fetch.9: Minor fixes.
[dragonfly.git] / sys / netproto / key / keydb.h
blob8701dcdf998078e020a7232b364a65ef85da5899
1 /* $FreeBSD: src/sys/netkey/keydb.h,v 1.2.2.3 2003/01/11 19:10:59 ume Exp $ */
2 /* $DragonFly: src/sys/netproto/key/keydb.h,v 1.5 2006/05/20 02:42:13 dillon Exp $ */
3 /* $KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $ */
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #ifndef _NETKEY_KEYDB_H_
35 #define _NETKEY_KEYDB_H_
37 #ifdef _KERNEL
39 #ifndef _SYS_TYPES_H_
40 #include <sys/types.h>
41 #endif
42 #ifndef _SYS_QUEUE_H_
43 #include <sys/queue.h>
44 #endif
45 #ifndef _SYS_SOCKET_H_
46 #include <sys/socket.h>
47 #endif
48 #ifndef _NET_ROUTE_H_
49 #include <net/route.h>
50 #endif
51 #ifndef _NETINET_IN_H_
52 #include <netinet/in.h>
53 #endif
55 #include "key_var.h"
57 /* Security Assocciation Index */
58 /* NOTE: Ensure to be same address family */
59 struct secasindex {
60 struct sockaddr_storage src; /* srouce address for SA */
61 struct sockaddr_storage dst; /* destination address for SA */
62 u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */
63 u_int8_t mode; /* mode of protocol, see ipsec.h */
64 u_int32_t reqid; /* reqid id who owned this SA */
65 /* see IPSEC_MANUAL_REQID_MAX. */
68 /* Security Association Data Base */
69 struct secashead {
70 LIST_ENTRY(secashead) chain;
72 struct secasindex saidx;
74 struct sadb_ident *idents; /* source identity */
75 struct sadb_ident *identd; /* destination identity */
76 /* XXX I don't know how to use them. */
78 u_int8_t state; /* MATURE or DEAD. */
79 LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
80 /* SA chain */
81 /* The first of this list is newer SA */
83 union {
84 struct route sau_route;
85 struct route_in6 sau_route6;
86 } sa_u;
87 #define sa_route sa_u.sau_route
90 /* Security Association */
91 struct secasvar {
92 LIST_ENTRY(secasvar) chain;
94 int refcnt; /* reference count */
95 u_int8_t state; /* Status of this Association */
97 u_int8_t alg_auth; /* Authentication Algorithm Identifier*/
98 u_int8_t alg_enc; /* Cipher Algorithm Identifier */
99 u_int32_t spi; /* SPI Value, network byte order */
100 u_int32_t flags; /* holder for SADB_KEY_FLAGS */
102 struct sadb_key *key_auth; /* Key for Authentication */
103 struct sadb_key *key_enc; /* Key for Encryption */
104 caddr_t iv; /* Initilization Vector */
105 u_int ivlen; /* length of IV */
106 void *sched; /* intermediate encryption key */
107 size_t schedlen;
109 struct secreplay *replay; /* replay prevention */
110 long created; /* for lifetime */
112 struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */
113 struct sadb_lifetime *lft_h; /* HARD lifetime */
114 struct sadb_lifetime *lft_s; /* SOFT lifetime */
116 u_int32_t seq; /* sequence number */
117 pid_t pid; /* message's pid */
119 struct secashead *sah; /* back pointer to the secashead */
122 /* replay prevention */
123 struct secreplay {
124 u_int32_t count;
125 u_int wsize; /* window size, i.g. 4 bytes */
126 u_int32_t seq; /* used by sender */
127 u_int32_t lastseq; /* used by receiver */
128 caddr_t bitmap; /* used by receiver */
129 int overflow; /* overflow flag */
132 /* socket table due to send PF_KEY messages. */
133 struct secreg {
134 LIST_ENTRY(secreg) chain;
136 struct socket *so;
139 #ifndef IPSEC_NONBLOCK_ACQUIRE
140 /* acquiring list table. */
141 struct secacq {
142 LIST_ENTRY(secacq) chain;
144 struct secasindex saidx;
146 u_int32_t seq; /* sequence number */
147 long created; /* for lifetime */
148 int count; /* for lifetime */
150 #endif
152 /* Sensitivity Level Specification */
153 /* nothing */
155 #define SADB_KILL_INTERVAL 600 /* six seconds */
157 struct key_cb {
158 int key_count;
159 int any_count;
162 /* secpolicy */
163 extern struct secpolicy *keydb_newsecpolicy (void);
164 extern void keydb_delsecpolicy (struct secpolicy *);
165 /* secashead */
166 extern struct secashead *keydb_newsecashead (void);
167 extern void keydb_delsecashead (struct secashead *);
168 /* secasvar */
169 extern struct secasvar *keydb_newsecasvar (void);
170 extern void keydb_refsecasvar (struct secasvar *);
171 extern void keydb_freesecasvar (struct secasvar *);
172 /* secreplay */
173 extern struct secreplay *keydb_newsecreplay (size_t);
174 extern void keydb_delsecreplay (struct secreplay *);
175 /* secreg */
176 extern struct secreg *keydb_newsecreg (void);
177 extern void keydb_delsecreg (struct secreg *);
179 #endif /* _KERNEL */
181 #endif /* _NETKEY_KEYDB_H_ */