6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 * Copyright (c) 2016 by Delphix. All rights reserved.
26 */
27
28 /*
29 * IPsec Security Policy Database.
30 *
31 * This module maintains the SPD and provides routines used by ip and ip6
32 * to apply IPsec policy to inbound and outbound datagrams.
33 */
34
35 #include <sys/types.h>
36 #include <sys/stream.h>
37 #include <sys/stropts.h>
38 #include <sys/sysmacros.h>
39 #include <sys/strsubr.h>
40 #include <sys/strsun.h>
41 #include <sys/strlog.h>
42 #include <sys/strsun.h>
43 #include <sys/cmn_err.h>
44 #include <sys/zone.h>
45
4671 }
4672
4673 /*
4674 * Free identity table (preparatory to module unload)
4675 */
4676 static void
4677 ipsid_fini(netstack_t *ns)
4678 {
4679 ipsif_t *bucket;
4680 int i;
4681 ipsec_stack_t *ipss = ns->netstack_ipsec;
4682
4683 for (i = 0; i < IPSID_HASHSIZE; i++) {
4684 bucket = &ipss->ipsec_ipsid_buckets[i];
4685 ASSERT(bucket->ipsif_head == NULL);
4686 mutex_destroy(&bucket->ipsif_lock);
4687 }
4688 }
4689
4690 /*
4691 * Update the minimum and maximum supported key sizes for the
4692 * specified algorithm. Must be called while holding the algorithms lock.
4693 */
4694 void
4695 ipsec_alg_fix_min_max(ipsec_alginfo_t *alg, ipsec_algtype_t alg_type,
4696 netstack_t *ns)
4697 {
4698 size_t crypto_min = (size_t)-1, crypto_max = 0;
4699 size_t cur_crypto_min, cur_crypto_max;
4700 boolean_t is_valid;
4701 crypto_mechanism_info_t *mech_infos;
4702 uint_t nmech_infos;
4703 int crypto_rc, i;
4704 crypto_mech_usage_t mask;
4705 ipsec_stack_t *ipss = ns->netstack_ipsec;
4706
4707 ASSERT(RW_WRITE_HELD(&ipss->ipsec_alg_lock));
4708
4709 /*
4710 * Compute the min, max, and default key sizes (in number of
4711 * increments to the default key size in bits) as defined
4712 * by the algorithm mappings. This range of key sizes is used
|
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 * Copyright (c) 2016 by Delphix. All rights reserved.
26 * Copyright (c) 2017, Joyent, Inc.
27 */
28
29 /*
30 * IPsec Security Policy Database.
31 *
32 * This module maintains the SPD and provides routines used by ip and ip6
33 * to apply IPsec policy to inbound and outbound datagrams.
34 */
35
36 #include <sys/types.h>
37 #include <sys/stream.h>
38 #include <sys/stropts.h>
39 #include <sys/sysmacros.h>
40 #include <sys/strsubr.h>
41 #include <sys/strsun.h>
42 #include <sys/strlog.h>
43 #include <sys/strsun.h>
44 #include <sys/cmn_err.h>
45 #include <sys/zone.h>
46
4672 }
4673
4674 /*
4675 * Free identity table (preparatory to module unload)
4676 */
4677 static void
4678 ipsid_fini(netstack_t *ns)
4679 {
4680 ipsif_t *bucket;
4681 int i;
4682 ipsec_stack_t *ipss = ns->netstack_ipsec;
4683
4684 for (i = 0; i < IPSID_HASHSIZE; i++) {
4685 bucket = &ipss->ipsec_ipsid_buckets[i];
4686 ASSERT(bucket->ipsif_head == NULL);
4687 mutex_destroy(&bucket->ipsif_lock);
4688 }
4689 }
4690
4691 /*
4692 * Update the minimum and maximum supported key sizes for the specified
4693 * algorithm, which is either a member of a netstack alg array or about to be,
4694 * and therefore must be called holding ipsec_alg_lock for write.
4695 */
4696 void
4697 ipsec_alg_fix_min_max(ipsec_alginfo_t *alg, ipsec_algtype_t alg_type,
4698 netstack_t *ns)
4699 {
4700 size_t crypto_min = (size_t)-1, crypto_max = 0;
4701 size_t cur_crypto_min, cur_crypto_max;
4702 boolean_t is_valid;
4703 crypto_mechanism_info_t *mech_infos;
4704 uint_t nmech_infos;
4705 int crypto_rc, i;
4706 crypto_mech_usage_t mask;
4707 ipsec_stack_t *ipss = ns->netstack_ipsec;
4708
4709 ASSERT(RW_WRITE_HELD(&ipss->ipsec_alg_lock));
4710
4711 /*
4712 * Compute the min, max, and default key sizes (in number of
4713 * increments to the default key size in bits) as defined
4714 * by the algorithm mappings. This range of key sizes is used
|