141 #define	RESET_SPDSOCK_DUMP_POLHEAD(ss, iph) { \
142 	ASSERT(RW_READ_HELD(&(iph)->iph_lock)); \
143 	(ss)->spdsock_dump_head = (iph); \
144 	(ss)->spdsock_dump_gen = (iph)->iph_gen; \
574 	ipsec_policy_head_t *iph;
576 	iph = active ? itp->itp_policy : itp->itp_inactive;
577 	IPPH_REFHOLD(iph);
579 	spdsock_flush_one(iph, ns);  /* Releases iph refhold. */
593 spdsock_flush_one(ipsec_policy_head_t *iph, netstack_t *ns)
595 	rw_enter(&iph->iph_lock, RW_WRITER);
596 	ipsec_polhead_flush(iph, ns);
597 	rw_exit(&iph->iph_lock);
598 	IPPH_REFRELE(iph, ns);
602 spdsock_flush(queue_t *q, ipsec_policy_head_t *iph, ipsec_tun_pol_t *itp,
610 	if (iph != ALL_ACTIVE_POLHEADS && iph != ALL_INACTIVE_POLHEADS) {
611 		spdsock_flush_one(iph, ns);
623 		active = (iph == ALL_ACTIVE_POLHEADS);
982 mkrule(ipsec_policy_head_t *iph, struct spd_rule *rule,
1000 	if (!ipsec_check_policy(iph, pol, dir))
1008 mkrulepair(ipsec_policy_head_t *iph, struct spd_rule *rule,
1015 		error = mkrule(iph, rule, sel, actp, nact, dir, IPSL_IPV4, rp,
1021 		error = mkrule(iph, rule, sel, actp, nact, dir, IPSL_IPV6, rp,
1031 spdsock_addrule(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp,
1066 		ASSERT(itp->itp_policy == iph || itp->itp_inactive == iph);
1067 		active = (itp->itp_policy == iph);
1068 		if (ITP_P_ISACTIVE(itp, iph)) {
1070 			if ((tunnel_mode && !ITP_P_ISTUNNEL(itp, iph)) ||
1071 			    (!tunnel_mode && ITP_P_ISTUNNEL(itp, iph))) {
1132 	rw_enter(&iph->iph_lock, RW_WRITER);
1135 		error = mkrulepair(iph, rule, &sel, actp, nact,
1142 		error = mkrulepair(iph, rule, &sel, actp, nact,
1149 		ipsec_enter_policy(iph, rulep->pol, rulep->dir,
1152 	rw_exit(&iph->iph_lock);
1171 	rw_exit(&iph->iph_lock);
1195 spdsock_deleterule(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp,
1230 		if (ipsec_policy_delete_index(iph, rule->spd_rule_index, ns) !=
1242 		    !ipsec_policy_delete(iph, &sel, IPSEC_TYPE_INBOUND, ns)) {
1248 		    !ipsec_policy_delete(iph, &sel, IPSEC_TYPE_OUTBOUND, ns)) {
1255 		ASSERT(iph == itp->itp_policy || iph == itp->itp_inactive);
1256 		rw_enter(&iph->iph_lock, RW_READER);
1257 		if (avl_numnodes(&iph->iph_rulebyid) == 0) {
1258 			if (iph == itp->itp_policy)
1264 		rw_exit(&iph->iph_lock);
1404 spdsock_lookup(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp,
1412 spdsock_dump_ruleset(mblk_t *req, ipsec_policy_head_t *iph,
1420 	ASSERT(RW_READ_HELD(&iph->iph_lock));
1437 	ruleset->spd_ruleset_version = iph->iph_gen;
1445 	ipsec_policy_head_t *iph = ss->spdsock_dump_head;
1449 	rw_enter(&iph->iph_lock, RW_READER);
1450 	m = spdsock_dump_ruleset(req, iph, ss->spdsock_dump_count, error);
1451 	rw_exit(&iph->iph_lock);
1452 	IPPH_REFRELE(iph, ns);
1858 spdsock_dump_next_in_chain(spdsock_t *ss, ipsec_policy_head_t *iph,
1861 	ASSERT(RW_READ_HELD(&iph->iph_lock));
1869 spdsock_dump_next_rule(spdsock_t *ss, ipsec_policy_head_t *iph)
1875 	ASSERT(RW_READ_HELD(&iph->iph_lock));
1880 		return (spdsock_dump_next_in_chain(ss, iph, cur));
1886 	ipr = &iph->iph_root[type];
1894 			return (spdsock_dump_next_in_chain(ss, iph, cur));
1905 			return (spdsock_dump_next_in_chain(ss, iph, cur));
1954 	ipsec_policy_head_t *iph;
1961 	iph = ss->spdsock_dump_head;
1963 	ASSERT(iph != NULL);
1965 	rw_enter(&iph->iph_lock, RW_READER);
1967 	if (iph->iph_gen != ss->spdsock_dump_gen) {
1968 		rw_exit(&iph->iph_lock);
1972 	while ((rule = spdsock_dump_next_rule(ss, iph)) == NULL) {
1973 		rw_exit(&iph->iph_lock);
2004 			iph = itp->itp_policy;
2008 			iph = itp->itp_inactive;
2010 		IPPH_REFHOLD(iph);
2013 		rw_enter(&iph->iph_lock, RW_READER);
2014 		RESET_SPDSOCK_DUMP_POLHEAD(ss, iph);
2021 	rw_exit(&iph->iph_lock);
2061 spdsock_dump(queue_t *q, ipsec_policy_head_t *iph, mblk_t *mp)
2069 	if (iph == ALL_ACTIVE_POLHEADS || iph == ALL_INACTIVE_POLHEADS) {
2075 		if (iph == ALL_ACTIVE_POLHEADS) {
2076 			iph = ipsec_system_policy(ns);
2079 			iph = ipsec_inactive_policy(ns);
2087 	rw_enter(&iph->iph_lock, RW_READER);
2089 	mr = spdsock_dump_ruleset(mp, iph, 0, 0);
2092 		rw_exit(&iph->iph_lock);
2098 	RESET_SPDSOCK_DUMP_POLHEAD(ss, iph);
2100 	rw_exit(&iph->iph_lock);
2890 	ipsec_policy_head_t *iph;
2958 		iph = (itp == NULL) ? ipsec_system_policy(ns) : itp->itp_policy;
2960 		iph = (itp == NULL) ? ipsec_inactive_policy(ns) :
2963 	ASSERT(iph != NULL);
2965 		IPPH_REFHOLD(iph);
2968 	return (iph);
2977 	ipsec_policy_head_t *iph;
3096 	iph = get_appropriate_polhead(q, mp, tunname, spmsg->spd_msg_spdid,
3098 	if (iph == NULL)
3113 		spdsock_flush(q, iph, itp, mp);
3124 		spdsock_dump(q, iph, mp);
3128 	if (iph == ALL_ACTIVE_POLHEADS || iph == ALL_INACTIVE_POLHEADS) {
3136 		spdsock_addrule(q, iph, mp, extv, itp);
3139 		spdsock_deleterule(q, iph, mp, extv, itp);
3142 		spdsock_lookup(q, iph, mp, extv, itp);
3149 	IPPH_REFRELE(iph, ns);

Indexes created Tue Jul 24 14:28:13 CEST 2018