Lines Matching defs:ipsa
94 static void ipsa_set_replay(ipsa_t *ipsa, uint32_t offset);
193 sadb_insertassoc(ipsa_t *ipsa, isaf_t *bucket)
201 unspecsrc = IPSA_IS_ADDR_UNSPEC(ipsa->ipsa_srcaddr, ipsa->ipsa_addrfam);
204 ASSERT(walker == NULL || ipsa->ipsa_addrfam == walker->ipsa_addrfam);
217 ipsa->ipsa_dstaddr, ipsa->ipsa_addrfam)) {
218 if (walker->ipsa_spi == ipsa->ipsa_spi)
222 if (ipsa->ipsa_state == IPSA_STATE_MATURE &&
224 SA_UNIQUE_MATCH(walker, ipsa)) {
243 ipsa->ipsa_next = *ptpn;
244 ipsa->ipsa_ptpn = ptpn;
245 if (ipsa->ipsa_next != NULL)
246 ipsa->ipsa_next->ipsa_ptpn = &ipsa->ipsa_next;
247 *ptpn = ipsa;
248 ipsa->ipsa_linklock = &bucket->isaf_lock;
260 sadb_freeassoc(ipsa_t *ipsa)
262 ipsec_stack_t *ipss = ipsa->ipsa_netstack->netstack_ipsec;
266 ASSERT(MUTEX_NOT_HELD(&ipsa->ipsa_lock));
267 ASSERT(ipsa->ipsa_refcnt == 0);
268 ASSERT(ipsa->ipsa_next == NULL);
269 ASSERT(ipsa->ipsa_ptpn == NULL);
272 asyncmp = sadb_clear_lpkt(ipsa);
279 mutex_enter(&ipsa->ipsa_lock);
281 if (ipsa->ipsa_tsl != NULL) {
282 label_rele(ipsa->ipsa_tsl);
283 ipsa->ipsa_tsl = NULL;
286 if (ipsa->ipsa_otsl != NULL) {
287 label_rele(ipsa->ipsa_otsl);
288 ipsa->ipsa_otsl = NULL;
291 ipsec_destroy_ctx_tmpl(ipsa, IPSEC_ALG_AUTH);
292 ipsec_destroy_ctx_tmpl(ipsa, IPSEC_ALG_ENCR);
293 mutex_exit(&ipsa->ipsa_lock);
296 if (ipsa->ipsa_authkey != NULL) {
297 bzero(ipsa->ipsa_authkey, ipsa->ipsa_authkeylen);
298 kmem_free(ipsa->ipsa_authkey, ipsa->ipsa_authkeylen);
300 if (ipsa->ipsa_encrkey != NULL) {
301 bzero(ipsa->ipsa_encrkey, ipsa->ipsa_encrkeylen);
302 kmem_free(ipsa->ipsa_encrkey, ipsa->ipsa_encrkeylen);
304 if (ipsa->ipsa_nonce_buf != NULL) {
305 bzero(ipsa->ipsa_nonce_buf, sizeof (ipsec_nonce_t));
306 kmem_free(ipsa->ipsa_nonce_buf, sizeof (ipsec_nonce_t));
308 if (ipsa->ipsa_src_cid != NULL) {
309 IPSID_REFRELE(ipsa->ipsa_src_cid);
311 if (ipsa->ipsa_dst_cid != NULL) {
312 IPSID_REFRELE(ipsa->ipsa_dst_cid);
314 if (ipsa->ipsa_emech.cm_param != NULL)
315 kmem_free(ipsa->ipsa_emech.cm_param,
316 ipsa->ipsa_emech.cm_param_len);
318 mutex_destroy(&ipsa->ipsa_lock);
319 kmem_free(ipsa, sizeof (*ipsa));
333 sadb_unlinkassoc(ipsa_t *ipsa)
335 ASSERT(ipsa->ipsa_linklock != NULL);
336 ASSERT(MUTEX_HELD(ipsa->ipsa_linklock));
339 *(ipsa->ipsa_ptpn) = ipsa->ipsa_next;
340 if (ipsa->ipsa_next != NULL) {
341 ipsa->ipsa_next->ipsa_ptpn = ipsa->ipsa_ptpn;
342 ipsa->ipsa_next = NULL;
345 ipsa->ipsa_ptpn = NULL;
348 IPSA_REFRELE(ipsa);
546 sadb_dump_deliver(queue_t *pfkey_q, mblk_t *original_answer, ipsa_t *ipsa,
554 answer->b_cont = sadb_sa2msg(ipsa, samsg);
891 sadb_cloneassoc(ipsa_t *ipsa)
896 ASSERT(MUTEX_NOT_HELD(&(ipsa->ipsa_lock)));
903 *newbie = *ipsa;
922 if (ipsa->ipsa_authkey != NULL) {
928 bcopy(ipsa->ipsa_authkey, newbie->ipsa_authkey,
941 if (ipsa->ipsa_encrkey != NULL) {
947 bcopy(ipsa->ipsa_encrkey, newbie->ipsa_encrkey,
959 if (ipsa->ipsa_src_cid != NULL) {
960 newbie->ipsa_src_cid = ipsa->ipsa_src_cid;
961 IPSID_REFHOLD(ipsa->ipsa_src_cid);
964 if (ipsa->ipsa_dst_cid != NULL) {
965 newbie->ipsa_dst_cid = ipsa->ipsa_dst_cid;
966 IPSID_REFHOLD(ipsa->ipsa_dst_cid);
1073 sadb_sa2msg(ipsa_t *ipsa, sadb_msg_t *samsg)
1113 fam = ipsa->ipsa_addrfam;
1131 if (ipsa->ipsa_flags & IPSA_F_NATT_REM)
1133 if (ipsa->ipsa_flags & IPSA_F_NATT_LOC)
1136 if (ipsa->ipsa_flags & IPSA_F_PAIRED) {
1139 otherspi = ipsa->ipsa_otherspi;
1145 if (ipsa->ipsa_softaddlt != 0 || ipsa->ipsa_softuselt != 0 ||
1146 ipsa->ipsa_softbyteslt != 0 || ipsa->ipsa_softalloc != 0) {
1151 if (ipsa->ipsa_hardaddlt != 0 || ipsa->ipsa_harduselt != 0 ||
1152 ipsa->ipsa_hardbyteslt != 0 || ipsa->ipsa_hardalloc != 0) {
1157 if (ipsa->ipsa_idleaddlt != 0 || ipsa->ipsa_idleuselt != 0) {
1165 if (ipsa->ipsa_innerfam != 0) {
1166 pfam = ipsa->ipsa_innerfam;
1187 if (ipsa->ipsa_authkeylen != 0) {
1188 authsize = roundup(sizeof (sadb_key_t) + ipsa->ipsa_authkeylen,
1194 if (ipsa->ipsa_encrkeylen != 0) {
1195 encrsize = roundup(sizeof (sadb_key_t) + ipsa->ipsa_encrkeylen +
1196 ipsa->ipsa_nonce_len, sizeof (uint64_t));
1203 if (ipsa->ipsa_tsl != NULL) {
1204 senslen = sadb_sens_len_from_label(ipsa->ipsa_tsl);
1209 if (ipsa->ipsa_otsl != NULL) {
1210 osenslen = sadb_sens_len_from_label(ipsa->ipsa_otsl);
1219 if (ipsa->ipsa_src_cid != NULL) {
1221 strlen(ipsa->ipsa_src_cid->ipsid_cid) + 1,
1227 if (ipsa->ipsa_dst_cid != NULL) {
1229 strlen(ipsa->ipsa_dst_cid->ipsid_cid) + 1,
1235 if ((ipsa->ipsa_kmp != 0) || (ipsa->ipsa_kmc != 0))
1238 if (ipsa->ipsa_replay != 0) {
1257 mutex_enter(&ipsa->ipsa_lock); /* Since I'm grabbing SA fields... */
1259 newsamsg->sadb_msg_satype = ipsa->ipsa_type;
1264 assoc->sadb_sa_spi = ipsa->ipsa_spi;
1265 assoc->sadb_sa_replay = ipsa->ipsa_replay_wsize;
1266 assoc->sadb_sa_state = ipsa->ipsa_state;
1267 assoc->sadb_sa_auth = ipsa->ipsa_auth_alg;
1268 assoc->sadb_sa_encrypt = ipsa->ipsa_encr_alg;
1269 assoc->sadb_sa_flags = ipsa->ipsa_flags;
1276 lt->sadb_lifetime_bytes = ipsa->ipsa_bytes;
1277 lt->sadb_lifetime_addtime = ipsa->ipsa_addtime;
1278 lt->sadb_lifetime_usetime = ipsa->ipsa_usetime;
1284 lt->sadb_lifetime_allocations = ipsa->ipsa_hardalloc;
1285 lt->sadb_lifetime_bytes = ipsa->ipsa_hardbyteslt;
1286 lt->sadb_lifetime_addtime = ipsa->ipsa_hardaddlt;
1287 lt->sadb_lifetime_usetime = ipsa->ipsa_harduselt;
1294 lt->sadb_lifetime_allocations = ipsa->ipsa_softalloc;
1295 lt->sadb_lifetime_bytes = ipsa->ipsa_softbyteslt;
1296 lt->sadb_lifetime_addtime = ipsa->ipsa_softaddlt;
1297 lt->sadb_lifetime_usetime = ipsa->ipsa_softuselt;
1304 lt->sadb_lifetime_addtime = ipsa->ipsa_idleaddlt;
1305 lt->sadb_lifetime_usetime = ipsa->ipsa_idleuselt;
1312 ipsa->ipsa_srcaddr, (!isrc && !idst) ? SA_SRCPORT(ipsa) : 0,
1313 SA_PROTO(ipsa), 0);
1321 ipsa->ipsa_dstaddr, (!isrc && !idst) ? SA_DSTPORT(ipsa) : 0,
1322 SA_PROTO(ipsa), 0);
1329 if (ipsa->ipsa_flags & IPSA_F_NATT_LOC) {
1331 fam, &ipsa->ipsa_natt_addr_loc, ipsa->ipsa_local_nat_port,
1340 if (ipsa->ipsa_flags & IPSA_F_NATT_REM) {
1342 fam, &ipsa->ipsa_natt_addr_rem, ipsa->ipsa_remote_nat_port,
1354 pfam, ipsa->ipsa_innersrc, SA_SRCPORT(ipsa),
1355 SA_IPROTO(ipsa), ipsa->ipsa_innersrcpfx);
1365 pfam, ipsa->ipsa_innerdst, SA_DSTPORT(ipsa),
1366 SA_IPROTO(ipsa), ipsa->ipsa_innerdstpfx);
1374 if ((ipsa->ipsa_kmp != 0) || (ipsa->ipsa_kmc != 0)) {
1376 ipsa->ipsa_kmp, ipsa->ipsa_kmc);
1389 key->sadb_key_bits = ipsa->ipsa_authkeybits;
1391 bcopy(ipsa->ipsa_authkey, key + 1, ipsa->ipsa_authkeylen);
1401 key->sadb_key_bits = ipsa->ipsa_encrkeybits;
1402 key->sadb_key_reserved = ipsa->ipsa_saltbits;
1404 bcopy(ipsa->ipsa_encrkey, buf_ptr, ipsa->ipsa_encrkeylen);
1405 if (ipsa->ipsa_salt != NULL) {
1406 buf_ptr += ipsa->ipsa_encrkeylen;
1407 bcopy(ipsa->ipsa_salt, buf_ptr, ipsa->ipsa_saltlen);
1417 ident->sadb_ident_type = ipsa->ipsa_src_cid->ipsid_type;
1421 ipsa->ipsa_src_cid->ipsid_cid);
1430 ident->sadb_ident_type = ipsa->ipsa_dst_cid->ipsid_type;
1434 ipsa->ipsa_dst_cid->ipsid_cid);
1442 ipsa->ipsa_tsl, senslen);
1452 ipsa->ipsa_otsl, osenslen);
1453 if (ipsa->ipsa_mac_exempt)
1471 if (ipsa->ipsa_replay != 0) {
1475 repl_ctr->sadb_x_rc_replay32 = ipsa->ipsa_replay;
1482 mutex_exit(&ipsa->ipsa_lock);
1617 * and NULL if not. BTW, that ipsa will have its refcnt appropriately held,
1622 keysock_in_t *ksi, ipsa_t *ipsa)
1663 * Do a lot of work here, because of the ipsa I just found.
1667 mp1 = sadb_sa2msg(ipsa, samsg);
1678 if (ipsa == NULL)
1684 mp1 = sadb_sa2msg(ipsa, samsg);
4166 newbie->ipsa = assoc;
4199 newbie->ipsa = assoc;
6039 * the ipsa->ipsa_replay_arr is an array of uint64_t, and that the bit vector
6041 * (ipsa->ipsa_replay_wsize) packets.
6048 ipsa_is_replay_set(ipsa_t *ipsa, uint32_t offset)
6052 return ((bit & ipsa->ipsa_replay_arr[offset >> 6]) ? B_TRUE : B_FALSE);
6059 ipsa_shift_replay(ipsa_t *ipsa, uint32_t shift)
6067 for (i = (ipsa->ipsa_replay_wsize - 1) >> 6; i >= 0; i--) {
6068 if (i + jump <= (ipsa->ipsa_replay_wsize - 1) >> 6) {
6069 ipsa->ipsa_replay_arr[i + jump] |=
6070 ipsa->ipsa_replay_arr[i] >> (64 - (shift & 63));
6072 ipsa->ipsa_replay_arr[i] <<= shift;
6080 ipsa_set_replay(ipsa_t *ipsa, uint32_t offset)
6084 ipsa->ipsa_replay_arr[offset >> 6] |= bit;
6094 sadb_replay_check(ipsa_t *ipsa, uint32_t seq)
6099 if (ipsa->ipsa_replay_wsize == 0)
6109 mutex_enter(&ipsa->ipsa_lock);
6112 if (ipsa->ipsa_replay == 0)
6113 ipsa->ipsa_replay = 1;
6115 if (seq > ipsa->ipsa_replay) {
6120 diff = seq - ipsa->ipsa_replay;
6121 if (diff < ipsa->ipsa_replay_wsize) {
6123 ipsa_shift_replay(ipsa, diff);
6126 bzero(ipsa->ipsa_replay_arr,
6127 sizeof (ipsa->ipsa_replay_arr));
6129 ipsa_set_replay(ipsa, 0);
6130 ipsa->ipsa_replay = seq;
6134 diff = ipsa->ipsa_replay - seq;
6135 if (diff >= ipsa->ipsa_replay_wsize || ipsa_is_replay_set(ipsa, diff)) {
6140 ipsa_set_replay(ipsa, diff);
6144 mutex_exit(&ipsa->ipsa_lock);
6157 sadb_replay_peek(ipsa_t *ipsa, uint32_t seq)
6162 if (ipsa->ipsa_replay_wsize == 0)
6169 * sender most likely wrapped. This ipsa may need to be marked or
6176 mutex_enter(&ipsa->ipsa_lock);
6177 if (seq < ipsa->ipsa_replay - ipsa->ipsa_replay_wsize &&
6178 ipsa->ipsa_replay >= ipsa->ipsa_replay_wsize)
6186 if (ipsa->ipsa_replay == SADB_MAX_REPLAY_VALUE) {
6191 ipsa->ipsa_hardexpiretime = (time_t)1;
6195 if (seq <= ipsa->ipsa_replay) {
6200 diff = ipsa->ipsa_replay - seq;
6201 if (ipsa_is_replay_set(ipsa, diff))
6208 mutex_exit(&ipsa->ipsa_lock);
6897 sadb_set_lpkt(ipsa_t *ipsa, mblk_t *npkt, ip_recv_attr_t *ira)
6901 mutex_enter(&ipsa->ipsa_lock);
6902 opkt = ipsa->ipsa_lpkt;
6903 if (ipsa->ipsa_state == IPSA_STATE_LARVAL) {
6921 ipsa->ipsa_lpkt = attrmp;
6935 ipsa->ipsa_lpkt = NULL;
6937 mutex_exit(&ipsa->ipsa_lock);
6952 * sadb_clear_lpkt: Atomically clear ipsa->ipsa_lpkt and return the
6956 sadb_clear_lpkt(ipsa_t *ipsa)
6960 mutex_enter(&ipsa->ipsa_lock);
6961 opkt = ipsa->ipsa_lpkt;
6962 ipsa->ipsa_lpkt = NULL;
6963 mutex_exit(&ipsa->ipsa_lock);
6971 sadb_buf_pkt(ipsa_t *ipsa, mblk_t *bpkt, ip_recv_attr_t *ira)
6975 in6_addr_t *srcaddr = (in6_addr_t *)(&ipsa->ipsa_srcaddr);
6976 in6_addr_t *dstaddr = (in6_addr_t *)(&ipsa->ipsa_dstaddr);
6979 ASSERT(ipsa->ipsa_state == IPSA_STATE_IDLE);
6989 (ipsa->ipsa_type == SADB_SATYPE_AH) ? IPPROTO_AH : IPPROTO_ESP,
6990 ipsa->ipsa_spi, ipsa->ipsa_addrfam, *srcaddr, *dstaddr, NULL);
7001 mutex_enter(&ipsa->ipsa_lock);
7002 ipsa->ipsa_mblkcnt++;
7003 if (ipsa->ipsa_bpkt_head == NULL) {
7004 ipsa->ipsa_bpkt_head = ipsa->ipsa_bpkt_tail = bpkt;
7006 ipsa->ipsa_bpkt_tail->b_next = bpkt;
7007 ipsa->ipsa_bpkt_tail = bpkt;
7008 if (ipsa->ipsa_mblkcnt > SADB_MAX_IDLEPKTS) {
7011 tmp = ipsa->ipsa_bpkt_head;
7012 ipsa->ipsa_bpkt_head = ipsa->ipsa_bpkt_head->b_next;
7017 ipsa->ipsa_mblkcnt --;
7020 mutex_exit(&ipsa->ipsa_lock);
7604 dying = haspeerlist->ipsa;