ip_ipsp.h revision 1.7 
1/*	$OpenBSD: ip_ipsp.h,v 1.7 1997/06/24 12:15:26 provos Exp $	*/
2
3/*
4 * The author of this code is John Ioannidis, ji@tla.org,
5 * 	(except when noted otherwise).
6 *
7 * This code was written for BSD/OS in Athens, Greece, in November 1995.
8 *
9 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
10 * by Angelos D. Keromytis, kermit@forthnet.gr.
11 *
12 * Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
13 *
14 * Permission to use, copy, and modify this software without fee
15 * is hereby granted, provided that this entire notice is included in
16 * all copies of any software which is or includes a copy or
17 * modification of this software.
18 *
19 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
20 * IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
21 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
22 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
23 * PURPOSE.
24 */
25
26/*
27 * IPSP global definitions.
28 */
29
30struct tdb				/* tunnel descriptor block */
31{
32    struct tdb	   *tdb_hnext;  	/* next in hash chain */
33    struct tdb	   *tdb_onext;	        /* next in output */
34    struct tdb	   *tdb_inext;  	/* next in input (prev!) */
35    u_int32_t	    tdb_spi;    	/* SPI to use */
36    u_int32_t	    tdb_flags;  	/* Flags related to this TDB */
37#define TDBF_UNIQUE	0x0001		/* This should not be used by others */
38#define TDBF_TIMER      0x0002		/* Check the timers */
39#define TDBF_BYTES      0x0004		/* Check the byte counters */
40#define TDBF_PACKETS    0x0008		/* Check the packet counters */
41#define TDBF_INVALID    0x0010          /* This SPI is no longer valid */
42    u_int64_t       tdb_packets;	/* Expire after so many packets s|r */
43    u_int64_t       tdb_soft_packets;	/* Expiration warning */
44    u_int64_t       tdb_cur_packets;    /* Current number of packets s|r'ed */
45    u_int64_t       tdb_bytes;		/* Expire after so many bytes passed */
46    u_int64_t       tdb_soft_bytes;	/* Expiration warning */
47    u_int64_t       tdb_cur_bytes;	/* Current count of bytes */
48    u_int64_t       tdb_timeout;	/* When does the SPI expire */
49    u_int64_t       tdb_soft_timeout;	/* Send a soft-expire warning */
50    u_int64_t       tdb_established;	/* When was the SPI established */
51    struct in_addr  tdb_dst;	        /* dest address for this SPI */
52    struct ifnet   *tdb_rcvif;	        /* related rcv encap interface */
53    struct xformsw *tdb_xform;	        /* transformation to use */
54    caddr_t	    tdb_xdata;	        /* transformation data (opaque) */
55};
56
57#define TDB_HASHMOD	257
58
59struct xformsw
60{
61    u_short		xf_type;	/* Unique ID of xform */
62    u_short		xf_flags;	/* flags (see below) */
63    char		*xf_name;	/* human-readable name */
64    int		(*xf_attach)(void);	/* called at config time */
65    int		(*xf_init)(struct tdb *, struct xformsw *, struct mbuf *);	/* xform initialization */
66    int		(*xf_zeroize)(struct tdb *); /* termination */
67    struct mbuf 	*(*xf_input)(struct mbuf *, struct tdb *);	/* called when packet received */
68    int		(*xf_output)(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);	/* called when packet sent */
69};
70
71#define XF_IP4		1		/* IP inside IP */
72#define XF_AHMD5	2		/* AH MD5 */
73#define XF_AHSHA1	3		/* AH SHA */
74#define XF_ESPDES	4		/* ESP DES-CBC */
75#define XF_ESP3DES	5		/* ESP DES3-CBC */
76#define XF_AHHMACMD5	6		/* AH-HMAC-MD5 with opt replay prot */
77#define XF_AHHMACSHA1	7		/* AH-HMAC-SHA1 with opt replay prot */
78#define XF_ESPDESMD5	8		/* ESP DES-CBC + MD5 */
79#define XF_ESP3DESMD5	9		/* ESP 3DES-CBC + MD5 */
80#define XF_NEWESP       10		/* The new ESP transforms */
81#define XF_NEWAH        11		/* The new AH transforms */
82
83#define XFT_AUTH	0x0001
84#define XFT_CONF	0x0100
85
86#define IPSEC_ZEROES_SIZE	64
87
88#if BYTE_ORDER == LITTLE_ENDIAN
89static __inline u_int64_t
90htonq(u_int64_t q)
91{
92    register u_int32_t u, l;
93    u = q >> 32;
94    l = (u_int32_t) q;
95
96    return htonl(u) | ((u_int64_t)htonl(l) << 32);
97}
98
99#define ntohq(_x) htonq(_x)
100
101#elif BYTE_ORDER == BIG_ENDIAN
102
103#define htonq(_x) (_x)
104#define ntohq(_x) htonq(_x)
105
106#else
107#error  "Please fix <machine/endian.h>"
108#endif
109
110extern unsigned char ipseczeroes[];
111
112#ifdef _KERNEL
113#undef ENCDEBUG
114extern int encdebug;
115
116struct tdb *tdbh[TDB_HASHMOD];
117extern struct xformsw xformsw[], *xformswNXFORMSW;
118
119extern struct tdb *gettdb(u_int32_t, struct in_addr);
120extern void puttdb(struct tdb *);
121extern int tdb_delete(struct tdb *, int);
122
123extern int ipe4_attach(void), ipe4_init(struct tdb *, struct xformsw *, struct mbuf *), ipe4_zeroize(struct tdb *);
124extern int ipe4_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
125extern void ipe4_input __P((struct mbuf *, ...));
126
127extern int ahmd5_attach(void), ahmd5_init(struct tdb *, struct xformsw *, struct mbuf *), ahmd5_zeroize(struct tdb *);
128extern int ahmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
129extern struct mbuf *ahmd5_input(struct mbuf *, struct tdb *);
130
131extern int ahsha1_attach(void), ahsha1_init(struct tdb *, struct xformsw *, struct mbuf *), ahsha1_zeroize(struct tdb *);
132extern int ahsha1_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
133extern struct mbuf *ahsha1_input(struct mbuf *, struct tdb *);
134
135extern int ahhmacmd5_attach(void), ahhmacmd5_init(struct tdb *, struct xformsw *, struct mbuf *), ahhmacmd5_zeroize(struct tdb *);
136extern int ahhmacmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
137extern struct mbuf *ahhmacmd5_input(struct mbuf *, struct tdb *);
138
139extern int ahhmacsha1_attach(void), ahhmacsha1_init(struct tdb *, struct xformsw *, struct mbuf *), ahhmacsha1_zeroize(struct tdb *);
140extern int ahhmacsha1_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
141extern struct mbuf *ahhmacsha1_input(struct mbuf *, struct tdb *);
142
143extern int espdes_attach(void), espdes_init(struct tdb *, struct xformsw *, struct mbuf *), espdes_zeroize(struct tdb *);
144extern int espdes_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
145extern struct mbuf *espdes_input(struct mbuf *, struct tdb *);
146
147extern int esp3des_attach(void), esp3des_init(struct tdb *, struct xformsw *, struct mbuf *), esp3des_zeroize(struct tdb *);
148extern int esp3des_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
149extern struct mbuf *esp3des_input(struct mbuf *, struct tdb *);
150
151extern int espdesmd5_attach(void), espdesmd5_init(struct tdb *, struct xformsw *, struct mbuf *), espdesmd5_zeroize(struct tdb *);
152extern int espdesmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
153extern struct mbuf *espdesmd5_input(struct mbuf *, struct tdb *);
154
155extern int esp3desmd5_attach(void), esp3desmd5_init(struct tdb *, struct xformsw *, struct mbuf *), esp3desmd5_zeroize(struct tdb *);
156extern int esp3desmd5_output(struct mbuf *, struct sockaddr_encap *, struct tdb *, struct mbuf **);
157extern struct mbuf *esp3desmd5_input(struct mbuf *, struct tdb *);
158
159extern caddr_t m_pad(struct mbuf *, int);
160extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t, u_int32_t *);
161extern int checkreplaywindow64(u_int64_t, u_int64_t *, u_int64_t, u_int64_t *);
162#endif
163