Lines Matching refs:sah
534 struct secashead *sah = sav->sah; in key_get_flowid() local
536 if ((sah->dir != IPSEC_DIR_OUTBOUND) && (sah->dir != IPSEC_DIR_ANY)) { in key_get_flowid()
541 ASSERT(sah->saidx.src.ss_family == sah->saidx.dst.ss_family); in key_get_flowid()
542 switch (sah->saidx.src.ss_family) { in key_get_flowid()
544 ASSERT(sah->saidx.src.ss_len == sizeof(struct sockaddr_in)); in key_get_flowid()
545 ASSERT(sah->saidx.dst.ss_len == sizeof(struct sockaddr_in)); in key_get_flowid()
547 ((struct sockaddr_in *)&(sah->saidx.src))->sin_addr; in key_get_flowid()
549 ((struct sockaddr_in *)&(sah->saidx.dst))->sin_addr; in key_get_flowid()
553 ASSERT(sah->saidx.src.ss_len == sizeof(struct sockaddr_in6)); in key_get_flowid()
554 ASSERT(sah->saidx.dst.ss_len == sizeof(struct sockaddr_in6)); in key_get_flowid()
556 ((struct sockaddr_in6 *)&(sah->saidx.src))->sin6_addr; in key_get_flowid()
558 ((struct sockaddr_in6 *)&(sah->saidx.dst))->sin6_addr; in key_get_flowid()
568 fk.ffk_af = sah->saidx.src.ss_family; in key_get_flowid()
569 fk.ffk_proto = (uint8_t)(sah->saidx.proto); in key_get_flowid()
835 struct secashead *sah; in key_alloc_outbound_sav_for_interface() local
854 LIST_FOREACH(sah, &sahtree, chain) { in key_alloc_outbound_sav_for_interface()
855 if (sah->state == SADB_SASTATE_DEAD) { in key_alloc_outbound_sav_for_interface()
858 if (sah->ipsec_if == interface && in key_alloc_outbound_sav_for_interface()
860 sah->dir == IPSEC_DIR_OUTBOUND) { in key_alloc_outbound_sav_for_interface()
862 sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_alloc_outbound_sav_for_interface()
865 if (key_sockaddrcmp((struct sockaddr *)&sah->saidx.src, src, 0) != 0) { in key_alloc_outbound_sav_for_interface()
870 if (key_sockaddrcmp((struct sockaddr *)&sah->saidx.dst, dst, 0) != 0) { in key_alloc_outbound_sav_for_interface()
885 sin = (struct sockaddr_in *)&sah->saidx.dst; in key_alloc_outbound_sav_for_interface()
887 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT) { in key_alloc_outbound_sav_for_interface()
893 sav = key_do_allocsa_policy(sah, state, dstport); in key_alloc_outbound_sav_for_interface()
999 struct secashead *sah; in key_allocsa_policy() local
1009 LIST_FOREACH(sah, &sahtree, chain) { in key_allocsa_policy()
1011 if (sah->state == SADB_SASTATE_DEAD) { in key_allocsa_policy()
1014 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID)) { in key_allocsa_policy()
1045 sav = key_do_allocsa_policy(sah, state, dstport); in key_allocsa_policy()
1063 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { in key_send_delete()
1076 (struct sockaddr *)&sav->sah->saidx.src, in key_send_delete()
1077 sav->sah->saidx.src.ss_len << 3, in key_send_delete()
1086 (struct sockaddr *)&sav->sah->saidx.dst, in key_send_delete()
1087 sav->sah->saidx.src.ss_len << 3, in key_send_delete()
1135 struct secashead *sah, in key_do_allocsa_policy() argument
1148 for (sav = LIST_FIRST(&sah->savtree[state]); in key_do_allocsa_policy()
1156 if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport && in key_do_allocsa_policy()
1162 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1167 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL && in key_do_allocsa_policy()
1169 (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1212 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL && in key_do_allocsa_policy()
1214 (sah->saidx.mode == IPSEC_MODE_TRANSPORT && in key_do_allocsa_policy()
1239 } else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport) { in key_do_allocsa_policy()
1368 sav->sah->ipsec_if != interface) { in key_allocsa_extended()
1371 if (proto != sav->sah->saidx.proto) { in key_allocsa_extended()
1374 if (family != sav->sah->saidx.src.ss_family || in key_allocsa_extended()
1375 family != sav->sah->saidx.dst.ss_family) { in key_allocsa_extended()
1391 struct sockaddr *sah_dst = (struct sockaddr *)&sav->sah->saidx.dst; in key_allocsa_extended()
1399 tmp_sah_dst.sin6_scope_id = sav->sah->outgoing_if; in key_allocsa_extended()
1459 struct secashead *sah = NULL; in key_checksa_present() local
1463 LIST_FOREACH(sah, &sahtree, chain) { in key_checksa_present()
1464 if (sah->state == SADB_SASTATE_DEAD) { in key_checksa_present()
1468 if (sah->dir != IPSEC_DIR_OUTBOUND) { in key_checksa_present()
1472 if (family != sah->saidx.src.ss_family) { in key_checksa_present()
1486 (struct sockaddr *)&sah->saidx.src, 0) != 0) { in key_checksa_present()
1505 (struct sockaddr *)&sah->saidx.src, 0) != 0) { in key_checksa_present()
1526 (struct sockaddr *)&sah->saidx.dst, 0) != 0) { in key_checksa_present()
1545 (struct sockaddr *)&sah->saidx.dst, 0) != 0) { in key_checksa_present()
1559 for (struct secasvar *sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_checksa_present()
1593 struct secashead *sah; in key_natt_get_translated_port() local
1599 saidx.mode = outsav->sah->saidx.mode; in key_natt_get_translated_port()
1601 saidx.proto = outsav->sah->saidx.proto; in key_natt_get_translated_port()
1602 bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in)); in key_natt_get_translated_port()
1603 bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in)); in key_natt_get_translated_port()
1606 LIST_FOREACH(sah, &sahtree, chain) { in key_natt_get_translated_port()
1607 if (sah->state == SADB_SASTATE_DEAD) { in key_natt_get_translated_port()
1610 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE)) { in key_natt_get_translated_port()
1637 if (key_do_get_translated_port(sah, outsav, state)) { in key_natt_get_translated_port()
1648 struct secashead *sah, in key_do_get_translated_port() argument
1660 for (currsav = LIST_FIRST(&sah->savtree[state]); in key_do_get_translated_port()
3862 struct secashead *sah) in key_delsah() argument
3871 if (sah == NULL) { in key_delsah()
3875 if (sah->use_count > 0) { in key_delsah()
3884 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]); in key_delsah()
3901 sav->sah = NULL; in key_delsah()
3911 ROUTE_RELEASE(&sah->sa_route); in key_delsah()
3913 if (sah->ipsec_if) { in key_delsah()
3914 ifnet_release(sah->ipsec_if); in key_delsah()
3915 sah->ipsec_if = NULL; in key_delsah()
3919 if (__LIST_CHAINED(sah)) { in key_delsah()
3920 LIST_REMOVE(sah, chain); in key_delsah()
3923 kfree_type(struct secashead, sah); in key_delsah()
3942 struct secashead *sah, in key_newsav() argument
3952 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL) { in key_newsav()
4049 newsav->sah = sah; in key_newsav()
4052 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, in key_newsav()
4073 sav->sah = newsah; in key_migratesav()
4175 struct secashead *sah; in key_getsah() local
4181 LIST_FOREACH(sah, &sahtree, chain) { in key_getsah()
4182 if (sah->state == SADB_SASTATE_DEAD) { in key_getsah()
4185 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) { in key_getsah()
4186 return sah; in key_getsah()
4193 LIST_FOREACH(sah, &custom_sahtree, chain) { in key_getsah()
4194 if (sah->state == SADB_SASTATE_DEAD) { in key_getsah()
4197 if (key_cmpsaidx(&sah->saidx, saidx, 0)) { in key_getsah()
4198 return sah; in key_getsah()
4210 struct secashead *sah; in key_newsah2() local
4214 sah = key_getsah(saidx, SECURITY_ASSOCIATION_ANY); in key_newsah2()
4215 if (!sah) { in key_newsah2()
4218 return sah; in key_newsah2()
4254 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) { in key_checkspidup()
4285 struct secashead *sah, in key_getsavbyspi() argument
4298 if (sav->sah != sah) { in key_getsavbyspi()
4609 switch (sav->sah->saidx.proto) { in key_mature()
4624 switch (sav->sah->saidx.proto) { in key_mature()
4793 m = key_setsadbxsa2(sav->sah->saidx.mode, in key_setdumpsa()
4795 sav->sah->saidx.reqid, in key_setdumpsa()
4804 (struct sockaddr *)&sav->sah->saidx.src, in key_setdumpsa()
4813 (struct sockaddr *)&sav->sah->saidx.dst, in key_setdumpsa()
4896 if (sav->sah && (sav->sah->outgoing_if || sav->sah->ipsec_if)) { in key_setdumpsa()
4897 m = key_setsadbipsecif(NULL, ifindex2ifnet[sav->sah->outgoing_if], sav->sah->ipsec_if, 0); in key_setdumpsa()
5940 struct secashead *sah, *nextsah; in key_timehandler() local
5943 for (sah = LIST_FIRST(&sahtree); in key_timehandler()
5944 sah != NULL; in key_timehandler()
5945 sah = nextsah) { in key_timehandler()
5947 nextsah = LIST_NEXT(sah, chain); in key_timehandler()
5950 if (sah->state == SADB_SASTATE_DEAD) { in key_timehandler()
5951 key_delsah(sah); in key_timehandler()
5956 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL && in key_timehandler()
5957 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL && in key_timehandler()
5958 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL && in key_timehandler()
5959 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) { in key_timehandler()
5960 key_delsah(sah); in key_timehandler()
5972 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]); in key_timehandler()
6010 …sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this i… in key_timehandler()
6023 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); in key_timehandler()
6084 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]); in key_timehandler()
6124 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]); in key_timehandler()
6786 struct secashead *sah = NULL; in key_update() local
6861 if ((sah = key_getsah(&saidx, SECURITY_ASSOCIATION_PFKEY)) == NULL) { in key_update()
6869 sah->use_count++; in key_update()
6871 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) { in key_update()
6883 if (sav->sah->saidx.proto != proto) { in key_update()
6886 sav->sah->saidx.proto, proto)); in key_update()
6910 if (sah->state == SADB_SASTATE_DEAD) { in key_update()
6922 (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT || in key_update()
6923 sav->sah->saidx.src.ss_family != AF_INET)) { in key_update()
6933 sah->use_count--; in key_update()
6954 if (sah != NULL) { in key_update()
6955 sah->use_count--; in key_update()
6977 struct secashead *sah = NULL; in key_migrate() local
7033 LIST_FOREACH(sah, &sahtree, chain) { in key_migrate()
7034 if (sah->state != SADB_SASTATE_MATURE) { in key_migrate()
7037 if (key_cmpsaidx(&sah->saidx, &saidx0, CMP_HEAD) == 0) { in key_migrate()
7041 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_migrate()
7046 if (sah == NULL) { in key_migrate()
7065 …KEY_SETSECASIDX(proto, sah->saidx.mode, sah->saidx.reqid, src1 + 1, dst1 + 1, ipsec_if1 ? ipsec_if… in key_migrate()
7068 …1, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_MIGRATE_IPSECIF), sah->dir, SECURITY_ASSO… in key_migrate()
7400 struct secashead *sah; in key_delete() local
7463 LIST_FOREACH(sah, &sahtree, chain) { in key_delete()
7464 if (sah->state == SADB_SASTATE_DEAD) { in key_delete()
7467 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_delete()
7472 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_delete()
7477 if (sah == NULL) { in key_delete()
7530 struct secashead *sah; in key_delete_all() local
7550 LIST_FOREACH(sah, &sahtree, chain) { in key_delete_all()
7551 if (sah->state == SADB_SASTATE_DEAD) { in key_delete_all()
7554 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_delete_all()
7566 for (sav = LIST_FIRST(&sah->savtree[state]); in key_delete_all()
7635 struct secashead *sah; in key_get() local
7683 LIST_FOREACH(sah, &sahtree, chain) { in key_get()
7684 if (sah->state == SADB_SASTATE_DEAD) { in key_get()
7687 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) { in key_get()
7692 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); in key_get()
7697 if (sah == NULL) { in key_get()
7708 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { in key_get()
7739 struct secashead *sah; in key_getsastatbyspi_one() local
7749 LIST_FOREACH(sah, &sahtree, chain) { in key_getsastatbyspi_one()
7750 if (sah->state == SADB_SASTATE_DEAD) { in key_getsastatbyspi_one()
7755 sav = key_getsavbyspi(sah, spi); in key_getsastatbyspi_one()
8314 struct secashead *sah; in key_acquire2() local
8409 LIST_FOREACH(sah, &sahtree, chain) { in key_acquire2()
8410 if (sah->state == SADB_SASTATE_DEAD) { in key_acquire2()
8413 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID)) { in key_acquire2()
8417 if (sah != NULL) { in key_acquire2()
8626 struct secashead *sah, *nextsah; in key_delete_all_for_socket() local
8631 for (sah = LIST_FIRST(&sahtree); in key_delete_all_for_socket()
8632 sah != NULL; in key_delete_all_for_socket()
8633 sah = nextsah) { in key_delete_all_for_socket()
8634 nextsah = LIST_NEXT(sah, chain); in key_delete_all_for_socket()
8637 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_delete_all_for_socket()
8712 if (sav->sah == NULL) { in key_expire()
8715 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { in key_expire()
8736 m = key_setsadbxsa2(sav->sah->saidx.mode, in key_expire()
8738 sav->sah->saidx.reqid, in key_expire()
8770 (struct sockaddr *)&sav->sah->saidx.src, in key_expire()
8780 (struct sockaddr *)&sav->sah->saidx.dst, in key_expire()
8838 struct secashead *sah, *nextsah; in key_flush() local
8858 for (sah = LIST_FIRST(&sahtree); in key_flush()
8859 sah != NULL; in key_flush()
8860 sah = nextsah) { in key_flush()
8861 nextsah = LIST_NEXT(sah, chain); in key_flush()
8864 && proto != sah->saidx.proto) { in key_flush()
8872 for (sav = LIST_FIRST(&sah->savtree[state]); in key_flush()
8882 sah->state = SADB_SASTATE_DEAD; in key_flush()
8929 struct secashead *sah; in key_dump() local
8973 LIST_FOREACH(sah, &sahtree, chain) { in key_dump()
8975 && proto != sah->saidx.proto) { in key_dump()
8980 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { in key_dump()
8991 LIST_FOREACH(sav, &sah->savtree[state], chain) { in key_dump()
9768 if (sav->sah == NULL) { in key_checktunnelsanity()
9836 struct secashead *sah; in key_sa_routechange() local
9840 LIST_FOREACH(sah, &sahtree, chain) { in key_sa_routechange()
9841 ro = (struct route *)&sah->sa_route; in key_sa_routechange()
9872 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain); in key_sa_chgstate()
10131 memcpy(&saidx_swap_sent_addr.src, &sav_sent->sah->saidx.dst, sizeof(saidx_swap_sent_addr.src)); in key_update_natt_keepalive_timestamp()
10132 memcpy(&saidx_swap_sent_addr.dst, &sav_sent->sah->saidx.src, sizeof(saidx_swap_sent_addr.dst)); in key_update_natt_keepalive_timestamp()
10133 saidx_swap_sent_addr.proto = sav_sent->sah->saidx.proto; in key_update_natt_keepalive_timestamp()
10134 saidx_swap_sent_addr.mode = sav_sent->sah->saidx.mode; in key_update_natt_keepalive_timestamp()
10137 if (key_cmpsaidx(&sav_sent->sah->saidx, &sav_update->sah->saidx, CMP_MODE | CMP_PORT) || in key_update_natt_keepalive_timestamp()
10138 key_cmpsaidx(&saidx_swap_sent_addr, &sav_update->sah->saidx, CMP_MODE | CMP_PORT)) { in key_update_natt_keepalive_timestamp()
10255 struct secashead *sah; in key_delsp_for_ipsec_if() local
10288 LIST_FOREACH(sah, &sahtree, chain) { in key_delsp_for_ipsec_if()
10289 if (sah->ipsec_if == ipsec_if) { in key_delsp_for_ipsec_if()
10291 ifnet_release(sah->ipsec_if); in key_delsp_for_ipsec_if()
10292 sah->ipsec_if = NULL; in key_delsp_for_ipsec_if()
10296 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { in key_delsp_for_ipsec_if()
10304 sah->state = SADB_SASTATE_DEAD; in key_delsp_for_ipsec_if()
10317 struct secashead *sah = NULL; in key_fill_offload_frames_for_savs() local
10327 LIST_FOREACH(sah, &sahtree, chain) { in key_fill_offload_frames_for_savs()
10328 LIST_FOREACH(sav, &sah->savtree[SADB_SASTATE_MATURE], chain) { in key_fill_offload_frames_for_savs()
10353 struct secashead *sah = (struct secashead *)ipsec_token; in key_custom_ipsec_token_is_valid() local
10355 return (sah->flags & SECURITY_ASSOCIATION_CUSTOM_IPSEC) == SECURITY_ASSOCIATION_CUSTOM_IPSEC; in key_custom_ipsec_token_is_valid()
10410 struct secashead *sah = NULL; in key_reserve_custom_ipsec() local
10411 if ((sah = key_getsah(&saidx, SECURITY_ASSOCIATION_ANY)) != NULL) { in key_reserve_custom_ipsec()
10417 …if ((sah = key_newsah(&saidx, NULL, 0, IPSEC_DIR_ANY, SECURITY_ASSOCIATION_CUSTOM_IPSEC)) == NULL)… in key_reserve_custom_ipsec()
10423 *ipsec_token = (void *)sah; in key_reserve_custom_ipsec()
10432 struct secashead *sah = *ipsec_token; in key_release_custom_ipsec() local
10433 VERIFY(sah != NULL); in key_release_custom_ipsec()
10437 VERIFY((sah->flags & SECURITY_ASSOCIATION_CUSTOM_IPSEC) == SECURITY_ASSOCIATION_CUSTOM_IPSEC); in key_release_custom_ipsec()
10440 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL && in key_release_custom_ipsec()
10441 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL && in key_release_custom_ipsec()
10442 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL && in key_release_custom_ipsec()
10443 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) { in key_release_custom_ipsec()
10448 key_delsah(sah); in key_release_custom_ipsec()