• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /macosx-10.9.5/xnu-2422.115.4/bsd/netinet6/

Lines Matching defs:sav

269 int ipsec_send_natt_keepalive(struct secasvar *sav);
2058 		/* this won't work with multiple input threads - isr->sav would change 
2064 		 * isr->sav has been removed.
2068 				if (isr->sav != NULL
2069 				 && isr->sav->flags == SADB_X_EXT_NONE
2070 				 && isr->sav->alg_auth != SADB_AALG_NONE)
2389 ipsec4_encapsulate(m, sav)
2391 	struct secasvar *sav;
2399 	if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
2400 		!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
2401 	 || ((struct sockaddr *)&sav->sah->saidx.src)->sa_family != AF_INET) {
2407 	if (key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) {
2491 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr,
2493 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr,
2507 ipsec4_encapsulate_utun_esp_keepalive(m_ptr, sav)
2509 	struct secasvar *sav;
2516 	if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
2517 		!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
2518 	 || ((struct sockaddr *)&sav->sah->saidx.src)->sa_family != AF_INET) {
2580 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr,
2582 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr,
2594 ipsec6_encapsulate(m, sav)
2596 	struct secasvar *sav;
2603 	if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
2604 		!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
2605 	 || ((struct sockaddr *)&sav->sah->saidx.src)->sa_family != AF_INET6) {
2611 	if (key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) {
2660 	bcopy(&((struct sockaddr_in6 *)&sav->sah->saidx.src)->sin6_addr,
2662 	bcopy(&((struct sockaddr_in6 *)&sav->sah->saidx.dst)->sin6_addr,
2672 ipsec64_encapsulate(m, sav)
2674 	struct secasvar *sav;
2682 	if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
2683 		!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
2684 	 || ((struct sockaddr *)&sav->sah->saidx.src)->sa_family != AF_INET) {
2690 	if (key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) {
2749 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr,
2751 	bcopy(&((struct sockaddr_in *)&sav->sah->saidx.dst)->sin_addr,
2758 ipsec6_encapsulate_utun_esp_keepalive(m_ptr, sav)
2760 	struct secasvar *sav;
2767 	if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
2768 		!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
2769 	 || ((struct sockaddr *)&sav->sah->saidx.src)->sa_family != AF_INET6) {
2810 	bcopy(&((struct sockaddr_in6 *)&sav->sah->saidx.src)->sin6_addr,
2812 	bcopy(&((struct sockaddr_in6 *)&sav->sah->saidx.dst)->sin6_addr,
2833 ipsec_chkreplay(seq, sav)
2835 	struct secasvar *sav;
2845 	if (sav == NULL)
2849 	replay = sav->replay;
2906 ipsec_updatereplay(seq, sav)
2908 	struct secasvar *sav;
2917 	if (sav == NULL)
2921 	replay = sav->replay;
2991 		if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
2997 		    replay->overflow, ipsec_logsastr(sav)));
3090 ipsec_logsastr(sav)
3091 	struct secasvar *sav;
3095 	struct secasindex *saidx = &sav->sah->saidx;
3098 	if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
3099 			!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family)
3103 	snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi));
3171 	struct secasvar *sav = NULL;
3258 		if ((error = key_checkrequest(isr, &saidx, &sav)) != 0) {
3271 		if (sav == NULL) {
3288 		if (sav->state != SADB_SASTATE_MATURE
3289 		 && sav->state != SADB_SASTATE_DYING) {
3305 			if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family != AF_INET) {
3308 				    (u_int32_t)ntohl(sav->spi)));
3318 			error = ipsec4_encapsulate(state->m, sav);
3327 			ro4= &sav->sah->sa_route;
3381 			if ((error = esp4_output(state->m, sav)) != 0) {
3393 			if ((error = ah4_output(state->m, sav)) != 0) {
3399 			if ((error = ipcomp4_output(state->m, sav)) != 0) {
3422 	if (sav)
3423 		key_freesav(sav, KEY_SADB_UNLOCKED);
3427 	if (sav)
3428 		key_freesav(sav, KEY_SADB_UNLOCKED);
3455 	struct secasvar *sav = NULL;
3515 		if (key_checkrequest(isr, &saidx, &sav) == ENOENT) {
3541 		if (sav == NULL) {
3555 		if (sav->state != SADB_SASTATE_MATURE
3556 		 && sav->state != SADB_SASTATE_DYING) {
3565 			error = esp6_output(state->m, nexthdrp, mprev->m_next, sav);
3572 			error = ah6_output(state->m, nexthdrp, mprev->m_next, sav);
3575 			error = ipcomp6_output(state->m, nexthdrp, mprev->m_next, sav);
3605 	if (sav)
3606 		key_freesav(sav, KEY_SADB_UNLOCKED);
3610 	if (sav)
3611 		key_freesav(sav, KEY_SADB_UNLOCKED);
3629 	struct secasvar *sav = NULL;
3699 		if (key_checkrequest(isr, &saidx, &sav) == ENOENT) {
3713 		if (sav == NULL) {
3727 		if (sav->state != SADB_SASTATE_MATURE
3728 		 && sav->state != SADB_SASTATE_DYING) {
3745 			if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family == AF_INET6) {			
3746 				error = ipsec6_encapsulate(state->m, sav);
3752 			} else if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family == AF_INET) {
3768 				    	(u_int32_t)ntohl(sav->spi)));
3773 				error = ipsec64_encapsulate(state->m, sav);
3783 				ro4 = &sav->sah->sa_route;
3813 					if ((error = esp4_output(state->m, sav)) != 0) {
3828 					if ((error = ah4_output(state->m, sav)) != 0) {
3835 					if ((error = ipcomp4_output(state->m, sav)) != 0) {
3871 				    (u_int32_t)ntohl(sav->spi)));
3879 			ro6 = &sav->sah->sa_route;
3939 			error = esp6_output(state->m, &ip6->ip6_nxt, state->m->m_next, sav);
3946 			error = ah6_output(state->m, &ip6->ip6_nxt, state->m->m_next, sav);
3975 	if (sav)
3976 		key_freesav(sav, KEY_SADB_UNLOCKED);
3980 	if (sav)
3981 		key_freesav(sav, KEY_SADB_UNLOCKED);
4074 ipsec4_tunnel_validate(m, off, nxt0, sav, ifamily)
4078 	struct secasvar *sav;
4100 	if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT)
4112 	sin = (struct sockaddr_in *)&sav->sah->saidx.dst;
4118 	if (sav->utun_in_fn) {
4193 ipsec6_tunnel_validate(m, off, nxt0, sav)
4197 	struct secasvar *sav;
4216 	if (sav->sah->saidx.mode == IPSEC_MODE_TRANSPORT)
4221 	sin6 = (struct sockaddr_in6 *)&sav->sah->saidx.dst;
4227 	if (sav->utun_in_fn) {
4547 	struct secasvar *sav)
4558 	if ((esp_udp_encap_port & 0xFFFF) == 0 || sav->remote_ike_port == 0) return FALSE;
4561 	if ((natt_now - sav->natt_last_activity) < natt_keepalive_interval) return FALSE;
4563 	if (sav->flags & SADB_X_EXT_ESP_KEEPALIVE) return FALSE; // don't send these from the kernel
4571 	if ((sav->flags & SADB_X_EXT_ESP_KEEPALIVE) == 0) {
4589 		if (sav->sah->dir != IPSEC_DIR_INBOUND) {
4590 			ip->ip_src = ((struct sockaddr_in*)&sav->sah->saidx.src)->sin_addr;
4591 			ip->ip_dst = ((struct sockaddr_in*)&sav->sah->saidx.dst)->sin_addr;
4593 			ip->ip_src = ((struct sockaddr_in*)&sav->sah->saidx.dst)->sin_addr;
4594 			ip->ip_dst = ((struct sockaddr_in*)&sav->sah->saidx.src)->sin_addr;
4597 		uh->uh_dport = htons(sav->remote_ike_port);
4605 	if (ROUTE_UNUSABLE(&sav->sah->sa_route) ||
4606 	    rt_key(sav->sah->sa_route.ro_rt)->sa_family != AF_INET)
4607 		ROUTE_RELEASE(&sav->sah->sa_route);
4609 	route_copyout(&ro, &sav->sah->sa_route, sizeof(ro));
4616 	route_copyin(&ro, &sav->sah->sa_route, sizeof(ro));
4619 		sav->natt_last_activity = natt_now;