Lines Matching refs:ipss
149 void ipsec_fragcache_uninit(ipsec_fragcache_t *, ipsec_stack_t *ipss);
361 ipsec_stack_t *ipss = (ipsec_stack_t *)arg; in ipsec_stack_fini() local
364 netstack_t *ns = ipss->ipsec_netstack; in ipsec_stack_fini()
368 ipsec_loader_destroy(ipss); in ipsec_stack_fini()
370 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER); in ipsec_stack_fini()
379 avl_destroy_nodes(&ipss->ipsec_tunnel_policies, in ipsec_stack_fini()
383 avl_destroy(&ipss->ipsec_tunnel_policies); in ipsec_stack_fini()
384 rw_exit(&ipss->ipsec_tunnel_policy_lock); in ipsec_stack_fini()
385 rw_destroy(&ipss->ipsec_tunnel_policy_lock); in ipsec_stack_fini()
389 ipsec_kstat_destroy(ipss); in ipsec_stack_fini()
391 ip_drop_unregister(&ipss->ipsec_dropper); in ipsec_stack_fini()
393 ip_drop_unregister(&ipss->ipsec_spd_dropper); in ipsec_stack_fini()
394 ip_drop_destroy(ipss); in ipsec_stack_fini()
399 ipsec_polhead_destroy(&ipss->ipsec_system_policy); in ipsec_stack_fini()
400 ASSERT(ipss->ipsec_system_policy.iph_refs == 1); in ipsec_stack_fini()
401 ipsec_polhead_destroy(&ipss->ipsec_inactive_policy); in ipsec_stack_fini()
402 ASSERT(ipss->ipsec_inactive_policy.iph_refs == 1); in ipsec_stack_fini()
405 ipsec_action_free_table(ipss->ipsec_action_hash[i].hash_head); in ipsec_stack_fini()
406 ipss->ipsec_action_hash[i].hash_head = NULL; in ipsec_stack_fini()
407 mutex_destroy(&(ipss->ipsec_action_hash[i].hash_lock)); in ipsec_stack_fini()
410 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) { in ipsec_stack_fini()
411 ASSERT(ipss->ipsec_sel_hash[i].hash_head == NULL); in ipsec_stack_fini()
412 mutex_destroy(&(ipss->ipsec_sel_hash[i].hash_lock)); in ipsec_stack_fini()
415 mutex_enter(&ipss->ipsec_alg_lock); in ipsec_stack_fini()
417 int nalgs = ipss->ipsec_nalgs[algtype]; in ipsec_stack_fini()
420 if (ipss->ipsec_alglists[algtype][i] != NULL) in ipsec_stack_fini()
424 mutex_exit(&ipss->ipsec_alg_lock); in ipsec_stack_fini()
425 mutex_destroy(&ipss->ipsec_alg_lock); in ipsec_stack_fini()
430 (void) ipsec_free_tables(ipss); in ipsec_stack_fini()
431 kmem_free(ipss, sizeof (*ipss)); in ipsec_stack_fini()
452 ipsec_free_tables(ipsec_stack_t *ipss) in ipsec_free_tables() argument
456 if (ipss->ipsec_sel_hash != NULL) { in ipsec_free_tables()
457 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) { in ipsec_free_tables()
458 ASSERT(ipss->ipsec_sel_hash[i].hash_head == NULL); in ipsec_free_tables()
460 kmem_free(ipss->ipsec_sel_hash, ipss->ipsec_spd_hashsize * in ipsec_free_tables()
461 sizeof (*ipss->ipsec_sel_hash)); in ipsec_free_tables()
462 ipss->ipsec_sel_hash = NULL; in ipsec_free_tables()
463 ipss->ipsec_spd_hashsize = 0; in ipsec_free_tables()
465 ipsec_polhead_free_table(&ipss->ipsec_system_policy); in ipsec_free_tables()
466 ipsec_polhead_free_table(&ipss->ipsec_inactive_policy); in ipsec_free_tables()
503 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alloc_tables() local
505 error = ipsec_alloc_table(&ipss->ipsec_system_policy, in ipsec_alloc_tables()
506 ipss->ipsec_spd_hashsize, kmflag, B_TRUE, ns); in ipsec_alloc_tables()
510 error = ipsec_alloc_table(&ipss->ipsec_inactive_policy, in ipsec_alloc_tables()
511 ipss->ipsec_spd_hashsize, kmflag, B_TRUE, ns); in ipsec_alloc_tables()
515 ipss->ipsec_sel_hash = kmem_zalloc(ipss->ipsec_spd_hashsize * in ipsec_alloc_tables()
516 sizeof (*ipss->ipsec_sel_hash), kmflag); in ipsec_alloc_tables()
518 if (ipss->ipsec_sel_hash == NULL) in ipsec_alloc_tables()
519 return (ipsec_free_tables(ipss)); in ipsec_alloc_tables()
548 ipsec_kstat_init(ipsec_stack_t *ipss) in ipsec_kstat_init() argument
550 ipss->ipsec_ksp = kstat_create_netstack("ip", 0, "ipsec_stat", "net", in ipsec_kstat_init()
552 KSTAT_FLAG_PERSISTENT, ipss->ipsec_netstack->netstack_stackid); in ipsec_kstat_init()
554 if (ipss->ipsec_ksp == NULL || ipss->ipsec_ksp->ks_data == NULL) in ipsec_kstat_init()
557 ipss->ipsec_kstats = ipss->ipsec_ksp->ks_data; in ipsec_kstat_init()
559 #define KI(x) kstat_named_init(&ipss->ipsec_kstats->x, #x, KSTAT_DATA_UINT64) in ipsec_kstat_init()
570 kstat_install(ipss->ipsec_ksp); in ipsec_kstat_init()
575 ipsec_kstat_destroy(ipsec_stack_t *ipss) in ipsec_kstat_destroy() argument
577 kstat_delete_netstack(ipss->ipsec_ksp, in ipsec_kstat_destroy()
578 ipss->ipsec_netstack->netstack_stackid); in ipsec_kstat_destroy()
579 ipss->ipsec_kstats = NULL; in ipsec_kstat_destroy()
590 ipsec_stack_t *ipss; in ipsec_stack_init() local
593 ipss = (ipsec_stack_t *)kmem_zalloc(sizeof (*ipss), KM_SLEEP); in ipsec_stack_init()
594 ipss->ipsec_netstack = ns; in ipsec_stack_init()
605 ns->netstack_ipsec = ipss; in ipsec_stack_init()
612 ipss->ipsec_spd_hashsize = (ipsec_spd_hashsize == 0) ? in ipsec_stack_init()
618 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
619 ipss->ipsec_spd_hashsize = IPSEC_SPDHASH_DEFAULT; in ipsec_stack_init()
621 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
626 ipss->ipsec_tun_spd_hashsize = (tun_spd_hashsize == 0) ? in ipsec_stack_init()
634 ipss->ipsec_system_policy.iph_refs = 1; in ipsec_stack_init()
635 ipss->ipsec_inactive_policy.iph_refs = 1; in ipsec_stack_init()
636 ipsec_polhead_init(&ipss->ipsec_system_policy, in ipsec_stack_init()
637 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
638 ipsec_polhead_init(&ipss->ipsec_inactive_policy, in ipsec_stack_init()
639 ipss->ipsec_spd_hashsize); in ipsec_stack_init()
640 rw_init(&ipss->ipsec_tunnel_policy_lock, NULL, RW_DEFAULT, NULL); in ipsec_stack_init()
641 avl_create(&ipss->ipsec_tunnel_policies, tunnel_compare, in ipsec_stack_init()
644 ipss->ipsec_next_policy_index = 1; in ipsec_stack_init()
646 rw_init(&ipss->ipsec_system_policy.iph_lock, NULL, RW_DEFAULT, NULL); in ipsec_stack_init()
647 rw_init(&ipss->ipsec_inactive_policy.iph_lock, NULL, RW_DEFAULT, NULL); in ipsec_stack_init()
650 mutex_init(&(ipss->ipsec_action_hash[i].hash_lock), in ipsec_stack_init()
653 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) in ipsec_stack_init()
654 mutex_init(&(ipss->ipsec_sel_hash[i].hash_lock), in ipsec_stack_init()
657 mutex_init(&ipss->ipsec_alg_lock, NULL, MUTEX_DEFAULT, NULL); in ipsec_stack_init()
659 ipss->ipsec_nalgs[i] = 0; in ipsec_stack_init()
662 ip_drop_init(ipss); in ipsec_stack_init()
663 ip_drop_register(&ipss->ipsec_spd_dropper, "IPsec SPD"); in ipsec_stack_init()
666 ip_drop_register(&ipss->ipsec_dropper, "IP IPsec processing"); in ipsec_stack_init()
668 (void) ipsec_kstat_init(ipss); in ipsec_stack_init()
670 ipsec_loader_init(ipss); in ipsec_stack_init()
671 ipsec_loader_start(ipss); in ipsec_stack_init()
673 return (ipss); in ipsec_stack_init()
712 ipsec_stack_t *ipss = ns->netstack_ipsec; in alg_insert_sortlist() local
713 ipsec_alginfo_t *ai = ipss->ipsec_alglists[at][algid]; in alg_insert_sortlist()
716 uint_t count = ipss->ipsec_nalgs[at]; in alg_insert_sortlist()
720 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in alg_insert_sortlist()
727 alt = ipss->ipsec_alglists[at][ipss->ipsec_sortlist[at][i]]; in alg_insert_sortlist()
734 swap = ipss->ipsec_sortlist[at][i]; in alg_insert_sortlist()
735 ipss->ipsec_sortlist[at][i] = holder; in alg_insert_sortlist()
742 ipss->ipsec_sortlist[at][i] = holder; in alg_insert_sortlist()
754 ipsec_stack_t *ipss = ns->netstack_ipsec; in alg_remove_sortlist() local
755 int newcount = ipss->ipsec_nalgs[at]; in alg_remove_sortlist()
757 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in alg_remove_sortlist()
761 ipss->ipsec_sortlist[at][i-1] = in alg_remove_sortlist()
762 ipss->ipsec_sortlist[at][i]; in alg_remove_sortlist()
763 } else if (ipss->ipsec_sortlist[at][i] == algid) { in alg_remove_sortlist()
776 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alg_reg() local
778 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in ipsec_alg_reg()
780 ASSERT(ipss->ipsec_alglists[algtype][alg->alg_id] == NULL); in ipsec_alg_reg()
782 ipss->ipsec_alglists[algtype][alg->alg_id] = alg; in ipsec_alg_reg()
784 ipss->ipsec_nalgs[algtype]++; in ipsec_alg_reg()
795 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alg_unreg() local
797 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in ipsec_alg_unreg()
799 ASSERT(ipss->ipsec_alglists[algtype][algid] != NULL); in ipsec_alg_unreg()
800 ipsec_alg_free(ipss->ipsec_alglists[algtype][algid]); in ipsec_alg_unreg()
801 ipss->ipsec_alglists[algtype][algid] = NULL; in ipsec_alg_unreg()
803 ipss->ipsec_nalgs[algtype]--; in ipsec_alg_unreg()
814 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_system_policy() local
815 ipsec_policy_head_t *h = &ipss->ipsec_system_policy; in ipsec_system_policy()
824 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_inactive_policy() local
825 ipsec_policy_head_t *h = &ipss->ipsec_inactive_policy; in ipsec_inactive_policy()
889 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_swap_global_policy() local
891 ipsec_swap_policy(&ipss->ipsec_system_policy, in ipsec_swap_global_policy()
892 &ipss->ipsec_inactive_policy, ns); in ipsec_swap_global_policy()
1011 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_clone_system_policy() local
1013 return (ipsec_copy_polhead(&ipss->ipsec_system_policy, in ipsec_clone_system_policy()
1014 &ipss->ipsec_inactive_policy, ns)); in ipsec_clone_system_policy()
1030 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_log_policy_failure() local
1045 ipss->ipsec_policy_failure_count[type]++; in ipsec_log_policy_failure()
1064 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_rl_strlog() local
1075 if (ipss->ipsec_policy_failure_last + in ipsec_rl_strlog()
1081 ipss->ipsec_policy_failure_last = current; in ipsec_rl_strlog()
1089 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_config_flush() local
1091 rw_enter(&ipss->ipsec_system_policy.iph_lock, RW_WRITER); in ipsec_config_flush()
1092 ipsec_polhead_flush(&ipss->ipsec_system_policy, ns); in ipsec_config_flush()
1093 ipss->ipsec_next_policy_index = 1; in ipsec_config_flush()
1094 rw_exit(&ipss->ipsec_system_policy.iph_lock); in ipsec_config_flush()
1095 ipsec_action_reclaim_stack(ipss); in ipsec_config_flush()
1106 ipsec_stack_t *ipss = ns->netstack_ipsec; in act_alg_adjust() local
1107 ipsec_alginfo_t *algp = ipss->ipsec_alglists[algtype][algid]; in act_alg_adjust()
1142 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_action() local
1147 ipss->ipsec_alglists[IPSEC_ALG_AUTH][ipp->ipp_auth_alg] == NULL) { in ipsec_check_action()
1152 ipss->ipsec_alglists[IPSEC_ALG_AUTH][ipp->ipp_esp_auth_alg] == in ipsec_check_action()
1158 ipss->ipsec_alglists[IPSEC_ALG_ENCR][ipp->ipp_encr_alg] == NULL) { in ipsec_check_action()
1224 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_act_wildcard_expand() local
1265 #define SET_EXP_MINMAX(type, wild, alg, min, max, ipss) \ in ipsec_act_wildcard_expand() argument
1267 int nalgs = ipss->ipsec_nalgs[type]; \ in ipsec_act_wildcard_expand()
1268 if (ipss->ipsec_alglists[type][alg] != NULL) \ in ipsec_act_wildcard_expand()
1272 max = ipss->ipsec_nalgs[type] - 1; \ in ipsec_act_wildcard_expand()
1276 auth_min, auth_max, ipss); in ipsec_act_wildcard_expand()
1278 eauth_min, eauth_max, ipss); in ipsec_act_wildcard_expand()
1280 encr_min, encr_max, ipss); in ipsec_act_wildcard_expand()
1304 #define WHICH_ALG(type, wild, idx, ipss) \ in ipsec_act_wildcard_expand() argument
1305 ((wild)?(ipss->ipsec_sortlist[type][idx]):(idx)) in ipsec_act_wildcard_expand()
1308 encr_alg = WHICH_ALG(IPSEC_ALG_ENCR, wild_encr, encr_idx, ipss); in ipsec_act_wildcard_expand()
1313 auth_idx, ipss); in ipsec_act_wildcard_expand()
1319 wild_eauth, eauth_idx, ipss); in ipsec_act_wildcard_expand()
1529 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_unique() local
1553 *counter = DROPPER(ipss, ipds_spd_ah_innermismatch); in ipsec_check_ipsecin_unique()
1559 *counter = DROPPER(ipss, ipds_spd_esp_innermismatch); in ipsec_check_ipsecin_unique()
1575 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_action() local
1593 *counter = DROPPER(ipss, ipds_spd_loopback_mismatch); in ipsec_check_ipsecin_action()
1609 *counter = DROPPER(ipss, ipds_spd_explicit); in ipsec_check_ipsecin_action()
1615 *counter = DROPPER(ipss, ipds_spd_got_secure); in ipsec_check_ipsecin_action()
1633 *counter = DROPPER(ipss, ipds_spd_got_clear); in ipsec_check_ipsecin_action()
1642 *counter = DROPPER(ipss, ipds_spd_bad_ahalg); in ipsec_check_ipsecin_action()
1652 *counter = DROPPER(ipss, ipds_spd_got_ah); in ipsec_check_ipsecin_action()
1661 *counter = DROPPER(ipss, ipds_spd_got_clear); in ipsec_check_ipsecin_action()
1670 *counter = DROPPER(ipss, ipds_spd_bad_espealg); in ipsec_check_ipsecin_action()
1682 *counter = DROPPER(ipss, in ipsec_check_ipsecin_action()
1694 *counter = DROPPER(ipss, ipds_spd_got_esp); in ipsec_check_ipsecin_action()
1705 *counter = DROPPER(ipss, in ipsec_check_ipsecin_action()
1718 *counter = DROPPER(ipss, ipds_spd_got_selfencap); in ipsec_check_ipsecin_action()
1804 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_latch() local
1818 *counter = DROPPER(ipss, ipds_spd_ah_badid); in ipsec_check_ipsecin_latch()
1827 *counter = DROPPER(ipss, ipds_spd_esp_badid); in ipsec_check_ipsecin_latch()
1864 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_ipsecin_policy() local
1867 counter = DROPPER(ipss, ipds_spd_got_secure); in ipsec_check_ipsecin_policy()
1890 counter = DROPPER(ipss, ipds_spd_ahesp_diffid); in ipsec_check_ipsecin_policy()
1919 &ipss->ipsec_spd_dropper); in ipsec_check_ipsecin_policy()
2090 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_find_policy() local
2092 p = ipsec_find_policy_head(NULL, &ipss->ipsec_system_policy, in ipsec_find_policy()
2125 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_check_global_policy() local
2133 policy_present = ipss->ipsec_inbound_v4_policy_present; in ipsec_check_global_policy()
2135 policy_present = ipss->ipsec_inbound_v6_policy_present; in ipsec_check_global_policy()
2168 counter = DROPPER(ipss, ipds_spd_nomem); in ipsec_check_global_policy()
2197 counter = DROPPER(ipss, ipds_spd_got_secure); in ipsec_check_global_policy()
2221 counter = DROPPER(ipss, ipds_spd_got_clear); in ipsec_check_global_policy()
2225 &ipss->ipsec_spd_dropper); in ipsec_check_global_policy()
2462 ipsec_stack_t *ipss; in ipsec_check_inbound_policy() local
2470 ipss = ns->netstack_ipsec; in ipsec_check_inbound_policy()
2486 DROPPER(ipss, ipds_spd_got_clear), in ipsec_check_inbound_policy()
2487 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2514 DROPPER(ipss, ipds_spd_got_clear), in ipsec_check_inbound_policy()
2515 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2552 DROPPER(ipss, ipds_spd_got_clear), in ipsec_check_inbound_policy()
2553 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2608 &ipss->ipsec_spd_dropper); in ipsec_check_inbound_policy()
2817 ip6_t *ip6h, int outer_hdr_len, ipsec_stack_t *ipss) in ipsec_init_outbound_ports() argument
2853 DROPPER(ipss, ipds_spd_nomem), in ipsec_init_outbound_ports()
2854 &ipss->ipsec_spd_dropper); in ipsec_init_outbound_ports()
2891 DROPPER(ipss, ipds_spd_nomem), in ipsec_init_outbound_ports()
2892 &ipss->ipsec_spd_dropper); in ipsec_init_outbound_ports()
3129 ipsec_stack_t *ipss = ns->netstack_ipsec; in selkey_hash() local
3137 ipss->ipsec_spd_hashsize)); in selkey_hash()
3143 ipss->ipsec_spd_hashsize)); in selkey_hash()
3175 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_act_find() local
3184 HASH_LOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3187 ipss->ipsec_action_hash, hval)) { in ipsec_act_find()
3195 HASH_UNLOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3204 HASH_UNLOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3209 HASH_INSERT(ap, ipa_hash, ipss->ipsec_action_hash, hval); in ipsec_act_find()
3240 HASH_UNLOCK(ipss->ipsec_action_hash, hval); in ipsec_act_find()
3306 ipsec_stack_t *ipss; in ipsec_action_reclaim() local
3314 if ((ipss = ns->netstack_ipsec) == NULL) { in ipsec_action_reclaim()
3318 ipsec_action_reclaim_stack(ipss); in ipsec_action_reclaim()
3336 ipsec_action_reclaim_stack(ipsec_stack_t *ipss) in ipsec_action_reclaim_stack() argument
3344 if (ipss->ipsec_action_hash[i].hash_head == NULL) in ipsec_action_reclaim_stack()
3347 HASH_LOCK(ipss->ipsec_action_hash, i); in ipsec_action_reclaim_stack()
3348 for (ap = ipss->ipsec_action_hash[i].hash_head; in ipsec_action_reclaim_stack()
3355 ipss->ipsec_action_hash, i); in ipsec_action_reclaim_stack()
3358 HASH_UNLOCK(ipss->ipsec_action_hash, i); in ipsec_action_reclaim_stack()
3371 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_find_sel() local
3385 ASSERT(!HASH_LOCKED(ipss->ipsec_sel_hash, bucket)); in ipsec_find_sel()
3386 HASH_LOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3388 for (HASH_ITERATE(sp, ipsl_hash, ipss->ipsec_sel_hash, bucket)) { in ipsec_find_sel()
3396 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3402 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3406 HASH_INSERT(sp, ipsl_hash, ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3415 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket); in ipsec_find_sel()
3425 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_sel_rel() local
3432 ASSERT(!HASH_LOCKED(ipss->ipsec_sel_hash, hval)); in ipsec_sel_rel()
3433 HASH_LOCK(ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3435 HASH_UNCHAIN(sp, ipsl_hash, ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3437 HASH_UNLOCK(ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3444 HASH_UNLOCK(ipss->ipsec_sel_hash, hval); in ipsec_sel_rel()
3474 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_policy_create() local
3477 index_ptr = &ipss->ipsec_next_policy_index; in ipsec_policy_create()
3508 ipsec_update_present_flags(ipsec_stack_t *ipss) in ipsec_update_present_flags() argument
3512 hashpol = (avl_numnodes(&ipss->ipsec_system_policy.iph_rulebyid) > 0); in ipsec_update_present_flags()
3515 ipss->ipsec_outbound_v4_policy_present = B_TRUE; in ipsec_update_present_flags()
3516 ipss->ipsec_outbound_v6_policy_present = B_TRUE; in ipsec_update_present_flags()
3517 ipss->ipsec_inbound_v4_policy_present = B_TRUE; in ipsec_update_present_flags()
3518 ipss->ipsec_inbound_v6_policy_present = B_TRUE; in ipsec_update_present_flags()
3522 ipss->ipsec_outbound_v4_policy_present = (NULL != in ipsec_update_present_flags()
3523 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_OUTBOUND]. in ipsec_update_present_flags()
3525 ipss->ipsec_outbound_v6_policy_present = (NULL != in ipsec_update_present_flags()
3526 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_OUTBOUND]. in ipsec_update_present_flags()
3528 ipss->ipsec_inbound_v4_policy_present = (NULL != in ipsec_update_present_flags()
3529 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_INBOUND]. in ipsec_update_present_flags()
3531 ipss->ipsec_inbound_v6_policy_present = (NULL != in ipsec_update_present_flags()
3532 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_INBOUND]. in ipsec_update_present_flags()
4205 ipsec_stack_t *ipss = ns->netstack_ipsec; in ip_output_attach_policy() local
4208 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen; in ip_output_attach_policy()
4213 policy_present = ipss->ipsec_outbound_v4_policy_present; in ip_output_attach_policy()
4215 policy_present = ipss->ipsec_outbound_v6_policy_present; in ip_output_attach_policy()
4233 if (!ipsec_init_outbound_ports(&sel, mp, ipha, ip6h, 0, ipss)) { in ip_output_attach_policy()
4280 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_conn_cache_policy() local
4283 ipss->ipsec_system_policy.iph_gen; in ipsec_conn_cache_policy()
4318 (ipss->ipsec_outbound_v4_policy_present || in ipsec_conn_cache_policy()
4319 ipss->ipsec_inbound_v4_policy_present) : in ipsec_conn_cache_policy()
4320 (ipss->ipsec_outbound_v6_policy_present || in ipsec_conn_cache_policy()
4321 ipss->ipsec_inbound_v6_policy_present); in ipsec_conn_cache_policy()
4413 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_cache_outbound_policy() local
4415 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen; in ipsec_cache_outbound_policy()
4437 (ipss->ipsec_outbound_v4_policy_present || in ipsec_cache_outbound_policy()
4438 ipss->ipsec_inbound_v4_policy_present) : in ipsec_cache_outbound_policy()
4439 (ipss->ipsec_outbound_v6_policy_present || in ipsec_cache_outbound_policy()
4440 ipss->ipsec_inbound_v6_policy_present); in ipsec_cache_outbound_policy()
4502 ipsec_stack_t *ipss = ixa->ixa_ipst->ips_netstack->netstack_ipsec; in ipsec_outbound_policy_current() local
4507 return (ixa->ixa_ipsec_policy_gen == ipss->ipsec_system_policy.iph_gen); in ipsec_outbound_policy_current()
4562 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_lookup() local
4565 bucket = &ipss->ipsec_ipsid_buckets[ipsid_hash(idtype, idstring)]; in ipsid_lookup()
4617 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_gc() local
4620 bucket = &ipss->ipsec_ipsid_buckets[i]; in ipsid_gc()
4665 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_init() local
4668 bucket = &ipss->ipsec_ipsid_buckets[i]; in ipsid_init()
4681 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsid_fini() local
4684 bucket = &ipss->ipsec_ipsid_buckets[i]; in ipsid_fini()
4705 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_alg_fix_min_max() local
4707 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); in ipsec_alg_fix_min_max()
5042 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_prov_update_callback_stack() local
5060 mutex_enter(&ipss->ipsec_alg_lock); in ipsec_prov_update_callback_stack()
5062 for (algidx = 0; algidx < ipss->ipsec_nalgs[algtype]; in ipsec_prov_update_callback_stack()
5065 algid = ipss->ipsec_sortlist[algtype][algidx]; in ipsec_prov_update_callback_stack()
5066 alg = ipss->ipsec_alglists[algtype][algid]; in ipsec_prov_update_callback_stack()
5123 mutex_exit(&ipss->ipsec_alg_lock); in ipsec_prov_update_callback_stack()
5194 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_tun_outbound() local
5241 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_outbound()
5242 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5280 outer_hdr_len, ipss); in ipsec_tun_outbound()
5300 DROPPER(ipss, in ipsec_tun_outbound()
5302 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5327 DROPPER(ipss, in ipsec_tun_outbound()
5329 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5344 inner_ipv4, inner_ipv6, outer_hdr_len, ipss)) { in ipsec_tun_outbound()
5390 DROPPER(ipss, ipds_spd_explicit), in ipsec_tun_outbound()
5391 &ipss->ipsec_spd_dropper); in ipsec_tun_outbound()
5558 ipsec_stack_t *ipss = ns->netstack_ipsec; in ipsec_tun_inbound() local
5564 global_present = ipss->ipsec_inbound_v4_policy_present; in ipsec_tun_inbound()
5567 global_present = ipss->ipsec_inbound_v6_policy_present; in ipsec_tun_inbound()
5608 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5609 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5618 DROPPER(ipss, ipds_spd_got_clear), in ipsec_tun_inbound()
5619 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5634 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5635 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5667 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5668 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5673 mp, data_mp, outer_hdr_len, ipss); in ipsec_tun_inbound()
5723 DROPPER(ipss, ipds_spd_nomem), in ipsec_tun_inbound()
5724 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5728 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_tun_inbound()
5729 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5793 DROPPER(ipss, ipds_spd_got_clear), in ipsec_tun_inbound()
5794 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5838 DROPPER(ipss, ipds_spd_explicit), in ipsec_tun_inbound()
5839 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5863 DROPPER(ipss, ipds_spd_got_secure), in ipsec_tun_inbound()
5864 &ipss->ipsec_spd_dropper); in ipsec_tun_inbound()
5954 ipsec_stack_t *ipss = ns->netstack_ipsec; in itp_unlink() local
5956 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER); in itp_unlink()
5957 ipss->ipsec_tunnel_policy_gen++; in itp_unlink()
5958 ipsec_fragcache_uninit(&node->itp_fragcache, ipss); in itp_unlink()
5959 avl_remove(&ipss->ipsec_tunnel_policies, node); in itp_unlink()
5960 rw_exit(&ipss->ipsec_tunnel_policy_lock); in itp_unlink()
5972 ipsec_stack_t *ipss = ns->netstack_ipsec; in get_tunnel_policy() local
5976 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_READER); in get_tunnel_policy()
5977 node = (ipsec_tun_pol_t *)avl_find(&ipss->ipsec_tunnel_policies, in get_tunnel_policy()
5982 rw_exit(&ipss->ipsec_tunnel_policy_lock); in get_tunnel_policy()
5996 ipsec_stack_t *ipss = ns->netstack_ipsec; in itp_walk() local
5998 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_READER); in itp_walk()
5999 for (node = avl_first(&ipss->ipsec_tunnel_policies); node != NULL; in itp_walk()
6000 node = AVL_NEXT(&ipss->ipsec_tunnel_policies, node)) { in itp_walk()
6003 rw_exit(&ipss->ipsec_tunnel_policy_lock); in itp_walk()
6012 ipsec_stack_t *ipss = ns->netstack_ipsec; in tunnel_polhead_init() local
6017 if (ipsec_alloc_table(iph, ipss->ipsec_tun_spd_hashsize, in tunnel_polhead_init()
6022 ipsec_polhead_init(iph, ipss->ipsec_tun_spd_hashsize); in tunnel_polhead_init()
6036 ipsec_stack_t *ipss = ns->netstack_ipsec; in create_tunnel_policy() local
6051 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER); in create_tunnel_policy()
6052 existing = (ipsec_tun_pol_t *)avl_find(&ipss->ipsec_tunnel_policies, in create_tunnel_policy()
6057 rw_exit(&ipss->ipsec_tunnel_policy_lock); in create_tunnel_policy()
6060 ipss->ipsec_tunnel_policy_gen++; in create_tunnel_policy()
6061 *gen = ipss->ipsec_tunnel_policy_gen; in create_tunnel_policy()
6064 avl_insert(&ipss->ipsec_tunnel_policies, newbie, where); in create_tunnel_policy()
6086 rw_exit(&ipss->ipsec_tunnel_policy_lock); in create_tunnel_policy()
6208 ipsec_fragcache_uninit(ipsec_fragcache_t *frag, ipsec_stack_t *ipss) in ipsec_fragcache_uninit() argument
6220 fep = fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_uninit()
6257 int outer_hdr_len, ipsec_stack_t *ipss) in ipsec_fragcache_add() argument
6288 DROPPER(ipss, ipds_spd_nomem), in ipsec_fragcache_add()
6289 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6317 DROPPER(ipss, ipds_spd_malformed_packet), in ipsec_fragcache_add()
6318 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6336 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6337 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6358 ipsec_fragcache_clean(frag, ipss); in ipsec_fragcache_add()
6413 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6416 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6417 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6427 ipsec_fragcache_clean(frag, ipss); in ipsec_fragcache_add()
6431 DROPPER(ipss, ipds_spd_nomem), in ipsec_fragcache_add()
6432 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6533 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6534 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6574 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6577 DROPPER(ipss, ipds_spd_overlap_frag), in ipsec_fragcache_add()
6578 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6596 DROPPER(ipss, ipds_spd_evil_frag), in ipsec_fragcache_add()
6597 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6638 ipss); in ipsec_fragcache_add()
6641 DROPPER(ipss, in ipsec_fragcache_add()
6643 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6680 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6686 DROPPER(ipss, ipds_spd_max_frags), in ipsec_fragcache_add()
6687 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6739 DROPPER(ipss, ipds_spd_malformed_frag), in ipsec_fragcache_add()
6740 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6789 (void) fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_add()
6798 DROPPER(ipss, ipds_spd_evil_frag), in ipsec_fragcache_add()
6799 &ipss->ipsec_spd_dropper); in ipsec_fragcache_add()
6828 ipsec_fragcache_clean(ipsec_fragcache_t *frag, ipsec_stack_t *ipss) in ipsec_fragcache_clean() argument
6847 fep = fragcache_delentry(i, fep, frag, ipss); in ipsec_fragcache_clean()
6863 (void) fragcache_delentry(earlyi, earlyfep, frag, ipss); in ipsec_fragcache_clean()
6868 ipsec_fragcache_t *frag, ipsec_stack_t *ipss) in fragcache_delentry() argument
6879 DROPPER(ipss, ipds_spd_expired_frags), in fragcache_delentry()
6880 &ipss->ipsec_spd_dropper); in fragcache_delentry()