ip_ipsp.h revision 1.11
1/* $OpenBSD: ip_ipsp.h,v 1.11 1997/07/11 23:37:59 provos Exp $ */ 2 3/* 4 * The author of this code is John Ioannidis, ji@tla.org, 5 * (except when noted otherwise). 6 * 7 * This code was written for BSD/OS in Athens, Greece, in November 1995. 8 * 9 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 10 * by Angelos D. Keromytis, kermit@forthnet.gr. 11 * 12 * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis. 13 * 14 * Permission to use, copy, and modify this software without fee 15 * is hereby granted, provided that this entire notice is included in 16 * all copies of any software which is or includes a copy or 17 * modification of this software. 18 * 19 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 20 * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY 21 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 22 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 23 * PURPOSE. 24 */ 25 26/* 27 * IPSP global definitions. 28 */ 29 30struct flow 31{ 32 struct flow *flow_next; /* Next in flow chain */ 33 struct flow *flow_prev; /* Previous in flow chain */ 34 struct tdb *flow_sa; /* Pointer to the SA */ 35 struct in_addr flow_src; /* Source address */ 36 struct in_addr flow_srcmask; /* Source netmask */ 37 struct in_addr flow_dst; /* Destination address */ 38 struct in_addr flow_dstmask; /* Destination netmask */ 39 u_int16_t flow_sport; /* Source port, if applicable */ 40 u_int16_t flow_dport; /* Destination port, if applicable */ 41 u_int8_t flow_proto; /* Transport protocol, if applicable */ 42 u_int8_t foo[3]; /* Alignment */ 43}; 44 45struct tdb /* tunnel descriptor block */ 46{ 47 struct tdb *tdb_hnext; /* next in hash chain */ 48 struct tdb *tdb_onext; /* next in output */ 49 struct tdb *tdb_inext; /* next in input (prev!) */ 50 struct xformsw *tdb_xform; /* transformation to use */ 51 u_int32_t tdb_spi; /* SPI to use */ 52 u_int32_t tdb_flags; /* Flags related to this TDB */ 53#define TDBF_UNIQUE 0x00001 /* This should not be used by others */ 54#define TDBF_TIMER 0x00002 /* Absolute expiration timer in use */ 55#define TDBF_BYTES 0x00004 /* Check the byte counters */ 56#define TDBF_PACKETS 0x00008 /* Check the packet counters */ 57#define TDBF_INVALID 0x00010 /* This SPI is not valid yet/anymore */ 58#define TDBF_FIRSTUSE 0x00020 /* Expire after first use */ 59#define TDBF_RELATIVE 0x00040 /* Expire after X secs from establ. */ 60#define TDBF_SOFT_TIMER 0x00080 /* Soft expiration */ 61#define TDBF_SOFT_BYTES 0x00100 /* Soft expiration */ 62#define TDBF_SOFT_PACKETS 0x00200 /* Soft expiration */ 63#define TDBF_SOFT_FIRSTUSE 0x00400 /* Soft expiration */ 64#define TDBF_SOFT_RELATIVE 0x00800 /* Soft expiration */ 65#define TDBF_TUNNELING 0x01000 /* Do IP-in-IP encapsulation */ 66#define TDBF_SAME_TTL 0x02000 /* Keep the packet TTL, in tunneling */ 67 u_int64_t tdb_exp_packets; /* Expire after so many packets s|r */ 68 u_int64_t tdb_soft_packets; /* Expiration warning */ 69 u_int64_t tdb_cur_packets; /* Current number of packets s|r'ed */ 70 u_int64_t tdb_exp_bytes; /* Expire after so many bytes passed */ 71 u_int64_t tdb_soft_bytes; /* Expiration warning */ 72 u_int64_t tdb_cur_bytes; /* Current count of bytes */ 73 u_int64_t tdb_exp_timeout; /* When does the SPI expire */ 74 u_int64_t tdb_soft_timeout; /* Send a soft-expire warning */ 75 u_int64_t tdb_established; /* When was the SPI established */ 76 u_int64_t tdb_soft_relative ; /* Soft warning */ 77 u_int64_t tdb_exp_relative; /* Expire if tdb_established + 78 tdb_exp_relative <= curtime */ 79 u_int64_t tdb_first_use; /* When was it first used */ 80 u_int64_t tdb_soft_first_use; /* Soft warning */ 81 u_int64_t tdb_exp_first_use; /* Expire if tdb_first_use + 82 tdb_exp_first_use <= curtime */ 83 struct in_addr tdb_dst; /* dest address for this SPI */ 84 struct in_addr tdb_src; /* source address for this SPI, 85 * used when tunneling */ 86 struct in_addr tdb_osrc; 87 struct in_addr tdb_odst; /* Source and destination addresses 88 * of outter IP header if we're doing 89 * tunneling */ 90 caddr_t tdb_xdata; /* transformation data (opaque) */ 91 struct flow *tdb_flow; /* Which flows use this SA */ 92 u_int8_t tdb_ttl; /* TTL used in tunneling */ 93 u_int8_t tdb_sproto; /* IPsec protocol */ 94 u_int8_t tdb_foo[2]; /* Alignment */ 95}; 96 97#define TDB_HASHMOD 257 98 99struct xformsw 100{ 101 u_short xf_type; /* Unique ID of xform */ 102 u_short xf_flags; /* flags (see below) */ 103 char *xf_name; /* human-readable name */ 104 int (*xf_attach)(void); /* called at config time */ 105 int (*xf_init)(struct tdb *, struct xformsw *, struct mbuf *); /* xform initialization */ 106 int (*xf_zeroize)(struct tdb *); /* termination */ 107 struct mbuf *(*xf_input)(struct mbuf *, struct tdb *); /* called when packet received */ 108 int (*xf_output)(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **); /* called when packet sent */ 109}; 110 111#define XF_IP4 1 /* IP inside IP */ 112#define XF_OLD_AH 2 /* RFCs 1828 & 1852 */ 113#define XF_OLD_ESP 3 /* RFCs 1829 & 1851 */ 114#define XF_NEW_AH 4 /* AH HMAC 96bits */ 115#define XF_NEW_ESP 5 /* ESP + auth 96bits + replay counter */ 116 117/* Supported key hash algorithms */ 118#define ALG_AUTH_MD5 1 119#define ALG_AUTH_SHA1 2 120 121/* Supported encryption algorithms */ 122#define ALG_ENC_DES 1 123#define ALG_ENC_3DES 2 124 125#define XFT_AUTH 0x0001 126#define XFT_CONF 0x0100 127 128#define IPSEC_ZEROES_SIZE 64 129 130#if BYTE_ORDER == LITTLE_ENDIAN 131static __inline u_int64_t 132htonq(u_int64_t q) 133{ 134 register u_int32_t u, l; 135 u = q >> 32; 136 l = (u_int32_t) q; 137 138 return htonl(u) | ((u_int64_t)htonl(l) << 32); 139} 140 141#define ntohq(_x) htonq(_x) 142 143#elif BYTE_ORDER == BIG_ENDIAN 144 145#define htonq(_x) (_x) 146#define ntohq(_x) htonq(_x) 147 148#else 149#error "Please fix <machine/endian.h>" 150#endif 151 152extern unsigned char ipseczeroes[]; 153 154/* 155 * Names for IPsec sysctl objects 156 */ 157#define IPSECCTL_ENCDEBUG 1 /* turn debugging on/off */ 158#define IPSECCTL_MAXID 2 159 160#define IPSECCTL_NAMES {\ 161 { 0, 0 }, \ 162 { "encdebug", CTLTYPE_INT }, \ 163} 164 165#ifdef _KERNEL 166extern int encdebug; 167 168struct tdb *tdbh[TDB_HASHMOD]; 169extern struct xformsw xformsw[], *xformswNXFORMSW; 170 171/* TDB management routines */ 172extern u_int32_t reserve_spi(u_int32_t, struct in_addr, u_int8_t, int *); 173extern struct tdb *gettdb(u_int32_t, struct in_addr, u_int8_t); 174extern void puttdb(struct tdb *); 175extern int tdb_delete(struct tdb *, int); 176 177/* Flow management routines */ 178extern struct flow *get_flow(void); 179extern void put_flow(struct flow *, struct tdb *); 180extern void delete_flow(struct flow *, struct tdb *); 181extern struct flow *find_flow(struct in_addr, struct in_addr, struct in_addr, 182 struct in_addr, u_int8_t, u_int16_t, u_int16_t, 183 struct tdb *); 184extern struct flow *find_global_flow(struct in_addr, struct in_addr, 185 struct in_addr, struct in_addr, u_int8_t, 186 u_int16_t, u_int16_t); 187 188/* XF_IP4 */ 189extern int ipe4_attach(void); 190extern int ipe4_init(struct tdb *, struct xformsw *, struct mbuf *); 191extern int ipe4_zeroize(struct tdb *); 192extern int ipe4_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 193 struct mbuf **); 194extern void ipe4_input __P((struct mbuf *, ...)); 195 196/* XF_OLD_AH */ 197extern int ah_old_attach(void); 198extern int ah_old_init(struct tdb *, struct xformsw *, struct mbuf *); 199extern int ah_old_zeroize(struct tdb *); 200extern int ah_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 201 struct mbuf **); 202extern struct mbuf *ah_old_input(struct mbuf *, struct tdb *); 203 204/* XF_NEW_AH */ 205extern int ah_new_attach(void); 206extern int ah_new_init(struct tdb *, struct xformsw *, struct mbuf *); 207extern int ah_new_zeroize(struct tdb *); 208extern int ah_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 209 struct mbuf **); 210extern struct mbuf *ah_new_input(struct mbuf *, struct tdb *); 211 212/* XF_OLD_ESP */ 213extern int esp_old_attach(void); 214extern int esp_old_init(struct tdb *, struct xformsw *, struct mbuf *); 215extern int esp_old_zeroize(struct tdb *); 216extern int esp_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 217 struct mbuf **); 218extern struct mbuf *esp_old_input(struct mbuf *, struct tdb *); 219 220/* XF_NEW_ESP */ 221extern int esp_new_attach(void); 222extern int esp_new_init(struct tdb *, struct xformsw *, struct mbuf *); 223extern int esp_new_zeroize(struct tdb *); 224extern int esp_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 225 struct mbuf **); 226extern struct mbuf *esp_new_input(struct mbuf *, struct tdb *); 227 228/* Padding */ 229extern caddr_t m_pad(struct mbuf *, int); 230 231/* Replay window */ 232extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t, 233 u_int32_t *); 234#endif 235