<dec f='src/src/sys/netipsec/key.h' l='80' type='struct secasvar * key_allocsa(const union sockaddr_union * , u_int , u_int32_t , u_int16_t , u_int16_t , const char * , int )'/>
<use f='src/src/sys/netipsec/ipsec_input.c' l='215' macro='1' u='c'/>
<use f='src/src/sys/netipsec/ipsec_netbsd.c' l='108' macro='1' u='c'/>
<use f='src/src/sys/netipsec/ipsec_netbsd.c' l='156' macro='1' u='c'/>
<use f='src/src/sys/netipsec/ipsec_netbsd.c' l='239' macro='1' u='c'/>
<use f='src/src/sys/netipsec/ipsec_netbsd.c' l='345' macro='1' u='c'/>
<def f='src/src/sys/netipsec/key.c' l='1080' ll='1208' type='struct secasvar * key_allocsa(const union sockaddr_union * dst, u_int proto, u_int32_t spi, u_int16_t sport, u_int16_t dport, const char * where, int tag)'/>
<doc f='src/src/sys/netipsec/key.c' l='1063'>/*
 * allocating a usable SA entry for a *INBOUND* packet.
 * Must call key_freesav() later.
 * OUT: positive:	pointer to a usable sav (i.e. MATURE or DYING state).
 *	NULL:		not found, or error occurred.
 *
 * In the comparison, no source address is used--for RFC2401 conformance.
 * To quote, from section 4.1:
 *	A security association is uniquely identified by a triple consisting
 *	of a Security Parameter Index (SPI), an IP Destination Address, and a
 *	security protocol (AH or ESP) identifier.
 * Note that, however, we do need to keep source address in IPsec SA.
 * IKE specification and PF_KEY specification do assume that we
 * keep source address in IPsec SA.  We see a tricky situation here.
 *
 * sport and dport are used for NAT-T. network order is always used.
 */</doc>
<use f='src/src/sys/netipsec/xform_ah.c' l='847' macro='1' u='c'/>
<use f='src/src/sys/netipsec/xform_ah.c' l='1251' macro='1' u='c'/>
<use f='src/src/sys/netipsec/xform_esp.c' l='533' macro='1' u='c'/>
<use f='src/src/sys/netipsec/xform_esp.c' l='977' macro='1' u='c'/>
<use f='src/src/sys/netipsec/xform_ipcomp.c' l='259' macro='1' u='c'/>
<use f='src/src/sys/netipsec/xform_ipcomp.c' l='528' macro='1' u='c'/>
