACQUIRE reply based on:
6695  * If there is an error, set sadb_msg_errno and sadb_x_msg_diagnostic
6698  * The SRC address is the local one - just like an outbound ACQUIRE message.
6859 	 * Now that we have a policy entry/widget, construct an ACQUIRE
6894  * processing after an SADB_UPDATE.
6933 		 * picked up as an out-of-order packet.
7132  * Invoked by IP when an software crypto provider has been updated, or if
7180  * is called when an SA is created and when a context template needs
7531  * If this is an outgoing SA then add some fuzz to the