ipsec.c - OpenGrok cross reference for /xnu-12377.1.9/bsd/netinet6/ipsec.c

Lines Matching refs:sah
2274 	if (SA(&sav->sah->saidx.src)->sa_family != SA(&sav->sah->saidx.dst)->sa_family  in ipsec4_encapsulate()
2275 	    || SA(&sav->sah->saidx.src)->sa_family != AF_INET) {  in ipsec4_encapsulate()
2364 	bcopy(&SIN(&sav->sah->saidx.src)->sin_addr,  in ipsec4_encapsulate()
2366 	bcopy(&SIN(&sav->sah->saidx.dst)->sin_addr,  in ipsec4_encapsulate()
2384 	if (SA(&sav->sah->saidx.src)->sa_family != SA(&sav->sah->saidx.dst)->sa_family  in ipsec6_encapsulate()
2385 	    || SA(&sav->sah->saidx.src)->sa_family != AF_INET6) {  in ipsec6_encapsulate()
2436 	bcopy(&SIN6(&sav->sah->saidx.src)->sin6_addr,  in ipsec6_encapsulate()
2438 	bcopy(&SIN6(&sav->sah->saidx.dst)->sin6_addr,  in ipsec6_encapsulate()
2443 		ip6->ip6_src.s6_addr16[1] = htons((u_int16_t)sav->sah->outgoing_if);  in ipsec6_encapsulate()
2444 		ip6->ip6_dst.s6_addr16[1] = htons((u_int16_t)sav->sah->outgoing_if);  in ipsec6_encapsulate()
2460 	if (SA(&sav->sah->saidx.src)->sa_family != SA(&sav->sah->saidx.dst)->sa_family  in ipsec64_encapsulate()
2461 	    || SA(&sav->sah->saidx.src)->sa_family != AF_INET) {  in ipsec64_encapsulate()
2526 	bcopy(&SIN(&sav->sah->saidx.src)->sin_addr,  in ipsec64_encapsulate()
2528 	bcopy(&SIN(&sav->sah->saidx.dst)->sin_addr,  in ipsec64_encapsulate()
2556 	ro6 = &sav->sah->sa_route;  in ipsec6_update_routecache_and_output()
2573 		rtalloc_scoped((struct route *)ro6, sav->sah->outgoing_if);  in ipsec6_update_routecache_and_output()
2615 	switch (sav->sah->saidx.proto) {  in ipsec6_update_routecache_and_output()
2628 		ipseclog((LOG_ERR, "%s: unknown ipsec protocol %d\n", __FUNCTION__, sav->sah->saidx.proto));  in ipsec6_update_routecache_and_output()
2650 	ipsec_set_pkthdr_for_interface(sav->sah->ipsec_if, state->m, AF_INET6,  in ipsec6_update_routecache_and_output()
2652 	ipsec_set_ip6oa_for_interface(sav->sah->ipsec_if, &ip6oa);  in ipsec6_update_routecache_and_output()
2655 	ifnet_stat_increment_out(sav->sah->ipsec_if, 1, (u_int32_t)mbuf_pkthdr_len(state->m), 0);  in ipsec6_update_routecache_and_output()
2675 		ifnet_disable_output(sav->sah->ipsec_if);  in ipsec6_update_routecache_and_output()
2698 	if (SA(&sav->sah->saidx.src)->sa_family != SA(&sav->sah->saidx.dst)->sa_family  in ipsec46_encapsulate()
2699 	    || SA(&sav->sah->saidx.src)->sa_family != AF_INET6) {  in ipsec46_encapsulate()
2800 	bcopy(&SIN6(&sav->sah->saidx.src)->sin6_addr,  in ipsec46_encapsulate()
2802 	bcopy(&SIN6(&sav->sah->saidx.dst)->sin6_addr,  in ipsec46_encapsulate()
2806 		ip6->ip6_src.s6_addr16[1] = htons((u_int16_t)sav->sah->outgoing_if);  in ipsec46_encapsulate()
2807 		ip6->ip6_dst.s6_addr16[1] = htons((u_int16_t)sav->sah->outgoing_if);  in ipsec46_encapsulate()
3091 	struct secasindex *saidx = &sav->sah->saidx;  in ipsec_logsastr()
3094 	if (SA(&sav->sah->saidx.src)->sa_family  in ipsec_logsastr()
3095 	    != SA(&sav->sah->saidx.dst)->sa_family) {  in ipsec_logsastr()
3169 	if (sav == NULL || sav->sah == NULL) {  in ipsec4_output_internal()
3188 	state->outgoing_if = sav->sah->outgoing_if;  in ipsec4_output_internal()
3195 	if (sav->sah->saidx.mode == IPSEC_MODE_TUNNEL) {  in ipsec4_output_internal()
3205 		if (SA(&sav->sah->saidx.src)->sa_family == AF_INET6) {  in ipsec4_output_internal()
3215 		} else if (SA(&sav->sah->saidx.src)->sa_family == AF_INET) {  in ipsec4_output_internal()
3225 			ro4 = (struct route *)&sav->sah->sa_route;  in ipsec4_output_internal()
3241 				rtalloc_scoped(ro4, sav->sah->outgoing_if);  in ipsec4_output_internal()
3284 	switch (sav->sah->saidx.proto) {  in ipsec4_output_internal()
3307 		    sav->sah->saidx.proto));  in ipsec4_output_internal()
3380 	if (__improbable(sav->sah == NULL)) {  in ipsec4_interface_kpipe_output()
3388 	if (__improbable(sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT)) {  in ipsec4_interface_kpipe_output()
3444 	switch (sav->sah->saidx.proto) {  in ipsec4_interface_kpipe_output()
3458 		    sav->sah->saidx.proto);  in ipsec4_interface_kpipe_output()
3523 	if (__improbable(sav->sah == NULL)) {  in ipsec6_interface_kpipe_output()
3531 	if (__improbable(sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT)) {  in ipsec6_interface_kpipe_output()
3581 	switch (sav->sah->saidx.proto) {  in ipsec6_interface_kpipe_output()
3595 		    sav->sah->saidx.proto);  in ipsec6_interface_kpipe_output()
3810 	if (sav == NULL || sav->sah == NULL) {  in ipsec6_output_trans_internal()
3826 	state->outgoing_if = sav->sah->outgoing_if;  in ipsec6_output_trans_internal()
3828 	switch (sav->sah->saidx.proto) {  in ipsec6_output_trans_internal()
3842 		    "unknown ipsec protocol %d\n", sav->sah->saidx.proto));  in ipsec6_output_trans_internal()
4034 	if (sav == NULL || sav->sah == NULL || sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) {  in ipsec6_output_tunnel_internal()
4050 	state->outgoing_if = sav->sah->outgoing_if;  in ipsec6_output_tunnel_internal()
4052 	if (sav->sah->saidx.mode == IPSEC_MODE_TUNNEL) {  in ipsec6_output_tunnel_internal()
4063 		if (SA(&sav->sah->saidx.src)->sa_family == AF_INET6) {  in ipsec6_output_tunnel_internal()
4070 		} else if (SA(&sav->sah->saidx.src)->sa_family == AF_INET) {  in ipsec6_output_tunnel_internal()
4098 			ro4 = (struct route *)&sav->sah->sa_route;  in ipsec6_output_tunnel_internal()
4126 			switch (sav->sah->saidx.proto) {  in ipsec6_output_tunnel_internal()
4153 				    sav->sah->saidx.proto));  in ipsec6_output_tunnel_internal()
4166 			ipsec_set_pkthdr_for_interface(sav->sah->ipsec_if, state->m,  in ipsec6_output_tunnel_internal()
4168 			ipsec_set_ipoa_for_interface(sav->sah->ipsec_if, &ipoa);  in ipsec6_output_tunnel_internal()
4193 		ro6 = &sav->sah->sa_route;  in ipsec6_output_tunnel_internal()
4210 			rtalloc_scoped((struct route *)ro6, sav->sah->outgoing_if);  in ipsec6_output_tunnel_internal()
4252 	switch (sav->sah->saidx.proto) {  in ipsec6_output_tunnel_internal()
4266 		    "unknown ipsec protocol %d\n", sav->sah->saidx.proto));  in ipsec6_output_tunnel_internal()
4494 	if (sav->sah && sav->sah->saidx.mode == IPSEC_MODE_TUNNEL) {  in ipsec6_interface_output()
4621 	if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT) {  in ipsec4_tunnel_validate()
4647 	sin = SIN(&sav->sah->saidx.dst);  in ipsec4_tunnel_validate()
4655 	if (sav->sah->ipsec_if != NULL) {  in ipsec4_tunnel_validate()
4745 	if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT) {  in ipsec6_tunnel_validate()
4771 	sin6 = SIN6(&sav->sah->saidx.dst);  in ipsec6_tunnel_validate()
4777 	struct in6_addr *sah_dst_addr = &SIN6(&sav->sah->saidx.dst)->sin6_addr;  in ipsec6_tunnel_validate()
4780 		tmp_sah_dst_addr.s6_addr16[1] = htons((u_int16_t)sav->sah->outgoing_if);  in ipsec6_tunnel_validate()
4787 	if (sav->sah->ipsec_if != NULL) {  in ipsec6_tunnel_validate()
5186 	if (sav->sah->saidx.dst.ss_family == AF_INET) {  in ipsec_send_natt_keepalive()
5212 		if (sav->sah->dir != IPSEC_DIR_INBOUND) {  in ipsec_send_natt_keepalive()
5213 			ip->ip_src = SIN(&sav->sah->saidx.src)->sin_addr;  in ipsec_send_natt_keepalive()
5214 			ip->ip_dst = SIN(&sav->sah->saidx.dst)->sin_addr;  in ipsec_send_natt_keepalive()
5216 			ip->ip_src = SIN(&sav->sah->saidx.dst)->sin_addr;  in ipsec_send_natt_keepalive()
5217 			ip->ip_dst = SIN(&sav->sah->saidx.src)->sin_addr;  in ipsec_send_natt_keepalive()
5230 		if (ROUTE_UNUSABLE(&sav->sah->sa_route) ||  in ipsec_send_natt_keepalive()
5231 		    rt_key(sav->sah->sa_route.ro_rt)->sa_family != AF_INET) {  in ipsec_send_natt_keepalive()
5232 			ROUTE_RELEASE(&sav->sah->sa_route);  in ipsec_send_natt_keepalive()
5235 		route_copyout(&ro, (struct route *)&sav->sah->sa_route, sizeof(struct route));  in ipsec_send_natt_keepalive()
5242 		route_copyin(&ro, (struct route *)&sav->sah->sa_route, sizeof(struct route));  in ipsec_send_natt_keepalive()
5243 	} else if (sav->sah->saidx.dst.ss_family == AF_INET6) {  in ipsec_send_natt_keepalive()
5249 		if (sav->sah->outgoing_if) {  in ipsec_send_natt_keepalive()
5250 			ip6oa.ip6oa_boundif = sav->sah->outgoing_if;  in ipsec_send_natt_keepalive()
5274 		if (sav->sah->dir != IPSEC_DIR_INBOUND) {  in ipsec_send_natt_keepalive()
5275 			ip6->ip6_src = SIN6(&sav->sah->saidx.src)->sin6_addr;  in ipsec_send_natt_keepalive()
5276 			ip6->ip6_dst = SIN6(&sav->sah->saidx.dst)->sin6_addr;  in ipsec_send_natt_keepalive()
5277 			ip6_output_setsrcifscope(m, SIN6(&sav->sah->saidx.src)->sin6_scope_id, NULL);  in ipsec_send_natt_keepalive()
5278 			ip6_output_setdstifscope(m, SIN6(&sav->sah->saidx.dst)->sin6_scope_id, NULL);  in ipsec_send_natt_keepalive()
5280 			ip6->ip6_src = SIN6(&sav->sah->saidx.dst)->sin6_addr;  in ipsec_send_natt_keepalive()
5281 			ip6->ip6_dst = SIN6(&sav->sah->saidx.src)->sin6_addr;  in ipsec_send_natt_keepalive()
5282 			ip6_output_setdstifscope(m, SIN6(&sav->sah->saidx.src)->sin6_scope_id, NULL);  in ipsec_send_natt_keepalive()
5283 			ip6_output_setsrcifscope(m, SIN6(&sav->sah->saidx.dst)->sin6_scope_id, NULL);  in ipsec_send_natt_keepalive()
5305 		if (ROUTE_UNUSABLE(&sav->sah->sa_route) ||  in ipsec_send_natt_keepalive()
5306 		    rt_key(sav->sah->sa_route.ro_rt)->sa_family != AF_INET6) {  in ipsec_send_natt_keepalive()
5307 			ROUTE_RELEASE(&sav->sah->sa_route);  in ipsec_send_natt_keepalive()
5310 …route_copyout((struct route *)&ro6, (struct route *)&sav->sah->sa_route, sizeof(struct route_in6));  in ipsec_send_natt_keepalive()
5317 		route_copyin((struct route *)&ro6, (struct route *)&sav->sah->sa_route, sizeof(struct route_in6));  in ipsec_send_natt_keepalive()
5319 		ipseclog((LOG_ERR, "nat keepalive: invalid address family %u\n", sav->sah->saidx.dst.ss_family));  in ipsec_send_natt_keepalive()
5345 	if (sav == NULL || sav->sah == NULL || frame == NULL ||  in ipsec_fill_offload_frame()
5346 	    (ifp != NULL && ifp->if_index != sav->sah->outgoing_if) ||  in ipsec_fill_offload_frame()
5359 	sa_family_t af = sav->sah->saidx.dst.ss_family;  in ipsec_fill_offload_frame()
5393 			if (sav->sah->dir != IPSEC_DIR_INBOUND) {  in ipsec_fill_offload_frame()
5394 				ip6->ip6_src = SIN6(&sav->sah->saidx.src)->sin6_addr;  in ipsec_fill_offload_frame()
5395 				ip6->ip6_dst = SIN6(&sav->sah->saidx.dst)->sin6_addr;  in ipsec_fill_offload_frame()
5397 				ip6->ip6_src = SIN6(&sav->sah->saidx.dst)->sin6_addr;  in ipsec_fill_offload_frame()
5398 				ip6->ip6_dst = SIN6(&sav->sah->saidx.src)->sin6_addr;  in ipsec_fill_offload_frame()
5419 			if (sav->sah->dir != IPSEC_DIR_INBOUND) {  in ipsec_fill_offload_frame()
5420 				ipv4_dst = &(SIN(&sav->sah->saidx.dst)->sin_addr);  in ipsec_fill_offload_frame()
5422 				ipv4_dst = &(SIN(&sav->sah->saidx.src)->sin_addr);  in ipsec_fill_offload_frame()
5483 		if (sav->sah->dir != IPSEC_DIR_INBOUND) {  in ipsec_fill_offload_frame()
5484 			ip->ip_src = SIN(&sav->sah->saidx.src)->sin_addr;  in ipsec_fill_offload_frame()
5485 			ip->ip_dst = SIN(&sav->sah->saidx.dst)->sin_addr;  in ipsec_fill_offload_frame()
5487 			ip->ip_src = SIN(&sav->sah->saidx.dst)->sin_addr;  in ipsec_fill_offload_frame()
5488 			ip->ip_dst = SIN(&sav->sah->saidx.src)->sin_addr;  in ipsec_fill_offload_frame()