The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/keydb.h

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: keydb.h,v 1.1 2003/08/13 20:06:51 jonathan Exp $       */
    2 /*      $FreeBSD: src/sys/netipsec/keydb.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $      */
    3 /*      $KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $  */
    4 
    5 /*
    6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    7  * All rights reserved.
    8  *
    9  * Redistribution and use in source and binary forms, with or without
   10  * modification, are permitted provided that the following conditions
   11  * are met:
   12  * 1. Redistributions of source code must retain the above copyright
   13  *    notice, this list of conditions and the following disclaimer.
   14  * 2. Redistributions in binary form must reproduce the above copyright
   15  *    notice, this list of conditions and the following disclaimer in the
   16  *    documentation and/or other materials provided with the distribution.
   17  * 3. Neither the name of the project nor the names of its contributors
   18  *    may be used to endorse or promote products derived from this software
   19  *    without specific prior written permission.
   20  *
   21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   31  * SUCH DAMAGE.
   32  */
   33 
   34 #ifndef _NETIPSEC_KEYDB_H_
   35 #define _NETIPSEC_KEYDB_H_
   36 
   37 #ifdef _KERNEL
   38 
   39 #include <netipsec/key_var.h>
   40 #include <net/route.h>
   41 #include <netinet/in.h>
   42 
   43 /*
   44  * The union of all possible address formats we handle.
   45  */
   46 union sockaddr_union {
   47         struct sockaddr         sa;
   48         struct sockaddr_in      sin;
   49         struct sockaddr_in6     sin6;
   50 };
   51 
   52 /* Security Assocciation Index */
   53 /* NOTE: Ensure to be same address family */
   54 struct secasindex {
   55         union sockaddr_union src;       /* srouce address for SA */
   56         union sockaddr_union dst;       /* destination address for SA */
   57         u_int16_t proto;                /* IPPROTO_ESP or IPPROTO_AH */
   58         u_int8_t mode;                  /* mode of protocol, see ipsec.h */
   59         u_int32_t reqid;                /* reqid id who owned this SA */
   60                                         /* see IPSEC_MANUAL_REQID_MAX. */
   61 };
   62 
   63 /* Security Association Data Base */
   64 struct secashead {
   65         LIST_ENTRY(secashead) chain;
   66 
   67         struct secasindex saidx;
   68 
   69         struct sadb_ident *idents;      /* source identity */
   70         struct sadb_ident *identd;      /* destination identity */
   71                                         /* XXX I don't know how to use them. */
   72 
   73         u_int8_t state;                 /* MATURE or DEAD. */
   74         LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
   75                                         /* SA chain */
   76                                         /* The first of this list is newer SA */
   77 
   78         struct route sa_route;          /* route cache */
   79 };
   80 
   81 struct xformsw;
   82 struct enc_xform;
   83 struct auth_hash;
   84 struct comp_algo;
   85 
   86 /* Security Association */
   87 struct secasvar {
   88         LIST_ENTRY(secasvar) chain;
   89 
   90         u_int refcnt;                   /* reference count */
   91         u_int8_t state;                 /* Status of this Association */
   92 
   93         u_int8_t alg_auth;              /* Authentication Algorithm Identifier*/
   94         u_int8_t alg_enc;               /* Cipher Algorithm Identifier */
   95         u_int8_t alg_comp;              /* Compression Algorithm Identifier */
   96         u_int32_t spi;                  /* SPI Value, network byte order */
   97         u_int32_t flags;                /* holder for SADB_KEY_FLAGS */
   98 
   99         struct sadb_key *key_auth;      /* Key for Authentication */
  100         struct sadb_key *key_enc;       /* Key for Encryption */
  101         caddr_t iv;                     /* Initilization Vector */
  102         u_int ivlen;                    /* length of IV */
  103         void *sched;                    /* intermediate encryption key */
  104         size_t schedlen;
  105 
  106         struct secreplay *replay;       /* replay prevention */
  107         long created;                   /* for lifetime */
  108 
  109         struct sadb_lifetime *lft_c;    /* CURRENT lifetime, it's constant. */
  110         struct sadb_lifetime *lft_h;    /* HARD lifetime */
  111         struct sadb_lifetime *lft_s;    /* SOFT lifetime */
  112 
  113         u_int32_t seq;                  /* sequence number */
  114         pid_t pid;                      /* message's pid */
  115 
  116         struct secashead *sah;          /* back pointer to the secashead */
  117 
  118         /*
  119          * NB: Fields with a tdb_ prefix are part of the "glue" used
  120          *     to interface to the OpenBSD crypto support.  This was done
  121          *     to distinguish this code from the mainline KAME code.
  122          */
  123         struct xformsw *tdb_xform;      /* transform */
  124         struct enc_xform *tdb_encalgxform;      /* encoding algorithm */
  125         struct auth_hash *tdb_authalgxform;     /* authentication algorithm */
  126         struct comp_algo *tdb_compalgxform;     /* compression algorithm */
  127         u_int64_t tdb_cryptoid;         /* crypto session id */
  128 };
  129 
  130 /* replay prevention */
  131 struct secreplay {
  132         u_int32_t count;
  133         u_int wsize;            /* window size, i.g. 4 bytes */
  134         u_int32_t seq;          /* used by sender */
  135         u_int32_t lastseq;      /* used by receiver */
  136         caddr_t bitmap;         /* used by receiver */
  137         int overflow;           /* overflow flag */
  138 };
  139 
  140 /* socket table due to send PF_KEY messages. */
  141 struct secreg {
  142         LIST_ENTRY(secreg) chain;
  143 
  144         struct socket *so;
  145 };
  146 
  147 #ifndef IPSEC_NONBLOCK_ACQUIRE
  148 /* acquiring list table. */
  149 struct secacq {
  150         LIST_ENTRY(secacq) chain;
  151 
  152         struct secasindex saidx;
  153 
  154         u_int32_t seq;          /* sequence number */
  155         long created;           /* for lifetime */
  156         int count;              /* for lifetime */
  157 };
  158 #endif
  159 
  160 /* Sensitivity Level Specification */
  161 /* nothing */
  162 
  163 #define SADB_KILL_INTERVAL      600     /* six seconds */
  164 
  165 /* secpolicy */
  166 extern struct secpolicy *keydb_newsecpolicy __P((void));
  167 extern void keydb_delsecpolicy __P((struct secpolicy *));
  168 /* secashead */
  169 extern struct secashead *keydb_newsecashead __P((void));
  170 extern void keydb_delsecashead __P((struct secashead *));
  171 /* secasvar */
  172 extern struct secasvar *keydb_newsecasvar __P((void));
  173 extern void keydb_refsecasvar __P((struct secasvar *));
  174 extern void keydb_freesecasvar __P((struct secasvar *));
  175 /* secreplay */
  176 extern struct secreplay *keydb_newsecreplay __P((size_t));
  177 extern void keydb_delsecreplay __P((struct secreplay *));
  178 /* secreg */
  179 extern struct secreg *keydb_newsecreg __P((void));
  180 extern void keydb_delsecreg __P((struct secreg *));
  181 
  182 #endif /* _KERNEL */
  183 
  184 #endif /* _NETIPSEC_KEYDB_H_ */

Cache object: b544e2638cc09cd8a3b8eb07d9f82927


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.