ip_ipsp.h revision 1.11 
1/*	$OpenBSD: ip_ipsp.h,v 1.11 1997/07/11 23:37:59 provos Exp $	*/
2
3/*
4 * The author of this code is John Ioannidis, ji@tla.org,
5 * 	(except when noted otherwise).
6 *
7 * This code was written for BSD/OS in Athens, Greece, in November 1995.
8 *
9 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
10 * by Angelos D. Keromytis, kermit@forthnet.gr.
11 *
12 * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
13 *
14 * Permission to use, copy, and modify this software without fee
15 * is hereby granted, provided that this entire notice is included in
16 * all copies of any software which is or includes a copy or
17 * modification of this software.
18 *
19 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
20 * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
21 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
22 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
23 * PURPOSE.
24 */
25
26/*
27 * IPSP global definitions.
28 */
29
30struct flow
31{
32    struct flow     *flow_next;		/* Next in flow chain */
33    struct flow     *flow_prev;		/* Previous in flow chain */
34    struct tdb      *flow_sa;		/* Pointer to the SA */
35    struct in_addr   flow_src;   	/* Source address */
36    struct in_addr   flow_srcmask;	/* Source netmask */
37    struct in_addr   flow_dst;		/* Destination address */
38    struct in_addr   flow_dstmask;	/* Destination netmask */
39    u_int16_t	     flow_sport;	/* Source port, if applicable */
40    u_int16_t	     flow_dport;	/* Destination port, if applicable */
41    u_int8_t	     flow_proto;	/* Transport protocol, if applicable */
42    u_int8_t	     foo[3];		/* Alignment */
43};
44
45struct tdb				/* tunnel descriptor block */
46{
47    struct tdb	   *tdb_hnext;  	/* next in hash chain */
48    struct tdb	   *tdb_onext;	        /* next in output */
49    struct tdb	   *tdb_inext;  	/* next in input (prev!) */
50    struct xformsw *tdb_xform;	        /* transformation to use */
51    u_int32_t	    tdb_spi;    	/* SPI to use */
52    u_int32_t	    tdb_flags;  	/* Flags related to this TDB */
53#define TDBF_UNIQUE	   0x00001	/* This should not be used by others */
54#define TDBF_TIMER         0x00002	/* Absolute expiration timer in use */
55#define TDBF_BYTES         0x00004	/* Check the byte counters */
56#define TDBF_PACKETS       0x00008	/* Check the packet counters */
57#define TDBF_INVALID       0x00010	/* This SPI is not valid yet/anymore */
58#define TDBF_FIRSTUSE      0x00020	/* Expire after first use */
59#define TDBF_RELATIVE      0x00040	/* Expire after X secs from establ. */
60#define TDBF_SOFT_TIMER    0x00080	/* Soft expiration */
61#define TDBF_SOFT_BYTES    0x00100	/* Soft expiration */
62#define TDBF_SOFT_PACKETS  0x00200	/* Soft expiration */
63#define TDBF_SOFT_FIRSTUSE 0x00400	/* Soft expiration */
64#define TDBF_SOFT_RELATIVE 0x00800	/* Soft expiration */
65#define TDBF_TUNNELING     0x01000	/* Do IP-in-IP encapsulation */
66#define TDBF_SAME_TTL      0x02000	/* Keep the packet TTL, in tunneling */
67    u_int64_t       tdb_exp_packets;	/* Expire after so many packets s|r */
68    u_int64_t       tdb_soft_packets;	/* Expiration warning */
69    u_int64_t       tdb_cur_packets;    /* Current number of packets s|r'ed */
70    u_int64_t       tdb_exp_bytes;	/* Expire after so many bytes passed */
71    u_int64_t       tdb_soft_bytes;	/* Expiration warning */
72    u_int64_t       tdb_cur_bytes;	/* Current count of bytes */
73    u_int64_t       tdb_exp_timeout;	/* When does the SPI expire */
74    u_int64_t       tdb_soft_timeout;	/* Send a soft-expire warning */
75    u_int64_t       tdb_established;	/* When was the SPI established */
76    u_int64_t	    tdb_soft_relative ; /* Soft warning */
77    u_int64_t       tdb_exp_relative;   /* Expire if tdb_established +
78					    tdb_exp_relative <= curtime */
79    u_int64_t	    tdb_first_use;	/* When was it first used */
80    u_int64_t       tdb_soft_first_use; /* Soft warning */
81    u_int64_t       tdb_exp_first_use;	/* Expire if tdb_first_use +
82					   tdb_exp_first_use <= curtime */
83    struct in_addr  tdb_dst;	        /* dest address for this SPI */
84    struct in_addr  tdb_src;	        /* source address for this SPI,
85					 * used when tunneling */
86    struct in_addr  tdb_osrc;
87    struct in_addr  tdb_odst;		/* Source and destination addresses
88					 * of outter IP header if we're doing
89					 * tunneling */
90    caddr_t	    tdb_xdata;	        /* transformation data (opaque) */
91    struct flow	   *tdb_flow; 		/* Which flows use this SA */
92    u_int8_t	    tdb_ttl;		/* TTL used in tunneling */
93    u_int8_t	    tdb_sproto;		/* IPsec protocol */
94    u_int8_t        tdb_foo[2];		/* Alignment */
95};
96
97#define TDB_HASHMOD	257
98
99struct xformsw
100{
101    u_short		xf_type;	/* Unique ID of xform */
102    u_short		xf_flags;	/* flags (see below) */
103    char		*xf_name;	/* human-readable name */
104    int		(*xf_attach)(void);	/* called at config time */
105    int		(*xf_init)(struct tdb *, struct xformsw *, struct mbuf *);	/* xform initialization */
106    int		(*xf_zeroize)(struct tdb *); /* termination */
107    struct mbuf 	*(*xf_input)(struct mbuf *, struct tdb *);	/* called when packet received */
108    int		(*xf_output)(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);	/* called when packet sent */
109};
110
111#define XF_IP4		1		/* IP inside IP */
112#define XF_OLD_AH	2		/* RFCs 1828 & 1852 */
113#define XF_OLD_ESP	3		/* RFCs 1829 & 1851 */
114#define XF_NEW_AH	4		/* AH HMAC 96bits */
115#define XF_NEW_ESP	5		/* ESP + auth 96bits + replay counter */
116
117/* Supported key hash algorithms */
118#define ALG_AUTH_MD5	1
119#define ALG_AUTH_SHA1	2
120
121/* Supported encryption algorithms */
122#define ALG_ENC_DES	1
123#define ALG_ENC_3DES	2
124
125#define XFT_AUTH	0x0001
126#define XFT_CONF	0x0100
127
128#define IPSEC_ZEROES_SIZE	64
129
130#if BYTE_ORDER == LITTLE_ENDIAN
131static __inline u_int64_t
132htonq(u_int64_t q)
133{
134    register u_int32_t u, l;
135    u = q >> 32;
136    l = (u_int32_t) q;
137
138    return htonl(u) | ((u_int64_t)htonl(l) << 32);
139}
140
141#define ntohq(_x) htonq(_x)
142
143#elif BYTE_ORDER == BIG_ENDIAN
144
145#define htonq(_x) (_x)
146#define ntohq(_x) htonq(_x)
147
148#else
149#error  "Please fix <machine/endian.h>"
150#endif
151
152extern unsigned char ipseczeroes[];
153
154/*
155 * Names for IPsec sysctl objects
156 */
157#define IPSECCTL_ENCDEBUG		1	/* turn debugging on/off */
158#define IPSECCTL_MAXID			2
159
160#define IPSECCTL_NAMES {\
161	{ 0, 0 }, \
162	{ "encdebug", CTLTYPE_INT }, \
163}
164
165#ifdef _KERNEL
166extern int encdebug;
167
168struct tdb *tdbh[TDB_HASHMOD];
169extern struct xformsw xformsw[], *xformswNXFORMSW;
170
171/* TDB management routines */
172extern u_int32_t reserve_spi(u_int32_t, struct in_addr, u_int8_t, int *);
173extern struct tdb *gettdb(u_int32_t, struct in_addr, u_int8_t);
174extern void puttdb(struct tdb *);
175extern int tdb_delete(struct tdb *, int);
176
177/* Flow management routines */
178extern struct flow *get_flow(void);
179extern void put_flow(struct flow *, struct tdb *);
180extern void delete_flow(struct flow *, struct tdb *);
181extern struct flow *find_flow(struct in_addr, struct in_addr, struct in_addr,
182			      struct in_addr, u_int8_t, u_int16_t, u_int16_t,
183			      struct tdb *);
184extern struct flow *find_global_flow(struct in_addr, struct in_addr,
185				     struct in_addr, struct in_addr, u_int8_t,
186				     u_int16_t, u_int16_t);
187
188/* XF_IP4 */
189extern int ipe4_attach(void);
190extern int ipe4_init(struct tdb *, struct xformsw *, struct mbuf *);
191extern int ipe4_zeroize(struct tdb *);
192extern int ipe4_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
193		       struct mbuf **);
194extern void ipe4_input __P((struct mbuf *, ...));
195
196/* XF_OLD_AH */
197extern int ah_old_attach(void);
198extern int ah_old_init(struct tdb *, struct xformsw *, struct mbuf *);
199extern int ah_old_zeroize(struct tdb *);
200extern int ah_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
201			 struct mbuf **);
202extern struct mbuf *ah_old_input(struct mbuf *, struct tdb *);
203
204/* XF_NEW_AH */
205extern int ah_new_attach(void);
206extern int ah_new_init(struct tdb *, struct xformsw *, struct mbuf *);
207extern int ah_new_zeroize(struct tdb *);
208extern int ah_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
209			 struct mbuf **);
210extern struct mbuf *ah_new_input(struct mbuf *, struct tdb *);
211
212/* XF_OLD_ESP */
213extern int esp_old_attach(void);
214extern int esp_old_init(struct tdb *, struct xformsw *, struct mbuf *);
215extern int esp_old_zeroize(struct tdb *);
216extern int esp_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
217			  struct mbuf **);
218extern struct mbuf *esp_old_input(struct mbuf *, struct tdb *);
219
220/* XF_NEW_ESP */
221extern int esp_new_attach(void);
222extern int esp_new_init(struct tdb *, struct xformsw *, struct mbuf *);
223extern int esp_new_zeroize(struct tdb *);
224extern int esp_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
225			  struct mbuf **);
226extern struct mbuf *esp_new_input(struct mbuf *, struct tdb *);
227
228/* Padding */
229extern caddr_t m_pad(struct mbuf *, int);
230
231/* Replay window */
232extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t,
233			       u_int32_t *);
234#endif
235