ipsecah.h revision 11042:2d6e217af1b4
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#ifndef _INET_IPSECAH_H 27#define _INET_IPSECAH_H 28 29#include <inet/ip.h> 30#include <inet/ipdrop.h> 31 32#ifdef __cplusplus 33extern "C" { 34#endif 35 36#include <sys/note.h> 37 38#ifdef _KERNEL 39/* Named Dispatch Parameter Management Structure */ 40typedef struct ipsecahparam_s { 41 uint_t ipsecah_param_min; 42 uint_t ipsecah_param_max; 43 uint_t ipsecah_param_value; 44 char *ipsecah_param_name; 45} ipsecahparam_t; 46 47/* 48 * Stats. This may eventually become a full-blown SNMP MIB once that spec 49 * stabilizes. 50 */ 51typedef struct ah_kstats_s 52{ 53 kstat_named_t ah_stat_num_aalgs; 54 kstat_named_t ah_stat_good_auth; 55 kstat_named_t ah_stat_bad_auth; 56 kstat_named_t ah_stat_replay_failures; 57 kstat_named_t ah_stat_replay_early_failures; 58 kstat_named_t ah_stat_keysock_in; 59 kstat_named_t ah_stat_out_requests; 60 kstat_named_t ah_stat_acquire_requests; 61 kstat_named_t ah_stat_bytes_expired; 62 kstat_named_t ah_stat_out_discards; 63 kstat_named_t ah_stat_crypto_sync; 64 kstat_named_t ah_stat_crypto_async; 65 kstat_named_t ah_stat_crypto_failures; 66} ah_kstats_t; 67 68/* 69 * ahstack->ah_kstats is equal to ahstack->ah_ksp->ks_data if 70 * kstat_create_netstack for ahstack->ah_ksp succeeds, but when it 71 * fails, it will be NULL. Note this is done for all stack instances, 72 * so it *could* fail. hence a non-NULL checking is done for 73 * AH_BUMP_STAT and AH_DEBUMP_STAT 74 */ 75#define AH_BUMP_STAT(ahstack, x) \ 76do { \ 77 if (ahstack->ah_kstats != NULL) \ 78 (ahstack->ah_kstats->ah_stat_ ## x).value.ui64++; \ 79_NOTE(CONSTCOND) \ 80} while (0) 81#define AH_DEBUMP_STAT(ahstack, x) \ 82do { \ 83 if (ahstack->ah_kstats != NULL) \ 84 (ahstack->ah_kstats->ah_stat_ ## x).value.ui64--; \ 85_NOTE(CONSTCOND) \ 86} while (0) 87 88/* 89 * IPSECAH stack instances 90 */ 91struct ipsecah_stack { 92 netstack_t *ipsecah_netstack; /* Common netstack */ 93 94 caddr_t ipsecah_g_nd; 95 ipsecahparam_t *ipsecah_params; 96 kmutex_t ipsecah_param_lock; /* Protects params */ 97 98 sadbp_t ah_sadb; 99 100 /* Packet dropper for AH drops. */ 101 ipdropper_t ah_dropper; 102 103 kstat_t *ah_ksp; 104 ah_kstats_t *ah_kstats; 105 106 /* 107 * Keysock instance of AH. There can be only one per stack instance. 108 * Use casptr() on this because I don't set it until KEYSOCK_HELLO 109 * comes down. 110 * Paired up with the ah_pfkey_q is the ah_event, which will age SAs. 111 */ 112 queue_t *ah_pfkey_q; 113 timeout_id_t ah_event; 114}; 115typedef struct ipsecah_stack ipsecah_stack_t; 116 117#endif /* _KERNEL */ 118 119/* 120 * For now, only provide "aligned" version of header. 121 * If aligned version is needed, we'll go with the naming conventions then. 122 */ 123 124typedef struct ah { 125 uint8_t ah_nexthdr; 126 uint8_t ah_length; 127 uint16_t ah_reserved; 128 uint32_t ah_spi; 129 uint32_t ah_replay; 130} ah_t; 131 132#define AH_BASELEN 12 133#define AH_TOTAL_LEN(ah) (((ah)->ah_length << 2) + AH_BASELEN - \ 134 sizeof ((ah)->ah_replay)) 135 136/* "Old" AH, without replay. For 1827-29 compatibility. */ 137 138typedef struct ahold { 139 uint8_t ah_nexthdr; 140 uint8_t ah_length; 141 uint16_t ah_reserved; 142 uint32_t ah_spi; 143} ahold_t; 144 145#define AHOLD_BASELEN 8 146#define AHOLD_TOTAL_LEN(ah) (((ah)->ah_length << 2) + AH_BASELEN) 147 148#ifdef __cplusplus 149} 150#endif 151 152#endif /* _INET_IPSECAH_H */ 153