Lines Matching refs:espstack
127 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a
128 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a
129 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a
210 * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if
211 * kstat_create_netstack for espstack->esp_ksp succeeds, but when it
216 #define ESP_BUMP_STAT(espstack, x) \
218 if (espstack->esp_kstats != NULL) \
219 (espstack->esp_kstats->esp_stat_ ## x).value.ui64++; \
223 #define ESP_DEBUMP_STAT(espstack, x) \
225 if (espstack->esp_kstats != NULL) \
226 (espstack->esp_kstats->esp_stat_ ## x).value.ui64--; \
233 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
235 espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
240 if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
243 espstack->esp_kstats = espstack->esp_ksp->ks_data;
245 espstack->esp_ksp->ks_update = esp_kstat_update;
246 espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid;
249 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64)
272 kstat_install(espstack->esp_ksp);
373 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
374 netstack_t *ns = espstack->ipsecesp_netstack;
377 sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q,
378 espstack->ipsecesp_reap_delay, ns);
379 sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q,
380 espstack->ipsecesp_reap_delay, ns);
382 espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q,
383 esp_ager, espstack,
384 &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max,
401 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
403 mutex_enter(&espstack->ipsecesp_param_lock);
405 mutex_exit(&espstack->ipsecesp_param_lock);
425 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
438 mutex_enter(&espstack->ipsecesp_param_lock);
440 mutex_exit(&espstack->ipsecesp_param_lock);
451 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
453 ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes;
454 ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes;
456 espstack->ipsecesp_default_soft_addtime;
458 espstack->ipsecesp_default_hard_addtime;
460 espstack->ipsecesp_default_soft_usetime;
462 espstack->ipsecesp_default_hard_usetime;
512 ipsecesp_stack_t *espstack;
515 espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack),
517 espstack->ipsecesp_netstack = ns;
520 espstack->ipsecesp_params = espp;
523 (void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp,
526 (void) esp_kstat_init(espstack, stackid);
528 espstack->esp_sadb.s_acquire_timeout =
529 &espstack->ipsecesp_acquire_timeout;
530 espstack->esp_sadb.s_acqfn = esp_send_acquire;
531 sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size,
532 espstack->ipsecesp_netstack);
534 mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0);
536 ip_drop_register(&espstack->esp_dropper, "IPsec ESP");
537 return (espstack);
556 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
558 if (espstack->esp_pfkey_q != NULL) {
559 (void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event);
561 espstack->esp_sadb.s_acqfn = NULL;
562 espstack->esp_sadb.s_acquire_timeout = NULL;
563 sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack);
564 ip_drop_unregister(&espstack->esp_dropper);
565 mutex_destroy(&espstack->ipsecesp_param_lock);
566 nd_free(&espstack->ipsecesp_g_nd);
568 kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr));
569 espstack->ipsecesp_params = NULL;
570 kstat_delete_netstack(espstack->esp_ksp, stackid);
571 espstack->esp_ksp = NULL;
572 espstack->esp_kstats = NULL;
573 kmem_free(espstack, sizeof (*espstack));
590 ipsecesp_stack_t *espstack;
603 espstack = ns->netstack_ipsecesp;
604 ASSERT(espstack != NULL);
606 q->q_ptr = espstack;
619 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
628 if (q == espstack->esp_pfkey_q) {
629 esp1dbg(espstack,
631 espstack->esp_pfkey_q = NULL;
633 (void) quntimeout(q, espstack->esp_event);
636 netstack_rele(espstack->ipsecesp_netstack);
656 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
660 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes,
677 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
698 return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc,
713 return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc,
718 inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE);
719 outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE);
791 kstat_named_t **counter, ipsecesp_stack_t *espstack)
799 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
845 ESP_BUMP_STAT(espstack, bad_decrypt);
846 ipsec_rl_strlog(espstack->ipsecesp_netstack,
850 esp1dbg(espstack, ("padlen (%d) is greater than:\n",
852 esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp "
895 ESP_BUMP_STAT(espstack, bad_decrypt);
896 ipsec_rl_strlog(espstack->ipsecesp_netstack,
900 esp1dbg(espstack, ("padlen (%d) is greater than:\n",
902 esp1dbg(espstack,
922 if (espstack->ipsecesp_padding_check > 0 && padlen > 0) {
930 ipsec_rl_strlog(espstack->ipsecesp_netstack,
933 esp1dbg(espstack,
936 ESP_BUMP_STAT(espstack, bad_padding);
949 if (espstack->ipsecesp_padding_check > 1) {
965 espstack->ipsecesp_netstack,
969 esp1dbg(espstack,
972 ESP_BUMP_STAT(espstack, bad_padding);
1030 esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n"));
1031 esp2dbg(espstack, (dump_msg(data_mp)));
1052 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1072 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
1141 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1156 ESP_BUMP_STAT(espstack, replay_early_failures);
1160 &espstack->esp_dropper);
1195 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1204 prop->sadb_prop_replay = espstack->ipsecesp_replay_size;
1281 espstack->ipsecesp_default_soft_bytes;
1283 espstack->ipsecesp_default_hard_bytes;
1285 espstack->ipsecesp_default_soft_addtime;
1287 espstack->ipsecesp_default_hard_addtime;
1289 espstack->ipsecesp_default_soft_usetime;
1291 espstack->ipsecesp_default_hard_usetime;
1310 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1313 ESP_BUMP_STAT(espstack, acquire_requests);
1315 if (espstack->esp_pfkey_q == NULL) {
1352 putnext(espstack->esp_pfkey_q, extended);
1354 putnext(espstack->esp_pfkey_q, pfkeymp);
1362 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
1375 cl_inet_getspi(espstack->ipsecesp_netstack->netstack_stackid,
1382 espstack->ipsecesp_netstack, IPPROTO_ESP);
1385 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic,
1389 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
1401 outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6,
1403 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6,
1407 outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4,
1409 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4,
1448 espstack->ipsecesp_larval_timeout;
1460 sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc,
1490 putnext(espstack->esp_pfkey_q, mp);
1499 ipsecesp_stack_t *espstack)
1516 esp1dbg(espstack,
1578 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp;
1601 bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4),
1627 ESP_BUMP_STAT(espstack, sa_port_renumbers);
1650 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1690 ESP_BUMP_STAT(espstack, good_auth);
1712 assoc->ipsa_addrfam, espstack->ipsecesp_netstack);
1713 ESP_BUMP_STAT(espstack, replay_failures);
1733 espstack->ipsecesp_netstack);
1734 ESP_BUMP_STAT(espstack, bytes_expired);
1745 ivlen, &counter, espstack)) {
1751 &espstack->esp_dropper);
1772 esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n"));
1776 &espstack->esp_dropper);
1790 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1797 ESP_BUMP_STAT(espstack, bad_auth);
1802 espstack->ipsecesp_netstack);
1807 &espstack->esp_dropper);
1862 ipsecesp_stack_t *espstack;
1896 espstack = ns->netstack_ipsecesp;
1923 esp1dbg(espstack,
1926 ESP_BUMP_STAT(espstack, crypto_failures);
1927 ESP_BUMP_STAT(espstack, out_discards);
1930 &espstack->esp_dropper);
1948 ipsecesp_stack_t *espstack;
1976 espstack = ns->netstack_ipsecesp;
1989 esp1dbg(espstack,
1992 ESP_BUMP_STAT(espstack, crypto_failures);
1996 &espstack->esp_dropper);
2009 ill_t *ill, ipsecesp_stack_t *espstack)
2011 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
2013 esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n",
2017 &espstack->esp_dropper);
2018 ESP_BUMP_STAT(espstack, crypto_failures);
2022 ESP_BUMP_STAT(espstack, out_discards);
2088 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2120 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper);
2215 ESP_BUMP_STAT(espstack, crypto_sync);
2225 ESP_BUMP_STAT(espstack, crypto_async);
2232 ESP_BUMP_STAT(espstack, crypto_sync);
2244 esp_crypto_failed(esp_mp, B_TRUE, kef_rc, ira->ira_ill, espstack);
2409 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2416 esp3dbg(espstack, ("esp_submit_req_outbound:%s",
2449 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper);
2574 ESP_BUMP_STAT(espstack, crypto_sync);
2585 ESP_BUMP_STAT(espstack, crypto_async);
2594 esp_crypto_failed(data_mp, B_FALSE, kef_rc, NULL, espstack);
2623 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2628 ESP_BUMP_STAT(espstack, out_requests);
2644 &espstack->esp_dropper);
2667 &espstack->esp_dropper);
2676 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper);
2781 &espstack->esp_dropper);
2790 ESP_BUMP_STAT(espstack, out_discards);
2791 esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n"));
2794 &espstack->esp_dropper);
2804 esp3dbg(espstack, ("esp_outbound: NATT"));
2831 espstack->ipsecesp_netstack);
2833 ESP_BUMP_STAT(espstack, out_discards);
2837 &espstack->esp_dropper);
2866 if (!update_iv((uint8_t *)iv_ptr, espstack->esp_pfkey_q, assoc,
2867 espstack)) {
2869 DROPPER(ipss, ipds_esp_iv_wrap), &espstack->esp_dropper);
2899 esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n"));
2900 esp2dbg(espstack, (dump_msg(data_mp)));
2902 if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) {
2903 ESP_BUMP_STAT(espstack, out_discards);
2907 &espstack->esp_dropper);
2921 ESP_BUMP_STAT(espstack, out_discards);
2925 &espstack->esp_dropper);
2945 esp2dbg(espstack, ("data_Mp before encryption:\n"));
2946 esp2dbg(espstack, (dump_msg(data_mp)));
2975 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2995 &espstack->esp_dropper);
3006 ipsecesp_stack_t *espstack, cred_t *cr)
3021 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
3210 if (espstack->esp_pfkey_q != NULL)
3211 putnext(espstack->esp_pfkey_q, keysock_out_mp);
3228 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3234 (void) esp_register_out(0, 0, 0, espstack, NULL);
3271 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3273 esp2dbg(espstack, ("in ESP inbound_task"));
3274 ASSERT(espstack != NULL);
3302 int *diagnostic, ipsecesp_stack_t *espstack)
3314 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
3319 sq.spp = &espstack->esp_sadb; /* XXX */
3427 espstack->ipsecesp_netstack);
3461 rc = sadb_common_add(espstack->esp_pfkey_q,
3463 diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb);
3502 ESP_BUMP_STAT(espstack, out_discards);
3505 &espstack->esp_dropper);
3508 ESP_BUMP_STAT(espstack, out_discards);
3511 &espstack->esp_dropper);
3530 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3535 ESP_BUMP_STAT(espstack, out_discards);
3538 &espstack->esp_dropper);
3586 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3645 if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) {
3710 esp1dbg(espstack, ("Couldn't find auth alg #%d.\n",
3749 esp1dbg(espstack, ("Couldn't find encr alg #%d.\n",
3785 diagnostic, espstack));
3795 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3809 rcode = sadb_update_sa(mp, ksi, &buf_pkt, &espstack->esp_sadb,
3810 diagnostic, espstack->esp_pfkey_q, esp_add_sa,
3811 espstack->ipsecesp_netstack, sadb_msg_type);
3818 HANDLE_BUF_PKT(esp_taskq, espstack->ipsecesp_netstack->netstack_ipsec,
3819 espstack->esp_dropper, buf_pkt);
3831 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3850 (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 :
3851 &espstack->esp_sadb.s_v4, diagnostic,
3852 espstack->esp_pfkey_q));
3855 return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic,
3856 espstack->esp_pfkey_q, sadb_msg_type));
3865 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
3874 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi,
3875 &espstack->esp_sadb.s_v4);
3879 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi,
3880 &espstack->esp_sadb.s_v6);
3885 sadb_pfkey_echo(espstack->esp_pfkey_q, mp,
3894 ipsecesp_stack_t *espstack)
3910 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
3927 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack)
3944 if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp,
3945 espstack->ipsecesp_netstack) ||
3946 esp_pfkey_reality_failures(mp, ksi, espstack)) {
3953 espstack->ipsecesp_netstack);
3955 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3963 error = esp_del_sa(mp, ksi, &diagnostic, espstack,
3966 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3972 error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb,
3973 &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type);
3975 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3981 sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack);
3982 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL);
3993 ksi->ks_in_serial, espstack, msg_getcred(mp, NULL))) {
4001 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM,
4011 error = esp_update_sa(mp, ksi, &diagnostic, espstack,
4014 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
4023 esp_getspi(mp, ksi, espstack);
4031 sadb_in_acquire(samsg, &espstack->esp_sadb,
4032 espstack->esp_pfkey_q, espstack->ipsecesp_netstack);
4039 esp_dump(mp, ksi, espstack);
4044 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP,
4048 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL,
4059 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack)
4080 sadb_in_acquire(samsg, &espstack->esp_sadb,
4081 WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack);
4095 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
4097 esp3dbg(espstack, ("In esp_wput().\n"));
4111 esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n"));
4112 esp_keysock_no_socket(mp, espstack);
4115 ESP_BUMP_STAT(espstack, keysock_in);
4116 esp3dbg(espstack, ("Got KEYSOCK_IN message.\n"));
4119 esp_parse_pfkey(mp, espstack);
4122 sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp,
4123 esp_ager, (void *)espstack, &espstack->esp_event,
4127 esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n",
4138 if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) {
4157 esp3dbg(espstack,
4173 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
4176 if (espstack->ipsecesp_log_unknown_spi) {
4178 addr, af, espstack->ipsecesp_netstack);
4183 &espstack->esp_dropper);