732 spd_convert_type(uint32_t type, ipsec_act_t *act)
736 		act->ipa_type = IPSEC_ACT_DISCARD;
740 		act->ipa_type = IPSEC_ACT_CLEAR;
744 		act->ipa_type = IPSEC_ACT_APPLY;
751 spd_convert_flags(uint32_t flags, ipsec_act_t *act)
756 	act->ipa_apply.ipp_use_ah = !!(flags & SPD_APPLY_AH);
757 	act->ipa_apply.ipp_use_esp = !!(flags & SPD_APPLY_ESP);
758 	act->ipa_apply.ipp_use_espa = !!(flags & SPD_APPLY_ESPA);
759 	act->ipa_apply.ipp_use_se = !!(flags & SPD_APPLY_SE);
760 	act->ipa_apply.ipp_use_unique = !!(flags & SPD_APPLY_UNIQUE);
765 spdsock_reset_act(ipsec_act_t *act)
767 	bzero(act, sizeof (*act));
768 	act->ipa_apply.ipp_espe_maxbits = IPSEC_MAX_KEYBITS;
769 	act->ipa_apply.ipp_espa_maxbits = IPSEC_MAX_KEYBITS;
770 	act->ipa_apply.ipp_ah_maxbits = IPSEC_MAX_KEYBITS;
777 spdsock_check_action(ipsec_act_t *act, boolean_t tunnel_polhead, int *diag,
780 	if (tunnel_polhead && act->ipa_apply.ipp_use_unique) {
784 	if ((act->ipa_type != IPSEC_ACT_APPLY) &&
785 	    (act->ipa_apply.ipp_use_ah ||
786 	    act->ipa_apply.ipp_use_esp ||
787 	    act->ipa_apply.ipp_use_espa ||
788 	    act->ipa_apply.ipp_use_se ||
789 	    act->ipa_apply.ipp_use_unique)) {
793 	if ((act->ipa_type == IPSEC_ACT_APPLY) &&
794 	    !act->ipa_apply.ipp_use_ah &&
795 	    !act->ipa_apply.ipp_use_esp) {
799 	return (ipsec_check_action(act, diag, spds->spds_netstack));
811 	ipsec_act_t act, *actp, *endactp;
848 	spdsock_reset_act(&act);
857 			spdsock_reset_act(&act);
868 			if (!spdsock_check_action(&act, tunnel_polhead,
871 			*actp++ = act;
872 			spdsock_reset_act(&act);
876 			if (!spd_convert_type(attrp->spd_attr_value, &act)) {
890 			if (!spd_convert_flags(attrp->spd_attr_value, &act)) {
901 			act.ipa_apply.ipp_auth_alg = attrp->spd_attr_value;
909 			act.ipa_apply.ipp_encr_alg = attrp->spd_attr_value;
917 			act.ipa_apply.ipp_esp_auth_alg = attrp->spd_attr_value;
921 			act.ipa_apply.ipp_espe_minbits = attrp->spd_attr_value;
925 			act.ipa_apply.ipp_espe_maxbits = attrp->spd_attr_value;
929 			act.ipa_apply.ipp_ah_minbits = attrp->spd_attr_value;
933 			act.ipa_apply.ipp_ah_maxbits = attrp->spd_attr_value;
937 			act.ipa_apply.ipp_espa_minbits = attrp->spd_attr_value;
941 			act.ipa_apply.ipp_espa_maxbits = attrp->spd_attr_value;
951 			act.ipa_apply.ipp_km_proto = attrp->spd_attr_value;
955 			act.ipa_apply.ipp_km_cookie = attrp->spd_attr_value;
959 			act.ipa_apply.ipp_replay_depth = attrp->spd_attr_value;
1633 	const struct ipsec_act *act = &(ap->ipa_act);
1637 	switch (act->ipa_type) {
1650 		if (act->ipa_apply.ipp_use_ah)
1652 		if (act->ipa_apply.ipp_use_esp)
1654 		if (act->ipa_apply.ipp_use_espa)
1656 		if (act->ipa_apply.ipp_use_se)
1658 		if (act->ipa_apply.ipp_use_unique)
1662 			EMIT(SPD_ATTR_AH_AUTH, act->ipa_apply.ipp_auth_alg);
1664 			    act->ipa_apply.ipp_ah_minbits);
1666 			    act->ipa_apply.ipp_ah_maxbits);
1669 			EMIT(SPD_ATTR_ESP_ENCR, act->ipa_apply.ipp_encr_alg);
1671 			    act->ipa_apply.ipp_espe_minbits);
1673 			    act->ipa_apply.ipp_espe_maxbits);
1676 				    act->ipa_apply.ipp_esp_auth_alg);
1678 				    act->ipa_apply.ipp_espa_minbits);
1680 				    act->ipa_apply.ipp_espa_maxbits);
1683 		if (act->ipa_apply.ipp_km_proto != 0)
1684 			EMIT(SPD_ATTR_KM_PROTO, act->ipa_apply.ipp_km_proto);
1685 		if (act->ipa_apply.ipp_km_cookie != 0)
1686 			EMIT(SPD_ATTR_KM_PROTO, act->ipa_apply.ipp_km_cookie);
1687 		if (act->ipa_apply.ipp_replay_depth != 0)
1689 			    act->ipa_apply.ipp_replay_depth);
1701 	struct spd_ext_actions *act;
1708 		act = (struct spd_ext_actions *)(base + offset);
1709 		act->spd_actions_len = 0;
1710 		act->spd_actions_exttype = SPD_EXT_ACTION;
1711 		act->spd_actions_count = 0;
1712 		act->spd_actions_reserved = 0;
1715 	offset += sizeof (*act);
1732 		act->spd_actions_count = nact;
1733 		act->spd_actions_len = SPD_8TO64(offset - start);
2266 	struct spd_ext_actions *act;
2316 	act = (struct spd_ext_actions *)cur;
2317 	cur += sizeof (*act);
2319 	act->spd_actions_len = SPD_8TO64(size - sizeof (spd_msg_t));
2320 	act->spd_actions_exttype = SPD_EXT_ACTION;
2321 	act->spd_actions_count = algcount;
2322 	act->spd_actions_reserved = 0;
2398 	struct spd_ext_actions *act;
2459 	act = (struct spd_ext_actions *)cur;
2460 	cur += sizeof (*act);
2462 	act->spd_actions_len = SPD_8TO64(size - sizeof (spd_msg_t));
2463 	act->spd_actions_exttype = SPD_EXT_ACTION;
2464 	act->spd_actions_count = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] +
2466 	act->spd_actions_reserved = 0;
2472 	if (act->spd_actions_count == 0) {
2473 		act->spd_actions_len = 0;
2782  * the request until IPsec loads. If IPsec is loaded, act on it
2825 		 * IPsec is loaded, act on the message immediately.
2883  * act on ALL policy heads.

Indexes created Tue Jul 24 14:28:13 CEST 2018