diff options
Diffstat (limited to 'sys/netipsec/ipsec.h')
-rw-r--r-- | sys/netipsec/ipsec.h | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 0c518ff..a5d8c25 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -44,6 +44,7 @@ #include <net/pfkeyv2.h> #include <netipsec/keydb.h> +#include <netipsec/ipsec_osdep.h> #ifdef _KERNEL @@ -79,8 +80,8 @@ struct secpolicy { u_int state; /* 0: dead, others: alive */ #define IPSEC_SPSTATE_DEAD 0 #define IPSEC_SPSTATE_ALIVE 1 - - u_int policy; /* DISCARD, NONE or IPSEC, see keyv2.h */ + u_int16_t policy; /* policy_type per pfkeyv2.h */ + u_int16_t scangen; /* scan generation # */ struct ipsecrequest *req; /* pointer to the ipsec request tree, */ /* if policy == IPSEC else this value == NULL.*/ @@ -92,12 +93,19 @@ struct secpolicy { * "lifetime" is passed by sadb_lifetime.sadb_lifetime_addtime. * "validtime" is passed by sadb_lifetime.sadb_lifetime_usetime. */ - long created; /* time created the policy */ - long lastused; /* updated every when kernel sends a packet */ + time_t created; /* time created the policy */ + time_t lastused; /* updated every when kernel sends a packet */ long lifetime; /* duration of the lifetime of this policy */ long validtime; /* duration this policy is valid without use */ }; +#define SECPOLICY_LOCK_INIT(_sp) \ + mtx_init(&(_sp)->lock, "ipsec policy", NULL, MTX_DEF) +#define SECPOLICY_LOCK(_sp) mtx_lock(&(_sp)->lock) +#define SECPOLICY_UNLOCK(_sp) mtx_unlock(&(_sp)->lock) +#define SECPOLICY_LOCK_DESTROY(_sp) mtx_destroy(&(_sp)->lock) +#define SECPOLICY_LOCK_ASSERT(_sp) mtx_assert(&(_sp)->lock, MA_OWNED) + /* Request for IPsec */ struct ipsecrequest { struct ipsecrequest *next; @@ -112,6 +120,18 @@ struct ipsecrequest { struct mtx lock; /* to interlock updates */ }; +/* + * Need recursion for when crypto callbacks happen directly, + * as in the case of software crypto. Need to look at how + * hard it is to remove this... + */ +#define IPSECREQUEST_LOCK_INIT(_isr) \ + mtx_init(&(_isr)->lock, "ipsec request", NULL, MTX_DEF | MTX_RECURSE) +#define IPSECREQUEST_LOCK(_isr) mtx_lock(&(_isr)->lock) +#define IPSECREQUEST_UNLOCK(_isr) mtx_unlock(&(_isr)->lock) +#define IPSECREQUEST_LOCK_DESTROY(_isr) mtx_destroy(&(_isr)->lock) +#define IPSECREQUEST_LOCK_ASSERT(_isr) mtx_assert(&(_isr)->lock, MA_OWNED) + /* security policy in PCB */ struct inpcbpolicy { struct secpolicy *sp_in; @@ -125,7 +145,7 @@ struct secspacq { struct secpolicyindex spidx; - long created; /* for lifetime */ + time_t created; /* for lifetime */ int count; /* for lifetime */ /* XXX: here is mbuf place holder to be sent ? */ }; @@ -367,7 +387,9 @@ extern void ipsec_dumpmbuf __P((struct mbuf *)); struct m_tag; extern void ah4_input(struct mbuf *m, int off); +extern void ah4_ctlinput(int cmd, struct sockaddr *sa, void *); extern void esp4_input(struct mbuf *m, int off); +extern void esp4_ctlinput(int cmd, struct sockaddr *sa, void *); extern void ipcomp4_input(struct mbuf *m, int off); extern int ipsec4_common_input(struct mbuf *m, ...); extern int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, |