Lines Matching refs:sah
770 struct secashead *sah; in key_alloc_outbound_sav_for_interface() local
789 LIST_FOREACH(sah, &sahtree, chain) { in key_alloc_outbound_sav_for_interface()
790 if (sah->state == SADB_SASTATE_DEAD) { in key_alloc_outbound_sav_for_interface()
793 if (sah->ipsec_if == interface && in key_alloc_outbound_sav_for_interface()
795 sah->dir == IPSEC_DIR_OUTBOUND) { in key_alloc_outbound_sav_for_interface()
797 sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_alloc_outbound_sav_for_interface()
800 if (key_sockaddrcmp((struct sockaddr *)&sah->saidx.src, src, 0) != 0) { in key_alloc_outbound_sav_for_interface()
805 if (key_sockaddrcmp((struct sockaddr *)&sah->saidx.dst, dst, 0) != 0) { in key_alloc_outbound_sav_for_interface()
820 sin = (struct sockaddr_in *)&sah->saidx.dst; in key_alloc_outbound_sav_for_interface()
822 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT) { in key_alloc_outbound_sav_for_interface()
828 sav = key_do_allocsa_policy(sah, state, dstport); in key_alloc_outbound_sav_for_interface()
934 struct secashead *sah; in key_allocsa_policy() local
944 LIST_FOREACH(sah, &sahtree, chain) { in key_allocsa_policy()
946 if (sah->state == SADB_SASTATE_DEAD) { in key_allocsa_policy()
949 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID)) { in key_allocsa_policy()
980 sav = key_do_allocsa_policy(sah, state, dstport); in key_allocsa_policy()
998 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { in key_send_delete()
1011 (struct sockaddr *)&sav->sah->saidx.src, in key_send_delete()
1012 sav->sah->saidx.src.ss_len << 3, in key_send_delete()
1021 (struct sockaddr *)&sav->sah->saidx.dst, in key_send_delete()
1022 sav->sah->saidx.src.ss_len << 3, in key_send_delete()
1070 struct secashead *sah, in key_do_allocsa_policy() argument
1083 for (sav = LIST_FIRST(&sah->savtree[state]); in key_do_allocsa_policy()
1091 if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport && in key_do_allocsa_policy()
1097 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1102 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL && in key_do_allocsa_policy()
1104 (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1147 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL && in key_do_allocsa_policy()
1149 (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1174 } else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport) { in key_do_allocsa_policy()
1303 sav->sah->ipsec_if != interface) { in key_allocsa_extended()
1306 if (proto != sav->sah->saidx.proto) { in key_allocsa_extended()
1309 if (family != sav->sah->saidx.src.ss_family || in key_allocsa_extended()
1310 family != sav->sah->saidx.dst.ss_family) { in key_allocsa_extended()
1326 struct sockaddr *sah_dst = (struct sockaddr *)&sav->sah->saidx.dst; in key_allocsa_extended()
1334 tmp_sah_dst.sin6_scope_id = sav->sah->outgoing_if; in key_allocsa_extended()
1394 struct secashead *sah = NULL; in key_checksa_present() local
1398 LIST_FOREACH(sah, &sahtree, chain) { in key_checksa_present()
1399 if (sah->state == SADB_SASTATE_DEAD) { in key_checksa_present()
1403 if (sah->dir != IPSEC_DIR_OUTBOUND) { in key_checksa_present()
1407 if (family != sah->saidx.src.ss_family) { in key_checksa_present()
1421 (struct sockaddr *)&sah->saidx.src, 0) != 0) { in key_checksa_present()
1440 (struct sockaddr *)&sah->saidx.src, 0) != 0) { in key_checksa_present()
1461 (struct sockaddr *)&sah->saidx.dst, 0) != 0) { in key_checksa_present()
1480 (struct sockaddr *)&sah->saidx.dst, 0) != 0) { in key_checksa_present()
1494 for (struct secasvar *sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_checksa_present()
1528 struct secashead *sah; in key_natt_get_translated_port() local
1534 saidx.mode = outsav->sah->saidx.mode; in key_natt_get_translated_port()
1536 saidx.proto = outsav->sah->saidx.proto; in key_natt_get_translated_port()
1537 bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in)); in key_natt_get_translated_port()
1538 bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in)); in key_natt_get_translated_port()
1541 LIST_FOREACH(sah, &sahtree, chain) { in key_natt_get_translated_port()
1542 if (sah->state == SADB_SASTATE_DEAD) { in key_natt_get_translated_port()
1545 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE)) { in key_natt_get_translated_port()
1572 if (key_do_get_translated_port(sah, outsav, state)) { in key_natt_get_translated_port()
1583 struct secashead *sah, in key_do_get_translated_port() argument
1595 for (currsav = LIST_FIRST(&sah->savtree[state]); in key_do_get_translated_port()
3797 struct secashead *sah) in key_delsah() argument
3806 if (sah == NULL) { in key_delsah()
3810 if (sah->use_count > 0) { in key_delsah()
3819 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]); in key_delsah()
3836 sav->sah = NULL; in key_delsah()
3846 ROUTE_RELEASE(&sah->sa_route); in key_delsah()
3848 if (sah->ipsec_if) { in key_delsah()
3849 ifnet_release(sah->ipsec_if); in key_delsah()
3850 sah->ipsec_if = NULL; in key_delsah()
3854 if (__LIST_CHAINED(sah)) { in key_delsah()
3855 LIST_REMOVE(sah, chain); in key_delsah()
3858 kfree_type(struct secashead, sah); in key_delsah()
3877 struct secashead *sah, in key_newsav() argument
3887 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL) { in key_newsav()
3984 newsav->sah = sah; in key_newsav()
3987 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, in key_newsav()
4008 sav->sah = newsah; in key_migratesav()
4108 struct secashead *sah; in key_getsah() local
4114 LIST_FOREACH(sah, &sahtree, chain) { in key_getsah()
4115 if (sah->state == SADB_SASTATE_DEAD) { in key_getsah()
4118 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) { in key_getsah()
4119 return sah; in key_getsah()
4126 LIST_FOREACH(sah, &custom_sahtree, chain) { in key_getsah()
4127 if (sah->state == SADB_SASTATE_DEAD) { in key_getsah()
4130 if (key_cmpsaidx(&sah->saidx, saidx, 0)) { in key_getsah()
4131 return sah; in key_getsah()
4143 struct secashead *sah; in key_newsah2() local
4147 sah = key_getsah(saidx, SECURITY_ASSOCIATION_ANY); in key_newsah2()
4148 if (!sah) { in key_newsah2()
4151 return sah; in key_newsah2()
4187 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) { in key_checkspidup()
4218 struct secashead *sah, in key_getsavbyspi() argument
4231 if (sav->sah != sah) { in key_getsavbyspi()
4542 switch (sav->sah->saidx.proto) { in key_mature()
4557 switch (sav->sah->saidx.proto) { in key_mature()
4726 m = key_setsadbxsa2(sav->sah->saidx.mode, in key_setdumpsa()
4728 sav->sah->saidx.reqid, in key_setdumpsa()
4737 (struct sockaddr *)&sav->sah->saidx.src, in key_setdumpsa()
4746 (struct sockaddr *)&sav->sah->saidx.dst, in key_setdumpsa()
4829 if (sav->sah && (sav->sah->outgoing_if || sav->sah->ipsec_if)) { in key_setdumpsa()
4830 m = key_setsadbipsecif(NULL, ifindex2ifnet[sav->sah->outgoing_if], sav->sah->ipsec_if, 0); in key_setdumpsa()
5873 struct secashead *sah, *nextsah; in key_timehandler() local
5876 for (sah = LIST_FIRST(&sahtree); in key_timehandler()
5877 sah != NULL; in key_timehandler()
5878 sah = nextsah) { in key_timehandler()
5880 nextsah = LIST_NEXT(sah, chain); in key_timehandler()
5883 if (sah->state == SADB_SASTATE_DEAD) { in key_timehandler()
5884 key_delsah(sah); in key_timehandler()
5889 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL && in key_timehandler()
5890 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL && in key_timehandler()
5891 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL && in key_timehandler()
5892 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) { in key_timehandler()
5893 key_delsah(sah); in key_timehandler()
5905 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]); in key_timehandler()
5943 …sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this i… in key_timehandler()
5956 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); in key_timehandler()
6017 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]); in key_timehandler()
6057 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]); in key_timehandler()
6719 struct secashead *sah = NULL; in key_update() local
6794 if ((sah = key_getsah(&saidx, SECURITY_ASSOCIATION_PFKEY)) == NULL) { in key_update()
6802 sah->use_count++; in key_update()
6804 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) { in key_update()
6816 if (sav->sah->saidx.proto != proto) { in key_update()
6819 sav->sah->saidx.proto, proto)); in key_update()
6843 if (sah->state == SADB_SASTATE_DEAD) { in key_update()
6855 (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT || in key_update()
6856 sav->sah->saidx.src.ss_family != AF_INET)) { in key_update()
6866 sah->use_count--; in key_update()
6887 if (sah != NULL) { in key_update()
6888 sah->use_count--; in key_update()
6910 struct secashead *sah = NULL; in key_migrate() local
6966 LIST_FOREACH(sah, &sahtree, chain) { in key_migrate()
6967 if (sah->state != SADB_SASTATE_MATURE) { in key_migrate()
6970 if (key_cmpsaidx(&sah->saidx, &saidx0, CMP_HEAD) == 0) { in key_migrate()
6974 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_migrate()
6979 if (sah == NULL) { in key_migrate()
6998 …KEY_SETSECASIDX(proto, sah->saidx.mode, sah->saidx.reqid, src1 + 1, dst1 + 1, ipsec_if1 ? ipsec_if… in key_migrate()
7001 …1, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_MIGRATE_IPSECIF), sah->dir, SECURITY_ASSO… in key_migrate()
7331 struct secashead *sah; in key_delete() local
7394 LIST_FOREACH(sah, &sahtree, chain) { in key_delete()
7395 if (sah->state == SADB_SASTATE_DEAD) { in key_delete()
7398 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_delete()
7403 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_delete()
7408 if (sah == NULL) { in key_delete()
7461 struct secashead *sah; in key_delete_all() local
7481 LIST_FOREACH(sah, &sahtree, chain) { in key_delete_all()
7482 if (sah->state == SADB_SASTATE_DEAD) { in key_delete_all()
7485 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_delete_all()
7497 for (sav = LIST_FIRST(&sah->savtree[state]); in key_delete_all()
7566 struct secashead *sah; in key_get() local
7614 LIST_FOREACH(sah, &sahtree, chain) { in key_get()
7615 if (sah->state == SADB_SASTATE_DEAD) { in key_get()
7618 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_get()
7623 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_get()
7628 if (sah == NULL) { in key_get()
7639 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { in key_get()
7670 struct secashead *sah; in key_getsastatbyspi_one() local
7680 LIST_FOREACH(sah, &sahtree, chain) { in key_getsastatbyspi_one()
7681 if (sah->state == SADB_SASTATE_DEAD) { in key_getsastatbyspi_one()
7686 sav = key_getsavbyspi(sah, spi); in key_getsastatbyspi_one()
8245 struct secashead *sah; in key_acquire2() local
8340 LIST_FOREACH(sah, &sahtree, chain) { in key_acquire2()
8341 if (sah->state == SADB_SASTATE_DEAD) { in key_acquire2()
8344 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID)) { in key_acquire2()
8348 if (sah != NULL) { in key_acquire2()
8557 struct secashead *sah, *nextsah; in key_delete_all_for_socket() local
8562 for (sah = LIST_FIRST(&sahtree); in key_delete_all_for_socket()
8563 sah != NULL; in key_delete_all_for_socket()
8564 sah = nextsah) { in key_delete_all_for_socket()
8565 nextsah = LIST_NEXT(sah, chain); in key_delete_all_for_socket()
8568 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_delete_all_for_socket()
8643 if (sav->sah == NULL) { in key_expire()
8646 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { in key_expire()
8667 m = key_setsadbxsa2(sav->sah->saidx.mode, in key_expire()
8669 sav->sah->saidx.reqid, in key_expire()
8701 (struct sockaddr *)&sav->sah->saidx.src, in key_expire()
8711 (struct sockaddr *)&sav->sah->saidx.dst, in key_expire()
8769 struct secashead *sah, *nextsah; in key_flush() local
8789 for (sah = LIST_FIRST(&sahtree); in key_flush()
8790 sah != NULL; in key_flush()
8791 sah = nextsah) { in key_flush()
8792 nextsah = LIST_NEXT(sah, chain); in key_flush()
8795 && proto != sah->saidx.proto) { in key_flush()
8803 for (sav = LIST_FIRST(&sah->savtree[state]); in key_flush()
8813 sah->state = SADB_SASTATE_DEAD; in key_flush()
8860 struct secashead *sah; in key_dump() local
8904 LIST_FOREACH(sah, &sahtree, chain) { in key_dump()
8906 && proto != sah->saidx.proto) { in key_dump()
8911 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { in key_dump()
8922 LIST_FOREACH(sav, &sah->savtree[state], chain) { in key_dump()
9699 if (sav->sah == NULL) { in key_checktunnelsanity()
9767 struct secashead *sah; in key_sa_routechange() local
9771 LIST_FOREACH(sah, &sahtree, chain) { in key_sa_routechange()
9772 ro = (struct route *)&sah->sa_route; in key_sa_routechange()
9803 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain); in key_sa_chgstate()
10062 memcpy(&saidx_swap_sent_addr.src, &sav_sent->sah->saidx.dst, sizeof(saidx_swap_sent_addr.src)); in key_update_natt_keepalive_timestamp()
10063 memcpy(&saidx_swap_sent_addr.dst, &sav_sent->sah->saidx.src, sizeof(saidx_swap_sent_addr.dst)); in key_update_natt_keepalive_timestamp()
10064 saidx_swap_sent_addr.proto = sav_sent->sah->saidx.proto; in key_update_natt_keepalive_timestamp()
10065 saidx_swap_sent_addr.mode = sav_sent->sah->saidx.mode; in key_update_natt_keepalive_timestamp()
10068 if (key_cmpsaidx(&sav_sent->sah->saidx, &sav_update->sah->saidx, CMP_MODE | CMP_PORT) || in key_update_natt_keepalive_timestamp()
10069 key_cmpsaidx(&saidx_swap_sent_addr, &sav_update->sah->saidx, CMP_MODE | CMP_PORT)) { in key_update_natt_keepalive_timestamp()
10186 struct secashead *sah; in key_delsp_for_ipsec_if() local
10219 LIST_FOREACH(sah, &sahtree, chain) { in key_delsp_for_ipsec_if()
10220 if (sah->ipsec_if == ipsec_if) { in key_delsp_for_ipsec_if()
10222 ifnet_release(sah->ipsec_if); in key_delsp_for_ipsec_if()
10223 sah->ipsec_if = NULL; in key_delsp_for_ipsec_if()
10227 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_delsp_for_ipsec_if()
10235 sah->state = SADB_SASTATE_DEAD; in key_delsp_for_ipsec_if()
10248 struct secashead *sah = NULL; in key_fill_offload_frames_for_savs() local
10258 LIST_FOREACH(sah, &sahtree, chain) { in key_fill_offload_frames_for_savs()
10259 LIST_FOREACH(sav, &sah->savtree[SADB_SASTATE_MATURE], chain) { in key_fill_offload_frames_for_savs()
10284 struct secashead *sah = (struct secashead *)ipsec_token; in key_custom_ipsec_token_is_valid() local
10286 return (sah->flags & SECURITY_ASSOCIATION_CUSTOM_IPSEC) == SECURITY_ASSOCIATION_CUSTOM_IPSEC; in key_custom_ipsec_token_is_valid()
10341 struct secashead *sah = NULL; in key_reserve_custom_ipsec() local
10342 if ((sah = key_getsah(&saidx, SECURITY_ASSOCIATION_ANY)) != NULL) { in key_reserve_custom_ipsec()
10348 …if ((sah = key_newsah(&saidx, NULL, 0, IPSEC_DIR_ANY, SECURITY_ASSOCIATION_CUSTOM_IPSEC)) == NULL)… in key_reserve_custom_ipsec()
10354 *ipsec_token = (void *)sah; in key_reserve_custom_ipsec()
10363 struct secashead *sah = *ipsec_token; in key_release_custom_ipsec() local
10364 VERIFY(sah != NULL); in key_release_custom_ipsec()
10368 VERIFY((sah->flags & SECURITY_ASSOCIATION_CUSTOM_IPSEC) == SECURITY_ASSOCIATION_CUSTOM_IPSEC); in key_release_custom_ipsec()
10371 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL && in key_release_custom_ipsec()
10372 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL && in key_release_custom_ipsec()
10373 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL && in key_release_custom_ipsec()
10374 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) { in key_release_custom_ipsec()
10379 key_delsah(sah); in key_release_custom_ipsec()