Lines Matching refs:sah
588 struct secashead *sah = sav->sah; in key_get_flowid() local
590 if ((sah->dir != IPSEC_DIR_OUTBOUND) && (sah->dir != IPSEC_DIR_ANY)) { in key_get_flowid()
595 ASSERT(sah->saidx.src.ss_family == sah->saidx.dst.ss_family); in key_get_flowid()
596 switch (sah->saidx.src.ss_family) { in key_get_flowid()
598 ASSERT(sah->saidx.src.ss_len == sizeof(struct sockaddr_in)); in key_get_flowid()
599 ASSERT(sah->saidx.dst.ss_len == sizeof(struct sockaddr_in)); in key_get_flowid()
601 (SIN(&(sah->saidx.src)))->sin_addr; in key_get_flowid()
603 (SIN(&(sah->saidx.dst)))->sin_addr; in key_get_flowid()
607 ASSERT(sah->saidx.src.ss_len == sizeof(struct sockaddr_in6)); in key_get_flowid()
608 ASSERT(sah->saidx.dst.ss_len == sizeof(struct sockaddr_in6)); in key_get_flowid()
610 (SIN6(&(sah->saidx.src)))->sin6_addr; in key_get_flowid()
612 (SIN6(&(sah->saidx.dst)))->sin6_addr; in key_get_flowid()
622 fk.ffk_af = sah->saidx.src.ss_family; in key_get_flowid()
623 fk.ffk_proto = (uint8_t)(sah->saidx.proto); in key_get_flowid()
884 struct secashead *sah; in key_alloc_outbound_sav_for_interface() local
903 LIST_FOREACH(sah, &sahtree, chain) { in key_alloc_outbound_sav_for_interface()
904 if (sah->state == SADB_SASTATE_DEAD) { in key_alloc_outbound_sav_for_interface()
907 if (sah->ipsec_if == interface && in key_alloc_outbound_sav_for_interface()
909 sah->dir == IPSEC_DIR_OUTBOUND) { in key_alloc_outbound_sav_for_interface()
911 sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_alloc_outbound_sav_for_interface()
914 if (key_sockaddrcmp(SA(&sah->saidx.src), src, 0) != 0) { in key_alloc_outbound_sav_for_interface()
919 if (key_sockaddrcmp(SA(&sah->saidx.dst), dst, 0) != 0) { in key_alloc_outbound_sav_for_interface()
934 sin = SIN(&sah->saidx.dst); in key_alloc_outbound_sav_for_interface()
936 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT) { in key_alloc_outbound_sav_for_interface()
942 sav = key_do_allocsa_policy(sah, state, dstport); in key_alloc_outbound_sav_for_interface()
1048 struct secashead *sah; in key_allocsa_policy() local
1058 LIST_FOREACH(sah, &sahtree, chain) { in key_allocsa_policy()
1060 if (sah->state == SADB_SASTATE_DEAD) { in key_allocsa_policy()
1063 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID)) { in key_allocsa_policy()
1094 sav = key_do_allocsa_policy(sah, state, dstport); in key_allocsa_policy()
1112 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { in key_send_delete()
1125 SA(&sav->sah->saidx.src), in key_send_delete()
1126 sav->sah->saidx.src.ss_len << 3, in key_send_delete()
1135 SA(&sav->sah->saidx.dst), in key_send_delete()
1136 sav->sah->saidx.src.ss_len << 3, in key_send_delete()
1184 struct secashead *sah, in key_do_allocsa_policy() argument
1197 for (sav = LIST_FIRST(&sah->savtree[state]); in key_do_allocsa_policy()
1205 if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport && in key_do_allocsa_policy()
1211 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1216 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL && in key_do_allocsa_policy()
1218 (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1261 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL && in key_do_allocsa_policy()
1263 (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1288 } else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport) { in key_do_allocsa_policy()
1371 sav->sah->ipsec_if != interface) { in key_allocsa()
1374 if (proto != sav->sah->saidx.proto) { in key_allocsa()
1377 if (src->sa.sa_family != sav->sah->saidx.src.ss_family || in key_allocsa()
1378 dst->sa.sa_family != sav->sah->saidx.dst.ss_family) { in key_allocsa()
1394 struct sockaddr *sah_dst = SA(&sav->sah->saidx.dst); in key_allocsa()
1403 tmp_sah_dst.sin6_scope_id = sav->sah->outgoing_if; in key_allocsa()
1458 struct secashead *sah = NULL; in key_checksa_present() local
1462 LIST_FOREACH(sah, &sahtree, chain) { in key_checksa_present()
1463 if (sah->state == SADB_SASTATE_DEAD) { in key_checksa_present()
1467 if (sah->dir != IPSEC_DIR_OUTBOUND) { in key_checksa_present()
1471 if (local->sa.sa_family != sah->saidx.src.ss_family) { in key_checksa_present()
1477 SA(&sah->saidx.src), 0) != 0) { in key_checksa_present()
1482 SA(&sah->saidx.dst), 0) != 0) { in key_checksa_present()
1492 for (struct secasvar *sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_checksa_present()
1526 struct secashead *sah; in key_natt_get_translated_port() local
1532 saidx.mode = outsav->sah->saidx.mode; in key_natt_get_translated_port()
1534 saidx.proto = outsav->sah->saidx.proto; in key_natt_get_translated_port()
1535 bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in)); in key_natt_get_translated_port()
1536 bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in)); in key_natt_get_translated_port()
1539 LIST_FOREACH(sah, &sahtree, chain) { in key_natt_get_translated_port()
1540 if (sah->state == SADB_SASTATE_DEAD) { in key_natt_get_translated_port()
1543 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE)) { in key_natt_get_translated_port()
1570 if (key_do_get_translated_port(sah, outsav, state)) { in key_natt_get_translated_port()
1581 struct secashead *sah, in key_do_get_translated_port() argument
1593 for (currsav = LIST_FIRST(&sah->savtree[state]); in key_do_get_translated_port()
3837 struct secashead *sah) in key_delsah() argument
3846 if (sah == NULL) { in key_delsah()
3850 if (sah->use_count > 0) { in key_delsah()
3859 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]); in key_delsah()
3876 sav->sah = NULL; in key_delsah()
3886 ROUTE_RELEASE(&sah->sa_route); in key_delsah()
3888 if (sah->ipsec_if) { in key_delsah()
3889 ifnet_release(sah->ipsec_if); in key_delsah()
3890 sah->ipsec_if = NULL; in key_delsah()
3894 if (__LIST_CHAINED(sah)) { in key_delsah()
3895 LIST_REMOVE(sah, chain); in key_delsah()
3898 kfree_type(struct secashead, sah); in key_delsah()
3917 struct secashead *sah, in key_newsav() argument
3927 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL) { in key_newsav()
4020 newsav->sah = sah; in key_newsav()
4023 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, in key_newsav()
4044 sav->sah = newsah; in key_migratesav()
4147 struct secashead *sah; in key_getsah() local
4153 LIST_FOREACH(sah, &sahtree, chain) { in key_getsah()
4154 if (sah->state == SADB_SASTATE_DEAD) { in key_getsah()
4157 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) { in key_getsah()
4158 return sah; in key_getsah()
4165 LIST_FOREACH(sah, &custom_sahtree, chain) { in key_getsah()
4166 if (sah->state == SADB_SASTATE_DEAD) { in key_getsah()
4169 if (key_cmpsaidx(&sah->saidx, saidx, 0)) { in key_getsah()
4170 return sah; in key_getsah()
4182 struct secashead *sah; in key_newsah2() local
4186 sah = key_getsah(saidx, SECURITY_ASSOCIATION_ANY); in key_newsah2()
4187 if (!sah) { in key_newsah2()
4190 return sah; in key_newsah2()
4226 key_ismyaddr(SA(&sav->sah->saidx.dst))) { in key_checkspidup()
4257 struct secashead *sah, in key_getsavbyspi() argument
4270 if (sav->sah != sah) { in key_getsavbyspi()
4598 switch (sav->sah->saidx.proto) { in key_mature()
4613 switch (sav->sah->saidx.proto) { in key_mature()
4783 m = key_setsadbxsa2(sav->sah->saidx.mode, in key_setdumpsa()
4785 sav->sah->saidx.reqid, in key_setdumpsa()
4794 SA(&sav->sah->saidx.src), in key_setdumpsa()
4803 SA(&sav->sah->saidx.dst), in key_setdumpsa()
4888 if (sav->sah && (sav->sah->outgoing_if || sav->sah->ipsec_if)) { in key_setdumpsa()
4889 m = key_setsadbipsecif(NULL, ifindex2ifnet[sav->sah->outgoing_if], sav->sah->ipsec_if, 0); in key_setdumpsa()
6003 struct secashead *sah, *nextsah; in key_timehandler() local
6006 for (sah = LIST_FIRST(&sahtree); in key_timehandler()
6007 sah != NULL; in key_timehandler()
6008 sah = nextsah) { in key_timehandler()
6010 nextsah = LIST_NEXT(sah, chain); in key_timehandler()
6013 if (sah->state == SADB_SASTATE_DEAD) { in key_timehandler()
6014 key_delsah(sah); in key_timehandler()
6019 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL && in key_timehandler()
6020 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL && in key_timehandler()
6021 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL && in key_timehandler()
6022 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) { in key_timehandler()
6023 key_delsah(sah); in key_timehandler()
6036 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]); in key_timehandler()
6076 …sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this i… in key_timehandler()
6089 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); in key_timehandler()
6152 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]); in key_timehandler()
6195 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]); in key_timehandler()
6854 struct secashead *sah = NULL; in key_update() local
6930 if ((sah = key_getsah(&saidx, SECURITY_ASSOCIATION_PFKEY)) == NULL) { in key_update()
6938 sah->use_count++; in key_update()
6940 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) { in key_update()
6952 if (sav->sah->saidx.proto != proto) { in key_update()
6955 sav->sah->saidx.proto, proto)); in key_update()
6979 if (sah->state == SADB_SASTATE_DEAD) { in key_update()
6991 (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT || in key_update()
6992 sav->sah->saidx.src.ss_family != AF_INET)) { in key_update()
7002 sah->use_count--; in key_update()
7023 if (sah != NULL) { in key_update()
7024 sah->use_count--; in key_update()
7047 struct secashead *sah = NULL; in key_migrate() local
7104 LIST_FOREACH(sah, &sahtree, chain) { in key_migrate()
7105 if (sah->state != SADB_SASTATE_MATURE) { in key_migrate()
7108 if (key_cmpsaidx(&sah->saidx, &saidx0, CMP_HEAD) == 0) { in key_migrate()
7112 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_migrate()
7117 if (sah == NULL) { in key_migrate()
7136 …KEY_SETSECASIDX(proto, sah->saidx.mode, sah->saidx.reqid, src1, dst1, ipsec_if1 ? ipsec_if1->if_in… in key_migrate()
7139 …1, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_MIGRATE_IPSECIF), sah->dir, SECURITY_ASSO… in key_migrate()
7473 struct secashead *sah; in key_delete() local
7536 LIST_FOREACH(sah, &sahtree, chain) { in key_delete()
7537 if (sah->state == SADB_SASTATE_DEAD) { in key_delete()
7540 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_delete()
7545 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_delete()
7550 if (sah == NULL) { in key_delete()
7603 struct secashead *sah; in key_delete_all() local
7623 LIST_FOREACH(sah, &sahtree, chain) { in key_delete_all()
7624 if (sah->state == SADB_SASTATE_DEAD) { in key_delete_all()
7627 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_delete_all()
7639 for (sav = LIST_FIRST(&sah->savtree[state]); in key_delete_all()
7708 struct secashead *sah; in key_get() local
7756 LIST_FOREACH(sah, &sahtree, chain) { in key_get()
7757 if (sah->state == SADB_SASTATE_DEAD) { in key_get()
7760 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_get()
7765 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_get()
7770 if (sah == NULL) { in key_get()
7781 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { in key_get()
7812 struct secashead *sah; in key_getsastatbyspi_one() local
7822 LIST_FOREACH(sah, &sahtree, chain) { in key_getsastatbyspi_one()
7823 if (sah->state == SADB_SASTATE_DEAD) { in key_getsastatbyspi_one()
7828 sav = key_getsavbyspi(sah, spi); in key_getsastatbyspi_one()
8388 struct secashead *sah; in key_acquire2() local
8481 LIST_FOREACH(sah, &sahtree, chain) { in key_acquire2()
8482 if (sah->state == SADB_SASTATE_DEAD) { in key_acquire2()
8485 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID)) { in key_acquire2()
8489 if (sah != NULL) { in key_acquire2()
8698 struct secashead *sah, *nextsah; in key_delete_all_for_socket() local
8703 for (sah = LIST_FIRST(&sahtree); in key_delete_all_for_socket()
8704 sah != NULL; in key_delete_all_for_socket()
8705 sah = nextsah) { in key_delete_all_for_socket()
8706 nextsah = LIST_NEXT(sah, chain); in key_delete_all_for_socket()
8709 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_delete_all_for_socket()
8784 if (sav->sah == NULL) { in key_expire()
8787 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { in key_expire()
8808 m = key_setsadbxsa2(sav->sah->saidx.mode, in key_expire()
8810 sav->sah->saidx.reqid, in key_expire()
8842 SA(&sav->sah->saidx.src), in key_expire()
8852 SA(&sav->sah->saidx.dst), in key_expire()
8910 struct secashead *sah, *nextsah; in key_flush() local
8930 for (sah = LIST_FIRST(&sahtree); in key_flush()
8931 sah != NULL; in key_flush()
8932 sah = nextsah) { in key_flush()
8933 nextsah = LIST_NEXT(sah, chain); in key_flush()
8936 && proto != sah->saidx.proto) { in key_flush()
8944 for (sav = LIST_FIRST(&sah->savtree[state]); in key_flush()
8954 sah->state = SADB_SASTATE_DEAD; in key_flush()
9001 struct secashead *sah; in key_dump() local
9045 LIST_FOREACH(sah, &sahtree, chain) { in key_dump()
9047 && proto != sah->saidx.proto) { in key_dump()
9052 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { in key_dump()
9063 LIST_FOREACH(sav, &sah->savtree[state], chain) { in key_dump()
9855 if (sav->sah == NULL) { in key_checktunnelsanity()
9916 struct secashead *sah; in key_sa_routechange() local
9920 LIST_FOREACH(sah, &sahtree, chain) { in key_sa_routechange()
9921 ro = (struct route *)&sah->sa_route; in key_sa_routechange()
9952 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain); in key_sa_chgstate()
10211 memcpy(&saidx_swap_sent_addr.src, &sav_sent->sah->saidx.dst, sizeof(saidx_swap_sent_addr.src)); in key_update_natt_keepalive_timestamp()
10212 memcpy(&saidx_swap_sent_addr.dst, &sav_sent->sah->saidx.src, sizeof(saidx_swap_sent_addr.dst)); in key_update_natt_keepalive_timestamp()
10213 saidx_swap_sent_addr.proto = sav_sent->sah->saidx.proto; in key_update_natt_keepalive_timestamp()
10214 saidx_swap_sent_addr.mode = sav_sent->sah->saidx.mode; in key_update_natt_keepalive_timestamp()
10217 if (key_cmpsaidx(&sav_sent->sah->saidx, &sav_update->sah->saidx, CMP_MODE | CMP_PORT) || in key_update_natt_keepalive_timestamp()
10218 key_cmpsaidx(&saidx_swap_sent_addr, &sav_update->sah->saidx, CMP_MODE | CMP_PORT)) { in key_update_natt_keepalive_timestamp()
10335 struct secashead *sah; in key_delsp_for_ipsec_if() local
10368 LIST_FOREACH(sah, &sahtree, chain) { in key_delsp_for_ipsec_if()
10369 if (sah->ipsec_if == ipsec_if) { in key_delsp_for_ipsec_if()
10371 ifnet_release(sah->ipsec_if); in key_delsp_for_ipsec_if()
10372 sah->ipsec_if = NULL; in key_delsp_for_ipsec_if()
10376 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_delsp_for_ipsec_if()
10384 sah->state = SADB_SASTATE_DEAD; in key_delsp_for_ipsec_if()
10397 struct secashead *sah = NULL; in key_fill_offload_frames_for_savs() local
10407 LIST_FOREACH(sah, &sahtree, chain) { in key_fill_offload_frames_for_savs()
10408 LIST_FOREACH(sav, &sah->savtree[SADB_SASTATE_MATURE], chain) { in key_fill_offload_frames_for_savs()
10433 struct secashead *sah = (struct secashead *)ipsec_token; in key_custom_ipsec_token_is_valid() local
10435 return (sah->flags & SECURITY_ASSOCIATION_CUSTOM_IPSEC) == SECURITY_ASSOCIATION_CUSTOM_IPSEC; in key_custom_ipsec_token_is_valid()
10490 struct secashead *sah = NULL; in key_reserve_custom_ipsec() local
10491 if ((sah = key_getsah(&saidx, SECURITY_ASSOCIATION_ANY)) != NULL) { in key_reserve_custom_ipsec()
10497 …if ((sah = key_newsah(&saidx, NULL, 0, IPSEC_DIR_ANY, SECURITY_ASSOCIATION_CUSTOM_IPSEC)) == NULL)… in key_reserve_custom_ipsec()
10503 *ipsec_token = (void *)sah; in key_reserve_custom_ipsec()
10512 struct secashead *__single sah = *ipsec_token; in key_release_custom_ipsec() local
10513 VERIFY(sah != NULL); in key_release_custom_ipsec()
10517 VERIFY((sah->flags & SECURITY_ASSOCIATION_CUSTOM_IPSEC) == SECURITY_ASSOCIATION_CUSTOM_IPSEC); in key_release_custom_ipsec()
10520 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL && in key_release_custom_ipsec()
10521 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL && in key_release_custom_ipsec()
10522 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL && in key_release_custom_ipsec()
10523 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) { in key_release_custom_ipsec()
10528 key_delsah(sah); in key_release_custom_ipsec()