📄 ip_ipsp.h
字号:
u_int64_t tdb_soft_bytes; /* Expiration warning */
u_int64_t tdb_cur_bytes; /* Current count of bytes */
u_int64_t tdb_exp_timeout; /* When does the SPI expire */
u_int64_t tdb_soft_timeout; /* Send a soft-expire warning */
u_int64_t tdb_established; /* When was the SPI established */
u_int64_t tdb_timeout; /* Next absolute expiration time. */
u_int64_t tdb_first_use; /* When was it first used */
u_int64_t tdb_soft_first_use; /* Soft warning */
u_int64_t tdb_exp_first_use; /* Expire if tdb_first_use +
* tdb_exp_first_use <= curtime */
u_int32_t tdb_spi; /* SPI */
u_int16_t tdb_amxkeylen; /* AH-old only */
u_int16_t tdb_ivlen; /* IV length */
u_int8_t tdb_sproto; /* IPsec protocol */
u_int8_t tdb_wnd; /* Replay window */
u_int8_t tdb_satype; /* SA type (RFC2367, PF_KEY) */
u_int8_t tdb_FILLER; /* Padding */
union sockaddr_union tdb_dst; /* Destination address for this SA */
union sockaddr_union tdb_src; /* Source address for this SA */
union sockaddr_union tdb_proxy;
u_int8_t *tdb_key; /* Key material (schedules) */
u_int8_t *tdb_ictx; /* Authentication contexts */
u_int8_t *tdb_octx;
u_int8_t *tdb_srcid; /* Source ID for this SA */
u_int8_t *tdb_dstid; /* Destination ID for this SA */
u_int8_t *tdb_amxkey; /* AH-old only */
union
{
u_int8_t Iv[ESP_3DES_IVS]; /* That's enough space */
u_int32_t Ivl; /* Make sure this is 4 bytes */
u_int64_t Ivq; /* Make sure this is 8 bytes! */
}IV;
#define tdb_iv IV.Iv
#define tdb_ivl IV.Ivl
#define tdb_ivq IV.Ivq
u_int32_t tdb_rpl; /* Replay counter */
u_int32_t tdb_bitmap; /* Used for replay sliding window */
u_int32_t tdb_initial; /* Initial replay value */
u_int32_t tdb_epoch; /* Used by the kernfs interface */
u_int16_t tdb_srcid_len;
u_int16_t tdb_dstid_len;
u_int16_t tdb_srcid_type;
u_int16_t tdb_dstid_type;
caddr_t tdb_interface;
struct flow *tdb_flow; /* Which flows use this SA */
struct tdb *tdb_bind_out; /* Outgoing SA to use */
TAILQ_HEAD(tdb_bind_head, tdb) tdb_bind_in;
TAILQ_ENTRY(tdb) tdb_bind_in_next; /* Refering Incoming SAs */
TAILQ_HEAD(tdb_inp_head, inpcb) tdb_inp;
};
#ifndef __ECOS
union authctx_old {
MD5_CTX md5ctx;
SHA1_CTX sha1ctx;
};
union authctx {
MD5_CTX md5ctx;
SHA1_CTX sha1ctx;
RMD160_CTX rmd160ctx;
};
#endif
struct tdb_ident {
u_int32_t spi;
union sockaddr_union dst;
u_int8_t proto;
};
struct auth_hash {
int type;
char *name;
u_int16_t keysize;
u_int16_t hashsize;
u_int16_t ctxsize;
void (*Init)(void *);
void (*Update)(void *, u_int8_t *, u_int16_t);
void (*Final)(u_int8_t *, void *);
};
struct enc_xform {
int type;
char *name;
u_int16_t blocksize, ivsize;
u_int16_t minkey, maxkey;
u_int32_t ivmask; /* Or all possible modes, zero iv = 1 */
void (*encrypt)(struct tdb *, u_int8_t *);
void (*decrypt)(struct tdb *, u_int8_t *);
void (*setkey)(u_int8_t **, u_int8_t *, int len);
void (*zerokey)(u_int8_t **);
};
struct ipsecinit
{
u_int8_t *ii_enckey;
u_int8_t *ii_authkey;
u_int16_t ii_enckeylen;
u_int16_t ii_authkeylen;
u_int8_t ii_encalg;
u_int8_t ii_authalg;
};
struct xformsw
{
u_short xf_type; /* Unique ID of xform */
u_short xf_flags; /* flags (see below) */
char *xf_name; /* human-readable name */
int (*xf_attach)(void); /* called at config time */
int (*xf_init)(struct tdb *, struct xformsw *, struct ipsecinit *);
int (*xf_zeroize)(struct tdb *); /* termination */
struct mbuf *(*xf_input)(struct mbuf *, struct tdb *, int, int); /* input */
int (*xf_output)(struct mbuf *, struct tdb *, struct mbuf **, int, int); /* output */
};
/* xform IDs */
#define XF_IP4 1 /* IP inside IP */
#define XF_OLD_AH 2 /* RFCs 1828 & 1852 */
#define XF_OLD_ESP 3 /* RFCs 1829 & 1851 */
#define XF_NEW_AH 4 /* AH HMAC 96bits */
#define XF_NEW_ESP 5 /* ESP + auth 96bits + replay counter */
#define XF_TCPSIGNATURE 6 /* TCP MD5 Signature option, RFC 2358 */
/* xform attributes */
#define XFT_AUTH 0x0001
#define XFT_CONF 0x0100
#define IPSEC_ZEROES_SIZE 256 /* Larger than an IP6 extension hdr. */
#define IPSEC_KERNFS_BUFSIZE 4096
#if BYTE_ORDER == LITTLE_ENDIAN
static __inline u_int64_t
htonq(u_int64_t q)
{
register u_int32_t u, l;
u = q >> 32;
l = (u_int32_t) q;
return htonl(u) | ((u_int64_t)htonl(l) << 32);
}
#define ntohq(_x) htonq(_x)
#elif BYTE_ORDER == BIG_ENDIAN
#define htonq(_x) (_x)
#define ntohq(_x) htonq(_x)
#else
#error "Please fix <machine/endian.h>"
#endif
#ifdef _KERNEL
/*
* Protects all tdb lists.
* Must at least be splsoftnet (note: do not use splsoftclock as it is
* special on some architectures, assuming it is always an spl lowering
* operation).
*/
#define spltdb splsoftnet
extern int encdebug;
extern int ipsec_in_use;
extern u_int8_t hmac_ipad_buffer[64];
extern u_int8_t hmac_opad_buffer[64];
extern TAILQ_HEAD(expclusterlist_head, tdb) expclusterlist;
extern TAILQ_HEAD(explist_head, tdb) explist;
extern struct xformsw xformsw[], *xformswNXFORMSW;
/* Check if a given tdb has encryption, authentication and/or tunneling */
#define TDB_ATTRIB(x) (((x)->tdb_encalgxform ? NOTIFY_SATYPE_CONF : 0)| \ ((x)->tdb_authalgxform ? NOTIFY_SATYPE_AUTH : 0))
/* Traverse spi chain and get attributes */
#define SPI_CHAIN_ATTRIB(have, TDB_DIR, TDBP) do {\ int s = spltdb(); \ struct tdb *tmptdb = (TDBP); \ \ (have) = 0; \ while (tmptdb && tmptdb->tdb_xform) { \ if (tmptdb == NULL || tmptdb->tdb_flags & TDBF_INVALID) \ break; \ (have) |= TDB_ATTRIB(tmptdb); \ tmptdb = tmptdb->TDB_DIR; \ } \ splx(s); \} while (0)
/* Misc. */
extern char *inet_ntoa4(struct in_addr);
#ifdef INET6
extern char *inet6_ntoa4(struct in6_addr);
#endif /* INET6 */
extern char *ipsp_address(union sockaddr_union);
/* TDB management routines */
extern void tdb_add_inp(struct tdb *tdb, struct inpcb *inp);
extern u_int32_t reserve_spi(u_int32_t, u_int32_t, union sockaddr_union *,
union sockaddr_union *, u_int8_t, int *);
extern struct tdb *gettdb(u_int32_t, union sockaddr_union *, u_int8_t);
extern void puttdb(struct tdb *);
extern void tdb_delete(struct tdb *, int, int);
extern int tdb_init(struct tdb *, u_int16_t, struct ipsecinit *);
extern void tdb_expiration(struct tdb *, int);
/* Flag values for the last argument of tdb_expiration(). */
#define TDBEXP_EARLY 1 /* The tdb is likely to end up early. */
#define TDBEXP_TIMEOUT 2 /* Maintain expiration timeout. */
extern int tdb_walk(int (*)(struct tdb *, void *), void *);
extern void handle_expirations(void *);
/* Flow management routines */
extern struct flow *get_flow(void);
extern void put_flow(struct flow *, struct tdb *);
extern void delete_flow(struct flow *, struct tdb *);
extern struct flow *find_flow(union sockaddr_union *, union sockaddr_union *,
union sockaddr_union *, union sockaddr_union *,
u_int8_t, struct tdb *);
extern struct flow *find_global_flow(union sockaddr_union *,
union sockaddr_union *,
union sockaddr_union *,
union sockaddr_union *, u_int8_t);
/* XF_IP4 */
extern int ipe4_attach(void);
extern int ipe4_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int ipe4_zeroize(struct tdb *);
extern int ipe4_output(struct mbuf *, struct tdb *, struct mbuf **, int, int);
extern void ipe4_input __P((struct mbuf *, ...));
extern void ip4_input __P((struct mbuf *, ...));
/* XF_ETHERIP */
extern int etherip_output(struct mbuf *, struct tdb *, struct mbuf **,
int, int);
extern void etherip_input __P((struct mbuf *, ...));
/* XF_OLD_AH */
extern int ah_old_attach(void);
extern int ah_old_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int ah_old_zeroize(struct tdb *);
extern int ah_old_output(struct mbuf *, struct tdb *, struct mbuf **,
int, int);
extern struct mbuf *ah_old_input(struct mbuf *, struct tdb *, int, int);
/* XF_NEW_AH */
extern int ah_new_attach(void);
extern int ah_new_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int ah_new_zeroize(struct tdb *);
extern int ah_new_output(struct mbuf *, struct tdb *, struct mbuf **,
int, int);
extern struct mbuf *ah_new_input(struct mbuf *, struct tdb *, int, int);
/* XF_OLD_ESP */
extern int esp_old_attach(void);
extern int esp_old_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int esp_old_zeroize(struct tdb *);
extern int esp_old_output(struct mbuf *, struct tdb *, struct mbuf **,
int, int);
extern struct mbuf *esp_old_input(struct mbuf *, struct tdb *, int, int);
/* XF_NEW_ESP */
extern int esp_new_attach(void);
extern int esp_new_init(struct tdb *, struct xformsw *, struct ipsecinit *);
extern int esp_new_zeroize(struct tdb *);
extern int esp_new_output(struct mbuf *, struct tdb *, struct mbuf **,
int, int);
extern struct mbuf *esp_new_input(struct mbuf *, struct tdb *, int, int);
/* XF_TCPSIGNATURE */
extern int tcp_signature_tdb_attach __P((void));
extern int tcp_signature_tdb_init __P((struct tdb *, struct xformsw *,
struct ipsecinit *));
extern int tcp_signature_tdb_zeroize __P((struct tdb *));
extern struct mbuf *tcp_signature_tdb_input __P((struct mbuf *, struct tdb *));
extern int tcp_signature_tdb_output __P((struct mbuf *, struct tdb *,
struct mbuf **));
/* Padding */
extern caddr_t m_pad(struct mbuf *, int, int);
/* Replay window */
extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t,
u_int32_t *);
extern unsigned char ipseczeroes[];
#endif /* _KERNEL */
#endif /* _NETINET_IPSP_H_ */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -