xnu-6153.61.1.tar.gz

[apple/xnu.git] / bsd / netkey / keydb.h

diff --git a/bsd/netkey/keydb.h b/bsd/netkey/keydb.h
index 4e2160a75976c3d4add2caadefc59d90290ad5cf..db7a04ef30eb3cc0ed24c795181662ad406f4ca6 100644 (file)
--- a/bsd/netkey/keydb.h
+++ b/bsd/netkey/keydb.h
@@ -31,20 +31,22 @@
 
 #ifndef _NETKEY_KEYDB_H_
 #define _NETKEY_KEYDB_H_
 
 #ifndef _NETKEY_KEYDB_H_
 #define _NETKEY_KEYDB_H_

+#include <sys/appleapiopts.h>

 
 

-#ifdef KERNEL
+#ifdef BSD_KERNEL_PRIVATE

 
 #include <netkey/key_var.h>
 
 
 #include <netkey/key_var.h>
 

-/* Security Assocciation Index */
+/* Security Association Index */

 /* NOTE: Ensure to be same address family */
 struct secasindex {
 /* NOTE: Ensure to be same address family */
 struct secasindex {

-       struct sockaddr_storage src;    /* srouce address for SA */
-       struct sockaddr_storage dst;    /* destination address for SA */
-       u_int16_t proto;                /* IPPROTO_ESP or IPPROTO_AH */
-       u_int8_t mode;                  /* mode of protocol, see ipsec.h */
-       u_int32_t reqid;                /* reqid id who owned this SA */
-                                       /* see IPSEC_MANUAL_REQID_MAX. */
+       struct sockaddr_storage src;    /* srouce address for SA */
+       struct sockaddr_storage dst;    /* destination address for SA */
+       u_int16_t proto;                /* IPPROTO_ESP or IPPROTO_AH */
+       u_int8_t mode;                  /* mode of protocol, see ipsec.h */
+       u_int32_t reqid;                /* reqid id who owned this SA */
+                                       /* see IPSEC_MANUAL_REQID_MAX. */
+       u_int ipsec_ifindex;

 };
 
 /* Security Association Data Base */
 };
 
 /* Security Association Data Base */


@@ -53,63 +55,76 @@ struct secashead {
 
        struct secasindex saidx;
 
 
        struct secasindex saidx;
 

-       struct sadb_ident *idents;      /* source identity */
-       struct sadb_ident *identd;      /* destination identity */
-                                       /* XXX I don't know how to use them. */
+       struct sadb_ident *idents;      /* source identity */
+       struct sadb_ident *identd;      /* destination identity */
+                                       /* XXX I don't know how to use them. */

 
 

-       u_int8_t state;                 /* MATURE or DEAD. */
-       LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1];
-                                       /* SA chain */
-                                       /* The first of this list is newer SA */
+       ifnet_t ipsec_if;
+       u_int outgoing_if;
+       u_int8_t dir;                   /* IPSEC_DIR_INBOUND or IPSEC_DIR_OUTBOUND */
+       u_int8_t state;                 /* MATURE or DEAD. */
+       LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX + 1];
+       /* SA chain */
+       /* The first of this list is newer SA */

 
 

-       struct route sa_route;          /* route cache */
+       struct route_in6 sa_route;              /* route cache */

 };
 
 };
 

+#define MAX_REPLAY_WINDOWS 4
+

 /* Security Association */
 struct secasvar {
        LIST_ENTRY(secasvar) chain;
 /* Security Association */
 struct secasvar {
        LIST_ENTRY(secasvar) chain;

+       LIST_ENTRY(secasvar) spihash;
+       int refcnt;                     /* reference count */
+       u_int8_t state;                 /* Status of this Association */

 
 

-       int refcnt;                     /* reference count */
-       u_int8_t state;                 /* Status of this Association */
-
-       u_int8_t alg_auth;              /* Authentication Algorithm Identifier*/
-       u_int8_t alg_enc;               /* Cipher Algorithm Identifier */
-       u_int32_t spi;                  /* SPI Value, network byte order */
-       u_int32_t flags;                /* holder for SADB_KEY_FLAGS */
-
-       struct sadb_key *key_auth;      /* Key for Authentication */
-                                       /* length has been shifted up to 3. */
-       struct sadb_key *key_enc;       /* Key for Encryption */
-                                       /* length has been shifted up to 3. */
-       caddr_t iv;                     /* Initilization Vector */
-       u_int ivlen;                    /* length of IV */
-#if 0
-       caddr_t misc1;
-       caddr_t misc2;
-       caddr_t misc3;
-#endif
+       u_int8_t alg_auth;              /* Authentication Algorithm Identifier*/
+       u_int8_t alg_enc;               /* Cipher Algorithm Identifier */
+       u_int32_t spi;                  /* SPI Value, network byte order */
+       u_int32_t flags;                /* holder for SADB_KEY_FLAGS */
+       u_int16_t flags2;               /* holder for SADB_SA2_KEY_FLAGS */
+
+       struct sadb_key *key_auth;      /* Key for Authentication */
+       struct sadb_key *key_enc;       /* Key for Encryption */
+       caddr_t iv;                     /* Initilization Vector */
+       u_int ivlen;                    /* length of IV */
+       void *sched;                    /* intermediate encryption key */
+       size_t schedlen;
+
+       struct secreplay *replay[MAX_REPLAY_WINDOWS]; /* replay prevention */
+
+       long created;                   /* for lifetime */
+
+       struct sadb_lifetime *lft_c;    /* CURRENT lifetime, it's constant. */
+       struct sadb_lifetime *lft_h;    /* HARD lifetime */
+       struct sadb_lifetime *lft_s;    /* SOFT lifetime */
+
+       struct socket *so; /* Associated socket */

 
 

-       struct secreplay *replay;       /* replay prevention */
-       u_int32_t tick;                 /* for lifetime */
+       u_int32_t seq;                  /* sequence number */
+       pid_t pid;                      /* message's pid */

 
 

-       struct sadb_lifetime *lft_c;    /* CURRENT lifetime, it's constant. */
-       struct sadb_lifetime *lft_h;    /* HARD lifetime */
-       struct sadb_lifetime *lft_s;    /* SOFT lifetime */
+       struct secashead *sah;          /* back pointer to the secashead */

 
 

-       u_int32_t seq;                  /* sequence number */
-       pid_t pid;                      /* message's pid */
+       /* Nat Traversal related bits */
+       u_int64_t       natt_last_activity;
+       u_int16_t       remote_ike_port;
+       u_int16_t       natt_encapsulated_src_port;     /* network byte order */
+       u_int16_t       natt_interval; /* Interval in seconds */
+       u_int16_t       natt_offload_interval; /* Hardware Offload Interval in seconds */

 
 

-       struct secashead *sah;          /* back pointer to the secashead */
+       u_int8_t        always_expire; /* Send expire/delete messages even if unused */

 };
 
 /* replay prevention */
 struct secreplay {
        u_int32_t count;
 };
 
 /* replay prevention */
 struct secreplay {
        u_int32_t count;

-       u_int wsize;            /* window size, i.g. 4 bytes */
-       u_int32_t seq;          /* used by sender */
-       u_int32_t lastseq;      /* used by receiver */
-       caddr_t bitmap;         /* used by receiver */
-       int overflow;           /* overflow flag */
+       u_int wsize;            /* window size, i.g. 4 bytes */
+       u_int32_t seq;          /* used by sender */
+       u_int32_t lastseq;      /* used by sender/receiver */
+       caddr_t bitmap;         /* used by receiver */
+       int overflow;           /* overflow flag */

 };
 
 /* socket table due to send PF_KEY messages. */
 };
 
 /* socket table due to send PF_KEY messages. */


@@ -126,16 +141,16 @@ struct secacq {
 
        struct secasindex saidx;
 
 
        struct secasindex saidx;
 

-       u_int32_t seq;          /* sequence number */
-       u_int32_t tick;         /* for lifetime */
-       int count;              /* for lifetime */
+       u_int32_t seq;          /* sequence number */
+       long created;           /* for lifetime */
+       int count;              /* for lifetime */

 };
 #endif
 
 /* Sensitivity Level Specification */
 /* nothing */
 
 };
 #endif
 
 /* Sensitivity Level Specification */
 /* nothing */
 

-#define SADB_KILL_INTERVAL     600     /* six seconds */
+#define SADB_KILL_INTERVAL      600     /* six seconds */

 
 struct key_cb {
        int key_count;
 
 struct key_cb {
        int key_count;


@@ -143,22 +158,22 @@ struct key_cb {
 };
 
 /* secpolicy */
 };
 
 /* secpolicy */

-extern struct secpolicy *keydb_newsecpolicy __P((void));
-extern void keydb_delsecpolicy __P((struct secpolicy *));
+extern struct secpolicy *keydb_newsecpolicy(void);
+extern void keydb_delsecpolicy(struct secpolicy *);

 /* secashead */
 /* secashead */

-extern struct secashead *keydb_newsecashead __P((void));
-extern void keydb_delsecashead __P((struct secashead *));
+extern struct secashead *keydb_newsecashead(void);
+// extern void keydb_delsecashead(struct secashead *); // not used

 /* secasvar */
 /* secasvar */

-extern struct secasvar *keydb_newsecasvar __P((void));
-extern void keydb_refsecasvar __P((struct secasvar *));
-extern void keydb_freesecasvar __P((struct secasvar *));
+// extern struct secasvar *keydb_newsecasvar(void);            // not used
+// extern void keydb_refsecasvar(struct secasvar *);   // not used
+// extern void keydb_freesecasvar(struct secasvar *);  // not used

 /* secreplay */
 /* secreplay */

-extern struct secreplay *keydb_newsecreplay __P((size_t));
-extern void keydb_delsecreplay __P((struct secreplay *));
+extern struct secreplay *keydb_newsecreplay(size_t);
+extern void keydb_delsecreplay(struct secreplay *);

 /* secreg */
 /* secreg */

-extern struct secreg *keydb_newsecreg __P((void));
-extern void keydb_delsecreg __P((struct secreg *));
+// extern struct secreg *keydb_newsecreg(void);                        // not used
+// extern void keydb_delsecreg(struct secreg *);               // not used

 
 

-#endif /* KERNEL */
+#endif /* BSD_KERNEL_PRIVATE */

 
 #endif /* _NETKEY_KEYDB_H_ */
 
 #endif /* _NETKEY_KEYDB_H_ */