The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/keydb.h

Version: -  FREEBSD  -  FREEBSD11  -  FREEBSD10  -  FREEBSD9  -  FREEBSD92  -  FREEBSD91  -  FREEBSD90  -  FREEBSD8  -  FREEBSD82  -  FREEBSD81  -  FREEBSD80  -  FREEBSD7  -  FREEBSD74  -  FREEBSD73  -  FREEBSD72  -  FREEBSD71  -  FREEBSD70  -  FREEBSD6  -  FREEBSD64  -  FREEBSD63  -  FREEBSD62  -  FREEBSD61  -  FREEBSD60  -  FREEBSD5  -  FREEBSD55  -  FREEBSD54  -  FREEBSD53  -  FREEBSD52  -  FREEBSD51  -  FREEBSD50  -  FREEBSD4  -  FREEBSD3  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: releng/9.0/sys/netipsec/keydb.h 214250 2010-10-23 20:35:40Z bz $      */
    2 /*      $KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $  */
    3 
    4 /*-
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 #ifndef _NETIPSEC_KEYDB_H_
   34 #define _NETIPSEC_KEYDB_H_
   35 
   36 #ifdef _KERNEL
   37 
   38 #include <netipsec/key_var.h>
   39 
   40 #ifndef _SOCKADDR_UNION_DEFINED
   41 #define _SOCKADDR_UNION_DEFINED
   42 /*
   43  * The union of all possible address formats we handle.
   44  */
   45 union sockaddr_union {
   46         struct sockaddr         sa;
   47         struct sockaddr_in      sin;
   48         struct sockaddr_in6     sin6;
   49 };
   50 #endif /* _SOCKADDR_UNION_DEFINED */
   51 
   52 /* Security Assocciation Index */
   53 /* NOTE: Ensure to be same address family */
   54 struct secasindex {
   55         union sockaddr_union src;       /* source address for SA */
   56         union sockaddr_union dst;       /* destination address for SA */
   57         u_int16_t proto;                /* IPPROTO_ESP or IPPROTO_AH */
   58         u_int8_t mode;                  /* mode of protocol, see ipsec.h */
   59         u_int32_t reqid;                /* reqid id who owned this SA */
   60                                         /* see IPSEC_MANUAL_REQID_MAX. */
   61 };
   62 
   63 /* 
   64  * In order to split out the keydb implementation from that of the
   65  * PF_KEY sockets we need to define a few structures that while they
   66  * may seem common are likely to diverge over time. 
   67  */
   68 
   69 /* sadb_identity */
   70 struct secident {
   71         u_int16_t type;
   72         u_int64_t id;
   73 };
   74 
   75 /* sadb_key */
   76 struct seckey {
   77         u_int16_t bits;
   78         char *key_data;
   79 };
   80 
   81 struct seclifetime {
   82         u_int32_t allocations;
   83         u_int64_t bytes;
   84         u_int64_t addtime;
   85         u_int64_t usetime;
   86 };
   87 
   88 union sa_route_union {
   89         struct route            sa_route;
   90         struct route            sin_route;      /* Duplicate for consistency. */
   91         struct route_in6        sin6_route;
   92 };
   93 
   94 /* Security Association Data Base */
   95 struct secashead {
   96         LIST_ENTRY(secashead) chain;
   97 
   98         struct secasindex saidx;
   99 
  100         struct secident *idents;        /* source identity */
  101         struct secident *identd;        /* destination identity */
  102                                         /* XXX I don't know how to use them. */
  103 
  104         u_int8_t state;                 /* MATURE or DEAD. */
  105         LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
  106                                         /* SA chain */
  107                                         /* The first of this list is newer SA */
  108 
  109         union sa_route_union route_cache;
  110 };
  111 
  112 struct xformsw;
  113 struct enc_xform;
  114 struct auth_hash;
  115 struct comp_algo;
  116 
  117 /* Security Association */
  118 struct secasvar {
  119         LIST_ENTRY(secasvar) chain;
  120         struct mtx lock;                /* update/access lock */
  121 
  122         u_int refcnt;                   /* reference count */
  123         u_int8_t state;                 /* Status of this Association */
  124 
  125         u_int8_t alg_auth;              /* Authentication Algorithm Identifier*/
  126         u_int8_t alg_enc;               /* Cipher Algorithm Identifier */
  127         u_int8_t alg_comp;              /* Compression Algorithm Identifier */
  128         u_int32_t spi;                  /* SPI Value, network byte order */
  129         u_int32_t flags;                /* holder for SADB_KEY_FLAGS */
  130 
  131         struct seckey *key_auth;        /* Key for Authentication */
  132         struct seckey *key_enc;         /* Key for Encryption */
  133         caddr_t iv;                     /* Initilization Vector */
  134         u_int ivlen;                    /* length of IV */
  135         void *sched;                    /* intermediate encryption key */
  136         size_t schedlen;
  137 
  138         struct secreplay *replay;       /* replay prevention */
  139         time_t created;                 /* for lifetime */
  140 
  141         struct seclifetime *lft_c;      /* CURRENT lifetime, it's constant. */
  142         struct seclifetime *lft_h;      /* HARD lifetime */
  143         struct seclifetime *lft_s;      /* SOFT lifetime */
  144 
  145         u_int32_t seq;                  /* sequence number */
  146         pid_t pid;                      /* message's pid */
  147 
  148         struct secashead *sah;          /* back pointer to the secashead */
  149 
  150         /*
  151          * NB: Fields with a tdb_ prefix are part of the "glue" used
  152          *     to interface to the OpenBSD crypto support.  This was done
  153          *     to distinguish this code from the mainline KAME code.
  154          */
  155         struct xformsw *tdb_xform;      /* transform */
  156         struct enc_xform *tdb_encalgxform;      /* encoding algorithm */
  157         struct auth_hash *tdb_authalgxform;     /* authentication algorithm */
  158         struct comp_algo *tdb_compalgxform;     /* compression algorithm */
  159         u_int64_t tdb_cryptoid;         /* crypto session id */
  160 
  161         /*
  162          * NAT-Traversal.
  163          */
  164         u_int16_t natt_type;            /* IKE/ESP-marker in output. */
  165         u_int16_t natt_esp_frag_len;    /* MTU for payload fragmentation. */
  166 };
  167 
  168 #define SECASVAR_LOCK_INIT(_sav) \
  169         mtx_init(&(_sav)->lock, "ipsec association", NULL, MTX_DEF)
  170 #define SECASVAR_LOCK(_sav)             mtx_lock(&(_sav)->lock)
  171 #define SECASVAR_UNLOCK(_sav)           mtx_unlock(&(_sav)->lock)
  172 #define SECASVAR_LOCK_DESTROY(_sav)     mtx_destroy(&(_sav)->lock)
  173 #define SECASVAR_LOCK_ASSERT(_sav)      mtx_assert(&(_sav)->lock, MA_OWNED)
  174 
  175 /* replay prevention */
  176 struct secreplay {
  177         u_int32_t count;
  178         u_int wsize;            /* window size, i.g. 4 bytes */
  179         u_int32_t seq;          /* used by sender */
  180         u_int32_t lastseq;      /* used by receiver */
  181         caddr_t bitmap;         /* used by receiver */
  182         int overflow;           /* overflow flag */
  183 };
  184 
  185 /* socket table due to send PF_KEY messages. */
  186 struct secreg {
  187         LIST_ENTRY(secreg) chain;
  188 
  189         struct socket *so;
  190 };
  191 
  192 /* acquiring list table. */
  193 struct secacq {
  194         LIST_ENTRY(secacq) chain;
  195 
  196         struct secasindex saidx;
  197 
  198         u_int32_t seq;          /* sequence number */
  199         time_t created;         /* for lifetime */
  200         int count;              /* for lifetime */
  201 };
  202 
  203 /* Sensitivity Level Specification */
  204 /* nothing */
  205 
  206 #define SADB_KILL_INTERVAL      600     /* six seconds */
  207 
  208 /* secpolicy */
  209 extern struct secpolicy *keydb_newsecpolicy __P((void));
  210 extern void keydb_delsecpolicy __P((struct secpolicy *));
  211 /* secashead */
  212 extern struct secashead *keydb_newsecashead __P((void));
  213 extern void keydb_delsecashead __P((struct secashead *));
  214 /* secasvar */
  215 extern struct secasvar *keydb_newsecasvar __P((void));
  216 extern void keydb_refsecasvar __P((struct secasvar *));
  217 extern void keydb_freesecasvar __P((struct secasvar *));
  218 /* secreplay */
  219 extern struct secreplay *keydb_newsecreplay __P((size_t));
  220 extern void keydb_delsecreplay __P((struct secreplay *));
  221 /* secreg */
  222 extern struct secreg *keydb_newsecreg __P((void));
  223 extern void keydb_delsecreg __P((struct secreg *));
  224 
  225 #endif /* _KERNEL */
  226 
  227 #endif /* _NETIPSEC_KEYDB_H_ */

Cache object: 62ec88ae12beb6e3e413bf24c8849059


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.