Lines Matching defs:ixa
4019 * Note: the caller has moved other parts of ira into ixa already.
4022 ipsec_in_to_out(ip_recv_attr_t *ira, ip_xmit_attr_t *ixa, mblk_t *data_mp,
4027 netstack_t *ns = ixa->ixa_ipst->ips_netstack;
4048 ixa->ixa_ipsec_action = reflect_action;
4055 ixa->ixa_ipsec_src_port = sel.ips_local_port;
4056 ixa->ixa_ipsec_dst_port = sel.ips_remote_port;
4057 ixa->ixa_ipsec_proto = sel.ips_protocol;
4058 ixa->ixa_ipsec_icmp_type = sel.ips_icmp_type;
4059 ixa->ixa_ipsec_icmp_code = sel.ips_icmp_code;
4068 ixa->ixa_flags |= IXAF_IPSEC_SECURE;
4070 ixa->ixa_flags |= IXAF_NO_IPSEC;
4076 ipsec_out_release_refs(ip_xmit_attr_t *ixa)
4078 if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE))
4081 if (ixa->ixa_ipsec_ah_sa != NULL) {
4082 IPSA_REFRELE(ixa->ixa_ipsec_ah_sa);
4083 ixa->ixa_ipsec_ah_sa = NULL;
4085 if (ixa->ixa_ipsec_esp_sa != NULL) {
4086 IPSA_REFRELE(ixa->ixa_ipsec_esp_sa);
4087 ixa->ixa_ipsec_esp_sa = NULL;
4089 if (ixa->ixa_ipsec_policy != NULL) {
4090 IPPOL_REFRELE(ixa->ixa_ipsec_policy);
4091 ixa->ixa_ipsec_policy = NULL;
4093 if (ixa->ixa_ipsec_action != NULL) {
4094 IPACT_REFRELE(ixa->ixa_ipsec_action);
4095 ixa->ixa_ipsec_action = NULL;
4097 if (ixa->ixa_ipsec_latch) {
4098 IPLATCH_REFRELE(ixa->ixa_ipsec_latch);
4099 ixa->ixa_ipsec_latch = NULL;
4102 ixa->ixa_ipsec_ref[0].ipsr_sa = NULL;
4103 ixa->ixa_ipsec_ref[0].ipsr_bucket = NULL;
4104 ixa->ixa_ipsec_ref[0].ipsr_gen = 0;
4105 ixa->ixa_ipsec_ref[1].ipsr_sa = NULL;
4106 ixa->ixa_ipsec_ref[1].ipsr_bucket = NULL;
4107 ixa->ixa_ipsec_ref[1].ipsr_gen = 0;
4108 ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;
4139 ipsec_out_to_in(ip_xmit_attr_t *ixa, ill_t *ill, ip_recv_attr_t *ira)
4146 ira->ira_zoneid = ixa->ixa_zoneid;
4147 ira->ira_cred = ixa->ixa_cred;
4148 ira->ira_cpid = ixa->ixa_cpid;
4149 ira->ira_tsl = ixa->ixa_tsl;
4151 ira->ira_flags = ixa->ixa_flags & IAF_MASK;
4152 ira->ira_no_loop_zoneid = ixa->ixa_no_loop_zoneid;
4153 ira->ira_pktlen = ixa->ixa_pktlen;
4154 ira->ira_ip_hdr_length = ixa->ixa_ip_hdr_length;
4155 ira->ira_protocol = ixa->ixa_protocol;
4160 ira->ira_sqp = ixa->ixa_sqp;
4166 if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE))
4174 act = ixa->ixa_ipsec_action;
4176 pol = ixa->ixa_ipsec_policy;
4182 ixa->ixa_ipsec_action = NULL;
4198 const conn_t *connp, ip_xmit_attr_t *ixa)
4202 ip_stack_t *ipst = ixa->ixa_ipst;
4207 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen;
4230 sel.ips_protocol = ixa->ixa_protocol;
4242 ASSERT(ixa->ixa_ipsec_policy == NULL);
4244 ixa->ixa_ipsec_policy = p;
4246 ixa->ixa_flags |= IXAF_IPSEC_SECURE;
4248 ixa->ixa_flags |= IXAF_IPSEC_GLOBAL_POLICY;
4250 ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;
4256 ixa->ixa_ipsec_src_port = sel.ips_local_port;
4257 ixa->ixa_ipsec_dst_port = sel.ips_remote_port;
4258 ixa->ixa_ipsec_icmp_type = sel.ips_icmp_type;
4259 ixa->ixa_ipsec_icmp_code = sel.ips_icmp_code;
4260 ixa->ixa_ipsec_proto = sel.ips_protocol;
4407 const in6_addr_t *v6dst, in_port_t dstport, ip_xmit_attr_t *ixa)
4409 boolean_t isv4 = (ixa->ixa_flags & IXAF_IS_IPV4) != 0;
4414 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen;
4423 ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;
4424 if (ixa->ixa_ipsec_policy != NULL) {
4425 IPPOL_REFRELE(ixa->ixa_ipsec_policy);
4426 ixa->ixa_ipsec_policy = NULL;
4428 if (ixa->ixa_ipsec_action != NULL) {
4429 IPACT_REFRELE(ixa->ixa_ipsec_action);
4430 ixa->ixa_ipsec_action = NULL;
4461 if (ixa->ixa_ipsec_policy != NULL)
4462 IPPOL_REFRELE(ixa->ixa_ipsec_policy);
4463 ixa->ixa_ipsec_policy = p;
4465 ixa->ixa_flags |= IXAF_IPSEC_SECURE;
4467 ixa->ixa_flags |= IXAF_IPSEC_GLOBAL_POLICY;
4469 ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;
4472 if (ixa->ixa_ipsec_action != NULL) {
4473 IPACT_REFRELE(ixa->ixa_ipsec_action);
4474 ixa->ixa_ipsec_action = NULL;
4477 ixa->ixa_ipsec_src_port = sel.ips_local_port;
4478 ixa->ixa_ipsec_dst_port = sel.ips_remote_port;
4479 ixa->ixa_ipsec_icmp_type = sel.ips_icmp_type;
4480 ixa->ixa_ipsec_icmp_code = sel.ips_icmp_code;
4481 ixa->ixa_ipsec_proto = sel.ips_protocol;
4483 ixa->ixa_flags &= ~IXAF_IPSEC_SECURE;
4484 if (ixa->ixa_ipsec_policy != NULL) {
4485 IPPOL_REFRELE(ixa->ixa_ipsec_policy);
4486 ixa->ixa_ipsec_policy = NULL;
4488 if (ixa->ixa_ipsec_action != NULL) {
4489 IPACT_REFRELE(ixa->ixa_ipsec_action);
4490 ixa->ixa_ipsec_action = NULL;
4499 ipsec_outbound_policy_current(ip_xmit_attr_t *ixa)
4501 ipsec_stack_t *ipss = ixa->ixa_ipst->ips_netstack->netstack_ipsec;
4503 if (!(ixa->ixa_flags & IXAF_IPSEC_GLOBAL_POLICY))
4506 return (ixa->ixa_ipsec_policy_gen == ipss->ipsec_system_policy.iph_gen);
5183 ip_xmit_attr_t *ixa)
5199 if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE)) {
5200 ASSERT(ixa->ixa_ipsec_policy == NULL);
5201 ASSERT(ixa->ixa_ipsec_latch == NULL);
5202 ASSERT(ixa->ixa_ipsec_action == NULL);
5203 ASSERT(ixa->ixa_ipsec_ah_sa == NULL);
5204 ASSERT(ixa->ixa_ipsec_esp_sa == NULL);
5400 ixa->ixa_ipsec_policy = pol;
5406 ixa->ixa_zoneid = iptun->iptun_connp->conn_zoneid;
5408 ASSERT((outer_ipv4 != NULL) ? (ixa->ixa_flags & IXAF_IS_IPV4) :
5409 !(ixa->ixa_flags & IXAF_IS_IPV4));
5410 ASSERT(ixa->ixa_ipsec_policy != NULL);
5411 ixa->ixa_flags |= IXAF_IPSEC_SECURE;
5415 ixa->ixa_ipsec_proto = (inner_ipv4 != NULL) ? IPPROTO_ENCAP :
5421 ixa->ixa_flags |= IXAF_IPSEC_TUNNEL;
5424 ixa->ixa_ipsec_inaf = AF_INET;
5425 ixa->ixa_ipsec_insrc[0] =
5427 ixa->ixa_ipsec_indst[0] =
5430 ixa->ixa_ipsec_inaf = AF_INET6;
5431 ixa->ixa_ipsec_insrc[0] =
5433 ixa->ixa_ipsec_insrc[1] =
5435 ixa->ixa_ipsec_insrc[2] =
5437 ixa->ixa_ipsec_insrc[3] =
5439 ixa->ixa_ipsec_indst[0] =
5441 ixa->ixa_ipsec_indst[1] =
5443 ixa->ixa_ipsec_indst[2] =
5445 ixa->ixa_ipsec_indst[3] =
5448 ixa->ixa_ipsec_insrcpfx = pol->ipsp_sel->ipsl_key.ipsl_local_pfxlen;
5449 ixa->ixa_ipsec_indstpfx = pol->ipsp_sel->ipsl_key.ipsl_remote_pfxlen;
5451 ixa->ixa_ipsec_src_port = pol->ipsp_sel->ipsl_key.ipsl_lport;
5452 ixa->ixa_ipsec_dst_port = pol->ipsp_sel->ipsl_key.ipsl_rport;
5453 ixa->ixa_ipsec_proto = pol->ipsp_sel->ipsl_key.ipsl_proto;