ip_ipsp.h revision 1.12
1/* $OpenBSD: ip_ipsp.h,v 1.12 1997/07/14 08:46:38 provos Exp $ */ 2 3/* 4 * The author of this code is John Ioannidis, ji@tla.org, 5 * (except when noted otherwise). 6 * 7 * This code was written for BSD/OS in Athens, Greece, in November 1995. 8 * 9 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 10 * by Angelos D. Keromytis, kermit@forthnet.gr. 11 * 12 * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis. 13 * 14 * Permission to use, copy, and modify this software without fee 15 * is hereby granted, provided that this entire notice is included in 16 * all copies of any software which is or includes a copy or 17 * modification of this software. 18 * 19 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 20 * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY 21 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 22 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 23 * PURPOSE. 24 */ 25 26/* 27 * IPSP global definitions. 28 */ 29 30struct flow 31{ 32 struct flow *flow_next; /* Next in flow chain */ 33 struct flow *flow_prev; /* Previous in flow chain */ 34 struct tdb *flow_sa; /* Pointer to the SA */ 35 struct in_addr flow_src; /* Source address */ 36 struct in_addr flow_srcmask; /* Source netmask */ 37 struct in_addr flow_dst; /* Destination address */ 38 struct in_addr flow_dstmask; /* Destination netmask */ 39 u_int16_t flow_sport; /* Source port, if applicable */ 40 u_int16_t flow_dport; /* Destination port, if applicable */ 41 u_int8_t flow_proto; /* Transport protocol, if applicable */ 42 u_int8_t foo[3]; /* Alignment */ 43}; 44 45struct tdb /* tunnel descriptor block */ 46{ 47 struct tdb *tdb_hnext; /* next in hash chain */ 48 struct tdb *tdb_onext; /* next in output */ 49 struct tdb *tdb_inext; /* next in input (prev!) */ 50 struct xformsw *tdb_xform; /* transformation to use */ 51 u_int32_t tdb_spi; /* SPI to use */ 52 u_int32_t tdb_flags; /* Flags related to this TDB */ 53#define TDBF_UNIQUE 0x00001 /* This should not be used by others */ 54#define TDBF_TIMER 0x00002 /* Absolute expiration timer in use */ 55#define TDBF_BYTES 0x00004 /* Check the byte counters */ 56#define TDBF_PACKETS 0x00008 /* Check the packet counters */ 57#define TDBF_INVALID 0x00010 /* This SPI is not valid yet/anymore */ 58#define TDBF_FIRSTUSE 0x00020 /* Expire after first use */ 59#define TDBF_RELATIVE 0x00040 /* Expire after X secs from establ. */ 60#define TDBF_SOFT_TIMER 0x00080 /* Soft expiration */ 61#define TDBF_SOFT_BYTES 0x00100 /* Soft expiration */ 62#define TDBF_SOFT_PACKETS 0x00200 /* Soft expiration */ 63#define TDBF_SOFT_FIRSTUSE 0x00400 /* Soft expiration */ 64#define TDBF_SOFT_RELATIVE 0x00800 /* Soft expiration */ 65#define TDBF_TUNNELING 0x01000 /* Do IP-in-IP encapsulation */ 66#define TDBF_SAME_TTL 0x02000 /* Keep the packet TTL, in tunneling */ 67 u_int64_t tdb_exp_packets; /* Expire after so many packets s|r */ 68 u_int64_t tdb_soft_packets; /* Expiration warning */ 69 u_int64_t tdb_cur_packets; /* Current number of packets s|r'ed */ 70 u_int64_t tdb_exp_bytes; /* Expire after so many bytes passed */ 71 u_int64_t tdb_soft_bytes; /* Expiration warning */ 72 u_int64_t tdb_cur_bytes; /* Current count of bytes */ 73 u_int64_t tdb_exp_timeout; /* When does the SPI expire */ 74 u_int64_t tdb_soft_timeout; /* Send a soft-expire warning */ 75 u_int64_t tdb_established; /* When was the SPI established */ 76 u_int64_t tdb_soft_relative ; /* Soft warning */ 77 u_int64_t tdb_exp_relative; /* Expire if tdb_established + 78 tdb_exp_relative <= curtime */ 79 u_int64_t tdb_first_use; /* When was it first used */ 80 u_int64_t tdb_soft_first_use; /* Soft warning */ 81 u_int64_t tdb_exp_first_use; /* Expire if tdb_first_use + 82 tdb_exp_first_use <= curtime */ 83 struct in_addr tdb_dst; /* dest address for this SPI */ 84 struct in_addr tdb_src; /* source address for this SPI, 85 * used when tunneling */ 86 struct in_addr tdb_osrc; 87 struct in_addr tdb_odst; /* Source and destination addresses 88 * of outter IP header if we're doing 89 * tunneling */ 90 caddr_t tdb_xdata; /* transformation data (opaque) */ 91 struct flow *tdb_flow; /* Which flows use this SA */ 92 u_int8_t tdb_ttl; /* TTL used in tunneling */ 93 u_int8_t tdb_sproto; /* IPsec protocol */ 94 u_int8_t tdb_foo[2]; /* Alignment */ 95}; 96 97#define TDB_HASHMOD 257 98 99struct xformsw 100{ 101 u_short xf_type; /* Unique ID of xform */ 102 u_short xf_flags; /* flags (see below) */ 103 char *xf_name; /* human-readable name */ 104 int (*xf_attach)(void); /* called at config time */ 105 int (*xf_init)(struct tdb *, struct xformsw *, struct mbuf *); /* xform initialization */ 106 int (*xf_zeroize)(struct tdb *); /* termination */ 107 struct mbuf *(*xf_input)(struct mbuf *, struct tdb *); /* called when packet received */ 108 int (*xf_output)(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **); /* called when packet sent */ 109}; 110 111#define XF_IP4 1 /* IP inside IP */ 112#define XF_OLD_AH 2 /* RFCs 1828 & 1852 */ 113#define XF_OLD_ESP 3 /* RFCs 1829 & 1851 */ 114#define XF_NEW_AH 4 /* AH HMAC 96bits */ 115#define XF_NEW_ESP 5 /* ESP + auth 96bits + replay counter */ 116 117/* Supported key hash algorithms */ 118#define ALG_AUTH_MD5 1 119#define ALG_AUTH_SHA1 2 120 121/* Supported encryption algorithms */ 122#define ALG_ENC_DES 1 123#define ALG_ENC_3DES 2 124 125#define XFT_AUTH 0x0001 126#define XFT_CONF 0x0100 127 128#define IPSEC_ZEROES_SIZE 64 129 130#if BYTE_ORDER == LITTLE_ENDIAN 131static __inline u_int64_t 132htonq(u_int64_t q) 133{ 134 register u_int32_t u, l; 135 u = q >> 32; 136 l = (u_int32_t) q; 137 138 return htonl(u) | ((u_int64_t)htonl(l) << 32); 139} 140 141#define ntohq(_x) htonq(_x) 142 143#elif BYTE_ORDER == BIG_ENDIAN 144 145#define htonq(_x) (_x) 146#define ntohq(_x) htonq(_x) 147 148#else 149#error "Please fix <machine/endian.h>" 150#endif 151 152extern unsigned char ipseczeroes[]; 153 154/* 155 * Names for IPsec sysctl objects 156 */ 157#define IPSECCTL_ENCAP 28 158#define IPSECCTL_MAXID 29 159 160#define CTL_IPSEC_NAMES {\ 161 { 0, 0 }, \ 162 { 0, 0 }, \ 163 { 0, 0 }, \ 164 { 0, 0 }, \ 165 { 0, 0 }, \ 166 { 0, 0 }, \ 167 { 0, 0 }, \ 168 { 0, 0 }, \ 169 { 0, 0 }, \ 170 { 0, 0 }, \ 171 { 0, 0 }, \ 172 { 0, 0 }, \ 173 { 0, 0 }, \ 174 { 0, 0 }, \ 175 { 0, 0 }, \ 176 { 0, 0 }, \ 177 { 0, 0 }, \ 178 { 0, 0 }, \ 179 { 0, 0 }, \ 180 { 0, 0 }, \ 181 { 0, 0 }, \ 182 { 0, 0 }, \ 183 { 0, 0 }, \ 184 { 0, 0 }, \ 185 { 0, 0 }, \ 186 { 0, 0 }, \ 187 { 0, 0 }, \ 188 { 0, 0 }, \ 189 { "encap", CTLTYPE_NODE }, \ 190} 191 192#ifdef _KERNEL 193extern int encdebug; 194 195struct tdb *tdbh[TDB_HASHMOD]; 196extern struct xformsw xformsw[], *xformswNXFORMSW; 197 198/* TDB management routines */ 199extern u_int32_t reserve_spi(u_int32_t, struct in_addr, u_int8_t, int *); 200extern struct tdb *gettdb(u_int32_t, struct in_addr, u_int8_t); 201extern void puttdb(struct tdb *); 202extern int tdb_delete(struct tdb *, int); 203 204/* Flow management routines */ 205extern struct flow *get_flow(void); 206extern void put_flow(struct flow *, struct tdb *); 207extern void delete_flow(struct flow *, struct tdb *); 208extern struct flow *find_flow(struct in_addr, struct in_addr, struct in_addr, 209 struct in_addr, u_int8_t, u_int16_t, u_int16_t, 210 struct tdb *); 211extern struct flow *find_global_flow(struct in_addr, struct in_addr, 212 struct in_addr, struct in_addr, u_int8_t, 213 u_int16_t, u_int16_t); 214 215/* XF_IP4 */ 216extern int ipe4_attach(void); 217extern int ipe4_init(struct tdb *, struct xformsw *, struct mbuf *); 218extern int ipe4_zeroize(struct tdb *); 219extern int ipe4_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 220 struct mbuf **); 221extern void ipe4_input __P((struct mbuf *, ...)); 222 223/* XF_OLD_AH */ 224extern int ah_old_attach(void); 225extern int ah_old_init(struct tdb *, struct xformsw *, struct mbuf *); 226extern int ah_old_zeroize(struct tdb *); 227extern int ah_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 228 struct mbuf **); 229extern struct mbuf *ah_old_input(struct mbuf *, struct tdb *); 230 231/* XF_NEW_AH */ 232extern int ah_new_attach(void); 233extern int ah_new_init(struct tdb *, struct xformsw *, struct mbuf *); 234extern int ah_new_zeroize(struct tdb *); 235extern int ah_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 236 struct mbuf **); 237extern struct mbuf *ah_new_input(struct mbuf *, struct tdb *); 238 239/* XF_OLD_ESP */ 240extern int esp_old_attach(void); 241extern int esp_old_init(struct tdb *, struct xformsw *, struct mbuf *); 242extern int esp_old_zeroize(struct tdb *); 243extern int esp_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 244 struct mbuf **); 245extern struct mbuf *esp_old_input(struct mbuf *, struct tdb *); 246 247/* XF_NEW_ESP */ 248extern int esp_new_attach(void); 249extern int esp_new_init(struct tdb *, struct xformsw *, struct mbuf *); 250extern int esp_new_zeroize(struct tdb *); 251extern int esp_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, 252 struct mbuf **); 253extern struct mbuf *esp_new_input(struct mbuf *, struct tdb *); 254 255/* Padding */ 256extern caddr_t m_pad(struct mbuf *, int); 257 258/* Replay window */ 259extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t, 260 u_int32_t *); 261#endif 262