ip_ipsp.h revision 1.12 
1/*	$OpenBSD: ip_ipsp.h,v 1.12 1997/07/14 08:46:38 provos Exp $	*/
2
3/*
4 * The author of this code is John Ioannidis, ji@tla.org,
5 * 	(except when noted otherwise).
6 *
7 * This code was written for BSD/OS in Athens, Greece, in November 1995.
8 *
9 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
10 * by Angelos D. Keromytis, kermit@forthnet.gr.
11 *
12 * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
13 *
14 * Permission to use, copy, and modify this software without fee
15 * is hereby granted, provided that this entire notice is included in
16 * all copies of any software which is or includes a copy or
17 * modification of this software.
18 *
19 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
20 * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
21 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
22 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
23 * PURPOSE.
24 */
25
26/*
27 * IPSP global definitions.
28 */
29
30struct flow
31{
32    struct flow     *flow_next;		/* Next in flow chain */
33    struct flow     *flow_prev;		/* Previous in flow chain */
34    struct tdb      *flow_sa;		/* Pointer to the SA */
35    struct in_addr   flow_src;   	/* Source address */
36    struct in_addr   flow_srcmask;	/* Source netmask */
37    struct in_addr   flow_dst;		/* Destination address */
38    struct in_addr   flow_dstmask;	/* Destination netmask */
39    u_int16_t	     flow_sport;	/* Source port, if applicable */
40    u_int16_t	     flow_dport;	/* Destination port, if applicable */
41    u_int8_t	     flow_proto;	/* Transport protocol, if applicable */
42    u_int8_t	     foo[3];		/* Alignment */
43};
44
45struct tdb				/* tunnel descriptor block */
46{
47    struct tdb	   *tdb_hnext;  	/* next in hash chain */
48    struct tdb	   *tdb_onext;	        /* next in output */
49    struct tdb	   *tdb_inext;  	/* next in input (prev!) */
50    struct xformsw *tdb_xform;	        /* transformation to use */
51    u_int32_t	    tdb_spi;    	/* SPI to use */
52    u_int32_t	    tdb_flags;  	/* Flags related to this TDB */
53#define TDBF_UNIQUE	   0x00001	/* This should not be used by others */
54#define TDBF_TIMER         0x00002	/* Absolute expiration timer in use */
55#define TDBF_BYTES         0x00004	/* Check the byte counters */
56#define TDBF_PACKETS       0x00008	/* Check the packet counters */
57#define TDBF_INVALID       0x00010	/* This SPI is not valid yet/anymore */
58#define TDBF_FIRSTUSE      0x00020	/* Expire after first use */
59#define TDBF_RELATIVE      0x00040	/* Expire after X secs from establ. */
60#define TDBF_SOFT_TIMER    0x00080	/* Soft expiration */
61#define TDBF_SOFT_BYTES    0x00100	/* Soft expiration */
62#define TDBF_SOFT_PACKETS  0x00200	/* Soft expiration */
63#define TDBF_SOFT_FIRSTUSE 0x00400	/* Soft expiration */
64#define TDBF_SOFT_RELATIVE 0x00800	/* Soft expiration */
65#define TDBF_TUNNELING     0x01000	/* Do IP-in-IP encapsulation */
66#define TDBF_SAME_TTL      0x02000	/* Keep the packet TTL, in tunneling */
67    u_int64_t       tdb_exp_packets;	/* Expire after so many packets s|r */
68    u_int64_t       tdb_soft_packets;	/* Expiration warning */
69    u_int64_t       tdb_cur_packets;    /* Current number of packets s|r'ed */
70    u_int64_t       tdb_exp_bytes;	/* Expire after so many bytes passed */
71    u_int64_t       tdb_soft_bytes;	/* Expiration warning */
72    u_int64_t       tdb_cur_bytes;	/* Current count of bytes */
73    u_int64_t       tdb_exp_timeout;	/* When does the SPI expire */
74    u_int64_t       tdb_soft_timeout;	/* Send a soft-expire warning */
75    u_int64_t       tdb_established;	/* When was the SPI established */
76    u_int64_t	    tdb_soft_relative ; /* Soft warning */
77    u_int64_t       tdb_exp_relative;   /* Expire if tdb_established +
78					    tdb_exp_relative <= curtime */
79    u_int64_t	    tdb_first_use;	/* When was it first used */
80    u_int64_t       tdb_soft_first_use; /* Soft warning */
81    u_int64_t       tdb_exp_first_use;	/* Expire if tdb_first_use +
82					   tdb_exp_first_use <= curtime */
83    struct in_addr  tdb_dst;	        /* dest address for this SPI */
84    struct in_addr  tdb_src;	        /* source address for this SPI,
85					 * used when tunneling */
86    struct in_addr  tdb_osrc;
87    struct in_addr  tdb_odst;		/* Source and destination addresses
88					 * of outter IP header if we're doing
89					 * tunneling */
90    caddr_t	    tdb_xdata;	        /* transformation data (opaque) */
91    struct flow	   *tdb_flow; 		/* Which flows use this SA */
92    u_int8_t	    tdb_ttl;		/* TTL used in tunneling */
93    u_int8_t	    tdb_sproto;		/* IPsec protocol */
94    u_int8_t        tdb_foo[2];		/* Alignment */
95};
96
97#define TDB_HASHMOD	257
98
99struct xformsw
100{
101    u_short		xf_type;	/* Unique ID of xform */
102    u_short		xf_flags;	/* flags (see below) */
103    char		*xf_name;	/* human-readable name */
104    int		(*xf_attach)(void);	/* called at config time */
105    int		(*xf_init)(struct tdb *, struct xformsw *, struct mbuf *);	/* xform initialization */
106    int		(*xf_zeroize)(struct tdb *); /* termination */
107    struct mbuf 	*(*xf_input)(struct mbuf *, struct tdb *);	/* called when packet received */
108    int		(*xf_output)(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);	/* called when packet sent */
109};
110
111#define XF_IP4		1		/* IP inside IP */
112#define XF_OLD_AH	2		/* RFCs 1828 & 1852 */
113#define XF_OLD_ESP	3		/* RFCs 1829 & 1851 */
114#define XF_NEW_AH	4		/* AH HMAC 96bits */
115#define XF_NEW_ESP	5		/* ESP + auth 96bits + replay counter */
116
117/* Supported key hash algorithms */
118#define ALG_AUTH_MD5	1
119#define ALG_AUTH_SHA1	2
120
121/* Supported encryption algorithms */
122#define ALG_ENC_DES	1
123#define ALG_ENC_3DES	2
124
125#define XFT_AUTH	0x0001
126#define XFT_CONF	0x0100
127
128#define IPSEC_ZEROES_SIZE	64
129
130#if BYTE_ORDER == LITTLE_ENDIAN
131static __inline u_int64_t
132htonq(u_int64_t q)
133{
134    register u_int32_t u, l;
135    u = q >> 32;
136    l = (u_int32_t) q;
137
138    return htonl(u) | ((u_int64_t)htonl(l) << 32);
139}
140
141#define ntohq(_x) htonq(_x)
142
143#elif BYTE_ORDER == BIG_ENDIAN
144
145#define htonq(_x) (_x)
146#define ntohq(_x) htonq(_x)
147
148#else
149#error  "Please fix <machine/endian.h>"
150#endif
151
152extern unsigned char ipseczeroes[];
153
154/*
155 * Names for IPsec sysctl objects
156 */
157#define IPSECCTL_ENCAP			28
158#define IPSECCTL_MAXID			29
159
160#define CTL_IPSEC_NAMES {\
161	{ 0, 0 }, \
162	{ 0, 0 }, \
163	{ 0, 0 }, \
164	{ 0, 0 }, \
165	{ 0, 0 }, \
166	{ 0, 0 }, \
167	{ 0, 0 }, \
168	{ 0, 0 }, \
169	{ 0, 0 }, \
170	{ 0, 0 }, \
171	{ 0, 0 }, \
172	{ 0, 0 }, \
173	{ 0, 0 }, \
174	{ 0, 0 }, \
175	{ 0, 0 }, \
176	{ 0, 0 }, \
177	{ 0, 0 }, \
178	{ 0, 0 }, \
179	{ 0, 0 }, \
180	{ 0, 0 }, \
181	{ 0, 0 }, \
182	{ 0, 0 }, \
183	{ 0, 0 }, \
184	{ 0, 0 }, \
185	{ 0, 0 }, \
186	{ 0, 0 }, \
187	{ 0, 0 }, \
188	{ 0, 0 }, \
189	{ "encap", CTLTYPE_NODE }, \
190}
191
192#ifdef _KERNEL
193extern int encdebug;
194
195struct tdb *tdbh[TDB_HASHMOD];
196extern struct xformsw xformsw[], *xformswNXFORMSW;
197
198/* TDB management routines */
199extern u_int32_t reserve_spi(u_int32_t, struct in_addr, u_int8_t, int *);
200extern struct tdb *gettdb(u_int32_t, struct in_addr, u_int8_t);
201extern void puttdb(struct tdb *);
202extern int tdb_delete(struct tdb *, int);
203
204/* Flow management routines */
205extern struct flow *get_flow(void);
206extern void put_flow(struct flow *, struct tdb *);
207extern void delete_flow(struct flow *, struct tdb *);
208extern struct flow *find_flow(struct in_addr, struct in_addr, struct in_addr,
209			      struct in_addr, u_int8_t, u_int16_t, u_int16_t,
210			      struct tdb *);
211extern struct flow *find_global_flow(struct in_addr, struct in_addr,
212				     struct in_addr, struct in_addr, u_int8_t,
213				     u_int16_t, u_int16_t);
214
215/* XF_IP4 */
216extern int ipe4_attach(void);
217extern int ipe4_init(struct tdb *, struct xformsw *, struct mbuf *);
218extern int ipe4_zeroize(struct tdb *);
219extern int ipe4_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
220		       struct mbuf **);
221extern void ipe4_input __P((struct mbuf *, ...));
222
223/* XF_OLD_AH */
224extern int ah_old_attach(void);
225extern int ah_old_init(struct tdb *, struct xformsw *, struct mbuf *);
226extern int ah_old_zeroize(struct tdb *);
227extern int ah_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
228			 struct mbuf **);
229extern struct mbuf *ah_old_input(struct mbuf *, struct tdb *);
230
231/* XF_NEW_AH */
232extern int ah_new_attach(void);
233extern int ah_new_init(struct tdb *, struct xformsw *, struct mbuf *);
234extern int ah_new_zeroize(struct tdb *);
235extern int ah_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
236			 struct mbuf **);
237extern struct mbuf *ah_new_input(struct mbuf *, struct tdb *);
238
239/* XF_OLD_ESP */
240extern int esp_old_attach(void);
241extern int esp_old_init(struct tdb *, struct xformsw *, struct mbuf *);
242extern int esp_old_zeroize(struct tdb *);
243extern int esp_old_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
244			  struct mbuf **);
245extern struct mbuf *esp_old_input(struct mbuf *, struct tdb *);
246
247/* XF_NEW_ESP */
248extern int esp_new_attach(void);
249extern int esp_new_init(struct tdb *, struct xformsw *, struct mbuf *);
250extern int esp_new_zeroize(struct tdb *);
251extern int esp_new_output(struct mbuf *, struct sockaddr_encap *, struct tdb *,
252			  struct mbuf **);
253extern struct mbuf *esp_new_input(struct mbuf *, struct tdb *);
254
255/* Padding */
256extern caddr_t m_pad(struct mbuf *, int);
257
258/* Replay window */
259extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t,
260			       u_int32_t *);
261#endif
262