The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/keydb.h

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: keydb.h,v 1.6 2007/07/07 18:38:23 degroote Exp $       */
    2 /*      $FreeBSD: src/sys/netipsec/keydb.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $      */
    3 /*      $KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $  */
    4 
    5 /*
    6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    7  * All rights reserved.
    8  *
    9  * Redistribution and use in source and binary forms, with or without
   10  * modification, are permitted provided that the following conditions
   11  * are met:
   12  * 1. Redistributions of source code must retain the above copyright
   13  *    notice, this list of conditions and the following disclaimer.
   14  * 2. Redistributions in binary form must reproduce the above copyright
   15  *    notice, this list of conditions and the following disclaimer in the
   16  *    documentation and/or other materials provided with the distribution.
   17  * 3. Neither the name of the project nor the names of its contributors
   18  *    may be used to endorse or promote products derived from this software
   19  *    without specific prior written permission.
   20  *
   21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   31  * SUCH DAMAGE.
   32  */
   33 
   34 #ifndef _NETIPSEC_KEYDB_H_
   35 #define _NETIPSEC_KEYDB_H_
   36 
   37 #ifdef _KERNEL
   38 
   39 #include "opt_ipsec.h"
   40 
   41 #include <netipsec/key_var.h>
   42 #include <net/route.h>
   43 #include <netinet/in.h>
   44 
   45 /*
   46  * The union of all possible address formats we handle.
   47  */
   48 union sockaddr_union {
   49         struct sockaddr         sa;
   50         struct sockaddr_in      sin;
   51         struct sockaddr_in6     sin6;
   52 };
   53 
   54 /* Security Assocciation Index */
   55 /* NOTE: Ensure to be same address family */
   56 struct secasindex {
   57         union sockaddr_union src;       /* srouce address for SA */
   58         union sockaddr_union dst;       /* destination address for SA */
   59         u_int16_t proto;                /* IPPROTO_ESP or IPPROTO_AH */
   60         u_int8_t mode;                  /* mode of protocol, see ipsec.h */
   61         u_int32_t reqid;                /* reqid id who owned this SA */
   62                                         /* see IPSEC_MANUAL_REQID_MAX. */
   63 };
   64 
   65 /* Security Association Data Base */
   66 struct secashead {
   67         LIST_ENTRY(secashead) chain;
   68 
   69         struct secasindex saidx;
   70 
   71         struct sadb_ident *idents;      /* source identity */
   72         struct sadb_ident *identd;      /* destination identity */
   73                                         /* XXX I don't know how to use them. */
   74 
   75         u_int8_t state;                 /* MATURE or DEAD. */
   76         LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
   77                                         /* SA chain */
   78                                         /* The first of this list is newer SA */
   79 
   80         struct route sa_route;          /* route cache */
   81 };
   82 
   83 struct xformsw;
   84 struct enc_xform;
   85 struct auth_hash;
   86 struct comp_algo;
   87 
   88 /* Security Association */
   89 struct secasvar {
   90         LIST_ENTRY(secasvar) chain;
   91 
   92         u_int refcnt;                   /* reference count */
   93         u_int8_t state;                 /* Status of this Association */
   94 
   95         u_int8_t alg_auth;              /* Authentication Algorithm Identifier*/
   96         u_int8_t alg_enc;               /* Cipher Algorithm Identifier */
   97         u_int8_t alg_comp;              /* Compression Algorithm Identifier */
   98         u_int32_t spi;                  /* SPI Value, network byte order */
   99         u_int32_t flags;                /* holder for SADB_KEY_FLAGS */
  100 
  101         struct sadb_key *key_auth;      /* Key for Authentication */
  102         struct sadb_key *key_enc;       /* Key for Encryption */
  103         void *iv;                       /* Initilization Vector */
  104         u_int ivlen;                    /* length of IV */
  105         void *sched;                    /* intermediate encryption key */
  106         size_t schedlen;
  107 
  108         struct secreplay *replay;       /* replay prevention */
  109         long created;                   /* for lifetime */
  110 
  111         struct sadb_lifetime *lft_c;    /* CURRENT lifetime, it's constant. */
  112         struct sadb_lifetime *lft_h;    /* HARD lifetime */
  113         struct sadb_lifetime *lft_s;    /* SOFT lifetime */
  114 
  115         u_int32_t seq;                  /* sequence number */
  116         pid_t pid;                      /* message's pid */
  117 
  118         struct secashead *sah;          /* back pointer to the secashead */
  119 
  120         /*
  121          * NB: Fields with a tdb_ prefix are part of the "glue" used
  122          *     to interface to the OpenBSD crypto support.  This was done
  123          *     to distinguish this code from the mainline KAME code.
  124          */
  125         struct xformsw *tdb_xform;      /* transform */
  126         struct enc_xform *tdb_encalgxform;      /* encoding algorithm */
  127         struct auth_hash *tdb_authalgxform;     /* authentication algorithm */
  128         struct comp_algo *tdb_compalgxform;     /* compression algorithm */
  129         u_int64_t tdb_cryptoid;         /* crypto session id */
  130 
  131 #ifdef IPSEC_NAT_T
  132         u_int16_t natt_type;
  133         u_int16_t esp_frag;
  134 #endif
  135 };
  136 
  137 /* replay prevention */
  138 struct secreplay {
  139         u_int32_t count;
  140         u_int wsize;            /* window size, i.g. 4 bytes */
  141         u_int32_t seq;          /* used by sender */
  142         u_int32_t lastseq;      /* used by receiver */
  143         char *bitmap;           /* used by receiver */
  144         int overflow;           /* overflow flag */
  145 };
  146 
  147 /* socket table due to send PF_KEY messages. */
  148 struct secreg {
  149         LIST_ENTRY(secreg) chain;
  150 
  151         struct socket *so;
  152 };
  153 
  154 #ifndef IPSEC_NONBLOCK_ACQUIRE
  155 /* acquiring list table. */
  156 struct secacq {
  157         LIST_ENTRY(secacq) chain;
  158 
  159         struct secasindex saidx;
  160 
  161         u_int32_t seq;          /* sequence number */
  162         long created;           /* for lifetime */
  163         int count;              /* for lifetime */
  164 };
  165 #endif
  166 
  167 /* Sensitivity Level Specification */
  168 /* nothing */
  169 
  170 #define SADB_KILL_INTERVAL      600     /* six seconds */
  171 
  172 /* secpolicy */
  173 struct secpolicy *keydb_newsecpolicy (void);
  174 void keydb_delsecpolicy (struct secpolicy *);
  175 /* secashead */
  176 struct secashead *keydb_newsecashead (void);
  177 void keydb_delsecashead (struct secashead *);
  178 /* secasvar */
  179 struct secasvar *keydb_newsecasvar (void);
  180 void keydb_refsecasvar (struct secasvar *);
  181 void keydb_freesecasvar (struct secasvar *);
  182 /* secreplay */
  183 struct secreplay *keydb_newsecreplay (size_t);
  184 void keydb_delsecreplay (struct secreplay *);
  185 /* secreg */
  186 struct secreg *keydb_newsecreg (void);
  187 void keydb_delsecreg (struct secreg *);
  188 
  189 #endif /* _KERNEL */
  190 
  191 #endif /* !_NETIPSEC_KEYDB_H_ */

Cache object: 6e88e35587aa523a845aae71a2409eb3


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.