999 	struct secashead *sah;
1008 	LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
1011 		    kdebug_secash(sah, "  "));
1012 		if (sah->saidx.proto != IPPROTO_TCP)
1014 		if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) &&
1015 		    !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0))
1018 	if (sah != NULL) {
1020 			sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1022 			sav = TAILQ_FIRST(&sah->savtree_alive);
1052 	struct secashead *sah;
1068 	LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
1071 		    kdebug_secash(sah, "  "));
1072 		if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
1075 	if (sah != NULL) {
1081 			sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1083 			sav = TAILQ_FIRST(&sah->savtree_alive);
1147 		    sav->sah->saidx.proto == proto &&
1149 			&sav->sah->saidx.dst.sa, 0) == 0)
1176 	struct secashead *sah;
1187 	LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) {
1188 		if (IPSEC_MODE_TUNNEL != sah->saidx.mode)
1190 		if (proto != sah->saidx.proto)
1192 		if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0)
1194 		if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0)
1198 			sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1200 			sav = TAILQ_FIRST(&sah->savtree_alive);
1407 	struct secashead *sah;
1422 		TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
1424 		TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
1428 	sah = sav->sah;
1432 	key_freesah(&sah);
2892 	struct secashead *sah;
2894 	sah = malloc(sizeof(struct secashead), M_IPSEC_SAH,
2896 	if (sah == NULL) {
2900 	TAILQ_INIT(&sah->savtree_larval);
2901 	TAILQ_INIT(&sah->savtree_alive);
2902 	sah->saidx = *saidx;
2903 	sah->state = SADB_SASTATE_DEAD;
2904 	SAH_INITREF(sah);
2907 	    printf("%s: SAH(%p)\n", __func__, sah));
2908 	KEYDBG(KEY_DATA, kdebug_secash(sah, NULL));
2909 	return (sah);
2915 	struct secashead *sah = *psah;
2919 	if (SAH_DELREF(sah) == 0)
2923 	    printf("%s: last reference to SAH(%p)\n", __func__, sah));
2924 	KEYDBG(KEY_DATA, kdebug_secash(sah, NULL));
2927 	key_delsah(sah);
2931 key_delsah(struct secashead *sah)
2933 	IPSEC_ASSERT(sah != NULL, ("NULL sah"));
2934 	IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD,
2935 	    ("Attempt to free non DEAD SAH %p", sah));
2936 	IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval),
2937 	    ("Attempt to free SAH %p with LARVAL SA", sah));
2938 	IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive),
2939 	    ("Attempt to free SAH %p with ALIVE SA", sah));
2941 	free(sah, M_IPSEC_SAH);
2956 	struct secashead *sah;
2966 	sah = NULL;
3010 	sah = key_getsah(saidx);
3011 	if (sah == NULL) {
3013 		sah = key_newsah(saidx);
3014 		if (sah == NULL) {
3024 	sav->sah = sah;
3045 	if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) {
3047 		key_freesah(&sah);	/* reference from key_getsah() */
3059 		TAILQ_INSERT_HEAD(&V_sahtree, sah, chain);
3061 		LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash);
3063 		sah->state = SADB_SASTATE_MATURE;
3069 		SAH_ADDREF(sah);
3073 		TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain);
3075 		TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain);
3091 		if (sah != NULL)
3092 			key_freesah(&sah);
3182 	struct secashead *sah;
3185 	LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
3186 	    if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) {
3187 		    SAH_ADDREF(sah);
3192 	return (sah);
3340 	error = key_setident(sav->sah, mhp);
3631 			m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
3632 					sav->sah->saidx.reqid);
3649 			    &sav->sah->saidx.src.sa,
3657 			    &sav->sah->saidx.dst.sa,
4529 	struct secashead *sah, *nextsah;
4540 	TAILQ_FOREACH(sah, &V_sahtree, chain) {
4542 		if (TAILQ_EMPTY(&sah->savtree_larval) &&
4543 		    TAILQ_EMPTY(&sah->savtree_alive)) {
4544 			SAH_ADDREF(sah);
4545 			LIST_INSERT_HEAD(&emptyq, sah, drainq);
4549 		TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
4555 		TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
4626 		TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
4642 		TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
4665 	sah = LIST_FIRST(&emptyq);
4666 	while (sah != NULL) {
4667 		nextsah = LIST_NEXT(sah, drainq);
4669 		if (sah->state == SADB_SASTATE_DEAD ||
4670 		    !TAILQ_EMPTY(&sah->savtree_larval) ||
4671 		    !TAILQ_EMPTY(&sah->savtree_alive)) {
4672 			LIST_REMOVE(sah, drainq);
4673 			key_freesah(&sah); /* release extra reference */
4674 			sah = nextsah;
4677 		TAILQ_REMOVE(&V_sahtree, sah, chain);
4678 		LIST_REMOVE(sah, addrhash);
4679 		sah->state = SADB_SASTATE_DEAD;
4680 		sah = nextsah;
4689 		key_freesah(&sav->sah); /* release reference from SAV */
4705 		key_freesah(&sav->sah); /* release reference from SAV */
4718 	sah = LIST_FIRST(&emptyq);
4719 	while (sah != NULL) {
4720 		nextsah = LIST_NEXT(sah, drainq);
4721 		key_freesah(&sah); /* release extra reference */
4722 		key_freesah(&sah); /* release last reference */
4723 		sah = nextsah;
5122 	struct secashead *sah;
5127 	LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
5128 		if (sah->saidx.proto != IPPROTO_TCP)
5130 		if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) &&
5131 		    !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0))
5134 	if (sah != NULL) {
5136 			sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
5138 			sav = TAILQ_FIRST(&sah->savtree_alive);
5172 	struct secashead *sah;
5201 		sah = key_getsah(saidx);
5202 		if (sah == NULL) {
5204 			sah = key_newsah(saidx);
5205 			if (sah == NULL) {
5218 		if (sav->sah->saidx.proto != IPPROTO_ESP ||
5228 		sah = sav->sah;
5249 	newsav->sah = sah;
5270 	TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
5278 	TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) {
5285 		TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain);
5292 		TAILQ_INSERT_HEAD(&V_sahtree, sah, chain);
5293 		LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash);
5294 		sah->state = SADB_SASTATE_MATURE;
5295 		SAH_ADDREF(sah); /* newsav references new SAH */
5298 	 * isnew == 1 -> @sah was referenced by key_getsah().
5299 	 * isnew == 0 -> we use the same @sah, that was used by @sav,
5328 		key_freesah(&sah);
5447 	if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) {
5487 		TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
5488 		TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain);
5761 	if (sav->sah->saidx.proto != IPPROTO_ESP)
5839 	if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) {
5854 				    sav->sah->saidx.src.sin.sin_addr.s_addr) {
5858 					addr = sav->sah->saidx.src.sin.sin_addr.s_addr;
5877 				    &sav->sah->saidx.src.sin6.sin6_addr.s6_addr,
5884 						  ~sav->sah->saidx.src.sin6.sin6_addr.s6_addr16[i]);
5911 				    sav->sah->saidx.dst.sin.sin_addr.s_addr) {
5915 					addr = sav->sah->saidx.dst.sin.sin_addr.s_addr;
5934 				           &sav->sah->saidx.dst.sin6.sin6_addr.s6_addr, 16) != 0) {
5940 						   ~sav->sah->saidx.dst.sin6.sin6_addr.s6_addr16[i]);
5960 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp)
5964 	IPSEC_ASSERT(sah != NULL, ("null secashead"));
5971 		sah->idents = NULL;
5972 		sah->identd = NULL;
5997 		sah->idents = NULL;
5998 		sah->identd = NULL;
6003 	sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
6004 	if (sah->idents == NULL) {
6008 	sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
6009 	if (sah->identd == NULL) {
6010 		free(sah->idents, M_IPSEC_MISC);
6011 		sah->idents = NULL;
6015 	sah->idents->type = idsrc->sadb_ident_type;
6016 	sah->idents->id = idsrc->sadb_ident_id;
6018 	sah->identd->type = iddst->sadb_ident_type;
6019 	sah->identd->id = iddst->sadb_ident_id;
6142 	if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
6186 	struct secashead *sah;
6191 	LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
6192 		if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0)
6195 		TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain);
6210 		key_freesah(&sav->sah); /* release reference from SAV */
6248 	struct secashead *sah;
6253 	TAILQ_FOREACH(sah, &V_sahtree, chain) {
6254 		sav = TAILQ_FIRST(&sah->savtree_alive);
6263 		TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain);
6279 		key_freesah(&sav->sah); /* release reference from SAV */
6355 	if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
6367 	if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) {
7072 	struct secashead *sah;
7164 	LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) {
7165 		if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
7169 	if (sah != NULL) {
7393 	IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
7400 	satype = key_proto2satype(sav->sah->saidx.proto);
7422 	m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
7423 			sav->sah->saidx.reqid);
7477 	    &sav->sah->saidx.src.sa,
7487 	    &sav->sah->saidx.dst.sa,
7532 	struct secashead *sah, *nextsah;
7535 	sah = TAILQ_FIRST(flushq);
7536 	while (sah != NULL) {
7537 		sav = TAILQ_FIRST(&sah->savtree_larval);
7540 			TAILQ_REMOVE(&sah->savtree_larval, sav, chain);
7542 			key_freesah(&sah); /* release reference from SAV */
7545 		sav = TAILQ_FIRST(&sah->savtree_alive);
7548 			TAILQ_REMOVE(&sah->savtree_alive, sav, chain);
7550 			key_freesah(&sah); /* release reference from SAV */
7553 		nextsah = TAILQ_NEXT(sah, chain);
7554 		key_freesah(&sah);	/* release last reference */
7555 		sah = nextsah;
7576 	struct secashead *sah, *nextsah;
7607 		TAILQ_FOREACH(sah, &flushq, chain) {
7608 			sah->state = SADB_SASTATE_DEAD;
7616 			TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7619 			TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7626 		sah = TAILQ_FIRST(&V_sahtree);
7627 		while (sah != NULL) {
7628 			IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD,
7629 			    ("DEAD SAH %p in SADB_FLUSH", sah));
7630 			nextsah = TAILQ_NEXT(sah, chain);
7631 			if (sah->saidx.proto != proto) {
7632 				sah = nextsah;
7635 			sah->state = SADB_SASTATE_DEAD;
7636 			TAILQ_REMOVE(&V_sahtree, sah, chain);
7637 			LIST_REMOVE(sah, addrhash);
7639 			TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7643 			TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7648 			TAILQ_INSERT_HEAD(&flushq, sah, chain);
7649 			sah = nextsah;
7689 	struct secashead *sah;
7710 	TAILQ_FOREACH(sah, &V_sahtree, chain) {
7712 		    proto != sah->saidx.proto)
7715 		TAILQ_FOREACH(sav, &sah->savtree_larval, chain)
7717 		TAILQ_FOREACH(sav, &sah->savtree_alive, chain)
7727 	TAILQ_FOREACH(sah, &V_sahtree, chain) {
7729 		    proto != sah->saidx.proto)
7733 		if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7739 		TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7748 		TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
8449 	struct secashead *sah;
8483 	TAILQ_FOREACH(sah, &sahdrainq, chain) {
8484 		sah->state = SADB_SASTATE_DEAD;
8485 		TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
8488 		TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {

Indexes created Thu Jun 27 20:29:42 MDT 2024