Lines Matching refs:sav
175 esp_input_log(struct mbuf *m, struct secasvar *sav, u_int32_t spi, u_int32_t seq) in esp_input_log() argument
178 (sav->sah->ipsec_if->if_xflags & IFXF_MPK_LOG) == IFXF_MPK_LOG) { in esp_input_log()
226 struct secasvar *sav = NULL; in esp4_input_extended() local
282 if ((sav = key_allocsa(&src, &dst, IPPROTO_ESP, spi, interface)) == 0) { in esp4_input_extended()
291 (uint64_t)VM_KERNEL_ADDRPERM(sav))); in esp4_input_extended()
292 if (sav->state != SADB_SASTATE_MATURE in esp4_input_extended()
293 && sav->state != SADB_SASTATE_DYING) { in esp4_input_extended()
300 algo = esp_algorithm_lookup(sav->alg_enc); in esp4_input_extended()
310 ivlen = sav->ivlen; in esp4_input_extended()
313 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav))); in esp4_input_extended()
320 if ((sav->flags2 & SADB_X_EXT_SA2_SEQ_PER_TRAFFIC_CLASS) == in esp4_input_extended()
325 if (!((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[replay_index] != NULL && in esp4_input_extended()
326 ((sav->alg_auth && sav->key_auth) || algo->finalizedecrypt))) { in esp4_input_extended()
330 if ((sav->alg_auth == SADB_X_AALG_NULL || sav->alg_auth == SADB_AALG_NONE) && in esp4_input_extended()
339 if (ipsec_chkreplay(seq, sav, (u_int8_t)replay_index)) { in esp4_input_extended()
345 seq, (u_int8_t)replay_index, ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav))); in esp4_input_extended()
369 sumalgo = ah_algorithm_lookup(sav->alg_auth); in esp4_input_extended()
373 siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1)); in esp4_input_extended()
391 if (esp_auth(m, off, m->m_pkthdr.len - off - siz, sav, sum)) { in esp4_input_extended()
393 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav))); in esp4_input_extended()
400 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav))); in esp4_input_extended()
411 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[replay_index] != NULL) { in esp4_input_extended()
412 if (ipsec_updatereplay(seq, sav, (u_int8_t)replay_index)) { in esp4_input_extended()
432 if (sav->flags & SADB_X_EXT_OLD) { in esp4_input_extended()
437 if (sav->flags & SADB_X_EXT_DERIV) { in esp4_input_extended()
465 if (esp_schedule(algo, sav) != 0) { in esp4_input_extended()
477 if ((*algo->decrypt)(m, off, sav, algo, ivlen)) { in esp4_input_extended()
481 ipsec_logsastr(sav))); in esp4_input_extended()
487 IPSEC_STAT_INCREMENT(ipsecstat.in_esphist[sav->alg_enc]); in esp4_input_extended()
492 if ((*algo->finalizedecrypt)(sav, saved_icv, algo->icvlen)) { in esp4_input_extended()
494 ipsec_logsastr(sav))); in esp4_input_extended()
505 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[replay_index] != NULL) { in esp4_input_extended()
506 if (ipsec_updatereplay(seq, sav, (u_int8_t)replay_index)) { in esp4_input_extended()
526 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav))); in esp4_input_extended()
555 if ((sav->flags & SADB_X_EXT_NATT_DETECTED_PEER) != 0 && in esp4_input_extended()
556 (sav->flags & SADB_X_EXT_OLD) == 0 && in esp4_input_extended()
557 seq && sav->replay[replay_index] && in esp4_input_extended()
558 seq >= sav->replay[replay_index]->lastseq) { in esp4_input_extended()
561 ntohs(encap_uh->uh_sport) != sav->remote_ike_port) { in esp4_input_extended()
562 sav->remote_ike_port = ntohs(encap_uh->uh_sport); in esp4_input_extended()
570 if (ipsec4_tunnel_validate(m, (int)(off + esplen + ivlen), nxt, sav, &ifamily)) { in esp4_input_extended()
614 if (!key_checktunnelsanity(sav, AF_INET, in esp4_input_extended()
618 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav))); in esp4_input_extended()
659 if (!key_checktunnelsanity(sav, AF_INET6, in esp4_input_extended()
663 ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav))); in esp4_input_extended()
681 key_sa_recordxfer(sav, m->m_pkthdr.len); in esp4_input_extended()
700 ifnet_t ipsec_if = sav->sah->ipsec_if; in esp4_input_extended()
716 esp_input_log(m, sav, spi, seq); in esp4_input_extended()
767 key_sa_recordxfer(sav, m->m_pkthdr.len); in esp4_input_extended()
794 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0) { in esp4_input_extended()
815 if (sav->natt_encapsulated_src_port == 0) { in esp4_input_extended()
816 sav->natt_encapsulated_src_port = udp->uh_sport; in esp4_input_extended()
817 } else if (sav->natt_encapsulated_src_port != udp->uh_sport) { /* something wrong */ in esp4_input_extended()
823 udp->uh_sport = htons(sav->remote_ike_port); in esp4_input_extended()
833 ifnet_t ipsec_if = sav->sah->ipsec_if; in esp4_input_extended()
854 esp_input_log(m, sav, spi, seq); in esp4_input_extended()
894 if (sav) { in esp4_input_extended()
897 (uint64_t)VM_KERNEL_ADDRPERM(sav))); in esp4_input_extended()
898 key_freesav(sav, KEY_SADB_UNLOCKED); in esp4_input_extended()
903 if (sav) { in esp4_input_extended()
906 (uint64_t)VM_KERNEL_ADDRPERM(sav))); in esp4_input_extended()
907 key_freesav(sav, KEY_SADB_UNLOCKED); in esp4_input_extended()
936 struct secasvar *sav = NULL; in esp6_input_extended() local
990 if ((sav = key_allocsa(&src, &dst, IPPROTO_ESP, spi, interface)) == 0) { in esp6_input_extended()
1002 (uint64_t)VM_KERNEL_ADDRPERM(sav))); in esp6_input_extended()
1004 if (sav->state != SADB_SASTATE_MATURE in esp6_input_extended()
1005 && sav->state != SADB_SASTATE_DYING) { in esp6_input_extended()
1013 algo = esp_algorithm_lookup(sav->alg_enc); in esp6_input_extended()
1023 ivlen = sav->ivlen; in esp6_input_extended()
1026 ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav))); in esp6_input_extended()
1033 if ((sav->flags2 & SADB_X_EXT_SA2_SEQ_PER_TRAFFIC_CLASS) == in esp6_input_extended()
1038 if (!((sav->flags & SADB_X_EXT_OLD) == 0 && in esp6_input_extended()
1039 sav->replay[replay_index] != NULL && in esp6_input_extended()
1040 ((sav->alg_auth && sav->key_auth) || algo->finalizedecrypt))) { in esp6_input_extended()
1044 if ((sav->alg_auth == SADB_X_AALG_NULL || sav->alg_auth == SADB_AALG_NONE) && in esp6_input_extended()
1052 if (ipsec_chkreplay(seq, sav, (u_int8_t)replay_index)) { in esp6_input_extended()
1058 seq, (u_int8_t)replay_index, ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav))); in esp6_input_extended()
1082 sumalgo = ah_algorithm_lookup(sav->alg_auth); in esp6_input_extended()
1086 siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1)); in esp6_input_extended()
1104 if (esp_auth(m, off, m->m_pkthdr.len - off - siz, sav, sum)) { in esp6_input_extended()
1106 ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav))); in esp6_input_extended()
1113 ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav))); in esp6_input_extended()
1124 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[replay_index] != NULL) { in esp6_input_extended()
1125 if (ipsec_updatereplay(seq, sav, (u_int8_t)replay_index)) { in esp6_input_extended()
1140 if (sav->flags & SADB_X_EXT_OLD) { in esp6_input_extended()
1145 if (sav->flags & SADB_X_EXT_DERIV) { in esp6_input_extended()
1174 if (esp_schedule(algo, sav) != 0) { in esp6_input_extended()
1186 if ((*algo->decrypt)(m, off, sav, algo, ivlen)) { in esp6_input_extended()
1190 ipsec_logsastr(sav))); in esp6_input_extended()
1196 IPSEC_STAT_INCREMENT(ipsec6stat.in_esphist[sav->alg_enc]); in esp6_input_extended()
1201 if ((*algo->finalizedecrypt)(sav, saved_icv, algo->icvlen)) { in esp6_input_extended()
1203 ipsec_logsastr(sav))); in esp6_input_extended()
1214 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[replay_index] != NULL) { in esp6_input_extended()
1215 if (ipsec_updatereplay(seq, sav, (u_int8_t)replay_index)) { in esp6_input_extended()
1235 ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav))); in esp6_input_extended()
1261 if ((sav->flags & SADB_X_EXT_NATT_DETECTED_PEER) != 0 && in esp6_input_extended()
1262 (sav->flags & SADB_X_EXT_OLD) == 0 && in esp6_input_extended()
1263 seq && sav->replay[replay_index] && in esp6_input_extended()
1264 seq >= sav->replay[replay_index]->lastseq) { in esp6_input_extended()
1267 ntohs(encap_uh->uh_sport) != sav->remote_ike_port) { in esp6_input_extended()
1268 sav->remote_ike_port = ntohs(encap_uh->uh_sport); in esp6_input_extended()
1277 if (ipsec6_tunnel_validate(m, (int)(off + esplen + ivlen), nxt, sav, &ifamily)) { in esp6_input_extended()
1316 if (!key_checktunnelsanity(sav, AF_INET6, in esp6_input_extended()
1321 ipsec_logsastr(sav))); in esp6_input_extended()
1363 if (!key_checktunnelsanity(sav, AF_INET, in esp6_input_extended()
1367 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav))); in esp6_input_extended()
1381 key_sa_recordxfer(sav, m->m_pkthdr.len); in esp6_input_extended()
1397 ifnet_t ipsec_if = sav->sah->ipsec_if; in esp6_input_extended()
1412 esp_input_log(m, sav, spi, seq); in esp6_input_extended()
1528 key_sa_recordxfer(sav, m->m_pkthdr.len); in esp6_input_extended()
1548 ifnet_t ipsec_if = sav->sah->ipsec_if; in esp6_input_extended()
1555 esp_input_log(m, sav, spi, seq); in esp6_input_extended()
1591 if (sav) { in esp6_input_extended()
1594 (uint64_t)VM_KERNEL_ADDRPERM(sav))); in esp6_input_extended()
1595 key_freesav(sav, KEY_SADB_UNLOCKED); in esp6_input_extended()
1601 if (sav) { in esp6_input_extended()
1604 (uint64_t)VM_KERNEL_ADDRPERM(sav))); in esp6_input_extended()
1605 key_freesav(sav, KEY_SADB_UNLOCKED); in esp6_input_extended()
1624 struct secasvar *sav; in esp6_ctlinput() local
1702 sav = key_allocsa(&src, &dst, IPPROTO_ESP, espp->esp_spi, NULL); in esp6_ctlinput()
1703 if (sav) { in esp6_ctlinput()
1704 if (sav->state == SADB_SASTATE_MATURE || in esp6_ctlinput()
1705 sav->state == SADB_SASTATE_DYING) { in esp6_ctlinput()
1708 key_freesav(sav, KEY_SADB_UNLOCKED); in esp6_ctlinput()
1733 struct secasvar *sav = NULL; in esp_kpipe_input() local
1800 ip_vers, ntohl(sav->spi)); in esp_kpipe_input()
1808 "compared to input buffer(%u) SPI=%x\n", dlim, slen, ntohl(sav->spi)); in esp_kpipe_input()
1830 sav = key_allocsa(&src, &dst, IPPROTO_ESP, esp->esp_spi, interface); in esp_kpipe_input()
1831 if (__improbable(sav == NULL)) { in esp_kpipe_input()
1850 if (__improbable(sav->sah == NULL)) { in esp_kpipe_input()
1856 if (__improbable(sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT)) { in esp_kpipe_input()
1858 "in kpipe mode, SPI=%x\n", ntohl(sav->spi)); in esp_kpipe_input()
1863 if (__improbable((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV | in esp_kpipe_input()
1867 "kpipe mode, SPI=%x\n", sav->flags, ntohl(sav->spi)); in esp_kpipe_input()
1872 if (__improbable(sav->state != SADB_SASTATE_MATURE && in esp_kpipe_input()
1873 sav->state != SADB_SASTATE_DYING)) { in esp_kpipe_input()
1875 sav->state, ntohl(sav->spi)); in esp_kpipe_input()
1881 if ((sav->flags2 & SADB_X_EXT_SA2_SEQ_PER_TRAFFIC_CLASS) == in esp_kpipe_input()
1886 if (__improbable(sav->replay[replay_index] == NULL)) { in esp_kpipe_input()
1888 ntohl(sav->spi)); in esp_kpipe_input()
1897 if (__improbable(!ipsec_chkreplay(ntohl(esp->esp_seq), sav, in esp_kpipe_input()
1901 replay_index, ntohl(sav->spi)); in esp_kpipe_input()
1907 e_algo = esp_algorithm_lookup(sav->alg_enc); in esp_kpipe_input()
1910 sav->alg_enc, ntohl(sav->spi)); in esp_kpipe_input()
1916 if ((sav->flags & SADB_X_EXT_IIV) == 0) { in esp_kpipe_input()
1917 ivlen = sav->ivlen; in esp_kpipe_input()
1920 ivlen, ntohl(sav->spi)); in esp_kpipe_input()
1930 if (sav->alg_auth != SADB_X_AALG_NULL && in esp_kpipe_input()
1931 sav->alg_auth != SADB_AALG_NONE) { in esp_kpipe_input()
1932 a_algo = ah_algorithm_lookup(sav->alg_auth); in esp_kpipe_input()
1933 if (a_algo != NULL && sav->key_auth != NULL) { in esp_kpipe_input()
1934 auth_size = (((*a_algo->sumsiz)(sav) + 3) & ~(4 - 1)); in esp_kpipe_input()
1939 "does not contain auth, SPI=%x\n", ntohl(sav->spi)); in esp_kpipe_input()
1950 if (__improbable((err = esp_auth_data(sav, (uint8_t *)esp, in esp_kpipe_input()
1953 "data failed, SPI=%x\n", ntohl(sav->spi)); in esp_kpipe_input()
1962 "failed, SPI=%x\n", ntohl(sav->spi)); in esp_kpipe_input()
1977 "to contain ivlen and esptail SPI=%x\n", slen, ntohl(sav->spi)); in esp_kpipe_input()
1986 if (__improbable((err = esp_schedule(e_algo, sav)) != 0)) { in esp_kpipe_input()
1987 esp_log_info("esp schedule failed %d, SPI=%x\n", err, ntohl(sav->spi)); in esp_kpipe_input()
1997 if (__improbable((err = (*e_algo->decrypt_pkt)(sav, src_payload, in esp_kpipe_input()
2001 ntohl(sav->spi)); in esp_kpipe_input()
2007 IPSEC_STAT_INCREMENT(stat->in_esphist[sav->alg_enc]); in esp_kpipe_input()
2010 if (__improbable((err = (*e_algo->finalizedecrypt)(sav, in esp_kpipe_input()
2013 ntohl(sav->spi)); in esp_kpipe_input()
2023 if (__improbable(ipsec_updatereplay(ntohl(esp->esp_seq), sav, in esp_kpipe_input()
2026 ntohl(sav->spi)); in esp_kpipe_input()
2039 encrypted_payload_len, taillen, ntohl(sav->spi)); in esp_kpipe_input()
2072 key_sa_recordxfer(sav, iphlen + decrypted_payload_len); in esp_kpipe_input()
2074 key_freesav(sav, KEY_SADB_UNLOCKED); in esp_kpipe_input()
2079 if (sav != NULL) { in esp_kpipe_input()
2080 key_freesav(sav, KEY_SADB_UNLOCKED); in esp_kpipe_input()
2081 sav = NULL; in esp_kpipe_input()