The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/ipsec_support.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10  
    1 /*-
    2  * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org>
    3  * All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  *
    9  * 1. Redistributions of source code must retain the above copyright
   10  *    notice, this list of conditions and the following disclaimer.
   11  * 2. Redistributions in binary form must reproduce the above copyright
   12  *    notice, this list of conditions and the following disclaimer in the
   13  *    documentation and/or other materials provided with the distribution.
   14  *
   15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   25  *
   26  * $FreeBSD$
   27  */
   28 
   29 #ifndef _NETIPSEC_IPSEC_SUPPORT_H_
   30 #define _NETIPSEC_IPSEC_SUPPORT_H_
   31 
   32 #ifdef _KERNEL
   33 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
   34 struct mbuf;
   35 struct inpcb;
   36 struct tcphdr;
   37 struct sockopt;
   38 struct sockaddr;
   39 struct ipsec_support;
   40 struct tcpmd5_support;
   41 
   42 size_t ipsec_hdrsiz_inpcb(struct inpcb *);
   43 int ipsec_init_pcbpolicy(struct inpcb *);
   44 int ipsec_delete_pcbpolicy(struct inpcb *);
   45 int ipsec_copy_pcbpolicy(struct inpcb *, struct inpcb *);
   46 
   47 struct ipsec_methods {
   48         int     (*input)(struct mbuf *, int, int);
   49         int     (*check_policy)(const struct mbuf *, struct inpcb *);
   50         int     (*forward)(struct mbuf *);
   51         int     (*output)(struct mbuf *, struct inpcb *);
   52         int     (*pcbctl)(struct inpcb *, struct sockopt *);
   53         size_t  (*hdrsize)(struct inpcb *);
   54         int     (*capability)(struct mbuf *, u_int);
   55         int     (*ctlinput)(int, struct sockaddr *, void *);
   56 
   57         int     (*udp_input)(struct mbuf *, int, int);
   58         int     (*udp_pcbctl)(struct inpcb *, struct sockopt *);
   59 };
   60 #define IPSEC_CAP_OPERABLE              1
   61 #define IPSEC_CAP_BYPASS_FILTER         2
   62 
   63 struct tcpmd5_methods {
   64         int     (*input)(struct mbuf *, struct tcphdr *, u_char *);
   65         int     (*output)(struct mbuf *, struct tcphdr *, u_char *);
   66         int     (*pcbctl)(struct inpcb *, struct sockopt *);
   67 };
   68 
   69 #define IPSEC_MODULE_ENABLED    0x0001
   70 #define IPSEC_ENABLED(proto)    \
   71     ((proto ## _ipsec_support)->enabled & IPSEC_MODULE_ENABLED)
   72 #define TCPMD5_ENABLED()        IPSEC_ENABLED(tcp)
   73 
   74 #ifdef TCP_SIGNATURE
   75 /* TCP-MD5 build in the kernel */
   76 struct tcpmd5_support {
   77         const u_int enabled;
   78         const struct tcpmd5_methods * const methods;
   79 };
   80 extern const struct tcpmd5_support * const tcp_ipsec_support;
   81 
   82 #define TCPMD5_INPUT(m, ...)            \
   83     (*tcp_ipsec_support->methods->input)(m, __VA_ARGS__)
   84 #define TCPMD5_OUTPUT(m, ...)           \
   85     (*tcp_ipsec_support->methods->output)(m, __VA_ARGS__)
   86 #define TCPMD5_PCBCTL(inp, sopt)        \
   87     (*tcp_ipsec_support->methods->pcbctl)(inp, sopt)
   88 #elif defined(IPSEC_SUPPORT)
   89 /* TCP-MD5 build as module */
   90 struct tcpmd5_support {
   91         volatile u_int enabled;
   92         const struct tcpmd5_methods * volatile methods;
   93 };
   94 extern struct tcpmd5_support * const tcp_ipsec_support;
   95 
   96 void tcpmd5_support_enable(const struct tcpmd5_methods * const);
   97 void tcpmd5_support_disable(void);
   98 
   99 int tcpmd5_kmod_pcbctl(struct tcpmd5_support * const, struct inpcb *,
  100     struct sockopt *);
  101 int tcpmd5_kmod_input(struct tcpmd5_support * const, struct mbuf *,
  102     struct tcphdr *, u_char *);
  103 int tcpmd5_kmod_output(struct tcpmd5_support * const, struct mbuf *,
  104     struct tcphdr *, u_char *);
  105 #define TCPMD5_INPUT(m, ...)            \
  106     tcpmd5_kmod_input(tcp_ipsec_support, m, __VA_ARGS__)
  107 #define TCPMD5_OUTPUT(m, ...)           \
  108     tcpmd5_kmod_output(tcp_ipsec_support, m, __VA_ARGS__)
  109 #define TCPMD5_PCBCTL(inp, sopt)        \
  110     tcpmd5_kmod_pcbctl(tcp_ipsec_support, inp, sopt)
  111 #endif
  112 
  113 #endif /* IPSEC || IPSEC_SUPPORT */
  114 
  115 #if defined(IPSEC)
  116 struct ipsec_support {
  117         const u_int enabled;
  118         const struct ipsec_methods * const methods;
  119 };
  120 extern const struct ipsec_support * const ipv4_ipsec_support;
  121 extern const struct ipsec_support * const ipv6_ipsec_support;
  122 
  123 #define IPSEC_INPUT(proto, m, ...)              \
  124     (*(proto ## _ipsec_support)->methods->input)(m, __VA_ARGS__)
  125 #define IPSEC_CHECK_POLICY(proto, m, ...)       \
  126     (*(proto ## _ipsec_support)->methods->check_policy)(m, __VA_ARGS__)
  127 #define IPSEC_FORWARD(proto, m)         \
  128     (*(proto ## _ipsec_support)->methods->forward)(m)
  129 #define IPSEC_OUTPUT(proto, m, ...)             \
  130     (*(proto ## _ipsec_support)->methods->output)(m, __VA_ARGS__)
  131 #define IPSEC_PCBCTL(proto, inp, sopt)          \
  132     (*(proto ## _ipsec_support)->methods->pcbctl)(inp, sopt)
  133 #define IPSEC_CAPS(proto, m, ...)               \
  134     (*(proto ## _ipsec_support)->methods->capability)(m, __VA_ARGS__)
  135 #define IPSEC_HDRSIZE(proto, inp)               \
  136     (*(proto ## _ipsec_support)->methods->hdrsize)(inp)
  137 
  138 #define UDPENCAP_INPUT(m, ...)                  \
  139     (*ipv4_ipsec_support->methods->udp_input)(m, __VA_ARGS__)
  140 #define UDPENCAP_PCBCTL(inp, sopt)              \
  141     (*ipv4_ipsec_support->methods->udp_pcbctl)(inp, sopt)
  142 
  143 #elif defined(IPSEC_SUPPORT)
  144 struct ipsec_support {
  145         volatile u_int enabled;
  146         const struct ipsec_methods * volatile methods;
  147 };
  148 extern struct ipsec_support * const ipv4_ipsec_support;
  149 extern struct ipsec_support * const ipv6_ipsec_support;
  150 
  151 void ipsec_support_enable(struct ipsec_support * const,
  152     const struct ipsec_methods * const);
  153 void ipsec_support_disable(struct ipsec_support * const);
  154 
  155 int ipsec_kmod_input(struct ipsec_support * const, struct mbuf *, int, int);
  156 int ipsec_kmod_check_policy(struct ipsec_support * const, struct mbuf *,
  157     struct inpcb *);
  158 int ipsec_kmod_forward(struct ipsec_support * const, struct mbuf *);
  159 int ipsec_kmod_output(struct ipsec_support * const, struct mbuf *,
  160     struct inpcb *);
  161 int ipsec_kmod_pcbctl(struct ipsec_support * const, struct inpcb *,
  162     struct sockopt *);
  163 int ipsec_kmod_capability(struct ipsec_support * const, struct mbuf *, u_int);
  164 size_t ipsec_kmod_hdrsize(struct ipsec_support * const, struct inpcb *);
  165 int ipsec_kmod_udp_input(struct ipsec_support * const, struct mbuf *, int, int);
  166 int ipsec_kmod_udp_pcbctl(struct ipsec_support * const, struct inpcb *,
  167     struct sockopt *);
  168 
  169 #define UDPENCAP_INPUT(m, ...)          \
  170     ipsec_kmod_udp_input(ipv4_ipsec_support, m, __VA_ARGS__)
  171 #define UDPENCAP_PCBCTL(inp, sopt)      \
  172     ipsec_kmod_udp_pcbctl(ipv4_ipsec_support, inp, sopt)
  173 
  174 #define IPSEC_INPUT(proto, ...)         \
  175     ipsec_kmod_input(proto ## _ipsec_support, __VA_ARGS__)
  176 #define IPSEC_CHECK_POLICY(proto, ...)  \
  177     ipsec_kmod_check_policy(proto ## _ipsec_support, __VA_ARGS__)
  178 #define IPSEC_FORWARD(proto, ...)       \
  179     ipsec_kmod_forward(proto ## _ipsec_support, __VA_ARGS__)
  180 #define IPSEC_OUTPUT(proto, ...)        \
  181     ipsec_kmod_output(proto ## _ipsec_support, __VA_ARGS__)
  182 #define IPSEC_PCBCTL(proto, ...)        \
  183     ipsec_kmod_pcbctl(proto ## _ipsec_support, __VA_ARGS__)
  184 #define IPSEC_CAPS(proto, ...)          \
  185     ipsec_kmod_capability(proto ## _ipsec_support, __VA_ARGS__)
  186 #define IPSEC_HDRSIZE(proto, ...)       \
  187     ipsec_kmod_hdrsize(proto ## _ipsec_support, __VA_ARGS__)
  188 #endif /* IPSEC_SUPPORT */
  189 #endif /* _KERNEL */
  190 #endif /* _NETIPSEC_IPSEC_SUPPORT_H_ */

Cache object: e272e58876b5213e2080d2fec2dca712

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.