Lines Matching refs:ahstack
115 #define ah1dbg(ahstack, a) if (ahstack->ipsecah_debug != 0) printf a
116 #define ah2dbg(ahstack, a) if (ahstack->ipsecah_debug > 1) printf a
117 #define ah3dbg(ahstack, a) if (ahstack->ipsecah_debug > 2) printf a
185 ah_kstat_init(ipsecah_stack_t *ahstack, netstackid_t stackid)
187 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
189 ahstack->ah_ksp = kstat_create_netstack("ipsecah", 0, "ah_stat", "net",
193 if (ahstack->ah_ksp == NULL || ahstack->ah_ksp->ks_data == NULL)
196 ahstack->ah_kstats = ahstack->ah_ksp->ks_data;
198 ahstack->ah_ksp->ks_update = ah_kstat_update;
199 ahstack->ah_ksp->ks_private = (void *)(uintptr_t)stackid;
202 #define KI(x) kstat_named_init(&(ahstack->ah_kstats->ah_stat_##x), #x, K64)
221 kstat_install(ahstack->ah_ksp);
266 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)arg;
267 netstack_t *ns = ahstack->ipsecah_netstack;
270 sadb_ager(&ahstack->ah_sadb.s_v4, ahstack->ah_pfkey_q,
271 ahstack->ipsecah_reap_delay, ns);
272 sadb_ager(&ahstack->ah_sadb.s_v6, ahstack->ah_pfkey_q,
273 ahstack->ipsecah_reap_delay, ns);
275 ahstack->ah_event = sadb_retimeout(begin, ahstack->ah_pfkey_q,
276 ah_ager, ahstack,
277 &ahstack->ipsecah_age_interval, ahstack->ipsecah_age_int_max,
294 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
296 mutex_enter(&ahstack->ipsecah_param_lock);
298 mutex_exit(&ahstack->ipsecah_param_lock);
318 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
331 mutex_enter(&ahstack->ipsecah_param_lock);
333 mutex_exit(&ahstack->ipsecah_param_lock);
344 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
346 ecomb->sadb_x_ecomb_soft_bytes = ahstack->ipsecah_default_soft_bytes;
347 ecomb->sadb_x_ecomb_hard_bytes = ahstack->ipsecah_default_hard_bytes;
349 ahstack->ipsecah_default_soft_addtime;
351 ahstack->ipsecah_default_hard_addtime;
353 ahstack->ipsecah_default_soft_usetime;
355 ahstack->ipsecah_default_hard_usetime;
406 ipsecah_stack_t *ahstack;
409 ahstack = (ipsecah_stack_t *)kmem_zalloc(sizeof (*ahstack), KM_SLEEP);
410 ahstack->ipsecah_netstack = ns;
413 ahstack->ipsecah_params = ahp;
416 (void) ipsecah_param_register(&ahstack->ipsecah_g_nd, ahp,
419 (void) ah_kstat_init(ahstack, stackid);
421 ahstack->ah_sadb.s_acquire_timeout = &ahstack->ipsecah_acquire_timeout;
422 ahstack->ah_sadb.s_acqfn = ah_send_acquire;
423 sadbp_init("AH", &ahstack->ah_sadb, SADB_SATYPE_AH, ah_hash_size,
424 ahstack->ipsecah_netstack);
426 mutex_init(&ahstack->ipsecah_param_lock, NULL, MUTEX_DEFAULT, 0);
428 ip_drop_register(&ahstack->ah_dropper, "IPsec AH");
429 return (ahstack);
448 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)arg;
450 if (ahstack->ah_pfkey_q != NULL) {
451 (void) quntimeout(ahstack->ah_pfkey_q, ahstack->ah_event);
453 ahstack->ah_sadb.s_acqfn = NULL;
454 ahstack->ah_sadb.s_acquire_timeout = NULL;
455 sadbp_destroy(&ahstack->ah_sadb, ahstack->ipsecah_netstack);
456 ip_drop_unregister(&ahstack->ah_dropper);
457 mutex_destroy(&ahstack->ipsecah_param_lock);
458 nd_free(&ahstack->ipsecah_g_nd);
460 kmem_free(ahstack->ipsecah_params, sizeof (lcl_param_arr));
461 ahstack->ipsecah_params = NULL;
462 kstat_delete_netstack(ahstack->ah_ksp, stackid);
463 ahstack->ah_ksp = NULL;
464 ahstack->ah_kstats = NULL;
466 kmem_free(ahstack, sizeof (*ahstack));
483 ipsecah_stack_t *ahstack;
496 ahstack = ns->netstack_ipsecah;
497 ASSERT(ahstack != NULL);
499 q->q_ptr = ahstack;
512 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
521 if (q == ahstack->ah_pfkey_q) {
522 ah1dbg(ahstack,
524 ahstack->ah_pfkey_q = NULL;
526 (void) quntimeout(q, ahstack->ah_event);
529 netstack_rele(ahstack->ipsecah_netstack);
538 ipsecah_stack_t *ahstack, cred_t *cr)
549 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
679 if (ahstack->ah_pfkey_q != NULL)
680 putnext(ahstack->ah_pfkey_q, mp);
697 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
703 (void) ah_register_out(0, 0, 0, ahstack, NULL);
740 ipsecah_stack_t *ahstack;
743 ahstack = ns->netstack_ipsecah;
745 ASSERT(ahstack != NULL);
771 int *diagnostic, ipsecah_stack_t *ahstack)
784 netstack_t *ns = ahstack->ipsecah_netstack;
791 sq.spp = &ahstack->ah_sadb;
937 rc = sadb_common_add(ahstack->ah_pfkey_q, mp,
939 diagnostic, ns, &ahstack->ah_sadb);
978 AH_BUMP_STAT(ahstack, out_discards);
981 &ahstack->ah_dropper);
984 AH_BUMP_STAT(ahstack, out_discards);
987 &ahstack->ah_dropper);
1007 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1012 AH_BUMP_STAT(ahstack, out_discards);
1015 &ahstack->ah_dropper);
1053 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1097 if (assoc->sadb_sa_flags & ~ahstack->ah_sadb.s_addflags) {
1130 ah1dbg(ahstack, ("Couldn't find auth alg #%d.\n",
1154 diagnostic, ahstack));
1165 ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
1178 rcode = sadb_update_sa(mp, ksi, &buf_pkt, &ahstack->ah_sadb,
1179 diagnostic, ahstack->ah_pfkey_q, ah_add_sa,
1180 ahstack->ipsecah_netstack, sadb_msg_type);
1187 HANDLE_BUF_PKT(ah_taskq, ahstack->ipsecah_netstack->netstack_ipsec,
1188 ahstack->ah_dropper, buf_pkt);
1200 ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
1219 (sin->sin_family == AF_INET6) ? &ahstack->ah_sadb.s_v6 :
1220 &ahstack->ah_sadb.s_v4, diagnostic, ahstack->ah_pfkey_q));
1223 return (sadb_delget_sa(mp, ksi, &ahstack->ah_sadb, diagnostic,
1224 ahstack->ah_pfkey_q, sadb_msg_type));
1233 ah_dump(mblk_t *mp, keysock_in_t *ksi, ipsecah_stack_t *ahstack)
1242 error = sadb_dump(ahstack->ah_pfkey_q, mp, ksi, &ahstack->ah_sadb.s_v4);
1246 error = sadb_dump(ahstack->ah_pfkey_q, mp, ksi, &ahstack->ah_sadb.s_v6);
1251 sadb_pfkey_echo(ahstack->ah_pfkey_q, mp,
1260 ipsecah_stack_t *ahstack)
1285 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL,
1302 ah_parse_pfkey(mblk_t *mp, ipsecah_stack_t *ahstack)
1319 if (!sadb_addrfix(ksi, ahstack->ah_pfkey_q, mp,
1320 ahstack->ipsecah_netstack) ||
1321 ah_pfkey_reality_failures(mp, ksi, ahstack)) {
1328 ahstack->ipsecah_netstack);
1330 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1338 error = ah_del_sa(mp, ksi, &diagnostic, ahstack,
1341 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1347 error = sadb_delget_sa(mp, ksi, &ahstack->ah_sadb, &diagnostic,
1348 ahstack->ah_pfkey_q, samsg->sadb_msg_type);
1350 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1356 sadbp_flush(&ahstack->ah_sadb, ahstack->ipsecah_netstack);
1357 sadb_pfkey_echo(ahstack->ah_pfkey_q, mp, samsg, ksi, NULL);
1368 ksi->ks_in_serial, ahstack, msg_getcred(mp, NULL))) {
1376 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM,
1386 error = ah_update_sa(mp, ksi, &diagnostic, ahstack,
1389 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1398 ah_getspi(mp, ksi, ahstack);
1406 sadb_in_acquire(samsg, &ahstack->ah_sadb, ahstack->ah_pfkey_q,
1407 ahstack->ipsecah_netstack);
1414 ah_dump(mp, ksi, ahstack);
1419 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EOPNOTSUPP,
1423 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL,
1434 ah_keysock_no_socket(mblk_t *mp, ipsecah_stack_t *ahstack)
1455 sadb_in_acquire(samsg, &ahstack->ah_sadb,
1456 WR(ahstack->ah_pfkey_q), ahstack->ipsecah_netstack);
1470 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
1472 ah3dbg(ahstack, ("In ah_wput().\n"));
1486 ah1dbg(ahstack, ("Got KEYSOCK_OUT_ERR message.\n"));
1487 ah_keysock_no_socket(mp, ahstack);
1490 AH_BUMP_STAT(ahstack, keysock_in);
1491 ah3dbg(ahstack, ("Got KEYSOCK_IN message.\n"));
1494 ah_parse_pfkey(mp, ahstack);
1497 sadb_keysock_hello(&ahstack->ah_pfkey_q, q, mp,
1498 ah_ager, (void *)ahstack, &ahstack->ah_event,
1502 ah1dbg(ahstack, ("Got M_CTL from above of 0x%x.\n",
1513 if (nd_getset(q, ahstack->ipsecah_g_nd, mp)) {
1532 ah3dbg(ahstack,
1556 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1577 sp = &ahstack->ah_sadb.s_v6;
1579 sp = &ahstack->ah_sadb.s_v4;
1655 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1659 return (sadb_age_bytes(ahstack->ah_pfkey_q, assoc, bytes,
1677 sp = &ahstack->ah_sadb.s_v6;
1679 sp = &ahstack->ah_sadb.s_v4;
1700 return (sadb_age_bytes(ahstack->ah_pfkey_q, inassoc,
1715 return (sadb_age_bytes(ahstack->ah_pfkey_q, outassoc,
1720 inrc = sadb_age_bytes(ahstack->ah_pfkey_q, inassoc, bytes, B_TRUE);
1721 outrc = sadb_age_bytes(ahstack->ah_pfkey_q, outassoc, bytes, B_FALSE);
1749 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1758 prop->sadb_prop_replay = ahstack->ipsecah_replay_size;
1817 ahstack->ipsecah_default_soft_bytes;
1819 ahstack->ipsecah_default_hard_bytes;
1821 ahstack->ipsecah_default_soft_addtime;
1823 ahstack->ipsecah_default_hard_addtime;
1825 ahstack->ipsecah_default_soft_usetime;
1827 ahstack->ipsecah_default_hard_usetime;
1846 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1849 AH_BUMP_STAT(ahstack, acquire_requests);
1851 if (ahstack->ah_pfkey_q == NULL) {
1887 putnext(ahstack->ah_pfkey_q, extended);
1889 putnext(ahstack->ah_pfkey_q, pfkeymp);
1897 ah_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecah_stack_t *ahstack)
1910 cl_inet_getspi(ahstack->ipsecah_netstack->netstack_stackid,
1917 ahstack->ipsecah_netstack, IPPROTO_AH);
1920 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM, diagnostic,
1924 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL, diagnostic,
1936 outbound = OUTBOUND_BUCKET_V6(&ahstack->ah_sadb.s_v6,
1938 inbound = INBOUND_BUCKET(&ahstack->ah_sadb.s_v6,
1941 outbound = OUTBOUND_BUCKET_V4(&ahstack->ah_sadb.s_v4,
1943 inbound = INBOUND_BUCKET(&ahstack->ah_sadb.s_v4,
1981 newbie->ipsa_hardexpiretime += ahstack->ipsecah_larval_timeout;
1993 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, rc,
2022 putnext(ahstack->ah_pfkey_q, mp);
2032 ah_icmp_error_v6(mblk_t *mp, ip_recv_attr_t *ira, ipsecah_stack_t *ahstack)
2042 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2056 &ahstack->ah_dropper);
2067 &ahstack->ah_dropper);
2072 isaf = OUTBOUND_BUCKET_V6(&ahstack->ah_sadb.s_v6, ip6h->ip6_dst);
2081 if (ahstack->ipsecah_log_unknown_spi) {
2088 ahstack->ipsecah_netstack);
2092 &ahstack->ah_dropper);
2114 &ahstack->ah_dropper);
2134 ah_icmp_error_v4(mblk_t *mp, ip_recv_attr_t *ira, ipsecah_stack_t *ahstack)
2149 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2164 ipsec_rl_strlog(ahstack->ipsecah_netstack,
2171 &ahstack->ah_dropper);
2181 hptr = OUTBOUND_BUCKET_V4(&ahstack->ah_sadb.s_v4, ipha->ipha_dst);
2190 if (ahstack->ipsecah_log_unknown_spi) {
2197 ahstack->ipsecah_netstack);
2201 &ahstack->ah_dropper);
2240 &ahstack->ah_dropper);
2265 &ahstack->ah_dropper);
2305 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
2308 return (ah_icmp_error_v4(data_mp, ira, ahstack));
2310 return (ah_icmp_error_v6(data_mp, ira, ahstack));
2549 int ah_data_sz, int ah_align_sz, ipsecah_stack_t *ahstack)
2588 ahstack->ipsecah_netstack);
2639 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
2660 AH_BUMP_STAT(ahstack, bad_auth);
2664 assoc->ipsa_spi, addr, af, ahstack->ipsecah_netstack);
2669 &ahstack->ah_dropper);
2683 ipsecah_stack_t *ahstack;
2716 ahstack = ns->netstack_ipsecah;
2730 ah1dbg(ahstack,
2733 AH_BUMP_STAT(ahstack, crypto_failures);
2734 AH_BUMP_STAT(ahstack, out_discards);
2738 &ahstack->ah_dropper);
2757 ipsecah_stack_t *ahstack;
2783 ahstack = ns->netstack_ipsecah;
2797 ah1dbg(ahstack,
2800 AH_BUMP_STAT(ahstack, crypto_failures);
2804 &ahstack->ah_dropper);
2817 ill_t *ill, ipsecah_stack_t *ahstack)
2819 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2821 ah1dbg(ahstack, ("crypto failed for %s AH with 0x%x\n",
2825 &ahstack->ah_dropper);
2826 AH_BUMP_STAT(ahstack, crypto_failures);
2830 AH_BUMP_STAT(ahstack, out_discards);
2873 ipsecah_stack_t *ahstack;
2877 ahstack = ira->ira_ill->ill_ipst->ips_netstack->netstack_ipsecah;
2925 AH_BUMP_STAT(ahstack, crypto_sync);
2935 AH_BUMP_STAT(ahstack, crypto_async);
2939 AH_BUMP_STAT(ahstack, crypto_sync);
2955 ah_crypto_failed(phdr_mp, B_TRUE, kef_rc, ira->ira_ill, ahstack);
2971 ipsecah_stack_t *ahstack;
2976 ahstack = ill->ill_ipst->ips_netstack->netstack_ipsecah;
3021 AH_BUMP_STAT(ahstack, crypto_sync);
3031 AH_BUMP_STAT(ahstack, crypto_async);
3040 ah_crypto_failed(phdr_mp, B_FALSE, kef_rc, NULL, ahstack);
3052 uint_t ah_data_sz, boolean_t outbound, ipsecah_stack_t *ahstack)
3145 assoc, ah_data_sz, ah_align_sz, ahstack)) {
3168 uint_t ah_data_sz, boolean_t outbound, ipsecah_stack_t *ahstack)
3333 ah1dbg(ahstack, ("AH : bad IPv4 option"));
3353 assoc, ah_data_sz, ah_align_sz, ahstack)) {
3388 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3401 AH_BUMP_STAT(ahstack, out_requests);
3422 &ahstack->ah_dropper);
3431 DROPPER(ipss, ipds_ah_nomem), &ahstack->ah_dropper);
3463 ahstack->ipsecah_netstack);
3484 &length_to_skip, assoc->ipsa_mac_len, B_TRUE, ahstack);
3487 &length_to_skip, assoc->ipsa_mac_len, B_TRUE, ahstack);
3491 AH_BUMP_STAT(ahstack, out_discards);
3494 &ahstack->ah_dropper);
3530 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3547 AH_BUMP_STAT(ahstack, replay_early_failures);
3551 &ahstack->ah_dropper);
3582 &ahstack->ah_dropper);
3594 &length_to_skip, assoc->ipsa_mac_len, B_FALSE, ahstack);
3597 &length_to_skip, assoc->ipsa_mac_len, B_FALSE, ahstack);
3606 &ahstack->ah_dropper);
3643 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3653 &ahstack->ah_dropper);
3662 &ahstack->ah_dropper);
3692 ah3dbg(ahstack, ("AH succeeded, checking replay\n"));
3693 AH_BUMP_STAT(ahstack, good_auth);
3714 AH_BUMP_STAT(ahstack, replay_failures);
3718 assoc->ipsa_spi, addr, af, ahstack->ipsecah_netstack);
3743 AF_INET, ahstack->ipsecah_netstack);
3744 AH_BUMP_STAT(ahstack, bytes_expired);
3773 AF_INET6, ahstack->ipsecah_netstack);
3774 AH_BUMP_STAT(ahstack, bytes_expired);
3835 DROPPER(ipss, ipds_ah_nomem), &ahstack->ah_dropper);
3855 &ahstack->ah_dropper);
3877 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3888 &ahstack->ah_dropper);
3989 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3992 if (ahstack->ipsecah_log_unknown_spi) {
3994 addr, af, ahstack->ipsecah_netstack);
3999 &ahstack->ah_dropper);