Lines Matching refs:sav
852 struct secasvar *sav;
872 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
874 sav = TAILQ_FIRST(&sah->savtree_alive);
875 if (sav != NULL)
876 SAV_ADDREF(sav);
878 sav = NULL;
881 if (sav != NULL) {
883 printf("%s: return SA(%p)\n", __func__, sav));
884 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
890 return (sav);
905 struct secasvar *sav;
934 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
936 sav = TAILQ_FIRST(&sah->savtree_alive);
937 if (sav != NULL)
938 SAV_ADDREF(sav);
940 sav = NULL;
943 if (sav != NULL) {
947 sav, sp));
948 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
949 return (sav); /* return referenced SA */
968 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
983 struct secasvar *sav;
990 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
991 if (sav->spi == spi)
998 if (sav != NULL) {
999 if (sav->state != SADB_SASTATE_LARVAL &&
1000 sav->sah->saidx.proto == proto &&
1002 &sav->sah->saidx.dst.sa, 0) == 0)
1003 SAV_ADDREF(sav);
1005 sav = NULL;
1009 if (sav == NULL) {
1017 printf("%s: return SA(%p)\n", __func__, sav));
1018 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1020 return (sav);
1030 struct secasvar *sav;
1038 sav = NULL;
1051 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1053 sav = TAILQ_FIRST(&sah->savtree_alive);
1054 if (sav != NULL) {
1055 SAV_ADDREF(sav);
1061 printf("%s: return SA(%p)\n", __func__, sav));
1062 if (sav != NULL)
1063 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1064 return (sav);
1227 struct secasvar *sav = *psav;
1229 IPSEC_ASSERT(sav != NULL, ("null sav"));
1230 if (SAV_DELREF(sav) == 0)
1234 printf("%s: last reference to SA(%p)\n", __func__, sav));
1237 key_delsav(sav);
1246 key_unlinksav(struct secasvar *sav)
1251 printf("%s: SA(%p)\n", __func__, sav));
1255 if (sav->state == SADB_SASTATE_DEAD) {
1261 if (sav->state == SADB_SASTATE_LARVAL)
1262 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
1264 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
1266 LIST_REMOVE(sav, spihash);
1267 sav->state = SADB_SASTATE_DEAD;
1268 sah = sav->sah;
1270 key_freesav(&sav);
2778 struct secasvar *sav;
2786 sav = NULL;
2806 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO);
2807 if (sav == NULL) {
2811 sav->lock = malloc(sizeof(struct mtx), M_IPSEC_MISC,
2813 if (sav->lock == NULL) {
2817 mtx_init(sav->lock, "ipsec association", NULL, MTX_DEF);
2818 sav->lft_c = uma_zalloc(V_key_lft_zone, M_NOWAIT);
2819 if (sav->lft_c == NULL) {
2823 counter_u64_zero(sav->lft_c_allocations);
2824 counter_u64_zero(sav->lft_c_bytes);
2826 sav->spi = spi;
2827 sav->seq = mhp->msg->sadb_msg_seq;
2828 sav->state = SADB_SASTATE_LARVAL;
2829 sav->pid = (pid_t)mhp->msg->sadb_msg_pid;
2830 SAV_INITREF(sav);
2846 sav->sah = sah;
2848 sav->created = time_second;
2849 } else if (sav->state == SADB_SASTATE_LARVAL) {
2854 *errp = key_setsaval(sav, mhp);
2857 sav->state = SADB_SASTATE_MATURE;
2894 if (sav->state == SADB_SASTATE_MATURE)
2895 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain);
2897 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain);
2899 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash);
2904 if (sav != NULL) {
2905 if (sav->lock != NULL) {
2906 mtx_destroy(sav->lock);
2907 free(sav->lock, M_IPSEC_MISC);
2909 if (sav->lft_c != NULL)
2910 uma_zfree(V_key_lft_zone, sav->lft_c);
2911 free(sav, M_IPSEC_SA), sav = NULL;
2921 return (sav);
2928 key_cleansav(struct secasvar *sav)
2931 if (sav->natt != NULL) {
2932 free(sav->natt, M_IPSEC_MISC);
2933 sav->natt = NULL;
2935 if (sav->flags & SADB_X_EXT_F_CLONED)
2941 if (sav->tdb_xform != NULL) {
2942 sav->tdb_xform->xf_zeroize(sav);
2943 sav->tdb_xform = NULL;
2945 if (sav->key_auth != NULL)
2946 bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
2947 if (sav->key_enc != NULL)
2948 bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
2950 if (sav->key_auth != NULL) {
2951 if (sav->key_auth->key_data != NULL)
2952 free(sav->key_auth->key_data, M_IPSEC_MISC);
2953 free(sav->key_auth, M_IPSEC_MISC);
2954 sav->key_auth = NULL;
2956 if (sav->key_enc != NULL) {
2957 if (sav->key_enc->key_data != NULL)
2958 free(sav->key_enc->key_data, M_IPSEC_MISC);
2959 free(sav->key_enc, M_IPSEC_MISC);
2960 sav->key_enc = NULL;
2962 if (sav->replay != NULL) {
2963 if (sav->replay->bitmap != NULL)
2964 free(sav->replay->bitmap, M_IPSEC_MISC);
2965 free(sav->replay, M_IPSEC_MISC);
2966 sav->replay = NULL;
2968 if (sav->lft_h != NULL) {
2969 free(sav->lft_h, M_IPSEC_MISC);
2970 sav->lft_h = NULL;
2972 if (sav->lft_s != NULL) {
2973 free(sav->lft_s, M_IPSEC_MISC);
2974 sav->lft_s = NULL;
2982 key_delsav(struct secasvar *sav)
2984 IPSEC_ASSERT(sav != NULL, ("null sav"));
2985 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD,
2986 ("attempt to free non DEAD SA %p", sav));
2987 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0",
2988 sav->refcnt));
2995 key_cleansav(sav);
2996 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) {
2997 mtx_destroy(sav->lock);
2998 free(sav->lock, M_IPSEC_MISC);
2999 uma_zfree(V_key_lft_zone, sav->lft_c);
3001 free(sav, M_IPSEC_SA);
3037 struct secasvar *sav;
3041 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
3042 if (sav->spi == spi)
3046 return (sav != NULL);
3059 struct secasvar *sav;
3063 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
3064 if (sav->spi != spi)
3066 SAV_ADDREF(sav);
3070 return (sav);
3074 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp)
3085 if (sav->state == SADB_SASTATE_MATURE) {
3123 if (sav->state != SADB_SASTATE_LARVAL) {
3128 SECASVAR_LOCK(sav);
3129 tmp = sav->lft_h;
3130 sav->lft_h = lft_h;
3133 tmp = sav->lft_s;
3134 sav->lft_s = lft_s;
3136 SECASVAR_UNLOCK(sav);
3144 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n"));
3145 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n"));
3146 sav->lft_h = lft_h;
3147 sav->lft_s = lft_s;
3158 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp)
3168 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL,
3172 error = key_setident(sav->sah, mhp);
3183 sav->alg_auth = sa0->sadb_sa_auth;
3184 sav->alg_enc = sa0->sadb_sa_encrypt;
3185 sav->flags = sa0->sadb_sa_flags;
3186 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) {
3189 sav->flags));
3216 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC,
3218 if (sav->replay == NULL) {
3240 sav->replay->bitmap = malloc(
3243 if (sav->replay->bitmap == NULL) {
3250 sav->replay->bitmap_size = bitmap_size;
3251 sav->replay->wsize = replay;
3269 sav->alg_auth != SADB_X_AALG_NULL)
3283 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC);
3284 if (sav->key_auth == NULL ) {
3305 sav->alg_enc != SADB_EALG_NULL) {
3309 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC);
3310 if (sav->key_enc == NULL) {
3321 sav->key_enc = NULL; /*just in case*/
3337 sav->ivlen = 0;
3340 if (sav->flags & SADB_X_EXT_DERIV) {
3346 if (sav->alg_enc != SADB_EALG_NONE) {
3352 error = xform_init(sav, XF_AH);
3355 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) ==
3362 error = xform_init(sav, XF_ESP);
3365 if (sav->alg_auth != SADB_AALG_NONE) {
3371 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3372 ntohl(sav->spi) >= 0x10000) {
3378 error = xform_init(sav, XF_IPCOMP);
3381 if (sav->alg_enc != SADB_EALG_NONE) {
3387 error = xform_init(sav, XF_TCPSIGNATURE);
3401 error = key_setnatt(sav, mhp);
3406 sav->firstused = 0;
3407 sav->created = time_second;
3410 error = key_updatelifetimes(sav, mhp);
3414 key_cleansav(sav);
3422 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype,
3442 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3451 m = key_setsadbsa(sav);
3457 SECASVAR_LOCK(sav);
3458 replay_count = sav->replay ? sav->replay->count : 0;
3459 SECASVAR_UNLOCK(sav);
3460 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
3461 sav->sah->saidx.reqid);
3467 if (sav->replay == NULL ||
3468 sav->replay->wsize <= UINT8_MAX)
3471 m = key_setsadbxsareplay(sav->replay->wsize);
3478 &sav->sah->saidx.src.sa,
3486 &sav->sah->saidx.dst.sa,
3493 if (!sav->key_auth)
3495 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH);
3501 if (!sav->key_enc)
3503 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT);
3509 lft_c.addtime = sav->created;
3511 sav->lft_c_allocations);
3512 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes);
3513 lft_c.usetime = sav->firstused;
3520 if (!sav->lft_h)
3522 m = key_setlifetime(sav->lft_h,
3529 if (!sav->lft_s)
3531 m = key_setlifetime(sav->lft_s,
3539 if (sav->natt == NULL)
3547 if (sav->natt == NULL)
3549 m = key_setsadbxport(sav->natt->dport,
3556 if (sav->natt == NULL)
3558 m = key_setsadbxport(sav->natt->sport,
3565 if (sav->natt == NULL ||
3566 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0)
3569 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY);
3574 if (sav->natt == NULL ||
3575 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0)
3578 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY);
3670 key_setsadbsa(struct secasvar *sav)
3686 p->sadb_sa_spi = sav->spi;
3687 p->sadb_sa_replay = sav->replay ?
3688 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX :
3689 sav->replay->wsize): 0;
3690 p->sadb_sa_state = sav->state;
3691 p->sadb_sa_auth = sav->alg_auth;
3692 p->sadb_sa_encrypt = sav->alg_enc;
3693 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX;
4363 struct secasvar *sav, *nextsav;
4380 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
4381 if (now - sav->created < V_key_larval_lifetime)
4383 SAV_ADDREF(sav);
4384 LIST_INSERT_HEAD(&drainq, sav, drainq);
4386 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
4388 if (sav->lft_h == NULL)
4390 SECASVAR_LOCK(sav);
4395 if (sav->lft_h == NULL) {
4396 SECASVAR_UNLOCK(sav);
4407 if ((sav->lft_h->addtime != 0 &&
4408 now - sav->created > sav->lft_h->addtime) ||
4409 (sav->lft_h->usetime != 0 && sav->firstused &&
4410 now - sav->firstused > sav->lft_h->usetime) ||
4411 (sav->lft_h->bytes != 0 && counter_u64_fetch(
4412 sav->lft_c_bytes) > sav->lft_h->bytes)) {
4413 SECASVAR_UNLOCK(sav);
4414 SAV_ADDREF(sav);
4415 LIST_INSERT_HEAD(&hexpireq, sav, drainq);
4419 if (sav->state == SADB_SASTATE_MATURE && (
4420 (sav->lft_s->addtime != 0 &&
4421 now - sav->created > sav->lft_s->addtime) ||
4422 (sav->lft_s->usetime != 0 && sav->firstused &&
4423 now - sav->firstused > sav->lft_s->usetime) ||
4424 (sav->lft_s->bytes != 0 && counter_u64_fetch(
4425 sav->lft_c_bytes) > sav->lft_s->bytes))) {
4426 SECASVAR_UNLOCK(sav);
4427 SAV_ADDREF(sav);
4428 LIST_INSERT_HEAD(&sexpireq, sav, drainq);
4431 SECASVAR_UNLOCK(sav);
4443 sav = LIST_FIRST(&drainq);
4444 while (sav != NULL) {
4445 nextsav = LIST_NEXT(sav, drainq);
4447 if (sav->state != SADB_SASTATE_LARVAL) {
4448 LIST_REMOVE(sav, drainq);
4449 LIST_INSERT_HEAD(&freeq, sav, drainq);
4450 sav = nextsav;
4453 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
4454 LIST_REMOVE(sav, spihash);
4455 sav->state = SADB_SASTATE_DEAD;
4456 sav = nextsav;
4459 sav = LIST_FIRST(&hexpireq);
4460 while (sav != NULL) {
4461 nextsav = LIST_NEXT(sav, drainq);
4463 if (sav->state == SADB_SASTATE_DEAD) {
4464 LIST_REMOVE(sav, drainq);
4465 LIST_INSERT_HEAD(&freeq, sav, drainq);
4466 sav = nextsav;
4469 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
4470 LIST_REMOVE(sav, spihash);
4471 sav->state = SADB_SASTATE_DEAD;
4472 sav = nextsav;
4475 sav = LIST_FIRST(&sexpireq);
4476 while (sav != NULL) {
4477 nextsav = LIST_NEXT(sav, drainq);
4479 if (sav->state == SADB_SASTATE_DEAD) {
4480 LIST_REMOVE(sav, drainq);
4481 LIST_INSERT_HEAD(&freeq, sav, drainq);
4482 sav = nextsav;
4488 sav->state = SADB_SASTATE_DYING;
4489 sav = nextsav;
4512 sav = LIST_FIRST(&hexpireq);
4513 while (sav != NULL) {
4514 nextsav = LIST_NEXT(sav, drainq);
4515 key_expire(sav, 1);
4516 key_freesah(&sav->sah); /* release reference from SAV */
4517 key_freesav(&sav); /* release extra reference */
4518 key_freesav(&sav); /* release last reference */
4519 sav = nextsav;
4521 sav = LIST_FIRST(&sexpireq);
4522 while (sav != NULL) {
4523 nextsav = LIST_NEXT(sav, drainq);
4524 key_expire(sav, 0);
4525 key_freesav(&sav); /* release extra reference */
4526 sav = nextsav;
4529 sav = LIST_FIRST(&drainq);
4530 while (sav != NULL) {
4531 nextsav = LIST_NEXT(sav, drainq);
4532 key_freesah(&sav->sah); /* release reference from SAV */
4533 key_freesav(&sav); /* release extra reference */
4534 key_freesav(&sav); /* release last reference */
4535 sav = nextsav;
4538 sav = LIST_FIRST(&freeq);
4539 while (sav != NULL) {
4540 nextsav = LIST_NEXT(sav, drainq);
4541 key_freesav(&sav); /* release extra reference */
4542 sav = nextsav;
4722 struct secasvar *sav;
4802 sav = key_newsav(mhp, &saidx, spi, &error);
4803 if (sav == NULL)
4806 if (sav->seq != 0) {
4823 key_acqdone(&saidx, sav->seq);
4826 printf("%s: SA(%p)\n", __func__, sav));
4827 KEYDBG(KEY_DATA, kdebug_secasv(sav));
4886 newmsg->sadb_msg_seq = sav->seq;
4975 struct secasvar *sav;
4988 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
4990 sav = TAILQ_FIRST(&sah->savtree_alive);
4991 if (sav != NULL) {
4992 SAV_ADDREF(sav);
4994 return (sav);
5003 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) {
5004 if (sav->spi == *spi)
5007 if (sav == NULL) {
5020 const struct sadb_msghdr *mhp, struct secasvar *sav,
5070 if (sav->sah->saidx.proto != IPPROTO_ESP ||
5080 sah = sav->sah;
5094 bcopy(sav, newsav, offsetof(struct secasvar, chain));
5109 if (sav->state == SADB_SASTATE_DEAD) {
5117 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0,
5119 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE ||
5120 sav->state == SADB_SASTATE_DYING,
5121 ("Wrong SA state %u\n", sav->state));
5122 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
5123 LIST_REMOVE(sav, spihash);
5124 sav->state = SADB_SASTATE_DEAD;
5151 * isnew == 0 -> we use the same @sah, that was used by @sav,
5154 SECASVAR_LOCK(sav);
5156 newsav->cntr = sav->cntr;
5157 sav->flags |= SADB_X_EXT_F_CLONED;
5158 SECASVAR_UNLOCK(sav);
5164 __func__, sav, newsav));
5167 key_freesav(&sav); /* release last reference */
5208 struct secasvar *sav;
5281 sav = key_getsavbyspi(sa0->sadb_sa_spi);
5282 if (sav == NULL) {
5291 if (sav->pid != mhp->msg->sadb_msg_pid) {
5294 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid));
5295 key_freesav(&sav);
5299 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) {
5301 __func__, ntohl(sav->spi)));
5302 key_freesav(&sav);
5306 if (sav->state == SADB_SASTATE_LARVAL) {
5314 key_freesav(&sav);
5320 error = key_setsaval(sav, mhp);
5322 key_freesav(&sav);
5327 if (sav->state != SADB_SASTATE_LARVAL) {
5330 key_freesav(&sav);
5339 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
5340 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain);
5341 sav->state = SADB_SASTATE_MATURE;
5351 key_freesav(&sav);
5354 error = key_updatelifetimes(sav, mhp);
5356 key_freesav(&sav);
5370 sav->natt != NULL) {
5371 error = key_updateaddresses(so, m, mhp, sav, &saidx);
5372 key_freesav(&sav);
5379 if (sav->state == SADB_SASTATE_DEAD) {
5382 key_freesav(&sav);
5390 sav->state = SADB_SASTATE_MATURE;
5394 printf("%s: SA(%p)\n", __func__, sav));
5395 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5396 key_freesav(&sav);
5434 struct secasvar *sav;
5520 sav = key_getsav_tcpmd5(&saidx, &spi);
5521 if (sav == NULL && spi == 0) {
5530 sav = key_getsavbyspi(spi);
5532 if (sav != NULL) {
5533 key_freesav(&sav);
5538 sav = key_newsav(mhp, &saidx, spi, &error);
5539 if (sav == NULL)
5542 printf("%s: return SA(%p)\n", __func__, sav));
5543 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5548 if (sav->seq != 0)
5549 key_acqdone(&saidx, sav->seq);
5595 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp)
5604 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized"));
5608 if (sav->sah->saidx.proto != IPPROTO_ESP)
5635 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC,
5637 if (sav->natt == NULL) {
5648 sav->natt->sport = port->sadb_x_nat_t_port_port;
5655 sav->natt->dport = port->sadb_x_nat_t_port_port;
5686 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) {
5700 sav->sah->saidx.src.sin.sin_addr.s_addr) {
5701 bcopy(sa, &sav->natt->oai.sa, sa->sa_len);
5702 sav->natt->flags |= IPSEC_NATT_F_OAI;
5704 addr = sav->sah->saidx.src.sin.sin_addr.s_addr;
5707 addr = sav->natt->oai.sin.sin_addr.s_addr;
5724 sav->sah->saidx.dst.sin.sin_addr.s_addr) {
5725 bcopy(sa, &sav->natt->oar.sa, sa->sa_len);
5726 sav->natt->flags |= IPSEC_NATT_F_OAR;
5728 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr;
5731 addr = sav->natt->oar.sin.sin_addr.s_addr;
5736 sav->natt->cksum = cksum;
5866 struct secasvar *sav;
5917 sav = key_getsav_tcpmd5(&saidx, NULL);
5919 sav = key_getsavbyspi(sa0->sadb_sa_spi);
5920 if (sav == NULL) {
5925 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
5927 __func__, ntohl(sav->spi)));
5928 key_freesav(&sav);
5932 printf("%s: SA(%p)\n", __func__, sav));
5933 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5934 key_unlinksav(sav);
5935 key_freesav(&sav);
5970 struct secasvar *sav, *nextsav;
5981 TAILQ_FOREACH(sav, &drainq, chain) {
5982 sav->state = SADB_SASTATE_DEAD;
5983 LIST_REMOVE(sav, spihash);
5987 sav = TAILQ_FIRST(&drainq);
5988 while (sav != NULL) {
5990 printf("%s: SA(%p)\n", __func__, sav));
5991 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5992 nextsav = TAILQ_NEXT(sav, chain);
5993 key_freesah(&sav->sah); /* release reference from SAV */
5994 key_freesav(&sav); /* release last reference */
5995 sav = nextsav;
6032 struct secasvar *sav, *nextsav;
6037 sav = TAILQ_FIRST(&sah->savtree_alive);
6038 if (sav == NULL)
6040 if (sav->tdb_xform != xsp)
6049 TAILQ_FOREACH(sav, &drainq, chain) {
6050 sav->state = SADB_SASTATE_DEAD;
6051 LIST_REMOVE(sav, spihash);
6056 sav = TAILQ_FIRST(&drainq);
6057 while (sav != NULL) {
6059 printf("%s: SA(%p)\n", __func__, sav));
6060 KEYDBG(KEY_DATA, kdebug_secasv(sav));
6061 nextsav = TAILQ_NEXT(sav, chain);
6062 key_freesah(&sav->sah); /* release reference from SAV */
6063 key_freesav(&sav); /* release last reference */
6064 sav = nextsav;
6086 struct secasvar *sav;
6129 sav = key_getsav_tcpmd5(&saidx, NULL);
6131 sav = key_getsavbyspi(sa0->sadb_sa_spi);
6132 if (sav == NULL) {
6136 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
6139 key_freesav(&sav);
6148 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) {
6151 key_freesav(&sav);
6156 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
6159 key_freesav(&sav);
7172 key_expire(struct secasvar *sav, int hard)
7180 IPSEC_ASSERT (sav != NULL, ("null sav"));
7181 IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
7185 sav, hard ? "hard": "soft"));
7186 KEYDBG(KEY_DATA, kdebug_secasv(sav));
7188 satype = key_proto2satype(sav->sah->saidx.proto);
7190 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
7198 m = key_setsadbsa(sav);
7206 SECASVAR_LOCK(sav);
7207 replay_count = sav->replay ? sav->replay->count : 0;
7208 SECASVAR_UNLOCK(sav);
7210 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
7211 sav->sah->saidx.reqid);
7218 if (sav->replay && sav->replay->wsize > UINT8_MAX) {
7219 m = key_setsadbxsareplay(sav->replay->wsize);
7241 (uint32_t)counter_u64_fetch(sav->lft_c_allocations);
7243 counter_u64_fetch(sav->lft_c_bytes);
7244 lt->sadb_lifetime_addtime = sav->created;
7245 lt->sadb_lifetime_usetime = sav->firstused;
7250 lt->sadb_lifetime_allocations = sav->lft_h->allocations;
7251 lt->sadb_lifetime_bytes = sav->lft_h->bytes;
7252 lt->sadb_lifetime_addtime = sav->lft_h->addtime;
7253 lt->sadb_lifetime_usetime = sav->lft_h->usetime;
7256 lt->sadb_lifetime_allocations = sav->lft_s->allocations;
7257 lt->sadb_lifetime_bytes = sav->lft_s->bytes;
7258 lt->sadb_lifetime_addtime = sav->lft_s->addtime;
7259 lt->sadb_lifetime_usetime = sav->lft_s->usetime;
7265 &sav->sah->saidx.src.sa,
7275 &sav->sah->saidx.dst.sa,
7321 struct secasvar *sav, *nextsav;
7325 sav = TAILQ_FIRST(&sah->savtree_larval);
7326 while (sav != NULL) {
7327 nextsav = TAILQ_NEXT(sav, chain);
7328 TAILQ_REMOVE(&sah->savtree_larval, sav, chain);
7329 key_freesav(&sav); /* release last reference */
7331 sav = nextsav;
7333 sav = TAILQ_FIRST(&sah->savtree_alive);
7334 while (sav != NULL) {
7335 nextsav = TAILQ_NEXT(sav, chain);
7336 TAILQ_REMOVE(&sah->savtree_alive, sav, chain);
7337 key_freesav(&sav); /* release last reference */
7339 sav = nextsav;
7365 struct secasvar *sav;
7404 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7405 sav->state = SADB_SASTATE_DEAD;
7407 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7408 sav->state = SADB_SASTATE_DEAD;
7427 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7428 LIST_REMOVE(sav, spihash);
7429 sav->state = SADB_SASTATE_DEAD;
7431 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7432 LIST_REMOVE(sav, spihash);
7433 sav->state = SADB_SASTATE_DEAD;
7478 struct secasvar *sav;
7496 /* count sav entries to be sent to the userland. */
7504 TAILQ_FOREACH(sav, &sah->savtree_larval, chain)
7506 TAILQ_FOREACH(sav, &sah->savtree_alive, chain)
7529 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7530 n = key_setdumpsa(sav, SADB_DUMP, satype,
7538 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7539 n = key_setdumpsa(sav, SADB_DUMP, satype,
8148 struct secasvar *sav;
8182 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
8183 sav->state = SADB_SASTATE_DEAD;
8185 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
8186 sav->state = SADB_SASTATE_DEAD;
8252 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m)
8254 IPSEC_ASSERT(sav != NULL, ("Null secasvar"));
8261 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len);
8268 counter_u64_add(sav->lft_c_allocations, 1);
8281 if (sav->firstused == 0)
8282 sav->firstused = time_second;
8444 * Initialize transform support in an sav.
8447 xform_init(struct secasvar *sav, u_short xftype)
8452 IPSEC_ASSERT(sav->tdb_xform == NULL,
8459 ret = (*entry->xf_init)(sav, entry);