703 * ixa_ipsec_action for the transmit side.
704 *
705 * As an optimization, we also cache soft references to IPsec SA's in
706 * ip_xmit_attr_t so that we can fast-path around most of the work needed for
707 * outbound IPsec SA selection.
708 */
709 typedef struct ipsec_latch_s
710 {
711 kmutex_t ipl_lock;
712 uint32_t ipl_refcnt;
713
714 struct ipsid_s *ipl_local_cid;
715 struct ipsid_s *ipl_remote_cid;
716 unsigned int
717 ipl_ids_latched : 1,
718
719 ipl_pad_to_bit_31 : 31;
720 } ipsec_latch_t;
721
722 #define IPLATCH_REFHOLD(ipl) { \
723 atomic_add_32(&(ipl)->ipl_refcnt, 1); \
724 ASSERT((ipl)->ipl_refcnt != 0); \
725 }
726
727 #define IPLATCH_REFRELE(ipl) { \
728 ASSERT((ipl)->ipl_refcnt != 0); \
729 membar_exit(); \
730 if (atomic_add_32_nv(&(ipl)->ipl_refcnt, -1) == 0) \
731 iplatch_free(ipl); \
732 }
733
734 /*
735 * peer identity structure.
736 */
737 typedef struct conn_s conn_t;
738
739 /*
740 * This is used to match an inbound/outbound datagram with policy.
741 */
742 typedef struct ipsec_selector {
743 in6_addr_t ips_local_addr_v6;
744 in6_addr_t ips_remote_addr_v6;
745 uint16_t ips_local_port;
746 uint16_t ips_remote_port;
747 uint8_t ips_icmp_type;
748 uint8_t ips_icmp_code;
749 uint8_t ips_protocol;
750 uint8_t ips_isv4 : 1,
|
703 * ixa_ipsec_action for the transmit side.
704 *
705 * As an optimization, we also cache soft references to IPsec SA's in
706 * ip_xmit_attr_t so that we can fast-path around most of the work needed for
707 * outbound IPsec SA selection.
708 */
709 typedef struct ipsec_latch_s
710 {
711 kmutex_t ipl_lock;
712 uint32_t ipl_refcnt;
713
714 struct ipsid_s *ipl_local_cid;
715 struct ipsid_s *ipl_remote_cid;
716 unsigned int
717 ipl_ids_latched : 1,
718
719 ipl_pad_to_bit_31 : 31;
720 } ipsec_latch_t;
721
722 #define IPLATCH_REFHOLD(ipl) { \
723 atomic_inc_32(&(ipl)->ipl_refcnt); \
724 ASSERT((ipl)->ipl_refcnt != 0); \
725 }
726
727 #define IPLATCH_REFRELE(ipl) { \
728 ASSERT((ipl)->ipl_refcnt != 0); \
729 membar_exit(); \
730 if (atomic_dec_32_nv(&(ipl)->ipl_refcnt) == 0) \
731 iplatch_free(ipl); \
732 }
733
734 /*
735 * peer identity structure.
736 */
737 typedef struct conn_s conn_t;
738
739 /*
740 * This is used to match an inbound/outbound datagram with policy.
741 */
742 typedef struct ipsec_selector {
743 in6_addr_t ips_local_addr_v6;
744 in6_addr_t ips_remote_addr_v6;
745 uint16_t ips_local_port;
746 uint16_t ips_remote_port;
747 uint8_t ips_icmp_type;
748 uint8_t ips_icmp_code;
749 uint8_t ips_protocol;
750 uint8_t ips_isv4 : 1,
|