1498 ipsec_check_loopback_policy(mblk_t *data_mp, ip_recv_attr_t *ira,
1501 	if (!(ira->ira_flags & IRAF_IPSEC_SECURE))
1504 	ASSERT(ira->ira_flags & IRAF_LOOPBACK);
1522 ipsec_check_ipsecin_unique(ip_recv_attr_t *ira, const char **reason,
1530 	ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
1531 	ASSERT(!(ira->ira_flags & IRAF_LOOPBACK));
1533 	ah_assoc = ira->ira_ipsec_ah_sa;
1534 	esp_assoc = ira->ira_ipsec_esp_sa;
1565 ipsec_check_ipsecin_action(ip_recv_attr_t *ira, mblk_t *mp, ipsec_action_t *ap,
1579 	if (ira->ira_flags & IRAF_LOOPBACK) {
1587 		if (ap == ira->ira_ipsec_action ||
1588 		    (ira->ira_flags & IRAF_TRUSTED_ICMP))
1596 	ASSERT(!(ira->ira_flags & IRAF_TRUSTED_ICMP));
1597 	ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
1599 	ah_assoc = ira->ira_ipsec_ah_sa;
1600 	esp_assoc = ira->ira_ipsec_esp_sa;
1602 	decaps = (ira->ira_flags & IRAF_IPSEC_DECAPS);
1722 		if (ira->ira_ipsec_action != NULL) {
1728 			IPACT_REFRELE(ira->ira_ipsec_action);
1730 		ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
1731 		ASSERT(ira->ira_ipsec_action == NULL);
1733 		ira->ira_ipsec_action = ap;
1799 ipsec_check_ipsecin_latch(ip_recv_attr_t *ira, mblk_t *mp, ipsec_latch_t *ipl,
1806 	ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
1808 	if (!(ira->ira_flags & IRAF_LOOPBACK)) {
1814 		if (ira->ira_ipsec_ah_sa != NULL) {
1816 			    ira->ira_ipsec_ah_sa)) {
1823 		if (ira->ira_ipsec_esp_sa != NULL) {
1825 			    ira->ira_ipsec_esp_sa)) {
1837 		if (!ipsec_check_ipsecin_unique(ira, reason, counter,
1842 	return (ipsec_check_ipsecin_action(ira, mp, ap, ipha, ip6h, reason,
1857     ipha_t *ipha, ip6_t *ip6h, uint64_t pkt_unique, ip_recv_attr_t *ira,
1873 	if (ira->ira_flags & IRAF_LOOPBACK)
1874 		return (ipsec_check_loopback_policy(data_mp, ira, ipsp));
1876 	ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
1878 	if (ira->ira_ipsec_action != NULL) {
1883 		IPACT_REFRELE(ira->ira_ipsec_action);
1885 	ASSERT(ira->ira_ipsec_action == NULL);
1887 	if (!SA_IDS_MATCH(ira->ira_ipsec_ah_sa, ira->ira_ipsec_esp_sa)) {
1893 	if (!ipsec_check_ipsecin_unique(ira, &reason, &counter, pkt_unique,
1903 		if (ipsec_check_ipsecin_action(ira, data_mp, ap,
1915 	ASSERT(ira->ira_ipsec_action == NULL);
2116     ipha_t *ipha, ip6_t *ip6h, ip_recv_attr_t *ira, netstack_t *ns)
2188 		if (!(ira->ira_flags & IRAF_IPSEC_SECURE)) {
2203 	if (ira->ira_flags & IRAF_IPSEC_SECURE) {
2205 		    pkt_unique, ira, ns));
2406 ipsec_latch_inbound(conn_t *connp, ip_recv_attr_t *ira)
2415 		if (!(ira->ira_flags & IRAF_LOOPBACK)) {
2416 			ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
2417 			if (ira->ira_ipsec_esp_sa != NULL)
2418 				sa = ira->ira_ipsec_esp_sa;
2420 				sa = ira->ira_ipsec_ah_sa;
2427 	if (ira->ira_flags & IRAF_IPSEC_SECURE) {
2438 			    ira->ira_ipsec_action);
2441 		connp->conn_latch_in_action = ira->ira_ipsec_action;
2455     ipha_t *ipha, ip6_t *ip6h, ip_recv_attr_t *ira)
2472 	if (!(ira->ira_flags & IRAF_IPSEC_SECURE)) {
2539 			    ipha, ip6h, ira, ns);
2577 		    ipha, ip6h, ira, ns);
2595 		if (ipsec_check_ipsecin_latch(ira, mp, ipl, ap,
2621 	mp = ipsec_check_ipsecin_policy(mp, p, ipha, ip6h, unique_id, ira, ns);
2627 		ipsec_latch_inbound(connp, ira);
2974 ipsec_in_to_out_action(ip_recv_attr_t *ira)
2996 	ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
2998 	ah_assoc = ira->ira_ipsec_ah_sa;
3001 	esp_assoc = ira->ira_ipsec_esp_sa;
3016 	    !!(ira->ira_flags & IRAF_IPSEC_DECAPS);
3046 	ap->ipa_want_se = !!(ira->ira_flags & IRAF_IPSEC_DECAPS);
4019  * Note: the caller has moved other parts of ira into ixa already.
4022 ipsec_in_to_out(ip_recv_attr_t *ira, ip_xmit_attr_t *ixa, mblk_t *data_mp,
4031 	if (ira->ira_ipsec_action != NULL) {
4033 		reflect_action = ira->ira_ipsec_action;
4034 		ira->ira_ipsec_action = NULL;
4035 	} else if (!(ira->ira_flags & IRAF_LOOPBACK))
4036 		reflect_action = ipsec_in_to_out_action(ira);
4067 	if (ira->ira_flags & IRAF_IPSEC_SECURE)
4112 ipsec_in_release_refs(ip_recv_attr_t *ira)
4114 	if (!(ira->ira_flags & IRAF_IPSEC_SECURE))
4117 	if (ira->ira_ipsec_ah_sa != NULL) {
4118 		IPSA_REFRELE(ira->ira_ipsec_ah_sa);
4119 		ira->ira_ipsec_ah_sa = NULL;
4121 	if (ira->ira_ipsec_esp_sa != NULL) {
4122 		IPSA_REFRELE(ira->ira_ipsec_esp_sa);
4123 		ira->ira_ipsec_esp_sa = NULL;
4125 	ira->ira_flags &= ~IRAF_IPSEC_SECURE;
4135  * The caller should do ipsec_in_release_refs() on the ira by calling
4139 ipsec_out_to_in(ip_xmit_attr_t *ixa, ill_t *ill, ip_recv_attr_t *ira)
4145 	ira->ira_free_flags = 0;
4146 	ira->ira_zoneid = ixa->ixa_zoneid;
4147 	ira->ira_cred = ixa->ixa_cred;
4148 	ira->ira_cpid = ixa->ixa_cpid;
4149 	ira->ira_tsl = ixa->ixa_tsl;
4150 	ira->ira_ill = ira->ira_rill = ill;
4151 	ira->ira_flags = ixa->ixa_flags & IAF_MASK;
4152 	ira->ira_no_loop_zoneid = ixa->ixa_no_loop_zoneid;
4153 	ira->ira_pktlen = ixa->ixa_pktlen;
4154 	ira->ira_ip_hdr_length = ixa->ixa_ip_hdr_length;
4155 	ira->ira_protocol = ixa->ixa_protocol;
4156 	ira->ira_mhip = NULL;
4158 	ira->ira_flags |= IRAF_LOOPBACK | IRAF_L2SRC_LOOPBACK;
4160 	ira->ira_sqp = ixa->ixa_sqp;
4161 	ira->ira_ring = NULL;
4163 	ira->ira_ruifindex = ill->ill_phyint->phyint_ifindex;
4164 	ira->ira_rifindex = ira->ira_ruifindex;
4169 	ira->ira_flags |= IRAF_IPSEC_SECURE;
4171 	ira->ira_ipsec_ah_sa = NULL;
4172 	ira->ira_ipsec_esp_sa = NULL;
4183 	ira->ira_ipsec_action = act;
5543 ipsec_tun_inbound(ip_recv_attr_t *ira, mblk_t *data_mp, ipsec_tun_pol_t *itp,
5614 			if (!(ira->ira_flags & IRAF_IPSEC_SECURE)) {
5662 			mp = ip_recv_attr_to_mblk(ira);
5783 			if (!(ira->ira_flags & IRAF_IPSEC_SECURE)) {
5815 				    ira, ns);
5851 	if ((ira->ira_flags & IRAF_IPSEC_SECURE) && !global_present) {
5852 		if (ira->ira_flags & IRAF_TRUSTED_ICMP) {
5890 	    outer_ipv6, ira, ns);

Indexes created Tue Jul 24 14:28:13 CEST 2018