ip_ipsp.h revision 1.10 
1/*	$OpenBSD: ip_ipsp.h,v 1.10 1997/07/02 06:58:43 provos Exp $	*/
2
3/*
4 * The author of this code is John Ioannidis, ji@tla.org,
5 * 	(except when noted otherwise).
6 *
7 * This code was written for BSD/OS in Athens, Greece, in November 1995.
8 *
9 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
10 * by Angelos D. Keromytis, kermit@forthnet.gr.
11 *
12 * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
13 *
14 * Permission to use, copy, and modify this software without fee
15 * is hereby granted, provided that this entire notice is included in
16 * all copies of any software which is or includes a copy or
17 * modification of this software.
18 *
19 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
20 * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
21 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
22 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
23 * PURPOSE.
24 */
25
26/*
27 * IPSP global definitions.
28 */
29
30struct tdb				/* tunnel descriptor block */
31{
32    struct tdb	   *tdb_hnext;  	/* next in hash chain */
33    struct tdb	   *tdb_onext;	        /* next in output */
34    struct tdb	   *tdb_inext;  	/* next in input (prev!) */
35    struct xformsw *tdb_xform;	        /* transformation to use */
36    u_int32_t	    tdb_spi;    	/* SPI to use */
37    u_int32_t	    tdb_flags;  	/* Flags related to this TDB */
38#define TDBF_UNIQUE	   0x00001	/* This should not be used by others */
39#define TDBF_TIMER         0x00002	/* Absolute expiration timer in use */
40#define TDBF_BYTES         0x00004	/* Check the byte counters */
41#define TDBF_PACKETS       0x00008	/* Check the packet counters */
42#define TDBF_INVALID       0x00010	/* This SPI is not valid yet/anymore */
43#define TDBF_FIRSTUSE      0x00020	/* Expire after first use */
44#define TDBF_RELATIVE      0x00040	/* Expire after X secs from establ. */
45#define TDBF_SOFT_TIMER    0x00080	/* Soft expiration */
46#define TDBF_SOFT_BYTES    0x00100	/* Soft expiration */
47#define TDBF_SOFT_PACKETS  0x00200	/* Soft expiration */
48#define TDBF_SOFT_FIRSTUSE 0x00400	/* Soft expiration */
49#define TDBF_SOFT_RELATIVE 0x00800	/* Soft expiration */
50#define TDBF_TUNNELING     0x01000	/* Do IP-in-IP encapsulation */
51#define TDBF_SAME_TTL      0x02000	/* Keep the packet TTL, in tunneling */
52    u_int64_t       tdb_exp_packets;	/* Expire after so many packets s|r */
53    u_int64_t       tdb_soft_packets;	/* Expiration warning */
54    u_int64_t       tdb_cur_packets;    /* Current number of packets s|r'ed */
55    u_int64_t       tdb_exp_bytes;	/* Expire after so many bytes passed */
56    u_int64_t       tdb_soft_bytes;	/* Expiration warning */
57    u_int64_t       tdb_cur_bytes;	/* Current count of bytes */
58    u_int64_t       tdb_exp_timeout;	/* When does the SPI expire */
59    u_int64_t       tdb_soft_timeout;	/* Send a soft-expire warning */
60    u_int64_t       tdb_established;	/* When was the SPI established */
61    u_int64_t	    tdb_soft_relative ; /* Soft warning */
62    u_int64_t       tdb_exp_relative;   /* Expire if tdb_established +
63					    tdb_exp_relative <= curtime */
64    u_int64_t	    tdb_first_use;	/* When was it first used */
65    u_int64_t       tdb_soft_first_use; /* Soft warning */
66    u_int64_t       tdb_exp_first_use;	/* Expire if tdb_first_use +
67					   tdb_exp_first_use <= curtime */
68    struct in_addr  tdb_dst;	        /* dest address for this SPI */
69    struct in_addr  tdb_src;	        /* source address for this SPI,
70					 * used when tunneling */
71    struct in_addr  tdb_osrc;
72    struct in_addr  tdb_odst;		/* Source and destination addresses
73					 * of outter IP header if we're doing
74					 * tunneling */
75    caddr_t	    tdb_xdata;	        /* transformation data (opaque) */
76    u_int16_t	    tdb_sport;		/* Source port, if applicable */
77    u_int16_t       tdb_dport;		/* Destination port, if applicable */
78
79    u_int8_t	    tdb_ttl;		/* TTL used in tunneling */
80    u_int8_t	    tdb_proto;		/* Protocol carried */
81    u_int16_t	    tdb_foo;		/* alignment */
82};
83
84#define TDB_HASHMOD	257
85
86struct xformsw
87{
88    u_short		xf_type;	/* Unique ID of xform */
89    u_short		xf_flags;	/* flags (see below) */
90    char		*xf_name;	/* human-readable name */
91    int		(*xf_attach)(void);	/* called at config time */
92    int		(*xf_init)(struct tdb *, struct xformsw *, struct mbuf *);	/* xform initialization */
93    int		(*xf_zeroize)(struct tdb *); /* termination */
94    struct mbuf 	*(*xf_input)(struct mbuf *, struct tdb *);	/* called when packet received */
95    int		(*xf_output)(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);	/* called when packet sent */
96};
97
98#define XF_IP4		1		/* IP inside IP */
99#define XF_AHMD5	2		/* AH MD5 */
100#define XF_AHSHA1	3		/* AH SHA */
101#define XF_ESPDES	4		/* ESP DES-CBC */
102#define XF_ESP3DES	5		/* ESP DES3-CBC */
103#define XF_AHHMACMD5	6		/* AH-HMAC-MD5 with opt replay prot */
104#define XF_AHHMACSHA1	7		/* AH-HMAC-SHA1 with opt replay prot */
105#define XF_ESPDESMD5	8		/* ESP DES-CBC + MD5 */
106#define XF_ESP3DESMD5	9		/* ESP 3DES-CBC + MD5 */
107#define XF_NEWESP       10		/* The new ESP transforms */
108#define XF_NEWAH        11		/* The new AH transforms */
109
110#define XFT_AUTH	0x0001
111#define XFT_CONF	0x0100
112
113#define IPSEC_ZEROES_SIZE	64
114
115#if BYTE_ORDER == LITTLE_ENDIAN
116static __inline u_int64_t
117htonq(u_int64_t q)
118{
119    register u_int32_t u, l;
120    u = q >> 32;
121    l = (u_int32_t) q;
122
123    return htonl(u) | ((u_int64_t)htonl(l) << 32);
124}
125
126#define ntohq(_x) htonq(_x)
127
128#elif BYTE_ORDER == BIG_ENDIAN
129
130#define htonq(_x) (_x)
131#define ntohq(_x) htonq(_x)
132
133#else
134#error  "Please fix <machine/endian.h>"
135#endif
136
137extern unsigned char ipseczeroes[];
138
139#ifdef _KERNEL
140#undef ENCDEBUG
141extern int encdebug;
142
143struct tdb *tdbh[TDB_HASHMOD];
144extern struct xformsw xformsw[], *xformswNXFORMSW;
145
146extern u_int32_t reserve_spi(u_int32_t, struct in_addr, int *);
147extern struct tdb *gettdb(u_int32_t, struct in_addr);
148extern void puttdb(struct tdb *);
149extern int tdb_delete(struct tdb *, int);
150
151extern int ipe4_attach(void), ipe4_init(struct tdb *, struct xformsw *, struct mbuf *), ipe4_zeroize(struct tdb *);
152extern int ipe4_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
153extern void ipe4_input __P((struct mbuf *, ...));
154
155extern int ahmd5_attach(void), ahmd5_init(struct tdb *, struct xformsw *, struct mbuf *), ahmd5_zeroize(struct tdb *);
156extern int ahmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
157extern struct mbuf *ahmd5_input(struct mbuf *, struct tdb *);
158
159extern int ahsha1_attach(void), ahsha1_init(struct tdb *, struct xformsw *, struct mbuf *), ahsha1_zeroize(struct tdb *);
160extern int ahsha1_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
161extern struct mbuf *ahsha1_input(struct mbuf *, struct tdb *);
162
163extern int ahhmacmd5_attach(void), ahhmacmd5_init(struct tdb *, struct xformsw *, struct mbuf *), ahhmacmd5_zeroize(struct tdb *);
164extern int ahhmacmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
165extern struct mbuf *ahhmacmd5_input(struct mbuf *, struct tdb *);
166
167extern int ahhmacsha1_attach(void), ahhmacsha1_init(struct tdb *, struct xformsw *, struct mbuf *), ahhmacsha1_zeroize(struct tdb *);
168extern int ahhmacsha1_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
169extern struct mbuf *ahhmacsha1_input(struct mbuf *, struct tdb *);
170
171extern int espdes_attach(void), espdes_init(struct tdb *, struct xformsw *, struct mbuf *), espdes_zeroize(struct tdb *);
172extern int espdes_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
173extern struct mbuf *espdes_input(struct mbuf *, struct tdb *);
174
175extern int esp3des_attach(void), esp3des_init(struct tdb *, struct xformsw *, struct mbuf *), esp3des_zeroize(struct tdb *);
176extern int esp3des_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
177extern struct mbuf *esp3des_input(struct mbuf *, struct tdb *);
178
179extern int espdesmd5_attach(void), espdesmd5_init(struct tdb *, struct xformsw *, struct mbuf *), espdesmd5_zeroize(struct tdb *);
180extern int espdesmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
181extern struct mbuf *espdesmd5_input(struct mbuf *, struct tdb *);
182
183extern int esp3desmd5_attach(void), esp3desmd5_init(struct tdb *, struct xformsw *, struct mbuf *), esp3desmd5_zeroize(struct tdb *);
184extern int esp3desmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
185extern struct mbuf *esp3desmd5_input(struct mbuf *, struct tdb *);
186
187extern caddr_t m_pad(struct mbuf *, int);
188extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t, u_int32_t *);
189extern int checkreplaywindow64(u_int64_t, u_int64_t *, u_int64_t, u_int64_t *);
190#endif
191