summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/ipsec.h
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netipsec/ipsec.h')
-rw-r--r--sys/netipsec/ipsec.h32
1 files changed, 27 insertions, 5 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index 0c518ff..a5d8c25 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -44,6 +44,7 @@
#include <net/pfkeyv2.h>
#include <netipsec/keydb.h>
+#include <netipsec/ipsec_osdep.h>
#ifdef _KERNEL
@@ -79,8 +80,8 @@ struct secpolicy {
u_int state; /* 0: dead, others: alive */
#define IPSEC_SPSTATE_DEAD 0
#define IPSEC_SPSTATE_ALIVE 1
-
- u_int policy; /* DISCARD, NONE or IPSEC, see keyv2.h */
+ u_int16_t policy; /* policy_type per pfkeyv2.h */
+ u_int16_t scangen; /* scan generation # */
struct ipsecrequest *req;
/* pointer to the ipsec request tree, */
/* if policy == IPSEC else this value == NULL.*/
@@ -92,12 +93,19 @@ struct secpolicy {
* "lifetime" is passed by sadb_lifetime.sadb_lifetime_addtime.
* "validtime" is passed by sadb_lifetime.sadb_lifetime_usetime.
*/
- long created; /* time created the policy */
- long lastused; /* updated every when kernel sends a packet */
+ time_t created; /* time created the policy */
+ time_t lastused; /* updated every when kernel sends a packet */
long lifetime; /* duration of the lifetime of this policy */
long validtime; /* duration this policy is valid without use */
};
+#define SECPOLICY_LOCK_INIT(_sp) \
+ mtx_init(&(_sp)->lock, "ipsec policy", NULL, MTX_DEF)
+#define SECPOLICY_LOCK(_sp) mtx_lock(&(_sp)->lock)
+#define SECPOLICY_UNLOCK(_sp) mtx_unlock(&(_sp)->lock)
+#define SECPOLICY_LOCK_DESTROY(_sp) mtx_destroy(&(_sp)->lock)
+#define SECPOLICY_LOCK_ASSERT(_sp) mtx_assert(&(_sp)->lock, MA_OWNED)
+
/* Request for IPsec */
struct ipsecrequest {
struct ipsecrequest *next;
@@ -112,6 +120,18 @@ struct ipsecrequest {
struct mtx lock; /* to interlock updates */
};
+/*
+ * Need recursion for when crypto callbacks happen directly,
+ * as in the case of software crypto. Need to look at how
+ * hard it is to remove this...
+ */
+#define IPSECREQUEST_LOCK_INIT(_isr) \
+ mtx_init(&(_isr)->lock, "ipsec request", NULL, MTX_DEF | MTX_RECURSE)
+#define IPSECREQUEST_LOCK(_isr) mtx_lock(&(_isr)->lock)
+#define IPSECREQUEST_UNLOCK(_isr) mtx_unlock(&(_isr)->lock)
+#define IPSECREQUEST_LOCK_DESTROY(_isr) mtx_destroy(&(_isr)->lock)
+#define IPSECREQUEST_LOCK_ASSERT(_isr) mtx_assert(&(_isr)->lock, MA_OWNED)
+
/* security policy in PCB */
struct inpcbpolicy {
struct secpolicy *sp_in;
@@ -125,7 +145,7 @@ struct secspacq {
struct secpolicyindex spidx;
- long created; /* for lifetime */
+ time_t created; /* for lifetime */
int count; /* for lifetime */
/* XXX: here is mbuf place holder to be sent ? */
};
@@ -367,7 +387,9 @@ extern void ipsec_dumpmbuf __P((struct mbuf *));
struct m_tag;
extern void ah4_input(struct mbuf *m, int off);
+extern void ah4_ctlinput(int cmd, struct sockaddr *sa, void *);
extern void esp4_input(struct mbuf *m, int off);
+extern void esp4_ctlinput(int cmd, struct sockaddr *sa, void *);
extern void ipcomp4_input(struct mbuf *m, int off);
extern int ipsec4_common_input(struct mbuf *m, ...);
extern int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav,
OpenPOWER on IntegriCloud