175 	&ip4_def_policy.policy,	0, &sysctl_def_policy, "I", "");
197 /* for performance, we bypass ipsec until a security policy is set */
224 	def_policy, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_def_policy.policy,	0, "");
275 	int old_policy = ip4_def_policy.policy;
280 	if (ip4_def_policy.policy != IPSEC_POLICY_NONE &&
281 		ip4_def_policy.policy != IPSEC_POLICY_DISCARD) {
282 		ip4_def_policy.policy = old_policy;
286 	/* Turn off the bypass if the default security policy changes */
287 	if (ipsec_bypass != 0 && ip4_def_policy.policy != IPSEC_POLICY_NONE)
312 	struct secpolicy *currsp = NULL;	/* policy on socket */
313 	struct secpolicy *kernsp = NULL;	/* policy on kernel */
337 		/* Socket has not specified an IPSEC policy */
383 			switch (currsp->policy) {
393 					/* look for a policy in SPD */
409 					if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD
410 						&& ip4_def_policy.policy != IPSEC_POLICY_NONE) {
412 								  "fixed system default policy: %d->%d\n",
413 								  ip4_def_policy.policy, IPSEC_POLICY_NONE));
414 						ip4_def_policy.policy = IPSEC_POLICY_NONE;
432 			      "Invalid policy for PCB %d\n", currsp->policy));
441 	/* look for a policy in SPD */
456 	switch (currsp->policy) {
459 					  "Illegal policy for non-priviliged defined %d\n",
460 					  currsp->policy));
467 			if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD
468 				&& ip4_def_policy.policy != IPSEC_POLICY_NONE) {
470 						  "fixed system default policy: %d->%d\n",
471 						  ip4_def_policy.policy, IPSEC_POLICY_NONE));
472 				ip4_def_policy.policy = IPSEC_POLICY_NONE;
490 					  "Invalid policy for PCB %d\n", currsp->policy));
501  * OUT:	positive: a pointer to the entry for security policy leaf matched.
530 		/* make a index to look for a policy */
555 	if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD
556 	 && ip4_def_policy.policy != IPSEC_POLICY_NONE) {
557 		ipseclog((LOG_INFO, "fixed system default policy:%d->%d\n",
558 			ip4_def_policy.policy,
560 		ip4_def_policy.policy = IPSEC_POLICY_NONE;
570  * Unlike getpolicybyaddr, do not set the default policy.
597 	/* make a index to look for a policy */
609 	if (*sp != NULL && (*sp)->policy == IPSEC_POLICY_IPSEC) {
621 			/* If policy is enabled, redirect to ipsec interface */
650 	struct secpolicy *currsp = NULL;	/* policy on socket */
651 	struct secpolicy *kernsp = NULL;	/* policy on kernel */
694 			switch (currsp->policy) {
703 					/* look for a policy in SPD */
718 					if (ip6_def_policy.policy != IPSEC_POLICY_DISCARD
719 						&& ip6_def_policy.policy != IPSEC_POLICY_NONE) {
721 								  "fixed system default policy: %d->%d\n",
722 								  ip6_def_policy.policy, IPSEC_POLICY_NONE));
723 						ip6_def_policy.policy = IPSEC_POLICY_NONE;
739 							  "Invalid policy for PCB %d\n", currsp->policy));
747 	/* look for a policy in SPD */
761 	switch (currsp->policy) {
764 					  "Illegal policy for non-priviliged defined %d\n",
765 					  currsp->policy));
771 			if (ip6_def_policy.policy != IPSEC_POLICY_DISCARD
772 				&& ip6_def_policy.policy != IPSEC_POLICY_NONE) {
774 						  "fixed system default policy: %d->%d\n",
775 						  ip6_def_policy.policy, IPSEC_POLICY_NONE));
776 				ip6_def_policy.policy = IPSEC_POLICY_NONE;
792 					  "ipsec6_policybysock: Invalid policy for PCB %d\n",
793 					  currsp->policy));
805  * OUT:	positive: a pointer to the entry for security policy leaf matched.
835 	/* make a index to look for a policy */
857 	if (ip6_def_policy.policy != IPSEC_POLICY_DISCARD
858 	 && ip6_def_policy.policy != IPSEC_POLICY_NONE) {
859 		ipseclog((LOG_INFO, "fixed system default policy: %d->%d\n",
860 		    ip6_def_policy.policy, IPSEC_POLICY_NONE));
861 		ip6_def_policy.policy = IPSEC_POLICY_NONE;
870  * Unlike getpolicybyaddr, do not set the default policy.
900 	/* make a index to look for a policy */
912 	if (*sp != NULL && (*sp)->policy == IPSEC_POLICY_IPSEC) {
924 			/* If policy is enabled, redirect to ipsec interface */
1094  * configure security policy index (src/dst/proto/sport/dport)
1409 /* initialize policy in PCB */
1441 	new->sp_in->policy = IPSEC_POLICY_ENTRUST;
1449 	new->sp_out->policy = IPSEC_POLICY_ENTRUST;
1456 /* copy old ipsec policy into new */
1485 /* deep-copy a policy in PCB */
1529 	dst->policy = src->policy;
1544 /* set policy and ipsec request if present. */
1564 			 printf("ipsec_set_policy: passed policy\n");
1567 	/* check policy type */
1587 			 printf("ipsec_set_policy: new policy\n");
1649 /* delete policy in PCB */
1878 	/* check policy */
1879 	switch (sp->policy) {
1892 		panic("ipsec_hdrsiz: Invalid policy found. %d\n", sp->policy);
1899 	/* XXX should compare policy against ipsec header history */
1938 			 * we shouldn't compress small packets, IPComp policy
2093 	/* check policy */
2094 	switch (sp->policy) {
2106 		panic("ipsec_hdrsiz: Invalid policy found. %d\n", sp->policy);
4239 		// the utun SAs don't have a policy (yet).
4267 	 * when there is no suitable inbound policy for the packet of the ipsec
4269 	 * as the ipsec tunnel mode even when the system wide policy is "none".

Indexes created Sun Jun 30 11:05:36 MDT 2024