Lines Matching full:env
40 config_new_sa(struct iked *env, int initiator)
63 ikestat_inc(env, ikes_sa_created);
112 config_free_sa(struct iked *env, struct iked_sa *sa)
116 timer_del(env, &sa->sa_timer);
117 timer_del(env, &sa->sa_keepalive);
118 timer_del(env, &sa->sa_rekey);
122 config_free_childsas(env, &sa->sa_childsas, NULL, NULL);
123 sa_configure_iface(env, sa, 0);
124 sa_free_flows(env, &sa->sa_flows);
126 iked_radius_acct_stop(env, sa);
129 (void)RB_REMOVE(iked_addrpool, &env->sc_addrpool, sa);
133 (void)RB_REMOVE(iked_addrpool6, &env->sc_addrpool6, sa);
139 policy_unref(env, sa->sa_policy);
142 ikev2_msg_flushqueue(env, &sa->sa_requests);
143 ikev2_msg_flushqueue(env, &sa->sa_responses);
190 ikestat_dec(env, ikes_sa_established_current);
191 ikestat_inc(env, ikes_sa_removed);
195 iked_radius_request_free(env, sa->sa_radreq);
201 config_new_policy(struct iked *env)
219 config_free_policy(struct iked *env, struct iked_policy *pol)
233 TAILQ_REMOVE(&env->sc_policies, pol, pol_entry);
237 policy_ref(env, pol);
256 config_free_flows(env, &pol->pol_flows);
309 config_free_flows(struct iked *env, struct iked_flows *head)
321 config_free_childsas(struct iked *env, struct iked_childsas *head,
344 RB_REMOVE(iked_activesas, &env->sc_activesas, csa);
345 (void)pfkey_sa_delete(env, csa);
350 (void)pfkey_sa_delete(env, ipcomp);
354 ikestat_inc(env, ikes_csa_removed);
467 config_new_user(struct iked *env, struct iked_user *new)
476 if ((old = RB_INSERT(iked_users, &env->sc_users, usr)) != NULL) {
495 config_setcoupled(struct iked *env, unsigned int couple)
500 proc_compose(&env->sc_ps, PROC_IKEV2, type, NULL, 0);
506 config_getcoupled(struct iked *env, unsigned int type)
508 return (pfkey_couple(env, &env->sc_sas,
513 config_setmode(struct iked *env, unsigned int passive)
524 proc_compose(&env->sc_ps, PROC_CERT, type, NULL, 0);
530 config_getmode(struct iked *env, unsigned int type)
535 old = env->sc_passive ? 1 : 0;
536 env->sc_passive = type == IMSG_CTL_PASSIVE ? 1 : 0;
538 if (old == env->sc_passive)
542 mode[old], mode[env->sc_passive]);
548 config_setreset(struct iked *env, unsigned int mode, enum privsep_procid id)
550 proc_compose(&env->sc_ps, id, IMSG_CTL_RESET, &mode, sizeof(mode));
555 config_getreset(struct iked *env, struct imsg *imsg)
562 return (config_doreset(env, mode));
566 config_doreset(struct iked *env, unsigned int mode)
574 TAILQ_FOREACH_SAFE(pol, &env->sc_policies, pol_entry, poltmp) {
575 config_free_policy(env, pol);
581 while ((sa = RB_MIN(iked_sas, &env->sc_sas))) {
584 ikev2_ike_sa_delete(env, sa) != 0) {
585 RB_REMOVE(iked_sas, &env->sc_sas, sa);
587 sa_dstid_remove(env, sa);
588 config_free_sa(env, sa);
595 while ((usr = RB_MIN(iked_users, &env->sc_users))) {
596 RB_REMOVE(iked_users, &env->sc_users, usr);
608 TAILQ_FOREACH_SAFE(rad, &env->sc_radauthservers, rs_entry,
612 TAILQ_REMOVE(&env->sc_radauthservers, rad, rs_entry);
614 iked_radius_request_free(env, req);
617 TAILQ_FOREACH_SAFE(rad, &env->sc_radacctservers, rs_entry,
621 TAILQ_REMOVE(&env->sc_radacctservers, rad, rs_entry);
623 iked_radius_request_free(env, req);
626 TAILQ_FOREACH_SAFE(cfg, &env->sc_radcfgmaps, entry, cfgt) {
627 TAILQ_REMOVE(&env->sc_radcfgmaps, cfg, entry);
630 TAILQ_FOREACH_SAFE(dae, &env->sc_raddaes, rd_entry, daet) {
633 TAILQ_REMOVE(&env->sc_raddaes, dae, rd_entry);
636 TAILQ_FOREACH_SAFE(client, &env->sc_raddaeclients, rc_entry,
638 TAILQ_REMOVE(&env->sc_raddaeclients, client, rc_entry);
651 config_setsocket(struct iked *env, struct sockaddr_storage *ss,
658 proc_compose_imsg(&env->sc_ps, id, -1,
664 config_getsocket(struct iked *env, struct imsg *imsg,
676 sock->sock_env = env;
682 sock0 = &env->sc_sock4[0];
683 sock1 = &env->sc_sock4[1];
686 sock0 = &env->sc_sock6[0];
687 sock1 = &env->sc_sock6[1];
708 config_enablesocket(struct iked *env)
713 for (i = 0; i < nitems(env->sc_sock4); i++)
714 if ((sock = env->sc_sock4[i]) != NULL)
716 for (i = 0; i < nitems(env->sc_sock6); i++)
717 if ((sock = env->sc_sock6[i]) != NULL)
722 config_setpfkey(struct iked *env)
726 if ((s = pfkey_socket(env)) == -1)
728 proc_compose_imsg(&env->sc_ps, PROC_IKEV2, -1,
734 config_getpfkey(struct iked *env, struct imsg *imsg)
739 pfkey_init(env, fd);
744 config_setuser(struct iked *env, struct iked_user *usr, enum privsep_procid id)
746 if (env->sc_opts & IKED_OPT_NOACTION) {
751 proc_compose(&env->sc_ps, id, IMSG_CFG_USER, usr, sizeof(*usr));
756 config_getuser(struct iked *env, struct imsg *imsg)
764 if (config_new_user(env, &usr) != NULL) {
774 config_setpolicy(struct iked *env, struct iked_policy *pol,
809 if (env->sc_opts & IKED_OPT_NOACTION)
812 if (proc_composev(&env->sc_ps, id, IMSG_CFG_POLICY, iov,
822 config_setflow(struct iked *env, struct iked_policy *pol,
828 if (env->sc_opts & IKED_OPT_NOACTION)
837 if (proc_composev(&env->sc_ps, id, IMSG_CFG_FLOW,
848 config_getpolicy(struct iked *env, struct imsg *imsg)
894 TAILQ_INSERT_TAIL(&env->sc_policies, pol, pol_entry);
898 if (env->sc_defaultcon != NULL)
899 config_free_policy(env, env->sc_defaultcon);
900 env->sc_defaultcon = pol;
907 config_getflow(struct iked *env, struct imsg *imsg)
921 TAILQ_FOREACH(pol, &env->sc_policies, pol_entry) {
946 config_setcompile(struct iked *env, enum privsep_procid id)
948 if (env->sc_opts & IKED_OPT_NOACTION)
951 proc_compose(&env->sc_ps, id, IMSG_COMPILE, NULL, 0);
956 config_getcompile(struct iked *env)
962 policy_calc_skip_steps(&env->sc_policies);
969 config_setstatic(struct iked *env)
971 proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CTL_STATIC,
972 &env->sc_static, sizeof(env->sc_static));
973 proc_compose(&env->sc_ps, PROC_CERT, IMSG_CTL_STATIC,
974 &env->sc_static, sizeof(env->sc_static));
979 config_getstatic(struct iked *env, struct imsg *imsg)
981 IMSG_SIZE_CHECK(imsg, &env->sc_static);
982 memcpy(&env->sc_static, imsg->data, sizeof(env->sc_static));
984 log_debug("%s: dpd_check_interval %llu", __func__, env->sc_alive_timeout);
986 env->sc_enforcesingleikesa ? "" : "no ");
987 log_debug("%s: %sfragmentation", __func__, env->sc_frag ? "" : "no ");
988 log_debug("%s: %smobike", __func__, env->sc_mobike ? "" : "no ");
989 log_debug("%s: nattport %u", __func__, env->sc_nattport);
991 env->sc_stickyaddress ? "" : "no ");
993 ikev2_reset_alive_timer(env);
999 config_setocsp(struct iked *env)
1004 if (env->sc_opts & IKED_OPT_NOACTION)
1007 iov[0].iov_base = &env->sc_ocsp_tolerate;
1008 iov[0].iov_len = sizeof(env->sc_ocsp_tolerate);
1010 iov[1].iov_base = &env->sc_ocsp_maxage;
1011 iov[1].iov_len = sizeof(env->sc_ocsp_maxage);
1013 if (env->sc_ocsp_url) {
1014 iov[2].iov_base = env->sc_ocsp_url;
1015 iov[2].iov_len = strlen(env->sc_ocsp_url);
1018 return (proc_composev(&env->sc_ps, PROC_CERT, IMSG_OCSP_CFG,
1023 config_getocsp(struct iked *env, struct imsg *imsg)
1028 free(env->sc_ocsp_url);
1033 need = sizeof(env->sc_ocsp_tolerate);
1036 memcpy(&env->sc_ocsp_tolerate, ptr, need);
1041 need = sizeof(env->sc_ocsp_maxage);
1044 memcpy(&env->sc_ocsp_maxage, ptr, need);
1050 env->sc_ocsp_url = get_string(ptr, have);
1052 env->sc_ocsp_url = NULL;
1054 env->sc_ocsp_url ? env->sc_ocsp_url : "none",
1055 env->sc_ocsp_tolerate, env->sc_ocsp_maxage);
1060 config_setkeys(struct iked *env)
1097 if (proc_composev(&env->sc_ps, PROC_CERT, IMSG_PRIVKEY, iov, 2) == -1) {
1107 if (proc_composev(&env->sc_ps, PROC_CERT, IMSG_PUBKEY, iov, 2) == -1) {
1125 config_getkey(struct iked *env, struct imsg *imsg)
1140 ca_getkey(&env->sc_ps, &id, imsg->hdr.type);
1146 config_setradauth(struct iked *env)
1148 proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CFG_RADAUTH,
1149 &env->sc_radauth, sizeof(env->sc_radauth));
1154 config_getradauth(struct iked *env, struct imsg *imsg)
1159 memcpy(&env->sc_radauth, imsg->data, sizeof(struct iked_radopts));
1165 config_setradacct(struct iked *env)
1167 proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CFG_RADACCT,
1168 &env->sc_radacct, sizeof(env->sc_radacct));
1173 config_getradacct(struct iked *env, struct imsg *imsg)
1178 memcpy(&env->sc_radacct, imsg->data, sizeof(struct iked_radopts));
1184 config_setradserver(struct iked *env, struct sockaddr *sa, socklen_t salen,
1191 if (env->sc_opts & IKED_OPT_NOACTION)
1209 proc_composev_imsg(&env->sc_ps, PROC_IKEV2, -1, IMSG_CFG_RADSERVER, -1,
1220 config_getradserver(struct iked *env, struct imsg *imsg)
1237 server->rs_env = env;
1240 TAILQ_INSERT_TAIL(&env->sc_radauthservers, server, rs_entry);
1242 TAILQ_INSERT_TAIL(&env->sc_radacctservers, server, rs_entry);
1251 config_setradcfgmap(struct iked *env, int cfg_type, uint32_t vendor_id,
1256 if (env->sc_opts & IKED_OPT_NOACTION)
1263 proc_compose_imsg(&env->sc_ps, PROC_IKEV2, -1, IMSG_CFG_RADCFGMAP, -1,
1270 config_getradcfgmap(struct iked *env, struct imsg *imsg)
1281 if (TAILQ_EMPTY(&env->sc_radcfgmaps)) {
1295 TAILQ_CONCAT(&env->sc_radcfgmaps, &cfgmaps, entry);
1299 TAILQ_FOREACH(cfgmap, &env->sc_radcfgmaps, entry) {
1313 TAILQ_INSERT_TAIL(&env->sc_radcfgmaps, cfgmap, entry);
1319 config_setraddae(struct iked *env, struct sockaddr *sa, socklen_t salen)
1324 if (env->sc_opts & IKED_OPT_NOACTION)
1344 proc_compose_imsg(&env->sc_ps, PROC_IKEV2, -1, IMSG_CFG_RADDAE, -1,
1355 config_getraddae(struct iked *env, struct imsg *imsg)
1368 dae->rd_env = env;
1374 TAILQ_INSERT_TAIL(&env->sc_raddaes, dae, rd_entry);
1380 config_setradclient(struct iked *env, struct sockaddr *sa, socklen_t salen,
1396 proc_composev_imsg(&env->sc_ps, PROC_IKEV2, -1, IMSG_CFG_RADDAECLIENT,
1403 config_getradclient(struct iked *env, struct imsg *imsg)
1419 TAILQ_INSERT_TAIL(&env->sc_raddaeclients, client, rc_entry);