include/inet/ipsecah.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #ifndef _INET_IPSECAH_H
  27 #define _INET_IPSECAH_H
  28
  29 #include <inet/ip.h>
  30 #include <inet/ipdrop.h>
  31
  32 #ifdef  __cplusplus
  33 extern "C" {
  34 #endif
  35
  36 #include <sys/note.h>
  37
  38 #ifdef _KERNEL
  39 /* Named Dispatch Parameter Management Structure */
  40 typedef struct ipsecahparam_s {
  41         uint_t  ipsecah_param_min;
  42         uint_t  ipsecah_param_max;
  43         uint_t  ipsecah_param_value;
  44         char    *ipsecah_param_name;
  45 } ipsecahparam_t;
  46
  47 /*
  48  * Stats.  This may eventually become a full-blown SNMP MIB once that spec
  49  * stabilizes.
  50  */
  51 typedef struct ah_kstats_s
  52 {
  53         kstat_named_t ah_stat_num_aalgs;
  54         kstat_named_t ah_stat_good_auth;
  55         kstat_named_t ah_stat_bad_auth;
  56         kstat_named_t ah_stat_replay_failures;
  57         kstat_named_t ah_stat_replay_early_failures;
  58         kstat_named_t ah_stat_keysock_in;
  59         kstat_named_t ah_stat_out_requests;
  60         kstat_named_t ah_stat_acquire_requests;
  61         kstat_named_t ah_stat_bytes_expired;
  62         kstat_named_t ah_stat_out_discards;
  63         kstat_named_t ah_stat_crypto_sync;
  64         kstat_named_t ah_stat_crypto_async;
  65         kstat_named_t ah_stat_crypto_failures;
  66 } ah_kstats_t;
  67
  68 /*
  69  * ahstack->ah_kstats is equal to ahstack->ah_ksp->ks_data if
  70  * kstat_create_netstack for ahstack->ah_ksp succeeds, but when it
  71  * fails, it will be NULL. Note this is done for all stack instances,
  72  * so it *could* fail. hence a non-NULL checking is done for
  73  * AH_BUMP_STAT and AH_DEBUMP_STAT
  74  */
  75 #define AH_BUMP_STAT(ahstack, x)                                        \
  76 do {                                                                    \
  77         if (ahstack->ah_kstats != NULL)                                 \
  78                 (ahstack->ah_kstats->ah_stat_ ## x).value.ui64++;       \
  79 _NOTE(CONSTCOND)                                                        \
  80 } while (0)
  81 #define AH_DEBUMP_STAT(ahstack, x)                                      \
  82 do {                                                                    \
  83         if (ahstack->ah_kstats != NULL)                                 \
  84                 (ahstack->ah_kstats->ah_stat_ ## x).value.ui64--;       \
  85 _NOTE(CONSTCOND)                                                        \
  86 } while (0)
  87
  88 /*
  89  * IPSECAH stack instances
  90  */
  91 struct ipsecah_stack {
  92         netstack_t              *ipsecah_netstack;      /* Common netstack */
  93
  94         caddr_t                 ipsecah_g_nd;
  95         ipsecahparam_t          *ipsecah_params;
  96         kmutex_t                ipsecah_param_lock;     /* Protects params */
  97
  98         sadbp_t                 ah_sadb;
  99
 100         /* Packet dropper for AH drops. */
 101         ipdropper_t             ah_dropper;
 102
 103         kstat_t                 *ah_ksp;
 104         ah_kstats_t             *ah_kstats;
 105
 106         /*
 107          * Keysock instance of AH.  There can be only one per stack instance.
 108          * Use atomic_cas_ptr() on this because I don't set it until
 109          * KEYSOCK_HELLO comes down.
 110          * Paired up with the ah_pfkey_q is the ah_event, which will age SAs.
 111          */
 112         queue_t                 *ah_pfkey_q;
 113         timeout_id_t            ah_event;
 114 };
 115 typedef struct ipsecah_stack ipsecah_stack_t;
 116
 117 #endif  /* _KERNEL */
 118
 119 /*
 120  * For now, only provide "aligned" version of header.
 121  * If aligned version is needed, we'll go with the naming conventions then.
 122  */
 123
 124 typedef struct ah {
 125         uint8_t ah_nexthdr;
 126         uint8_t ah_length;
 127         uint16_t ah_reserved;
 128         uint32_t ah_spi;
 129         uint32_t ah_replay;
 130 } ah_t;
 131
 132 #define AH_BASELEN      12
 133 #define AH_TOTAL_LEN(ah)        (((ah)->ah_length << 2) + AH_BASELEN - \
 134                                         sizeof ((ah)->ah_replay))
 135
 136 /* "Old" AH, without replay.  For 1827-29 compatibility. */
 137
 138 typedef struct ahold {
 139         uint8_t ah_nexthdr;
 140         uint8_t ah_length;
 141         uint16_t ah_reserved;
 142         uint32_t ah_spi;
 143 } ahold_t;
 144
 145 #define AHOLD_BASELEN   8
 146 #define AHOLD_TOTAL_LEN(ah)     (((ah)->ah_length << 2) + AH_BASELEN)
 147
 148 #ifdef  __cplusplus
 149 }
 150 #endif
 151
 152 #endif /* _INET_IPSECAH_H */