Lines Matching defs:ipss
149 void ipsec_fragcache_uninit(ipsec_fragcache_t *, ipsec_stack_t *ipss);
361 ipsec_stack_t *ipss = (ipsec_stack_t *)arg;
364 netstack_t *ns = ipss->ipsec_netstack;
368 ipsec_loader_destroy(ipss);
370 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER);
379 avl_destroy_nodes(&ipss->ipsec_tunnel_policies,
383 avl_destroy(&ipss->ipsec_tunnel_policies);
384 rw_exit(&ipss->ipsec_tunnel_policy_lock);
385 rw_destroy(&ipss->ipsec_tunnel_policy_lock);
389 ipsec_kstat_destroy(ipss);
391 ip_drop_unregister(&ipss->ipsec_dropper);
393 ip_drop_unregister(&ipss->ipsec_spd_dropper);
394 ip_drop_destroy(ipss);
399 ipsec_polhead_destroy(&ipss->ipsec_system_policy);
400 ASSERT(ipss->ipsec_system_policy.iph_refs == 1);
401 ipsec_polhead_destroy(&ipss->ipsec_inactive_policy);
402 ASSERT(ipss->ipsec_inactive_policy.iph_refs == 1);
405 ipsec_action_free_table(ipss->ipsec_action_hash[i].hash_head);
406 ipss->ipsec_action_hash[i].hash_head = NULL;
407 mutex_destroy(&(ipss->ipsec_action_hash[i].hash_lock));
410 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) {
411 ASSERT(ipss->ipsec_sel_hash[i].hash_head == NULL);
412 mutex_destroy(&(ipss->ipsec_sel_hash[i].hash_lock));
415 mutex_enter(&ipss->ipsec_alg_lock);
417 int nalgs = ipss->ipsec_nalgs[algtype];
420 if (ipss->ipsec_alglists[algtype][i] != NULL)
424 mutex_exit(&ipss->ipsec_alg_lock);
425 mutex_destroy(&ipss->ipsec_alg_lock);
430 (void) ipsec_free_tables(ipss);
431 kmem_free(ipss, sizeof (*ipss));
452 ipsec_free_tables(ipsec_stack_t *ipss)
456 if (ipss->ipsec_sel_hash != NULL) {
457 for (i = 0; i < ipss->ipsec_spd_hashsize; i++) {
458 ASSERT(ipss->ipsec_sel_hash[i].hash_head == NULL);
460 kmem_free(ipss->ipsec_sel_hash, ipss->ipsec_spd_hashsize *
461 sizeof (*ipss->ipsec_sel_hash));
462 ipss->ipsec_sel_hash = NULL;
463 ipss->ipsec_spd_hashsize = 0;
465 ipsec_polhead_free_table(&ipss->ipsec_system_policy);
466 ipsec_polhead_free_table(&ipss->ipsec_inactive_policy);
503 ipsec_stack_t *ipss = ns->netstack_ipsec;
505 error = ipsec_alloc_table(&ipss->ipsec_system_policy,
506 ipss->ipsec_spd_hashsize, kmflag, B_TRUE, ns);
510 error = ipsec_alloc_table(&ipss->ipsec_inactive_policy,
511 ipss->ipsec_spd_hashsize, kmflag, B_TRUE, ns);
515 ipss->ipsec_sel_hash = kmem_zalloc(ipss->ipsec_spd_hashsize *
516 sizeof (*ipss->ipsec_sel_hash), kmflag);
518 if (ipss->ipsec_sel_hash == NULL)
519 return (ipsec_free_tables(ipss));
548 ipsec_kstat_init(ipsec_stack_t *ipss)
550 ipss->ipsec_ksp = kstat_create_netstack("ip", 0, "ipsec_stat", "net",
552 KSTAT_FLAG_PERSISTENT, ipss->ipsec_netstack->netstack_stackid);
554 if (ipss->ipsec_ksp == NULL || ipss->ipsec_ksp->ks_data == NULL)
557 ipss->ipsec_kstats = ipss->ipsec_ksp->ks_data;
559 #define KI(x) kstat_named_init(&ipss->ipsec_kstats->x, #x, KSTAT_DATA_UINT64)
570 kstat_install(ipss->ipsec_ksp);
575 ipsec_kstat_destroy(ipsec_stack_t *ipss)
577 kstat_delete_netstack(ipss->ipsec_ksp,
578 ipss->ipsec_netstack->netstack_stackid);
579 ipss->ipsec_kstats = NULL;
590 ipsec_stack_t *ipss;
593 ipss = (ipsec_stack_t *)kmem_zalloc(sizeof (*ipss), KM_SLEEP);
594 ipss->ipsec_netstack = ns;
605 ns->netstack_ipsec = ipss;
612 ipss->ipsec_spd_hashsize = (ipsec_spd_hashsize == 0) ?
618 ipss->ipsec_spd_hashsize);
619 ipss->ipsec_spd_hashsize = IPSEC_SPDHASH_DEFAULT;
621 ipss->ipsec_spd_hashsize);
626 ipss->ipsec_tun_spd_hashsize = (tun_spd_hashsize == 0) ?
634 ipss->ipsec_system_policy.iph_refs = 1;
635 ipss->ipsec_inactive_policy.iph_refs = 1;
636 ipsec_polhead_init(&ipss->ipsec_system_policy,
637 ipss->ipsec_spd_hashsize);
638 ipsec_polhead_init(&ipss->ipsec_inactive_policy,
639 ipss->ipsec_spd_hashsize);
640 rw_init(&ipss->ipsec_tunnel_policy_lock, NULL, RW_DEFAULT, NULL);
641 avl_create(&ipss->ipsec_tunnel_policies, tunnel_compare,
644 ipss->ipsec_next_policy_index = 1;
646 rw_init(&ipss->ipsec_system_policy.iph_lock, NULL, RW_DEFAULT, NULL);
647 rw_init(&ipss->ipsec_inactive_policy.iph_lock, NULL, RW_DEFAULT, NULL);
650 mutex_init(&(ipss->ipsec_action_hash[i].hash_lock),
653 for (i = 0; i < ipss->ipsec_spd_hashsize; i++)
654 mutex_init(&(ipss->ipsec_sel_hash[i].hash_lock),
657 mutex_init(&ipss->ipsec_alg_lock, NULL, MUTEX_DEFAULT, NULL);
659 ipss->ipsec_nalgs[i] = 0;
662 ip_drop_init(ipss);
663 ip_drop_register(&ipss->ipsec_spd_dropper, "IPsec SPD");
666 ip_drop_register(&ipss->ipsec_dropper, "IP IPsec processing");
668 (void) ipsec_kstat_init(ipss);
670 ipsec_loader_init(ipss);
671 ipsec_loader_start(ipss);
673 return (ipss);
712 ipsec_stack_t *ipss = ns->netstack_ipsec;
713 ipsec_alginfo_t *ai = ipss->ipsec_alglists[at][algid];
716 uint_t count = ipss->ipsec_nalgs[at];
720 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
727 alt = ipss->ipsec_alglists[at][ipss->ipsec_sortlist[at][i]];
734 swap = ipss->ipsec_sortlist[at][i];
735 ipss->ipsec_sortlist[at][i] = holder;
742 ipss->ipsec_sortlist[at][i] = holder;
754 ipsec_stack_t *ipss = ns->netstack_ipsec;
755 int newcount = ipss->ipsec_nalgs[at];
757 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
761 ipss->ipsec_sortlist[at][i-1] =
762 ipss->ipsec_sortlist[at][i];
763 } else if (ipss->ipsec_sortlist[at][i] == algid) {
776 ipsec_stack_t *ipss = ns->netstack_ipsec;
778 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
780 ASSERT(ipss->ipsec_alglists[algtype][alg->alg_id] == NULL);
782 ipss->ipsec_alglists[algtype][alg->alg_id] = alg;
784 ipss->ipsec_nalgs[algtype]++;
795 ipsec_stack_t *ipss = ns->netstack_ipsec;
797 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
799 ASSERT(ipss->ipsec_alglists[algtype][algid] != NULL);
800 ipsec_alg_free(ipss->ipsec_alglists[algtype][algid]);
801 ipss->ipsec_alglists[algtype][algid] = NULL;
803 ipss->ipsec_nalgs[algtype]--;
814 ipsec_stack_t *ipss = ns->netstack_ipsec;
815 ipsec_policy_head_t *h = &ipss->ipsec_system_policy;
824 ipsec_stack_t *ipss = ns->netstack_ipsec;
825 ipsec_policy_head_t *h = &ipss->ipsec_inactive_policy;
889 ipsec_stack_t *ipss = ns->netstack_ipsec;
891 ipsec_swap_policy(&ipss->ipsec_system_policy,
892 &ipss->ipsec_inactive_policy, ns);
1011 ipsec_stack_t *ipss = ns->netstack_ipsec;
1013 return (ipsec_copy_polhead(&ipss->ipsec_system_policy,
1014 &ipss->ipsec_inactive_policy, ns));
1030 ipsec_stack_t *ipss = ns->netstack_ipsec;
1045 ipss->ipsec_policy_failure_count[type]++;
1064 ipsec_stack_t *ipss = ns->netstack_ipsec;
1075 if (ipss->ipsec_policy_failure_last +
1080 ipss->ipsec_policy_failure_last = current;
1088 ipsec_stack_t *ipss = ns->netstack_ipsec;
1090 rw_enter(&ipss->ipsec_system_policy.iph_lock, RW_WRITER);
1091 ipsec_polhead_flush(&ipss->ipsec_system_policy, ns);
1092 ipss->ipsec_next_policy_index = 1;
1093 rw_exit(&ipss->ipsec_system_policy.iph_lock);
1094 ipsec_action_reclaim_stack(ipss);
1105 ipsec_stack_t *ipss = ns->netstack_ipsec;
1106 ipsec_alginfo_t *algp = ipss->ipsec_alglists[algtype][algid];
1141 ipsec_stack_t *ipss = ns->netstack_ipsec;
1146 ipss->ipsec_alglists[IPSEC_ALG_AUTH][ipp->ipp_auth_alg] == NULL) {
1151 ipss->ipsec_alglists[IPSEC_ALG_AUTH][ipp->ipp_esp_auth_alg] ==
1157 ipss->ipsec_alglists[IPSEC_ALG_ENCR][ipp->ipp_encr_alg] == NULL) {
1223 ipsec_stack_t *ipss = ns->netstack_ipsec;
1264 #define SET_EXP_MINMAX(type, wild, alg, min, max, ipss) \
1266 int nalgs = ipss->ipsec_nalgs[type]; \
1267 if (ipss->ipsec_alglists[type][alg] != NULL) \
1271 max = ipss->ipsec_nalgs[type] - 1; \
1275 auth_min, auth_max, ipss);
1277 eauth_min, eauth_max, ipss);
1279 encr_min, encr_max, ipss);
1303 #define WHICH_ALG(type, wild, idx, ipss) \
1304 ((wild)?(ipss->ipsec_sortlist[type][idx]):(idx))
1307 encr_alg = WHICH_ALG(IPSEC_ALG_ENCR, wild_encr, encr_idx, ipss);
1312 auth_idx, ipss);
1318 wild_eauth, eauth_idx, ipss);
1528 ipsec_stack_t *ipss = ns->netstack_ipsec;
1552 *counter = DROPPER(ipss, ipds_spd_ah_innermismatch);
1558 *counter = DROPPER(ipss, ipds_spd_esp_innermismatch);
1574 ipsec_stack_t *ipss = ns->netstack_ipsec;
1592 *counter = DROPPER(ipss, ipds_spd_loopback_mismatch);
1608 *counter = DROPPER(ipss, ipds_spd_explicit);
1614 *counter = DROPPER(ipss, ipds_spd_got_secure);
1632 *counter = DROPPER(ipss, ipds_spd_got_clear);
1641 *counter = DROPPER(ipss, ipds_spd_bad_ahalg);
1651 *counter = DROPPER(ipss, ipds_spd_got_ah);
1660 *counter = DROPPER(ipss, ipds_spd_got_clear);
1669 *counter = DROPPER(ipss, ipds_spd_bad_espealg);
1681 *counter = DROPPER(ipss,
1693 *counter = DROPPER(ipss, ipds_spd_got_esp);
1704 *counter = DROPPER(ipss,
1717 *counter = DROPPER(ipss, ipds_spd_got_selfencap);
1803 ipsec_stack_t *ipss = ns->netstack_ipsec;
1817 *counter = DROPPER(ipss, ipds_spd_ah_badid);
1826 *counter = DROPPER(ipss, ipds_spd_esp_badid);
1863 ipsec_stack_t *ipss = ns->netstack_ipsec;
1866 counter = DROPPER(ipss, ipds_spd_got_secure);
1889 counter = DROPPER(ipss, ipds_spd_ahesp_diffid);
1918 &ipss->ipsec_spd_dropper);
2089 ipsec_stack_t *ipss = ns->netstack_ipsec;
2091 p = ipsec_find_policy_head(NULL, &ipss->ipsec_system_policy,
2124 ipsec_stack_t *ipss = ns->netstack_ipsec;
2132 policy_present = ipss->ipsec_inbound_v4_policy_present;
2134 policy_present = ipss->ipsec_inbound_v6_policy_present;
2167 counter = DROPPER(ipss, ipds_spd_nomem);
2196 counter = DROPPER(ipss, ipds_spd_got_secure);
2220 counter = DROPPER(ipss, ipds_spd_got_clear);
2224 &ipss->ipsec_spd_dropper);
2461 ipsec_stack_t *ipss;
2469 ipss = ns->netstack_ipsec;
2485 DROPPER(ipss, ipds_spd_got_clear),
2486 &ipss->ipsec_spd_dropper);
2513 DROPPER(ipss, ipds_spd_got_clear),
2514 &ipss->ipsec_spd_dropper);
2551 DROPPER(ipss, ipds_spd_got_clear),
2552 &ipss->ipsec_spd_dropper);
2607 &ipss->ipsec_spd_dropper);
2816 ip6_t *ip6h, int outer_hdr_len, ipsec_stack_t *ipss)
2852 DROPPER(ipss, ipds_spd_nomem),
2853 &ipss->ipsec_spd_dropper);
2890 DROPPER(ipss, ipds_spd_nomem),
2891 &ipss->ipsec_spd_dropper);
3128 ipsec_stack_t *ipss = ns->netstack_ipsec;
3136 ipss->ipsec_spd_hashsize));
3142 ipss->ipsec_spd_hashsize));
3174 ipsec_stack_t *ipss = ns->netstack_ipsec;
3183 HASH_LOCK(ipss->ipsec_action_hash, hval);
3186 ipss->ipsec_action_hash, hval)) {
3194 HASH_UNLOCK(ipss->ipsec_action_hash, hval);
3203 HASH_UNLOCK(ipss->ipsec_action_hash, hval);
3208 HASH_INSERT(ap, ipa_hash, ipss->ipsec_action_hash, hval);
3239 HASH_UNLOCK(ipss->ipsec_action_hash, hval);
3305 ipsec_stack_t *ipss;
3313 if ((ipss = ns->netstack_ipsec) == NULL) {
3317 ipsec_action_reclaim_stack(ipss);
3335 ipsec_action_reclaim_stack(ipsec_stack_t *ipss)
3343 if (ipss->ipsec_action_hash[i].hash_head == NULL)
3346 HASH_LOCK(ipss->ipsec_action_hash, i);
3347 for (ap = ipss->ipsec_action_hash[i].hash_head;
3354 ipss->ipsec_action_hash, i);
3357 HASH_UNLOCK(ipss->ipsec_action_hash, i);
3370 ipsec_stack_t *ipss = ns->netstack_ipsec;
3384 ASSERT(!HASH_LOCKED(ipss->ipsec_sel_hash, bucket));
3385 HASH_LOCK(ipss->ipsec_sel_hash, bucket);
3387 for (HASH_ITERATE(sp, ipsl_hash, ipss->ipsec_sel_hash, bucket)) {
3395 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket);
3401 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket);
3405 HASH_INSERT(sp, ipsl_hash, ipss->ipsec_sel_hash, bucket);
3414 HASH_UNLOCK(ipss->ipsec_sel_hash, bucket);
3424 ipsec_stack_t *ipss = ns->netstack_ipsec;
3431 ASSERT(!HASH_LOCKED(ipss->ipsec_sel_hash, hval));
3432 HASH_LOCK(ipss->ipsec_sel_hash, hval);
3434 HASH_UNCHAIN(sp, ipsl_hash, ipss->ipsec_sel_hash, hval);
3436 HASH_UNLOCK(ipss->ipsec_sel_hash, hval);
3443 HASH_UNLOCK(ipss->ipsec_sel_hash, hval);
3473 ipsec_stack_t *ipss = ns->netstack_ipsec;
3476 index_ptr = &ipss->ipsec_next_policy_index;
3507 ipsec_update_present_flags(ipsec_stack_t *ipss)
3511 hashpol = (avl_numnodes(&ipss->ipsec_system_policy.iph_rulebyid) > 0);
3514 ipss->ipsec_outbound_v4_policy_present = B_TRUE;
3515 ipss->ipsec_outbound_v6_policy_present = B_TRUE;
3516 ipss->ipsec_inbound_v4_policy_present = B_TRUE;
3517 ipss->ipsec_inbound_v6_policy_present = B_TRUE;
3521 ipss->ipsec_outbound_v4_policy_present = (NULL !=
3522 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_OUTBOUND].
3524 ipss->ipsec_outbound_v6_policy_present = (NULL !=
3525 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_OUTBOUND].
3527 ipss->ipsec_inbound_v4_policy_present = (NULL !=
3528 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_INBOUND].
3530 ipss->ipsec_inbound_v6_policy_present = (NULL !=
3531 ipss->ipsec_system_policy.iph_root[IPSEC_TYPE_INBOUND].
4204 ipsec_stack_t *ipss = ns->netstack_ipsec;
4207 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen;
4212 policy_present = ipss->ipsec_outbound_v4_policy_present;
4214 policy_present = ipss->ipsec_outbound_v6_policy_present;
4232 if (!ipsec_init_outbound_ports(&sel, mp, ipha, ip6h, 0, ipss)) {
4279 ipsec_stack_t *ipss = ns->netstack_ipsec;
4282 ipss->ipsec_system_policy.iph_gen;
4317 (ipss->ipsec_outbound_v4_policy_present ||
4318 ipss->ipsec_inbound_v4_policy_present) :
4319 (ipss->ipsec_outbound_v6_policy_present ||
4320 ipss->ipsec_inbound_v6_policy_present);
4412 ipsec_stack_t *ipss = ns->netstack_ipsec;
4414 ixa->ixa_ipsec_policy_gen = ipss->ipsec_system_policy.iph_gen;
4436 (ipss->ipsec_outbound_v4_policy_present ||
4437 ipss->ipsec_inbound_v4_policy_present) :
4438 (ipss->ipsec_outbound_v6_policy_present ||
4439 ipss->ipsec_inbound_v6_policy_present);
4501 ipsec_stack_t *ipss = ixa->ixa_ipst->ips_netstack->netstack_ipsec;
4506 return (ixa->ixa_ipsec_policy_gen == ipss->ipsec_system_policy.iph_gen);
4560 ipsec_stack_t *ipss = ns->netstack_ipsec;
4563 bucket = &ipss->ipsec_ipsid_buckets[ipsid_hash(idtype, idstring)];
4615 ipsec_stack_t *ipss = ns->netstack_ipsec;
4618 bucket = &ipss->ipsec_ipsid_buckets[i];
4663 ipsec_stack_t *ipss = ns->netstack_ipsec;
4666 bucket = &ipss->ipsec_ipsid_buckets[i];
4679 ipsec_stack_t *ipss = ns->netstack_ipsec;
4682 bucket = &ipss->ipsec_ipsid_buckets[i];
4703 ipsec_stack_t *ipss = ns->netstack_ipsec;
4705 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
5040 ipsec_stack_t *ipss = ns->netstack_ipsec;
5058 mutex_enter(&ipss->ipsec_alg_lock);
5060 for (algidx = 0; algidx < ipss->ipsec_nalgs[algtype];
5063 algid = ipss->ipsec_sortlist[algtype][algidx];
5064 alg = ipss->ipsec_alglists[algtype][algid];
5121 mutex_exit(&ipss->ipsec_alg_lock);
5192 ipsec_stack_t *ipss = ns->netstack_ipsec;
5239 DROPPER(ipss, ipds_spd_nomem),
5240 &ipss->ipsec_spd_dropper);
5278 outer_hdr_len, ipss);
5298 DROPPER(ipss,
5300 &ipss->ipsec_spd_dropper);
5325 DROPPER(ipss,
5327 &ipss->ipsec_spd_dropper);
5342 inner_ipv4, inner_ipv6, outer_hdr_len, ipss)) {
5388 DROPPER(ipss, ipds_spd_explicit),
5389 &ipss->ipsec_spd_dropper);
5556 ipsec_stack_t *ipss = ns->netstack_ipsec;
5562 global_present = ipss->ipsec_inbound_v4_policy_present;
5565 global_present = ipss->ipsec_inbound_v6_policy_present;
5606 DROPPER(ipss, ipds_spd_nomem),
5607 &ipss->ipsec_spd_dropper);
5616 DROPPER(ipss, ipds_spd_got_clear),
5617 &ipss->ipsec_spd_dropper);
5632 DROPPER(ipss, ipds_spd_nomem),
5633 &ipss->ipsec_spd_dropper);
5665 DROPPER(ipss, ipds_spd_nomem),
5666 &ipss->ipsec_spd_dropper);
5671 mp, data_mp, outer_hdr_len, ipss);
5721 DROPPER(ipss, ipds_spd_nomem),
5722 &ipss->ipsec_spd_dropper);
5726 DROPPER(ipss, ipds_spd_malformed_frag),
5727 &ipss->ipsec_spd_dropper);
5791 DROPPER(ipss, ipds_spd_got_clear),
5792 &ipss->ipsec_spd_dropper);
5836 DROPPER(ipss, ipds_spd_explicit),
5837 &ipss->ipsec_spd_dropper);
5861 DROPPER(ipss, ipds_spd_got_secure),
5862 &ipss->ipsec_spd_dropper);
5952 ipsec_stack_t *ipss = ns->netstack_ipsec;
5954 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER);
5955 ipss->ipsec_tunnel_policy_gen++;
5956 ipsec_fragcache_uninit(&node->itp_fragcache, ipss);
5957 avl_remove(&ipss->ipsec_tunnel_policies, node);
5958 rw_exit(&ipss->ipsec_tunnel_policy_lock);
5970 ipsec_stack_t *ipss = ns->netstack_ipsec;
5974 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_READER);
5975 node = (ipsec_tun_pol_t *)avl_find(&ipss->ipsec_tunnel_policies,
5980 rw_exit(&ipss->ipsec_tunnel_policy_lock);
5994 ipsec_stack_t *ipss = ns->netstack_ipsec;
5996 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_READER);
5997 for (node = avl_first(&ipss->ipsec_tunnel_policies); node != NULL;
5998 node = AVL_NEXT(&ipss->ipsec_tunnel_policies, node)) {
6001 rw_exit(&ipss->ipsec_tunnel_policy_lock);
6010 ipsec_stack_t *ipss = ns->netstack_ipsec;
6015 if (ipsec_alloc_table(iph, ipss->ipsec_tun_spd_hashsize,
6020 ipsec_polhead_init(iph, ipss->ipsec_tun_spd_hashsize);
6034 ipsec_stack_t *ipss = ns->netstack_ipsec;
6049 rw_enter(&ipss->ipsec_tunnel_policy_lock, RW_WRITER);
6050 existing = (ipsec_tun_pol_t *)avl_find(&ipss->ipsec_tunnel_policies,
6055 rw_exit(&ipss->ipsec_tunnel_policy_lock);
6058 ipss->ipsec_tunnel_policy_gen++;
6059 *gen = ipss->ipsec_tunnel_policy_gen;
6062 avl_insert(&ipss->ipsec_tunnel_policies, newbie, where);
6084 rw_exit(&ipss->ipsec_tunnel_policy_lock);
6206 ipsec_fragcache_uninit(ipsec_fragcache_t *frag, ipsec_stack_t *ipss)
6218 fep = fragcache_delentry(i, fep, frag, ipss);
6255 int outer_hdr_len, ipsec_stack_t *ipss)
6286 DROPPER(ipss, ipds_spd_nomem),
6287 &ipss->ipsec_spd_dropper);
6315 DROPPER(ipss, ipds_spd_malformed_packet),
6316 &ipss->ipsec_spd_dropper);
6334 DROPPER(ipss, ipds_spd_malformed_frag),
6335 &ipss->ipsec_spd_dropper);
6356 ipsec_fragcache_clean(frag, ipss);
6411 (void) fragcache_delentry(i, fep, frag, ipss);
6414 DROPPER(ipss, ipds_spd_malformed_frag),
6415 &ipss->ipsec_spd_dropper);
6425 ipsec_fragcache_clean(frag, ipss);
6429 DROPPER(ipss, ipds_spd_nomem),
6430 &ipss->ipsec_spd_dropper);
6531 DROPPER(ipss, ipds_spd_malformed_frag),
6532 &ipss->ipsec_spd_dropper);
6572 (void) fragcache_delentry(i, fep, frag, ipss);
6575 DROPPER(ipss, ipds_spd_overlap_frag),
6576 &ipss->ipsec_spd_dropper);
6594 DROPPER(ipss, ipds_spd_evil_frag),
6595 &ipss->ipsec_spd_dropper);
6636 ipss);
6639 DROPPER(ipss,
6641 &ipss->ipsec_spd_dropper);
6678 (void) fragcache_delentry(i, fep, frag, ipss);
6684 DROPPER(ipss, ipds_spd_max_frags),
6685 &ipss->ipsec_spd_dropper);
6737 DROPPER(ipss, ipds_spd_malformed_frag),
6738 &ipss->ipsec_spd_dropper);
6787 (void) fragcache_delentry(i, fep, frag, ipss);
6796 DROPPER(ipss, ipds_spd_evil_frag),
6797 &ipss->ipsec_spd_dropper);
6826 ipsec_fragcache_clean(ipsec_fragcache_t *frag, ipsec_stack_t *ipss)
6845 fep = fragcache_delentry(i, fep, frag, ipss);
6861 (void) fragcache_delentry(earlyi, earlyfep, frag, ipss);
6866 ipsec_fragcache_t *frag, ipsec_stack_t *ipss)
6877 DROPPER(ipss, ipds_spd_expired_frags),
6878 &ipss->ipsec_spd_dropper);