358 #define KEY_CHKSPDIR(head, sp, name) \
360 	if ((head) != (sp)) {						\
363 			(name), (head), (sp)));				\
588 key_addref(struct secpolicy *sp)
591 	SP_ADDREF(sp);
619 	struct secpolicy *sp;
634 	TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
637 			kdebug_secpolicyindex(&sp->spidx));
638 		if (key_cmpspidx_withmask(&sp->spidx, spidx))
641 	sp = NULL;
643 	if (sp) {
645 		KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
648 		sp->lastused = time_second;
649 		SP_ADDREF(sp);
655 			sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
656 	return sp;
670 	struct secpolicy *sp;
686 	TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
689 			kdebug_secpolicyindex(&sp->spidx));
691 		if (sp->spidx.ul_proto != proto)
694 		if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
696 		if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0)
699 	sp = NULL;
701 	if (sp) {
703 		KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
706 		sp->lastused = time_second;
707 		SP_ADDREF(sp);
713 			sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
714 	return sp;
729 	struct secpolicy *sp;
740 		sp = NULL;
745 	LIST_FOREACH(sp, &V_sptree[dir], chain) {
746 		if (sp->state == IPSEC_SPSTATE_DEAD)
750 		for (p = sp->req; p; p = p->next) {
759 				spidx = sp->spidx;
765 				if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
780 	sp = NULL;
782 	if (sp) {
783 		sp->lastused = time_second;
784 		SP_ADDREF(sp);
790 			sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
791 	return sp;
859 	error = key_acquire(saidx, isr->sp);
1229 	struct secpolicy *sp = *spp;
1231 	IPSEC_ASSERT(sp != NULL, ("null sp"));
1234 			__func__, sp, sp->id, where, tag, sp->refcnt));
1236 	if (SP_DELREF(sp) == 0)
1239 	for (isr = sp->req; isr != NULL; isr = nextisr) {
1247 	free(sp, M_IPSEC_SP);
1251 key_unlink(struct secpolicy *sp)
1254 	IPSEC_ASSERT(sp != NULL, ("null sp"));
1255 	IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND ||
1256 	    sp->spidx.dir == IPSEC_DIR_OUTBOUND,
1257 	    ("invalid direction %u", sp->spidx.dir));
1261 	if (sp->state == IPSEC_SPSTATE_DEAD) {
1265 	sp->state = IPSEC_SPSTATE_DEAD;
1266 	TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain);
1268 	KEY_FREESP(&sp);
1277 	struct secpolicy *sp;
1280 	TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) {
1281 		if (newsp->priority < sp->priority) {
1282 			TAILQ_INSERT_BEFORE(sp, newsp, chain);
1330 key_freesp_so(struct secpolicy **sp)
1332 	IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp"));
1334 	if ((*sp)->policy == IPSEC_POLICY_ENTRUST ||
1335 	    (*sp)->policy == IPSEC_POLICY_BYPASS)
1338 	IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC,
1339 		("invalid policy %u", (*sp)->policy));
1340 	KEY_FREESP(sp);
1388 	struct secpolicy *sp;
1393 	TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) {
1394 		if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1395 			SP_ADDREF(sp);
1401 	return sp;
1413 	struct secpolicy *sp;
1416 	TAILQ_FOREACH(sp, &V_sptree[IPSEC_DIR_INBOUND], chain) {
1417 		if (sp->id == id) {
1418 			SP_ADDREF(sp);
1423 	TAILQ_FOREACH(sp, &V_sptree[IPSEC_DIR_OUTBOUND], chain) {
1424 		if (sp->id == id) {
1425 			SP_ADDREF(sp);
1432 	return sp;
1642 			(*p_isr)->sp = newsp;
1690 key_sp2msg(struct secpolicy *sp)
1697 	IPSEC_ASSERT(sp != NULL, ("null policy"));
1699 	tlen = key_getspreqmsglen(sp);
1711 	xpl->sadb_x_policy_type = sp->policy;
1712 	xpl->sadb_x_policy_dir = sp->spidx.dir;
1713 	xpl->sadb_x_policy_id = sp->id;
1714 	xpl->sadb_x_policy_priority = sp->priority;
1718 	if (sp->policy == IPSEC_POLICY_IPSEC) {
1722 		for (isr = sp->req; isr != NULL; isr = isr->next) {
2067 	struct secpolicy *sp;
2073 		if ((sp = key_getspbyid(newid)) == NULL)
2076 		KEY_FREESP(&sp);
2107 	struct secpolicy *sp;
2159 	if ((sp = key_getsp(&spidx)) == NULL) {
2165 	xpl0->sadb_x_policy_id = sp->id;
2167 	key_unlink(sp);
2168 	KEY_FREESP(&sp);
2211 	struct secpolicy *sp;
2227 	if ((sp = key_getspbyid(id)) == NULL) {
2232 	key_unlink(sp);
2233 	KEY_FREESP(&sp);
2299 	struct secpolicy *sp;
2317 	if ((sp = key_getspbyid(id)) == NULL) {
2322 	n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2324 	KEY_FREESP(&sp);
2348 key_spdacquire(struct secpolicy *sp)
2353 	IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
2354 	IPSEC_ASSERT(sp->req == NULL, ("policy exists"));
2355 	IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
2356 		("policy not IPSEC %u", sp->policy));
2359 	newspacq = key_getspacq(&sp->spidx);
2373 		newspacq = key_newspacq(&sp->spidx);
2412 	struct secpolicy *sp, *nextsp;
2432 	TAILQ_FOREACH(sp, &drainq, chain)
2433 		sp->state = IPSEC_SPSTATE_DEAD;
2435 	sp = TAILQ_FIRST(&drainq);
2436 	while (sp != NULL) {
2437 		nextsp = TAILQ_NEXT(sp, chain);
2438 		KEY_FREESP(&sp);
2439 		sp = nextsp;
2473 	struct secpolicy *sp;
2487 		TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
2498 		TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
2500 			n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2514 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq,
2520 	m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2530 	    &sp->spidx.src.sa, sp->spidx.prefs,
2531 	    sp->spidx.ul_proto);
2537 	    &sp->spidx.dst.sa, sp->spidx.prefd,
2538 	    sp->spidx.ul_proto);
2543 	m = key_sp2msg(sp);
2548 	if(sp->lifetime){
2549 		lt.addtime=sp->created;
2550 		lt.usetime= sp->lastused;
2556 		lt.addtime=sp->lifetime;
2557 		lt.usetime= sp->validtime;
2591 key_getspreqmsglen(struct secpolicy *sp)
2598 	if (sp->policy != IPSEC_POLICY_IPSEC)
2606 	for (isr = sp->req; isr != NULL; isr = isr->next) {
2628 key_spdexpire(struct secpolicy *sp)
2637 	IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
2662 	lt->sadb_lifetime_addtime = sp->created;
2663 	lt->sadb_lifetime_usetime = sp->lastused;
2669 	lt->sadb_lifetime_addtime = sp->lifetime;
2670 	lt->sadb_lifetime_usetime = sp->validtime;
2680 	    &sp->spidx.src.sa,
2681 	    sp->spidx.prefs, sp->spidx.ul_proto);
2690 	    &sp->spidx.dst.sa,
2691 	    sp->spidx.prefd, sp->spidx.ul_proto);
2699 	m = key_sp2msg(sp);
4265 	struct secpolicy *sp;
4272 		TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
4273 			if (sp->lifetime == 0 && sp->validtime == 0)
4275 			if ((sp->lifetime &&
4276 			    now - sp->created > sp->lifetime) ||
4277 			    (sp->validtime &&
4278 			    now - sp->lastused > sp->validtime)) {
4279 				SP_ADDREF(sp);
4281 				key_spdexpire(sp);
4282 				key_unlink(sp);
4283 				KEY_FREESP(&sp);
6171 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
6227 	 * Note that if sp is supplied, then we're being called from
6230 	if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP ||
6231 	    sp->spidx.ul_proto == IPPROTO_UDP))
6232 		ul_proto = sp->spidx.ul_proto;
6237 		switch (sp->spidx.src.sa.sa_family) {
6239 			if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) {
6240 				addr.sin.sin_port = sp->spidx.src.sin.sin_port;
6241 				mask = sp->spidx.prefs;
6245 			if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) {
6246 				addr.sin6.sin6_port = sp->spidx.src.sin6.sin6_port;
6247 				mask = sp->spidx.prefs;
6264 		switch (sp->spidx.dst.sa.sa_family) {
6266 			if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) {
6267 				addr.sin.sin_port = sp->spidx.dst.sin.sin_port;
6268 				mask = sp->spidx.prefd;
6272 			if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) {
6273 				addr.sin6.sin6_port = sp->spidx.dst.sin6.sin6_port;
6274 				mask = sp->spidx.prefd;
6291 	if (sp) {
6292 		m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, sp->priority);
7712 	struct secpolicy *sp, *nextsp;
7725 	sp = TAILQ_FIRST(&drainq);
7726 	while (sp != NULL) {
7727 		nextsp = TAILQ_NEXT(sp, chain);
7728 		KEY_FREESP(&sp);
7729 		sp = nextsp;

Indexes created Wed Sep 11 23:09:49 MDT 2024