Home | History | Annotate | Download | only in netipsec

Lines Matching defs:policy

144 	.policy		= IPSEC_POLICY_ENTRUST,
189  * Try to validate and use cached policy on a PCB.
242 		 * - incoming side looks up policy after inpcb lookup
282 			switch (pcbsp->sp_cache[dir].cachesp->policy) {
373 	if (sp->policy != IPSEC_POLICY_DISCARD &&
374 	    sp->policy != IPSEC_POLICY_NONE) {
375 		IPSECLOG(LOG_INFO, "fixed system default policy: %d->%d\n",
376 		    sp->policy, IPSEC_POLICY_NONE);
377 		sp->policy = IPSEC_POLICY_NONE;
406 	struct secpolicy *currsp = NULL;	/* policy on socket */
460 		switch (currsp->policy) {
468 			/* look for a policy in SPD */
478 			IPSECLOG(LOG_ERR, "Invalid policy for PCB %d\n",
479 			    currsp->policy);
483 	} else {				/* unpriv, SPD has policy */
489 			switch (currsp->policy) {
491 				IPSECLOG(LOG_ERR, "Illegal policy for "
493 				    currsp->policy);
507 				IPSECLOG(LOG_ERR, "Invalid policy for "
508 				    "PCB %d\n", currsp->policy);
514 	KASSERTMSG(sp != NULL, "null SP (priv %u policy %u", pcbsp->priv,
515 	    currsp->policy);
517 	    "DP (priv %u policy %u) allocates SP:%p (refcnt %u)\n",
518 	    pcbsp->priv, currsp->policy, sp, key_sp_refcnt(sp));
526  * OUT:	positive: a pointer to the entry for security policy leaf matched.
545 	/* Make an index to look for a policy. */
588 	switch (sp->policy) {
591 		printf("%s: invalid policy %u\n", __func__, sp->policy);
625 	 * Check the security policy (SP) for the packet and, if required,
630 	 * bypass the lookup and related policy checking.
642 	 *	sp != NULL                    apply IPsec policy
805  * configure security policy index (src/dst/proto/sport/dport)
1090 ipsec_init_pcbpolicy(struct socket *so, struct inpcbpolicy **policy)
1095 	KASSERT(policy != NULL);
1114 	*policy = new;
1141 	struct secpolicy **policy;
1158 		policy = &inp->inp_sp->sp_in;
1161 		policy = &inp->inp_sp->sp_out;
1170 	if (policy == NULL || *policy == NULL)
1174 		kdebug_sadb_xpolicy("set passed policy", request);
1177 	/* check policy type */
1201 	oldsp = *policy;
1202 	*policy = newsp;
1206 		printf("%s: new policy\n", __func__);
1218 	struct secpolicy *policy;
1231 		policy = inp->inp_sp->sp_in;
1234 		policy = inp->inp_sp->sp_out;
1242 	if (policy == NULL)
1245 	*mp = key_sp2msg(policy, M_NOWAIT);
1377  * Check security policy requirements against the actual packet contents.
1392 	/* check policy */
1393 	switch (sp->policy) {
1401 	KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC,
1402 	    "invalid policy %u", sp->policy);
1404 	/* XXX should compare policy against ipsec header history */
1428 			 * packets, IPComp policy should always be
1439  * Check security policy requirements.
1483 	switch (sp->policy) {
1490 	KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC,
1491 	    "invalid policy %u", sp->policy);
1808 	 *	sp != NULL                    apply IPsec policy