Lines Matching defs:assoc
352 sadb_delete_cluster(ipsa_t *assoc)
357 ((assoc->ipsa_state == IPSA_STATE_LARVAL) ||
358 (assoc->ipsa_state == IPSA_STATE_MATURE))) {
359 protocol = (assoc->ipsa_type == SADB_SATYPE_AH) ?
361 cl_inet_deletespi(assoc->ipsa_netstack->netstack_stackid,
362 protocol, assoc->ipsa_spi, NULL);
1084 sadb_sa_t *assoc;
1261 assoc = (sadb_sa_t *)(newsamsg + 1);
1262 assoc->sadb_sa_len = SADB_8TO64(sizeof (*assoc));
1263 assoc->sadb_sa_exttype = SADB_EXT_SA;
1264 assoc->sadb_sa_spi = ipsa->ipsa_spi;
1265 assoc->sadb_sa_replay = ipsa->ipsa_replay_wsize;
1266 assoc->sadb_sa_state = ipsa->ipsa_state;
1267 assoc->sadb_sa_auth = ipsa->ipsa_auth_alg;
1268 assoc->sadb_sa_encrypt = ipsa->ipsa_encr_alg;
1269 assoc->sadb_sa_flags = ipsa->ipsa_flags;
1271 lt = (sadb_lifetime_t *)(assoc + 1);
2226 sq->assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
2236 if ((req & IPSA_Q_SA) && (sq->assoc == NULL)) {
2243 sq->spi = sq->assoc->sadb_sa_spi;
2348 sq->inhash = INBOUND_HASH(sq->sp, sq->assoc->sadb_sa_spi);
2513 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
2526 ps.sadb_sa_state = assoc->sadb_sa_state;
2680 if (sq->assoc->sadb_sa_flags & IPSA_F_INBOUND) {
2682 sq->assoc->sadb_sa_spi, sq->srcaddr, sq->dstaddr, sq->af);
2689 sq->assoc->sadb_sa_spi, sq->srcaddr, sq->dstaddr,
2698 sq->assoc->sadb_sa_spi, sq->srcaddr, sq->dstaddr, sq->af);
2704 sq->assoc->sadb_sa_spi, sq->srcaddr, sq->dstaddr,
2735 sq->assoc->sadb_sa_spi, sq->srcaddr, sq->dstaddr, sq->af);
2897 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
2950 if (assoc == NULL) {
2983 (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
2985 assoc->sadb_sa_spi, NULL);
3006 newbie = sadb_makelarvalassoc(assoc->sadb_sa_spi,
3094 ASSERT((assoc->sadb_sa_state == SADB_SASTATE_MATURE) ||
3095 (assoc->sadb_sa_state == SADB_X_SASTATE_ACTIVE_ELSEWHERE));
3096 newbie->ipsa_auth_alg = assoc->sadb_sa_auth;
3097 newbie->ipsa_encr_alg = assoc->sadb_sa_encrypt;
3099 newbie->ipsa_flags |= assoc->sadb_sa_flags;
3128 newbie->ipsa_replay_wsize = assoc->sadb_sa_replay;
3522 newbie->ipsa_state = assoc->sadb_sa_state;
3679 assoc->sadb_sa_flags = newbie->ipsa_flags;
3692 sadb_set_usetime(ipsa_t *assoc)
3696 mutex_enter(&assoc->ipsa_lock);
3697 assoc->ipsa_lastuse = snapshot;
3698 assoc->ipsa_idleexpiretime = snapshot + assoc->ipsa_idletime;
3704 if (assoc->ipsa_usetime == 0) {
3710 assoc->ipsa_flags |= IPSA_F_USED;
3711 assoc->ipsa_usetime = snapshot;
3717 UPDATE_EXPIRE(assoc, softuselt, softexpiretime);
3718 UPDATE_EXPIRE(assoc, harduselt, hardexpiretime);
3720 mutex_exit(&assoc->ipsa_lock);
3727 sadb_expire_assoc(queue_t *pfkey_q, ipsa_t *assoc)
3737 ASSERT(MUTEX_HELD(&assoc->ipsa_lock));
3753 af = assoc->ipsa_addrfam;
3769 tunnel_mode = (assoc->ipsa_flags & IPSA_F_TUNNEL);
3772 switch (assoc->ipsa_innerfam) {
3805 samsg->sadb_msg_satype = assoc->ipsa_type;
3815 saext->sadb_sa_spi = assoc->ipsa_spi;
3816 saext->sadb_sa_replay = assoc->ipsa_replay_wsize;
3817 saext->sadb_sa_state = assoc->ipsa_state;
3818 saext->sadb_sa_auth = assoc->ipsa_auth_alg;
3819 saext->sadb_sa_encrypt = assoc->ipsa_encr_alg;
3820 saext->sadb_sa_flags = assoc->ipsa_flags;
3828 current->sadb_lifetime_bytes = assoc->ipsa_bytes;
3829 current->sadb_lifetime_addtime = assoc->ipsa_addtime;
3830 current->sadb_lifetime_usetime = assoc->ipsa_usetime;
3836 if (assoc->ipsa_state == IPSA_STATE_DEAD) {
3838 expire->sadb_lifetime_allocations = assoc->ipsa_hardalloc;
3839 expire->sadb_lifetime_bytes = assoc->ipsa_hardbyteslt;
3840 expire->sadb_lifetime_addtime = assoc->ipsa_hardaddlt;
3841 expire->sadb_lifetime_usetime = assoc->ipsa_harduselt;
3842 } else if (assoc->ipsa_state == IPSA_STATE_DYING) {
3844 expire->sadb_lifetime_allocations = assoc->ipsa_softalloc;
3845 expire->sadb_lifetime_bytes = assoc->ipsa_softbyteslt;
3846 expire->sadb_lifetime_addtime = assoc->ipsa_softaddlt;
3847 expire->sadb_lifetime_usetime = assoc->ipsa_softuselt;
3849 ASSERT(assoc->ipsa_state == IPSA_STATE_MATURE);
3853 expire->sadb_lifetime_addtime = assoc->ipsa_idleaddlt;
3854 expire->sadb_lifetime_usetime = assoc->ipsa_idleuselt;
3858 af, assoc->ipsa_srcaddr, tunnel_mode ? 0 : SA_SRCPORT(assoc),
3859 SA_PROTO(assoc), 0);
3863 af, assoc->ipsa_dstaddr, tunnel_mode ? 0 : SA_DSTPORT(assoc),
3864 SA_PROTO(assoc), 0);
3869 SADB_X_EXT_ADDRESS_INNER_SRC, assoc->ipsa_innerfam,
3870 assoc->ipsa_innersrc, SA_SRCPORT(assoc), SA_IPROTO(assoc),
3871 assoc->ipsa_innersrcpfx);
3874 SADB_X_EXT_ADDRESS_INNER_DST, assoc->ipsa_innerfam,
3875 assoc->ipsa_innerdst, SA_DSTPORT(assoc), SA_IPROTO(assoc),
3876 assoc->ipsa_innerdstpfx);
3892 sadb_age_bytes(queue_t *pfkey_q, ipsa_t *assoc, uint64_t bytes,
3898 mutex_enter(&assoc->ipsa_lock);
3899 newtotal = assoc->ipsa_bytes + bytes;
3900 if (assoc->ipsa_hardbyteslt != 0 &&
3901 newtotal >= assoc->ipsa_hardbyteslt) {
3902 if (assoc->ipsa_state != IPSA_STATE_DEAD) {
3903 sadb_delete_cluster(assoc);
3909 assoc->ipsa_state = IPSA_STATE_DEAD;
3911 sadb_expire_assoc(pfkey_q, assoc);
3916 assoc->ipsa_hardexpiretime = (time_t)1;
3919 } else if (assoc->ipsa_softbyteslt != 0 &&
3920 (newtotal >= assoc->ipsa_softbyteslt)) {
3921 if (assoc->ipsa_state < IPSA_STATE_DYING) {
3926 assoc->ipsa_state = IPSA_STATE_DYING;
3927 assoc->ipsa_bytes = newtotal;
3929 sadb_expire_assoc(pfkey_q, assoc);
3933 assoc->ipsa_bytes = newtotal;
3934 mutex_exit(&assoc->ipsa_lock);
3969 sadb_idle_activities(ipsa_t *assoc, time_t delta, boolean_t inbound)
3971 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp;
3974 ASSERT(MUTEX_HELD(&assoc->ipsa_lock));
3976 if (!inbound && (assoc->ipsa_flags & IPSA_F_NATT_LOC) &&
3978 gethrestime_sec() - assoc->ipsa_last_nat_t_ka >= nat_t_interval) {
3979 ASSERT(assoc->ipsa_type == SADB_SATYPE_ESP);
3980 assoc->ipsa_last_nat_t_ka = gethrestime_sec();
3981 mutex_exit(&assoc->ipsa_lock);
3982 ipsecesp_send_keepalive(assoc);
3989 * Return "assoc" if haspeer is true and I send an expire. This allows
3993 sadb_age_assoc(isaf_t *head, queue_t *pfkey_q, ipsa_t *assoc,
4001 mutex_enter(&assoc->ipsa_lock);
4003 if (((assoc->ipsa_state == IPSA_STATE_LARVAL) ||
4004 ((assoc->ipsa_state == IPSA_STATE_IDLE) ||
4005 (assoc->ipsa_state == IPSA_STATE_ACTIVE_ELSEWHERE) &&
4006 (assoc->ipsa_hardexpiretime != 0))) &&
4007 (assoc->ipsa_hardexpiretime <= current)) {
4008 assoc->ipsa_state = IPSA_STATE_DEAD;
4009 return (sadb_torch_assoc(head, assoc));
4020 if (assoc->ipsa_hardexpiretime != 0 &&
4021 assoc->ipsa_hardexpiretime <= current) {
4022 if (assoc->ipsa_state == IPSA_STATE_DEAD)
4023 return (sadb_torch_assoc(head, assoc));
4026 sadb_delete_cluster(assoc);
4032 assoc->ipsa_state = IPSA_STATE_DEAD;
4033 if (assoc->ipsa_haspeer || assoc->ipsa_otherspi != 0) {
4040 * If I return assoc, I have to bump up its reference
4044 IPSA_REFHOLD(assoc);
4045 retval = assoc;
4047 sadb_expire_assoc(pfkey_q, assoc);
4048 assoc->ipsa_hardexpiretime = current + reap_delay;
4049 } else if (assoc->ipsa_softexpiretime != 0 &&
4050 assoc->ipsa_softexpiretime <= current &&
4051 assoc->ipsa_state < IPSA_STATE_DYING) {
4056 assoc->ipsa_state = IPSA_STATE_DYING;
4057 if (assoc->ipsa_haspeer) {
4066 * If I return assoc, I have to bump up its
4070 IPSA_REFHOLD(assoc);
4071 retval = assoc;
4073 sadb_expire_assoc(pfkey_q, assoc);
4074 } else if (assoc->ipsa_idletime != 0 &&
4075 assoc->ipsa_idleexpiretime <= current) {
4076 if (assoc->ipsa_state == IPSA_STATE_ACTIVE_ELSEWHERE) {
4077 assoc->ipsa_state = IPSA_STATE_IDLE;
4083 if (assoc->ipsa_state == IPSA_STATE_MATURE) {
4084 sadb_expire_assoc(pfkey_q, assoc);
4088 dropped_mutex = sadb_idle_activities(assoc,
4089 current - assoc->ipsa_lastuse, inbound);
4093 mutex_exit(&assoc->ipsa_lock);
4110 ipsa_t *assoc, *spare;
4143 for (assoc = bucket->isaf_ipsa; assoc != NULL;
4144 assoc = spare) {
4145 spare = assoc->ipsa_next;
4146 if (sadb_age_assoc(bucket, pfkey_q, assoc, current,
4162 IPSA_REFRELE(assoc);
4166 newbie->ipsa = assoc;
4180 for (assoc = bucket->isaf_ipsa; assoc != NULL;
4181 assoc = spare) {
4182 spare = assoc->ipsa_next;
4183 if (sadb_age_assoc(bucket, pfkey_q, assoc, current,
4195 IPSA_REFRELE(assoc);
4199 newbie->ipsa = assoc;
4267 sadb_update_lifetimes(ipsa_t *assoc, sadb_lifetime_t *hard,
4270 mutex_enter(&assoc->ipsa_lock);
4280 assoc->ipsa_hardbyteslt = hard->sadb_lifetime_bytes;
4282 assoc->ipsa_harduselt = hard->sadb_lifetime_usetime;
4284 assoc->ipsa_hardaddlt = hard->sadb_lifetime_addtime;
4285 if (assoc->ipsa_hardaddlt != 0) {
4286 assoc->ipsa_hardexpiretime =
4287 assoc->ipsa_addtime + assoc->ipsa_hardaddlt;
4289 if (assoc->ipsa_harduselt != 0 &&
4290 assoc->ipsa_flags & IPSA_F_USED) {
4291 UPDATE_EXPIRE(assoc, harduselt, hardexpiretime);
4294 assoc->ipsa_hardalloc = hard->sadb_lifetime_allocations;
4300 assoc->ipsa_hardbyteslt) {
4301 assoc->ipsa_softbyteslt =
4302 assoc->ipsa_hardbyteslt;
4304 assoc->ipsa_softbyteslt =
4310 assoc->ipsa_harduselt) {
4311 assoc->ipsa_softuselt =
4312 assoc->ipsa_harduselt;
4314 assoc->ipsa_softuselt =
4320 assoc->ipsa_hardexpiretime) {
4321 assoc->ipsa_softexpiretime =
4322 assoc->ipsa_hardexpiretime;
4324 assoc->ipsa_softaddlt =
4328 if (assoc->ipsa_softaddlt != 0) {
4329 assoc->ipsa_softexpiretime =
4330 assoc->ipsa_addtime + assoc->ipsa_softaddlt;
4332 if (assoc->ipsa_softuselt != 0 &&
4333 assoc->ipsa_flags & IPSA_F_USED) {
4334 UPDATE_EXPIRE(assoc, softuselt, softexpiretime);
4336 if (outbound && assoc->ipsa_softexpiretime != 0) {
4337 if (assoc->ipsa_state == IPSA_STATE_MATURE)
4338 lifetime_fuzz(assoc);
4342 assoc->ipsa_softalloc = soft->sadb_lifetime_allocations;
4347 if ((assoc->ipsa_idleexpiretime <= current) &&
4348 (assoc->ipsa_idleaddlt == idle->sadb_lifetime_addtime)) {
4349 assoc->ipsa_idleexpiretime =
4350 current + assoc->ipsa_idleaddlt;
4353 assoc->ipsa_idleaddlt = idle->sadb_lifetime_addtime;
4355 assoc->ipsa_idleuselt = idle->sadb_lifetime_usetime;
4356 if (assoc->ipsa_idleaddlt != 0) {
4357 assoc->ipsa_idleexpiretime =
4359 assoc->ipsa_idletime = idle->sadb_lifetime_addtime;
4361 if (assoc->ipsa_idleuselt != 0) {
4362 if (assoc->ipsa_idletime != 0) {
4363 assoc->ipsa_idletime = min(assoc->ipsa_idletime,
4364 assoc->ipsa_idleuselt);
4365 assoc->ipsa_idleexpiretime =
4366 current + assoc->ipsa_idletime;
4368 assoc->ipsa_idleexpiretime =
4369 current + assoc->ipsa_idleuselt;
4370 assoc->ipsa_idletime = assoc->ipsa_idleuselt;
4374 mutex_exit(&assoc->ipsa_lock);
4378 sadb_update_state(ipsa_t *assoc, uint_t new_state, mblk_t **ipkt_lst)
4383 mutex_enter(&assoc->ipsa_lock);
4387 if (assoc->ipsa_state == SADB_X_SASTATE_IDLE) {
4388 assoc->ipsa_state = IPSA_STATE_ACTIVE_ELSEWHERE;
4389 assoc->ipsa_idleexpiretime =
4390 current + assoc->ipsa_idletime;
4394 if (assoc->ipsa_state == SADB_X_SASTATE_ACTIVE_ELSEWHERE) {
4395 assoc->ipsa_state = IPSA_STATE_IDLE;
4396 assoc->ipsa_idleexpiretime =
4397 current + assoc->ipsa_idletime;
4404 if (assoc->ipsa_state != SADB_X_SASTATE_IDLE) {
4408 assoc->ipsa_state = IPSA_STATE_MATURE;
4409 assoc->ipsa_idleexpiretime = current + assoc->ipsa_idletime;
4415 if (assoc->ipsa_bpkt_head != NULL) {
4416 *ipkt_lst = assoc->ipsa_bpkt_head;
4417 assoc->ipsa_bpkt_head = assoc->ipsa_bpkt_tail = NULL;
4418 assoc->ipsa_mblkcnt = 0;
4428 mutex_exit(&assoc->ipsa_lock);
4540 if (sq.assoc->sadb_sa_state == SADB_X_SASTATE_ACTIVE_ELSEWHERE) {
4544 sq.assoc->sadb_sa_state, NULL)) != 0) {
4552 sq.assoc->sadb_sa_state, NULL)) != 0) {
4558 if (sq.assoc->sadb_sa_state == SADB_X_SASTATE_ACTIVE) {
4561 sq.assoc->sadb_sa_state,
4571 sq.assoc->sadb_sa_state,
4591 if (!((sq.assoc->sadb_sa_state == SADB_SASTATE_MATURE) ||
4592 (sq.assoc->sadb_sa_state == SADB_X_SASTATE_ACTIVE_ELSEWHERE))) {
4597 if (sq.assoc->sadb_sa_flags & ~spp->s_updateflags) {
4705 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
4714 assoc->sadb_sa_spi) {
4779 oipsapp.ipsap_psa_ptr->ipsa_otherspi = assoc->sadb_sa_spi;
6219 sadb_replay_delete(ipsa_t *assoc)
6221 mutex_enter(&assoc->ipsa_lock);
6222 assoc->ipsa_hardexpiretime = (time_t)1;
6223 mutex_exit(&assoc->ipsa_lock);
7323 sadb_whack_label_v4(mblk_t *mp, ipsa_t *assoc, kstat_named_t *counter,
7330 uint8_t *opt_storage = assoc->ipsa_opt_storage;
7378 delta = tsol_prepend_option(assoc->ipsa_opt_storage, ipha, MBLKL(mp));
7403 sadb_whack_label_v6(mblk_t *mp, ipsa_t *assoc, kstat_named_t *counter,
7410 uint8_t *opt_storage = assoc->ipsa_opt_storage;
7467 delta = tsol_prepend_option_v6(assoc->ipsa_opt_storage,
7494 sadb_whack_label(mblk_t *mp, ipsa_t *assoc, ip_xmit_attr_t *ixa,
7505 mp = sadb_whack_label_v4(mp, assoc, counter, dropper);
7517 mp = sadb_whack_label_v6(mp, assoc, counter, dropper);
7540 lifetime_fuzz(ipsa_t *assoc)
7544 if (assoc->ipsa_softaddlt == 0)
7549 assoc->ipsa_softexpiretime -= rnd;
7550 assoc->ipsa_softaddlt -= rnd;
7702 update_iv(uint8_t *iv_ptr, queue_t *pfkey_q, ipsa_t *assoc,
7712 if (!(assoc->ipsa_flags & IPSA_F_COUNTERMODE)) {
7713 (void) random_get_pseudo_bytes(iv_ptr, assoc->ipsa_iv_len);
7717 mutex_enter(&assoc->ipsa_lock);
7719 (*assoc->ipsa_iv)++;
7721 if (*assoc->ipsa_iv == assoc->ipsa_iv_hardexpire) {
7724 } else if (*assoc->ipsa_iv == assoc->ipsa_iv_softexpire) {
7725 if (assoc->ipsa_state != IPSA_STATE_DYING) {
7741 assoc->ipsa_state = sa_new_state;
7742 if (assoc->ipsa_addrfam == AF_INET6) {
7747 inbound_bucket = INBOUND_BUCKET(sp, assoc->ipsa_otherspi);
7748 sadb_expire_assoc(pfkey_q, assoc);
7751 bcopy(assoc->ipsa_iv, iv_ptr, assoc->ipsa_iv_len);
7753 mutex_exit(&assoc->ipsa_lock);
7759 assoc->ipsa_otherspi, assoc->ipsa_dstaddr,
7760 assoc->ipsa_srcaddr, assoc->ipsa_addrfam);
7774 ccm_params_init(ipsa_t *assoc, uchar_t *esph, uint_t data_len, uchar_t *iv_ptr,
7784 params->ulMACSize = assoc->ipsa_mac_len;
7785 params->ulNonceSize = assoc->ipsa_nonce_len;
7791 cm_mech->combined_mech.cm_type = assoc->ipsa_emech.cm_type;
7795 bcopy(assoc->ipsa_nonce, nonce, assoc->ipsa_saltlen);
7796 nonce += assoc->ipsa_saltlen;
7797 bcopy(iv_ptr, nonce, assoc->ipsa_iv_len);
7803 cbc_params_init(ipsa_t *assoc, uchar_t *esph, uint_t data_len, uchar_t *iv_ptr,
7806 cm_mech->combined_mech.cm_type = assoc->ipsa_emech.cm_type;
7814 gcm_params_init(ipsa_t *assoc, uchar_t *esph, uint_t data_len, uchar_t *iv_ptr,
7826 params->ulIvLen = assoc->ipsa_nonce_len;
7827 params->ulIvBits = SADB_8TO1(assoc->ipsa_nonce_len);
7830 params->ulTagBits = SADB_8TO1(assoc->ipsa_mac_len);
7832 cm_mech->combined_mech.cm_type = assoc->ipsa_emech.cm_type;
7843 bcopy(assoc->ipsa_nonce, nonce, assoc->ipsa_saltlen);
7844 nonce += assoc->ipsa_saltlen;
7845 bcopy(iv_ptr, nonce, assoc->ipsa_iv_len);