790 	struct secashead *sah;
800 	LIST_FOREACH(sah, &sahtree, chain) {
802 		if (sah->state == SADB_SASTATE_DEAD)
804 		if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID))
834 		sav = key_do_allocsa_policy(sah, state, dstport);
852 key_do_allocsa_policy(sah, state, dstport)
853 	struct secashead *sah;
866 	for (sav = LIST_FIRST(&sah->savtree[state]);
875 		if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport &&
880 		if (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
885 		if ((sah->saidx.mode == IPSEC_MODE_TUNNEL &&
887 		    (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
944 			    d->sah->saidx.proto, 0, 0, d->refcnt - 1);
951 				(struct sockaddr *)&d->sah->saidx.src,
952 				d->sah->saidx.src.ss_len << 3,
960 				(struct sockaddr *)&d->sah->saidx.src,
961 				d->sah->saidx.src.ss_len << 3,
999 	else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport)
1079 		if (proto != sav->sah->saidx.proto)
1081 		if (family != sav->sah->saidx.src.ss_family ||
1082 		    family != sav->sah->saidx.dst.ss_family)
1105 			    (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1121 			    (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1141 			    (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1158 			    (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1192 	struct secashead *sah;
1198 	saidx.mode = outsav->sah->saidx.mode;
1200 	saidx.proto = outsav->sah->saidx.proto;
1201 	bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in));
1202 	bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in));
1205 	LIST_FOREACH(sah, &sahtree, chain) {
1206 		if (sah->state == SADB_SASTATE_DEAD)
1208 		if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE))
1216 	 * Found sah - now go thru list of SAs and find
1234 		if (key_do_get_translated_port(sah, outsav, state)) {
1244 key_do_get_translated_port(sah, outsav, state)
1245 	struct secashead *sah;
1257 	for (currsav = LIST_FIRST(&sah->savtree[state]);
2990 key_delsah(sah)
2991 	struct secashead *sah;
3000 	if (sah == NULL)
3009 		for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]);
3027 			sav->sah = NULL;
3032 	/* don't delete sah only if there are savs. */
3036 	if (sah->sa_route.ro_rt) {
3037 		rtfree(sah->sa_route.ro_rt);
3038 		sah->sa_route.ro_rt = (struct rtentry *)NULL;
3042 	if (__LIST_CHAINED(sah))
3043 		LIST_REMOVE(sah, chain);
3045 	KFREE(sah);
3063 key_newsav(m, mhp, sah, errp)
3066 	struct secashead *sah;
3075 	if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
3144 	newsav->sah = sah;
3147 	LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3230 	struct secashead *sah;
3234 	LIST_FOREACH(sah, &sahtree, chain) {
3235 		if (sah->state == SADB_SASTATE_DEAD)
3237 		if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
3238 			return sah;
3276 			    key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
3304 key_getsavbyspi(sah, spi)
3305 	struct secashead *sah;
3317 		if (sav->sah != sah)
3671 	switch (sav->sah->saidx.proto) {
3684 	switch (sav->sah->saidx.proto) {
3870 			m = key_setsadbxsa2(sav->sah->saidx.mode,
3872 					sav->sah->saidx.reqid);
3879 			    (struct sockaddr *)&sav->sah->saidx.src,
3887 			    (struct sockaddr *)&sav->sah->saidx.dst,
4709 		struct secashead *sah, *nextsah;
4712 		for (sah = LIST_FIRST(&sahtree);
4713 			 sah != NULL;
4714 			 sah = nextsah) {
4717 			nextsah = LIST_NEXT(sah, chain);
4719 			/* if sah has been dead, then delete it and process next sah. */
4720 			if (sah->state == SADB_SASTATE_DEAD) {
4721 				key_delsah(sah);
4726 			if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL &&
4727 			    LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL && 
4728 			    LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL && 
4729 			    LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) {
4730 			        key_delsah(sah);
4736 			for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4760 				sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);	//%%% should we check dying list if this is empty???
4774 			for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4837 			for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4892 			for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
5463 	struct secashead *sah;
5521 	if ((sah = key_getsah(&saidx)) == NULL) {
5529 	error = key_setident(sah, m, mhp);
5538 	 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
5546 	if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
5556 	if (sav->sah->saidx.proto != proto) {
5560 		    sav->sah->saidx.proto, proto));
5594 		(sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT ||
5595 		sav->sah->saidx.src.ss_family != AF_INET))
5631 key_getsavbyseq(sah, seq)
5632 	struct secashead *sah;
5643 	LIST_FOREACH(sav, &sah->savtree[state], chain) {
5813 key_setident(sah, m, mhp)
5814 	struct secashead *sah;
5824 	if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5830 		sah->idents = NULL;
5831 		sah->identd = NULL;
5858 		sah->idents = NULL;
5859 		sah->identd = NULL;
5864 	KMALLOC_NOWAIT(sah->idents, struct sadb_ident *, idsrclen);
5865 	if (sah->idents == NULL) {
5867 		KMALLOC_WAIT(sah->idents, struct sadb_ident *, idsrclen);
5869 		if (sah->idents == NULL) {
5874 	KMALLOC_NOWAIT(sah->identd, struct sadb_ident *, iddstlen);
5875 	if (sah->identd == NULL) {
5877 		KMALLOC_WAIT(sah->identd, struct sadb_ident *, iddstlen);
5879 		if (sah->identd == NULL) {
5880 			KFREE(sah->idents);
5881 			sah->idents = NULL;
5886 	bcopy(idsrc, sah->idents, idsrclen);
5887 	bcopy(iddst, sah->identd, iddstlen);
5952 	struct secashead *sah;
6005 	LIST_FOREACH(sah, &sahtree, chain) {
6006 		if (sah->state == SADB_SASTATE_DEAD)
6008 		if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
6012 		sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
6016 	if (sah == NULL) {
6065 	struct secashead *sah;
6077 	LIST_FOREACH(sah, &sahtree, chain) {
6078 		if (sah->state == SADB_SASTATE_DEAD)
6080 		if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
6090 			for (sav = LIST_FIRST(&sah->savtree[state]);
6155 	struct secashead *sah;
6194 	LIST_FOREACH(sah, &sahtree, chain) {
6195 		if (sah->state == SADB_SASTATE_DEAD)
6197 		if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
6201 		sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
6205 	if (sah == NULL) {
6216 	if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
6824 	struct secashead *sah;
6909 	LIST_FOREACH(sah, &sahtree, chain) {
6910 		if (sah->state == SADB_SASTATE_DEAD)
6912 		if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID))
6915 	if (sah != NULL) {
7169 	if (sav->sah == NULL)
7171 	if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
7191 	m = key_setsadbxsa2(sav->sah->saidx.mode,
7193 			sav->sah->saidx.reqid);
7223 	    (struct sockaddr *)&sav->sah->saidx.src,
7233 	    (struct sockaddr *)&sav->sah->saidx.dst,
7288 	struct secashead *sah, *nextsah;
7307 	for (sah = LIST_FIRST(&sahtree);
7308 	     sah != NULL;
7309 	     sah = nextsah) {
7310 		nextsah = LIST_NEXT(sah, chain);
7313 		 && proto != sah->saidx.proto)
7320 			for (sav = LIST_FIRST(&sah->savtree[state]);
7331 		sah->state = SADB_SASTATE_DEAD;
7376 	struct secashead *sah;
7414 	LIST_FOREACH(sah, &sahtree, chain) {
7416 		 && proto != sah->saidx.proto)
7420 		if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7431 			LIST_FOREACH(sav, &sah->savtree[state], chain) {
8087 	if (sav->sah == NULL)
8088 		panic("sav->sah == NULL at key_checktunnelsanity");
8153 	struct secashead *sah;
8157 	LIST_FOREACH(sah, &sahtree, chain) {
8158 		ro = &sah->sa_route;
8188 	LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);

Indexes created Tue Sep 03 12:52:19 MDT 2024