Commit IPv6 support for FAST_IPSEC to the tree.

This commit includes only the kernel files, the rest of the files
will follow in a second commit.

Reviewed by:    bz
Approved by:    re
Supported by:   Secure Computing

5 files changed, 0 insertions, 507 deletions

diff --git a/sys/netkey/key.h b/sys/netkey/key.h
deleted file mode 100644
index e4cfe4b..0000000
--- a/sys/netkey/key.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: key.h,v 1.32 2003/09/07 05:25:20 itojun Exp $	*/
-
-/*-
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _NETKEY_KEY_H_
-#define _NETKEY_KEY_H_
-
-#ifdef _KERNEL
-
-#include <sys/queue.h>
-
-extern struct key_cb key_cb;
-
-extern TAILQ_HEAD(_satailq, secasvar) satailq;
-extern TAILQ_HEAD(_sptailq, secpolicy) sptailq;
-
-struct secpolicy;
-struct secpolicyindex;
-struct ipsecrequest;
-struct secasvar;
-struct sockaddr;
-struct socket;
-struct sadb_msg;
-struct sadb_x_policy;
-union sockaddr_union;
-
-extern struct secpolicy *key_allocsp(u_int16_t, struct secpolicyindex *,
-	u_int);
-extern struct secpolicy *key_gettunnel(struct sockaddr *,
-	struct sockaddr *, struct sockaddr *, struct sockaddr *);
-extern int key_checkrequest
-	(struct ipsecrequest *isr, struct secasindex *);
-extern struct secasvar *key_allocsa(u_int, caddr_t, caddr_t, u_int, u_int32_t);
-extern void key_freesp(struct secpolicy *);
-extern void key_freesav(struct secasvar *);
-extern struct secpolicy *key_newsp(u_int32_t);
-extern struct secpolicy *key_msg2sp(struct sadb_x_policy *, size_t, int *);
-extern struct mbuf *key_sp2msg(struct secpolicy *);
-extern int key_cmpspidx_exactly
-	(struct secpolicyindex *, struct secpolicyindex *);
-extern int key_cmpspidx_withmask
-	(struct secpolicyindex *, struct secpolicyindex *);
-extern int key_spdacquire(struct secpolicy *);
-extern void key_timehandler(void *);
-extern void key_randomfill(void *, size_t);
-extern void key_freereg(struct socket *);
-extern int key_parse(struct mbuf *, struct socket *);
-extern void key_init(void);
-extern int key_checktunnelsanity(struct secasvar *, u_int, caddr_t, caddr_t);
-extern void key_sa_recordxfer(struct secasvar *, struct mbuf *);
-extern void key_sa_routechange(struct sockaddr *);
-extern void key_sa_stir_iv(struct secasvar *);
-
-/* to keep compatibility with FAST_IPSEC */
-#define	KEY_ALLOCSA(dst, proto, spi)	\
-	key_allocsa(((struct sockaddr *)(dst))->sa_family,\
-		    (caddr_t)&(((struct sockaddr_in *)(dst))->sin_addr),\
-		    (caddr_t)&(((struct sockaddr_in *)(dst))->sin_addr),\
-		    proto, spi)
-#define	KEY_FREESAV(psav)					\
-	key_freesav(*psav)
-
-#ifdef MALLOC_DECLARE
-MALLOC_DECLARE(M_SECA);
-#endif /* MALLOC_DECLARE */
-
-#endif /* defined(_KERNEL) */
-#endif /* _NETKEY_KEY_H_ */
diff --git a/sys/netkey/key_debug.h b/sys/netkey/key_debug.h
deleted file mode 100644
index 435d923..0000000
--- a/sys/netkey/key_debug.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: key_debug.h,v 1.11 2002/11/05 03:48:34 itojun Exp $	*/
-
-/*-
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _NETKEY_KEY_DEBUG_H_
-#define _NETKEY_KEY_DEBUG_H_
-
-#ifdef _KERNEL
-/* debug flags */
-#define KEYDEBUG_STAMP		0x00000001 /* path */
-#define KEYDEBUG_DATA		0x00000002 /* data */
-#define KEYDEBUG_DUMP		0x00000004 /* dump */
-
-#define KEYDEBUG_KEY		0x00000010 /* key processing */
-#define KEYDEBUG_ALG		0x00000020 /* ciph & auth algorithm */
-#define KEYDEBUG_IPSEC		0x00000040 /* ipsec processing */
-
-#define KEYDEBUG_KEY_STAMP	(KEYDEBUG_KEY | KEYDEBUG_STAMP)
-#define KEYDEBUG_KEY_DATA	(KEYDEBUG_KEY | KEYDEBUG_DATA)
-#define KEYDEBUG_KEY_DUMP	(KEYDEBUG_KEY | KEYDEBUG_DUMP)
-#define KEYDEBUG_ALG_STAMP	(KEYDEBUG_ALG | KEYDEBUG_STAMP)
-#define KEYDEBUG_ALG_DATA	(KEYDEBUG_ALG | KEYDEBUG_DATA)
-#define KEYDEBUG_ALG_DUMP	(KEYDEBUG_ALG | KEYDEBUG_DUMP)
-#define KEYDEBUG_IPSEC_STAMP	(KEYDEBUG_IPSEC | KEYDEBUG_STAMP)
-#define KEYDEBUG_IPSEC_DATA	(KEYDEBUG_IPSEC | KEYDEBUG_DATA)
-#define KEYDEBUG_IPSEC_DUMP	(KEYDEBUG_IPSEC | KEYDEBUG_DUMP)
-
-#define KEYDEBUG(lev,arg) \
-	do { if ((key_debug_level & (lev)) == (lev)) { arg; } } while (/*CONSTCOND*/ 0)
-
-extern u_int32_t key_debug_level;
-#endif /*_KERNEL*/
-
-struct sadb_msg;
-struct sadb_ext;
-extern void kdebug_sadb(struct sadb_msg *);
-extern void kdebug_sadb_x_policy(struct sadb_ext *);
-
-#ifdef _KERNEL
-struct secpolicy;
-struct secpolicyindex;
-struct secasindex;
-struct secasvar;
-struct secreplay;
-struct mbuf;
-extern void kdebug_secpolicy(struct secpolicy *);
-extern void kdebug_secpolicyindex(struct secpolicyindex *);
-extern void kdebug_secasindex(struct secasindex *);
-extern void kdebug_secasv(struct secasvar *);
-extern void kdebug_mbufhdr(struct mbuf *);
-extern void kdebug_mbuf(struct mbuf *);
-#endif /*_KERNEL*/
-
-struct sockaddr;
-extern void kdebug_sockaddr(struct sockaddr *);
-
-extern void ipsec_hexdump(caddr_t, int);
-extern void ipsec_bindump(caddr_t, int);
-
-#endif /* _NETKEY_KEY_DEBUG_H_ */
diff --git a/sys/netkey/key_var.h b/sys/netkey/key_var.h
deleted file mode 100644
index 91b5d3b..0000000
--- a/sys/netkey/key_var.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: key_var.h,v 1.12 2001/11/06 03:48:29 itojun Exp $	*/
-
-/*-
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _NETKEY_KEY_VAR_H_
-#define _NETKEY_KEY_VAR_H_
-
-/* sysctl */
-#define KEYCTL_DEBUG_LEVEL		1
-#define KEYCTL_SPI_TRY			2
-#define KEYCTL_SPI_MIN_VALUE		3
-#define KEYCTL_SPI_MAX_VALUE		4
-#define KEYCTL_RANDOM_INT		5
-#define KEYCTL_LARVAL_LIFETIME		6
-#define KEYCTL_BLOCKACQ_COUNT		7
-#define KEYCTL_BLOCKACQ_LIFETIME	8
-#define KEYCTL_ESP_KEYMIN		9
-#define KEYCTL_ESP_AUTH			10
-#define KEYCTL_AH_KEYMIN		11
-#define KEYCTL_PREFERED_OLDSA		12
-#define KEYCTL_MAXID			13
-
-#ifdef _KERNEL
-#define _ARRAYLEN(p) (sizeof(p)/sizeof(p[0]))
-#define _KEYLEN(key) ((u_int)((key)->sadb_key_bits >> 3))
-#define _KEYBITS(key) ((u_int)((key)->sadb_key_bits))
-#define _KEYBUF(key) ((caddr_t)((caddr_t)(key) + sizeof(struct sadb_key)))
-#endif /*_KERNEL*/
-
-#endif /* _NETKEY_KEY_VAR_H_ */
diff --git a/sys/netkey/keydb.h b/sys/netkey/keydb.h
deleted file mode 100644
index b325362..0000000
--- a/sys/netkey/keydb.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: keydb.h,v 1.24 2003/09/07 15:12:10 itojun Exp $	*/
-
-/*-
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _NETKEY_KEYDB_H_
-#define _NETKEY_KEYDB_H_
-
-#ifdef _KERNEL
-
-#include <netkey/key_var.h>
-
-#ifndef _SOCKADDR_UNION_DEFINED
-#define	_SOCKADDR_UNION_DEFINED
-/*
- * The union of all possible address formats we handle.
- */
-union sockaddr_union {
-	struct sockaddr		sa;
-	struct sockaddr_in	sin;
-	struct sockaddr_in6	sin6;
-};
-#endif /* _SOCKADDR_UNION_DEFINED */
-
-/* Security Assocciation Index */
-/* NOTE: Ensure to be same address family */
-struct secasindex {
-	struct sockaddr_storage src;	/* srouce address for SA */
-	struct sockaddr_storage dst;	/* destination address for SA */
-	u_int16_t proto;		/* IPPROTO_ESP or IPPROTO_AH */
-	u_int8_t mode;			/* mode of protocol, see ipsec.h */
-	u_int32_t reqid;		/* reqid id who owned this SA */
-					/* see IPSEC_MANUAL_REQID_MAX. */
-};
-
-/* Security Association Data Base */
-struct secashead {
-	LIST_ENTRY(secashead) chain;
-
-	struct secasindex saidx;
-
-	struct sadb_ident *idents;	/* source identity */
-	struct sadb_ident *identd;	/* destination identity */
-					/* XXX I don't know how to use them. */
-
-	u_int8_t state;			/* MATURE or DEAD. */
-	LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
-					/* SA chain */
-					/* The first of this list is newer SA */
-
-	union {
-		struct route sau_route;
-		struct route_in6 sau_route6;
-	} sa_u;
-#define sa_route sa_u.sau_route
-};
-
-/* Security Association */
-struct secasvar {
-	TAILQ_ENTRY(secasvar) tailq;
-	LIST_ENTRY(secasvar) chain;
-	LIST_ENTRY(secasvar) spihash;
-
-	int refcnt;			/* reference count */
-	u_int8_t state;			/* Status of this Association */
-
-	u_int8_t alg_auth;		/* Authentication Algorithm Identifier*/
-	u_int8_t alg_enc;		/* Cipher Algorithm Identifier */
-	u_int32_t spi;			/* SPI Value, network byte order */
-	u_int32_t flags;		/* holder for SADB_KEY_FLAGS */
-
-	struct sadb_key *key_auth;	/* Key for Authentication */
-	struct sadb_key *key_enc;	/* Key for Encryption */
-	caddr_t iv;			/* Initilization Vector */
-	u_int ivlen;			/* length of IV */
-	void *sched;			/* intermediate encryption key */
-	size_t schedlen;
-
-	struct secreplay *replay;	/* replay prevention */
-	long created;			/* for lifetime */
-
-	struct sadb_lifetime *lft_c;	/* CURRENT lifetime, it's constant. */
-	struct sadb_lifetime *lft_h;	/* HARD lifetime */
-	struct sadb_lifetime *lft_s;	/* SOFT lifetime */
-
-	u_int64_t seq;			/* sequence number */
-	pid_t pid;			/* message's pid */
-
-	struct secashead *sah;		/* back pointer to the secashead */
-
-	u_int32_t id;			/* SA id */
-};
-
-/* replay prevention */
-struct secreplay {
-	u_int64_t count;
-	u_int wsize;		/* window size, i.g. 4 bytes */
-	u_int64_t seq;		/* used by sender */
-	u_int64_t lastseq;	/* used by receiver */
-	u_int8_t *bitmap;	/* used by receiver */
-	int overflow;		/* what round does the counter take. */
-};
-
-/* socket table due to send PF_KEY messages. */
-struct secreg {
-	LIST_ENTRY(secreg) chain;
-
-	struct socket *so;
-};
-
-#ifndef IPSEC_NONBLOCK_ACQUIRE
-/* acquiring list table. */
-struct secacq {
-	LIST_ENTRY(secacq) chain;
-
-	struct secasindex saidx;
-
-	u_int32_t seq;		/* sequence number */
-	long created;		/* for lifetime */
-	int count;		/* for lifetime */
-};
-#endif
-
-/* Sensitivity Level Specification */
-/* nothing */
-
-#define SADB_KILL_INTERVAL	600	/* six seconds */
-
-struct key_cb {
-	int key_count;
-	int any_count;
-};
-
-/* secpolicy */
-struct secpolicy;
-struct secpolicyindex;
-extern struct secpolicy *keydb_newsecpolicy(void);
-extern u_int32_t keydb_newspid(void);
-extern void keydb_delsecpolicy(struct secpolicy *);
-extern int keydb_setsecpolicyindex
-	(struct secpolicy *, struct secpolicyindex *);
-/* secashead */
-extern struct secashead *keydb_newsecashead(void);
-extern void keydb_delsecashead(struct secashead *);
-/* secasvar */
-extern struct secasvar *keydb_newsecasvar(void);
-extern void keydb_delsecasvar(struct secasvar *);
-/* secreplay */
-extern struct secreplay *keydb_newsecreplay(size_t);
-extern void keydb_delsecreplay(struct secreplay *);
-/* secreg */
-extern struct secreg *keydb_newsecreg(void);
-extern void keydb_delsecreg(struct secreg *);
-
-#endif /* _KERNEL */
-
-#endif /* _NETKEY_KEYDB_H_ */
diff --git a/sys/netkey/keysock.h b/sys/netkey/keysock.h
deleted file mode 100644
index 0422517..0000000
--- a/sys/netkey/keysock.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: keysock.h,v 1.9 2002/03/21 14:00:14 itojun Exp $	*/
-
-/*-
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _NETKEY_KEYSOCK_H_
-#define _NETKEY_KEYSOCK_H_
-
-/* statistics for pfkey socket */
-struct pfkeystat {
-	/* userland -> kernel */
-	u_quad_t out_total;		/* # of total calls */
-	u_quad_t out_bytes;		/* total bytecount */
-	u_quad_t out_msgtype[256];	/* message type histogram */
-	u_quad_t out_invlen;		/* invalid length field */
-	u_quad_t out_invver;		/* invalid version field */
-	u_quad_t out_invmsgtype;	/* invalid message type field */
-	u_quad_t out_tooshort;		/* msg too short */
-	u_quad_t out_nomem;		/* memory allocation failure */
-	u_quad_t out_dupext;		/* duplicate extension */
-	u_quad_t out_invexttype;	/* invalid extension type */
-	u_quad_t out_invsatype;		/* invalid sa type */
-	u_quad_t out_invaddr;		/* invalid address extension */
-	/* kernel -> userland */
-	u_quad_t in_total;		/* # of total calls */
-	u_quad_t in_bytes;		/* total bytecount */
-	u_quad_t in_msgtype[256];	/* message type histogram */
-	u_quad_t in_msgtarget[3];	/* one/all/registered */
-	u_quad_t in_nomem;		/* memory allocation failure */
-	/* others */
-	u_quad_t sockerr;		/* # of socket related errors */
-};
-
-#define KEY_SENDUP_ONE		0
-#define KEY_SENDUP_ALL		1
-#define KEY_SENDUP_REGISTERED	2
-
-#ifdef _KERNEL
-struct keycb {
-	struct rawcb kp_raw;	/* rawcb */
-	int kp_promisc;		/* promiscuous mode */
-	int kp_registered;	/* registered socket */
-};
-
-extern struct pfkeystat pfkeystat;
-
-extern int key_output(struct mbuf *m, struct socket *so);
-extern int key_usrreq(struct socket *,
-	int, struct mbuf *, struct mbuf *, struct mbuf *);
-
-extern int key_sendup_mbuf(struct socket *, struct mbuf *, int);
-#endif /* _KERNEL */
-
-#endif /*_NETKEY_KEYSOCK_H_*/