sys/netproto/ipsec/key.h

   1 /*      $FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $        */
   2 /*      $DragonFly: src/sys/netproto/ipsec/key.h,v 1.4 2004/10/15 22:59:10 hsu Exp $    */
   3 /*      $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $    */
   4
   5 /*
   6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  * 3. Neither the name of the project nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #ifndef _NETIPSEC_KEY_H_
  35 #define _NETIPSEC_KEY_H_
  36
  37 #ifdef _KERNEL
  38
  39 struct secpolicy;
  40 struct secpolicyindex;
  41 struct ipsecrequest;
  42 struct secasvar;
  43 struct sockaddr;
  44 struct socket;
  45 struct sadb_msg;
  46 struct sadb_x_policy;
  47 struct secasindex;
  48 union sockaddr_union;
  49
  50 extern  int key_havesp(u_int dir);
  51 extern struct secpolicy *key_allocsp(struct secpolicyindex *, u_int,
  52         const char*, int);
  53 extern struct secpolicy *key_allocsp2(u_int32_t spi, union sockaddr_union *dst,
  54         u_int8_t proto, u_int dir, const char*, int);
  55 extern struct secpolicy *key_newsp(const char*, int);
  56 extern struct secpolicy *key_gettunnel(const struct sockaddr *,
  57         const struct sockaddr *, const struct sockaddr *,
  58         const struct sockaddr *, const char*, int);
  59 /* NB: prepend with _ for KAME IPv6 compatbility */
  60 extern void _key_freesp(struct secpolicy **, const char*, int);
  61
  62 /*
  63  * Access to the SADB are interlocked with splnet.  In particular,
  64  * holders of SA's use this to block accesses by protocol processing
  65  * that can happen either by network swi's or by continuations that
  66  * occur on crypto callbacks.  Much of this could go away if
  67  * key_checkrequest were redone.
  68  */
  69 #define KEY_ALLOCSP(spidx, dir)                                 \
  70         key_allocsp(spidx, dir, __FILE__, __LINE__)
  71 #define KEY_ALLOCSP2(spi, dst, proto, dir)                      \
  72         key_allocsp2(spi, dst, proto, dir, __FILE__, __LINE__)
  73 #define KEY_NEWSP()                                             \
  74         key_newsp(__FILE__, __LINE__)
  75 #define KEY_GETTUNNEL(osrc, odst, isrc, idst)                   \
  76         key_gettunnel(osrc, odst, isrc, idst, __FILE__, __LINE__)
  77 #define KEY_FREESP(spp)                                         \
  78         _key_freesp(spp, __FILE__, __LINE__)
  79
  80 extern struct secasvar *key_allocsa(union sockaddr_union *, u_int, u_int32_t,
  81         const char*, int);
  82 extern void key_freesav(struct secasvar **, const char*, int);
  83
  84 #define KEY_ALLOCSA(dst, proto, spi)                            \
  85         key_allocsa(dst, proto, spi, __FILE__, __LINE__)
  86 #define KEY_FREESAV(psav)                                       \
  87         key_freesav(psav, __FILE__, __LINE__)
  88
  89 extern void key_freeso (struct socket *);
  90 extern int key_checktunnelsanity (struct secasvar *, u_int,
  91                                         caddr_t, caddr_t);
  92 extern int key_checkrequest
  93         (struct ipsecrequest *isr, const struct secasindex *);
  94
  95 extern struct secpolicy *key_msg2sp (struct sadb_x_policy *,
  96         size_t, int *);
  97 extern struct mbuf *key_sp2msg (struct secpolicy *);
  98 extern int key_ismyaddr (struct sockaddr *);
  99 extern int key_spdacquire (struct secpolicy *);
 100 extern void key_timehandler (void *);
 101 extern u_long key_random (void);
 102 extern void key_randomfill (void *, size_t);
 103 extern void key_freereg (struct socket *);
 104 extern int key_parse (struct mbuf *, struct socket *);
 105 extern void key_init (void);
 106 extern void key_sa_recordxfer (struct secasvar *, struct mbuf *);
 107 extern void key_sa_routechange (struct sockaddr *);
 108 extern void key_sa_stir_iv (struct secasvar *);
 109
 110 #ifdef MALLOC_DECLARE
 111 MALLOC_DECLARE(M_SECA);
 112 #endif /* MALLOC_DECLARE */
 113
 114 #endif /* defined(_KERNEL) */
 115 #endif /* _NETIPSEC_KEY_H_ */