diff options
Diffstat (limited to 'sys/netipsec/ipsec.h')
| -rw-r--r-- | sys/netipsec/ipsec.h | 68 |
1 files changed, 21 insertions, 47 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 6da3fc7..df3457a 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -81,21 +81,19 @@ struct secpolicyindex { /* Security Policy Data Base */ struct secpolicy { - LIST_ENTRY(secpolicy) chain; - struct mtx lock; + TAILQ_ENTRY(secpolicy) chain; - u_int refcnt; /* reference count */ struct secpolicyindex spidx; /* selector */ - u_int32_t id; /* It's unique number on the system. */ - u_int state; /* 0: dead, others: alive */ -#define IPSEC_SPSTATE_DEAD 0 -#define IPSEC_SPSTATE_ALIVE 1 - u_int policy; /* policy_type per pfkeyv2.h */ - u_int16_t scangen; /* scan generation # */ struct ipsecrequest *req; /* pointer to the ipsec request tree, */ /* if policy == IPSEC else this value == NULL.*/ - + u_int refcnt; /* reference count */ + u_int policy; /* policy_type per pfkeyv2.h */ + u_int state; +#define IPSEC_SPSTATE_DEAD 0 +#define IPSEC_SPSTATE_ALIVE 1 + u_int32_t priority; /* priority of this policy */ + u_int32_t id; /* It's unique number on the system. */ /* * lifetime handler. * the policy can be used without limitiation if both lifetime and @@ -109,13 +107,6 @@ struct secpolicy { long validtime; /* duration this policy is valid without use */ }; -#define SECPOLICY_LOCK_INIT(_sp) \ - mtx_init(&(_sp)->lock, "ipsec policy", NULL, MTX_DEF) -#define SECPOLICY_LOCK(_sp) mtx_lock(&(_sp)->lock) -#define SECPOLICY_UNLOCK(_sp) mtx_unlock(&(_sp)->lock) -#define SECPOLICY_LOCK_DESTROY(_sp) mtx_destroy(&(_sp)->lock) -#define SECPOLICY_LOCK_ASSERT(_sp) mtx_assert(&(_sp)->lock, MA_OWNED) - /* Request for IPsec */ struct ipsecrequest { struct ipsecrequest *next; @@ -271,17 +262,6 @@ struct ipsecstat { #ifdef _KERNEL #include <sys/counter.h> -struct ipsec_output_state { - struct mbuf *m; - struct route *ro; - struct sockaddr *dst; -}; - -struct ipsec_history { - int ih_proto; - u_int32_t ih_spi; -}; - VNET_DECLARE(int, ipsec_debug); #define V_ipsec_debug VNET(ipsec_debug) @@ -294,7 +274,6 @@ VNET_DECLARE(int, ipsec_integrity); #endif VNET_PCPUSTAT_DECLARE(struct ipsecstat, ipsec4stat); -VNET_DECLARE(struct secpolicy, ip4_def_policy); VNET_DECLARE(int, ip4_esp_trans_deflev); VNET_DECLARE(int, ip4_esp_net_deflev); VNET_DECLARE(int, ip4_ah_trans_deflev); @@ -307,7 +286,6 @@ VNET_DECLARE(int, crypto_support); #define IPSECSTAT_INC(name) \ VNET_PCPUSTAT_ADD(struct ipsecstat, ipsec4stat, name, 1) -#define V_ip4_def_policy VNET(ip4_def_policy) #define V_ip4_esp_trans_deflev VNET(ip4_esp_trans_deflev) #define V_ip4_esp_net_deflev VNET(ip4_esp_net_deflev) #define V_ip4_ah_trans_deflev VNET(ip4_ah_trans_deflev) @@ -328,37 +306,36 @@ extern void ipsec_delisr(struct ipsecrequest *); struct tdb_ident; extern struct secpolicy *ipsec_getpolicy(struct tdb_ident*, u_int); struct inpcb; -extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int, u_int, - int *, struct inpcb *); -extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, - int, int *); +extern struct secpolicy *ipsec4_checkpolicy(const struct mbuf *, u_int, + int *, struct inpcb *); +extern struct secpolicy * ipsec_getpolicybyaddr(const struct mbuf *, u_int, + int *); struct inpcb; extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **); extern int ipsec_copy_policy(struct inpcbpolicy *, struct inpcbpolicy *); extern u_int ipsec_get_reqlevel(struct ipsecrequest *); -extern int ipsec_in_reject(struct secpolicy *, struct mbuf *); extern int ipsec_set_policy(struct inpcb *inp, int optname, caddr_t request, size_t len, struct ucred *cred); extern int ipsec_get_policy(struct inpcb *inpcb, caddr_t request, - size_t len, struct mbuf **mp); + size_t len, struct mbuf **mp); extern int ipsec_delete_pcbpolicy(struct inpcb *); -extern int ipsec4_in_reject(struct mbuf *, struct inpcb *); +extern int ipsec4_in_reject(const struct mbuf *, struct inpcb *); struct secas; struct tcpcb; extern int ipsec_chkreplay(u_int32_t, struct secasvar *); extern int ipsec_updatereplay(u_int32_t, struct secasvar *); -extern size_t ipsec_hdrsiz(struct mbuf *, u_int, struct inpcb *); +extern size_t ipsec_hdrsiz(const struct mbuf *, u_int, struct inpcb *); extern size_t ipsec_hdrsiz_tcp(struct tcpcb *); union sockaddr_union; -extern char * ipsec_address(union sockaddr_union* sa); -extern const char *ipsec_logsastr(struct secasvar *); +extern char *ipsec_address(union sockaddr_union *, char *, socklen_t); +extern char *ipsec_logsastr(struct secasvar *, char *, size_t); -extern void ipsec_dumpmbuf(struct mbuf *); +extern void ipsec_dumpmbuf(const struct mbuf *); struct m_tag; extern void ah4_input(struct mbuf *m, int off); @@ -366,15 +343,12 @@ extern void ah4_ctlinput(int cmd, struct sockaddr *sa, void *); extern void esp4_input(struct mbuf *m, int off); extern void esp4_ctlinput(int cmd, struct sockaddr *sa, void *); extern void ipcomp4_input(struct mbuf *m, int off); -extern int ipsec4_common_input(struct mbuf *m, ...); +extern int ipsec_common_input(struct mbuf *m, int, int, int, int); extern int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, - int skip, int protoff, struct m_tag *mt); -extern int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *, - int, int); + int skip, int protoff); +extern int ipsec4_process_packet(struct mbuf *, struct ipsecrequest *); extern int ipsec_process_done(struct mbuf *, struct ipsecrequest *); -extern struct mbuf *ipsec_copypkt(struct mbuf *); - extern void m_checkalignment(const char* where, struct mbuf *m0, int off, int len); extern struct mbuf *m_makespace(struct mbuf *m0, int skip, int hlen, int *off); |
