diff options
author | itojun <itojun@FreeBSD.org> | 2000-07-04 16:35:15 +0000 |
---|---|---|
committer | itojun <itojun@FreeBSD.org> | 2000-07-04 16:35:15 +0000 |
commit | 5f4e854de19331a53788d6100bbcd42845056bc1 (patch) | |
tree | 3ff8c876a5868b103fb8713055d83e29a3fa38d5 /sys/netkey/keydb.h | |
parent | bdc16885232d771a99d7dfc247cd27a44cd061f9 (diff) | |
download | FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.zip FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.tar.gz |
sync with kame tree as of july00. tons of bug fixes/improvements.
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
(also syntax change)
Diffstat (limited to 'sys/netkey/keydb.h')
-rw-r--r-- | sys/netkey/keydb.h | 120 |
1 files changed, 74 insertions, 46 deletions
diff --git a/sys/netkey/keydb.h b/sys/netkey/keydb.h index af4b3ba..fcb478c 100644 --- a/sys/netkey/keydb.h +++ b/sys/netkey/keydb.h @@ -1,3 +1,6 @@ +/* $FreeBSD$ */ +/* $KAME: keydb.h,v 1.11 2000/06/15 12:20:50 sakane Exp $ */ + /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -25,86 +28,94 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $FreeBSD$ */ #ifndef _NETKEY_KEYDB_H_ -#define _NETKEY_KEYDB_H_ +#define _NETKEY_KEYDB_H_ #ifdef _KERNEL +#include <netkey/key_var.h> + /* Security Assocciation Index */ -/* NOTE: Encure to be same address family */ +/* NOTE: Ensure to be same address family */ struct secasindex { - struct sockaddr_storage src; /* srouce address for SA */ - struct sockaddr_storage dst; /* destination address for SA */ - u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */ - u_int8_t mode; /* mode of protocol, see ipsec.h */ + struct sockaddr_storage src; /* srouce address for SA */ + struct sockaddr_storage dst; /* destination address for SA */ + u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */ + u_int8_t mode; /* mode of protocol, see ipsec.h */ + u_int32_t reqid; /* reqid id who owned this SA */ + /* see IPSEC_MANUAL_REQID_MAX. */ }; /* Security Association Data Base */ struct secashead { LIST_ENTRY(secashead) chain; - struct secasindex saidx; - struct secpolicyindex *owner; /* Indicate it who owned its SA. */ - /* If NULL then it's shared SA */ + struct secasindex saidx; + + struct sadb_ident *idents; /* source identity */ + struct sadb_ident *identd; /* destination identity */ + /* XXX I don't know how to use them. */ - u_int8_t state; /* MATURE or DEAD. */ + u_int8_t state; /* MATURE or DEAD. */ LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1]; /* SA chain */ /* The first of this list is newer SA */ - struct route sa_route; /* XXX */ + struct route sa_route; /* route cache */ }; /* Security Association */ struct secasvar { LIST_ENTRY(secasvar) chain; - int refcnt; /* reference count */ - u_int8_t state; /* Status of this Association */ - - u_int8_t alg_auth; /* Authentication Algorithm Identifier*/ - u_int8_t alg_enc; /* Cipher Algorithm Identifier */ - u_int32_t spi; /* SPI Value, network byte order */ - u_int32_t flags; /* holder for SADB_KEY_FLAGS */ - - struct sadb_key *key_auth; /* Key for Authentication */ - /* length has been shifted up to 3. */ - struct sadb_key *key_enc; /* Key for Encryption */ - /* length has been shifted up to 3. */ - caddr_t iv; /* Initilization Vector */ - u_int ivlen; /* length of IV */ + int refcnt; /* reference count */ + u_int8_t state; /* Status of this Association */ + + u_int8_t alg_auth; /* Authentication Algorithm Identifier*/ + u_int8_t alg_enc; /* Cipher Algorithm Identifier */ + u_int32_t spi; /* SPI Value, network byte order */ + u_int32_t flags; /* holder for SADB_KEY_FLAGS */ + + struct sadb_key *key_auth; /* Key for Authentication */ + struct sadb_key *key_enc; /* Key for Encryption */ + caddr_t iv; /* Initilization Vector */ + u_int ivlen; /* length of IV */ +#if 0 + caddr_t misc1; + caddr_t misc2; + caddr_t misc3; +#endif - struct secreplay *replay; /* replay prevention */ - u_int32_t tick; /* for lifetime */ + struct secreplay *replay; /* replay prevention */ + u_int32_t tick; /* for lifetime */ - struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ - struct sadb_lifetime *lft_h; /* HARD lifetime */ - struct sadb_lifetime *lft_s; /* SOFT lifetime */ + struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ + struct sadb_lifetime *lft_h; /* HARD lifetime */ + struct sadb_lifetime *lft_s; /* SOFT lifetime */ - u_int32_t seq; /* sequence number */ - pid_t pid; /* message's pid */ + u_int32_t seq; /* sequence number */ + pid_t pid; /* message's pid */ - struct secashead *sah; /* back pointer to the secashead */ + struct secashead *sah; /* back pointer to the secashead */ }; /* replay prevention */ struct secreplay { - u_int32_t count; - u_int wsize; /* window size, i.g. 4 bytes */ - u_int32_t seq; /* used by sender */ - u_int32_t lastseq; /* used by receiver */ - caddr_t bitmap; /* used by receiver */ + u_int32_t count; + u_int wsize; /* window size, i.g. 4 bytes */ + u_int32_t seq; /* used by sender */ + u_int32_t lastseq; /* used by receiver */ + caddr_t bitmap; /* used by receiver */ + int overflow; /* overflow flag */ }; /* socket table due to send PF_KEY messages. */ struct secreg { LIST_ENTRY(secreg) chain; - struct socket *so; + struct socket *so; }; #ifndef IPSEC_NONBLOCK_ACQUIRE @@ -112,24 +123,41 @@ struct secreg { struct secacq { LIST_ENTRY(secacq) chain; - struct secasindex saidx; + struct secasindex saidx; - u_int32_t seq; /* sequence number */ - u_int32_t tick; /* for lifetime */ - int count; /* for lifetime */ + u_int32_t seq; /* sequence number */ + u_int32_t tick; /* for lifetime */ + int count; /* for lifetime */ }; #endif /* Sensitivity Level Specification */ /* nothing */ -#define SADB_KILL_INTERVAL 600 /* six seconds */ +#define SADB_KILL_INTERVAL 600 /* six seconds */ struct key_cb { int key_count; int any_count; }; +/* secpolicy */ +extern struct secpolicy *keydb_newsecpolicy __P((void)); +extern void keydb_delsecpolicy __P((struct secpolicy *)); +/* secashead */ +extern struct secashead *keydb_newsecashead __P((void)); +extern void keydb_delsecashead __P((struct secashead *)); +/* secasvar */ +extern struct secasvar *keydb_newsecasvar __P((void)); +extern void keydb_refsecasvar __P((struct secasvar *)); +extern void keydb_freesecasvar __P((struct secasvar *)); +/* secreplay */ +extern struct secreplay *keydb_newsecreplay __P((size_t)); +extern void keydb_delsecreplay __P((struct secreplay *)); +/* secreg */ +extern struct secreg *keydb_newsecreg __P((void)); +extern void keydb_delsecreg __P((struct secreg *)); + #endif /* _KERNEL */ #endif /* _NETKEY_KEYDB_H_ */ |