/*
- * Copyright (c) 2012-2014 Apple Inc. All rights reserved.
+ * Copyright (c) 2012-2019 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
*/
-#ifndef _NET_IF_IPSEC_H_
-#define _NET_IF_IPSEC_H_
+#ifndef _NET_IF_IPSEC_H_
+#define _NET_IF_IPSEC_H_
#ifdef BSD_KERNEL_PRIVATE
#include <sys/kern_control.h>
#include <netinet/ip_var.h>
-/* Control block allocated for each kernel control connection */
-struct ipsec_pcb {
- kern_ctl_ref ipsec_ctlref;
- ifnet_t ipsec_ifp;
- u_int32_t ipsec_unit;
- u_int32_t ipsec_flags;
- int ipsec_ext_ifdata_stats;
- mbuf_svc_class_t ipsec_output_service_class;
-};
errno_t ipsec_register_control(void);
/* Helpers */
-int ipsec_interface_isvalid (ifnet_t interface);
+int ipsec_interface_isvalid(ifnet_t interface);
-errno_t ipsec_inject_inbound_packet(ifnet_t interface, mbuf_t packet);
+errno_t ipsec_inject_inbound_packet(ifnet_t interface, mbuf_t packet);
void ipsec_set_pkthdr_for_interface(ifnet_t interface, mbuf_t packet, int family);
+void ipsec_set_ipoa_for_interface(ifnet_t interface, struct ip_out_args *ipoa);
+
+struct ip6_out_args;
+void ipsec_set_ip6oa_for_interface(ifnet_t interface, struct ip6_out_args *ip6oa);
+
#endif
/*
/*
* Socket option names to manage ipsec
*/
-#define IPSEC_OPT_FLAGS 1
-#define IPSEC_OPT_IFNAME 2
-#define IPSEC_OPT_EXT_IFDATA_STATS 3 /* get|set (type int) */
-#define IPSEC_OPT_INC_IFDATA_STATS_IN 4 /* set to increment stat counters (type struct ipsec_stats_param) */
-#define IPSEC_OPT_INC_IFDATA_STATS_OUT 5 /* set to increment stat counters (type struct ipsec_stats_param) */
-#define IPSEC_OPT_SET_DELEGATE_INTERFACE 6 /* set the delegate interface (char[]) */
-#define IPSEC_OPT_OUTPUT_TRAFFIC_CLASS 7 /* set the traffic class for packets leaving the interface, see sys/socket.h */
+#define IPSEC_OPT_FLAGS 1
+#define IPSEC_OPT_IFNAME 2
+#define IPSEC_OPT_EXT_IFDATA_STATS 3 /* get|set (type int) */
+#define IPSEC_OPT_INC_IFDATA_STATS_IN 4 /* set to increment stat counters (type struct ipsec_stats_param) */
+#define IPSEC_OPT_INC_IFDATA_STATS_OUT 5 /* set to increment stat counters (type struct ipsec_stats_param) */
+#define IPSEC_OPT_SET_DELEGATE_INTERFACE 6 /* set the delegate interface (char[]) */
+#define IPSEC_OPT_OUTPUT_TRAFFIC_CLASS 7 /* set the traffic class for packets leaving the interface, see sys/socket.h */
+#define IPSEC_OPT_ENABLE_CHANNEL 8 /* enable a kernel pipe nexus that allows the owner to open a channel to act as a driver,
+ * Must be set before connecting */
+#define IPSEC_OPT_GET_CHANNEL_UUID 9 /* get the uuid of the kernel pipe nexus instance */
+#define IPSEC_OPT_ENABLE_FLOWSWITCH 10 /* enable a flowswitch nexus that clients can use */
+#define IPSEC_OPT_INPUT_FRAG_SIZE 11 /* set the maximum size of input packets before fragmenting as a uint32_t */
+
+#define IPSEC_OPT_ENABLE_NETIF 12 /* Must be set before connecting */
+#define IPSEC_OPT_SLOT_SIZE 13 /* Must be set before connecting */
+#define IPSEC_OPT_NETIF_RING_SIZE 14 /* Must be set before connecting */
+#define IPSEC_OPT_TX_FSW_RING_SIZE 15 /* Must be set before connecting */
+#define IPSEC_OPT_RX_FSW_RING_SIZE 16 /* Must be set before connecting */
+#define IPSEC_OPT_CHANNEL_BIND_PID 17 /* Must be set before connecting */
+#define IPSEC_OPT_KPIPE_TX_RING_SIZE 18 /* Must be set before connecting */
+#define IPSEC_OPT_KPIPE_RX_RING_SIZE 19 /* Must be set before connecting */
+
/*
* ipsec stats parameter structure
*/
projects / apple / xnu.git / blobdiff