X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/b0d623f7f2ae71ed96e60569f61f9a9a27016e80..c18c124eaa464aaaa5549e99e5a70fc9cbb50944:/bsd/netinet6/ipsec.h

diff --git a/bsd/netinet6/ipsec.h b/bsd/netinet6/ipsec.h
index 8bb0feace..9c452d26f 100644
--- a/bsd/netinet6/ipsec.h
+++ b/bsd/netinet6/ipsec.h
@@ -40,8 +40,9 @@
 #include <sys/appleapiopts.h>
 
 #include <net/pfkeyv2.h>
-#ifdef KERNEL_PRIVATE
+#ifdef BSD_KERNEL_PRIVATE
 #include <netkey/keydb.h>
+#include <netinet/ip_var.h>
 
 /* lock for IPSec stats */
 extern lck_grp_t         *sadb_stat_mutex_grp;
@@ -53,6 +54,10 @@ extern lck_mtx_t         *sadb_stat_mutex;
 #define IPSEC_STAT_INCREMENT(x)	\
 	{lck_mtx_lock(sadb_stat_mutex); (x)++; lck_mtx_unlock(sadb_stat_mutex);}
 
+struct secpolicyaddrrange {
+	struct sockaddr_storage start;	/* Start (low values) of address range */
+	struct sockaddr_storage end;	/* End (high values) of address range */
+};
 
 /*
  * Security Policy Index
@@ -67,6 +72,9 @@ struct secpolicyindex {
 	u_int8_t prefs;			/* prefix length in bits for src */
 	u_int8_t prefd;			/* prefix length in bits for dst */
 	u_int16_t ul_proto;		/* upper layer Protocol */
+	ifnet_t internal_if; /* Interface a matching packet is bound to */
+	struct secpolicyaddrrange src_range;	/* IP src address range for SP */
+	struct secpolicyaddrrange dst_range;	/* IP dst address range for SP */
 #ifdef notyet
 	uid_t uids;
 	uid_t uidd;
@@ -91,6 +99,11 @@ struct secpolicy {
 				/* pointer to the ipsec request tree, */
 				/* if policy == IPSEC else this value == NULL.*/
 
+	ifnet_t ipsec_if; /* IPSec interface to use */
+	ifnet_t outgoing_if; /* Outgoing interface for encrypted traffic */
+    
+	char disabled; /* Set to ignore policy */
+    
 	/*
 	 * lifetime handler.
 	 * the policy can be used without limitiation if both lifetime and
@@ -133,7 +146,7 @@ struct secspacq {
 	int count;		/* for lifetime */
 	/* XXX: here is mbuf place holder to be sent ? */
 };
-#endif /* KERNEL_PRIVATE */
+#endif /* BSD_KERNEL_PRIVATE */
 
 /* according to IANA assignment, port 0x0000 and proto 0xff are reserved. */
 #define IPSEC_PORT_ANY		0
@@ -219,7 +232,7 @@ struct ipsecstat {
 	u_quad_t out_comphist[256];
 };
 
-#ifdef KERNEL_PRIVATE
+#ifdef BSD_KERNEL_PRIVATE
 /*
  * Definitions for IPsec & Key sysctl operations.
  */
@@ -277,11 +290,15 @@ struct ipsecstat {
 	{ "esp_randpad", CTLTYPE_INT }, \
 }
 
-#ifdef KERNEL
+#define IPSEC_IS_P2ALIGNED(p)        1
+#define IPSEC_GET_P2UNALIGNED_OFS(p) 0
+
 struct ipsec_output_state {
+	int tunneled;
 	struct mbuf *m;
-	struct route *ro;
+	struct route ro;
 	struct sockaddr *dst;
+	u_int outgoing_if;
 };
 
 struct ipsec_history {
@@ -309,6 +326,10 @@ extern struct secpolicy *ipsec4_getpolicybysock(struct mbuf *, u_int,
 						struct socket *, int *);
 extern struct secpolicy *ipsec4_getpolicybyaddr(struct mbuf *, u_int, int,
 						int *);
+extern int ipsec4_getpolicybyinterface(struct mbuf *, u_int, int *,
+                        struct ip_out_args *, struct secpolicy **);
+
+extern u_int ipsec_get_reqlevel(struct ipsecrequest *);
 
 struct inpcb;
 extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);
@@ -316,9 +337,7 @@ extern int ipsec_copy_policy(struct inpcbpolicy *, struct inpcbpolicy *);
 extern u_int ipsec_get_reqlevel(struct ipsecrequest *);
 
 extern int ipsec4_set_policy(struct inpcb *inp, int optname,
-	caddr_t request, size_t len, int priv);
-extern int ipsec4_get_policy(struct inpcb *inpcb, caddr_t request,
-	size_t len, struct mbuf **mp);
+						caddr_t request, size_t len, int priv);
 extern int ipsec4_delete_pcbpolicy(struct inpcb *);
 extern int ipsec4_in_reject_so(struct mbuf *, struct socket *);
 extern int ipsec4_in_reject(struct mbuf *, struct inpcb *);
@@ -338,7 +357,18 @@ extern const char *ipsec_logsastr(struct secasvar *);
 
 extern void ipsec_dumpmbuf(struct mbuf *);
 
+extern int ipsec4_interface_output(struct ipsec_output_state *state, ifnet_t interface);
 extern int ipsec4_output(struct ipsec_output_state *, struct secpolicy *, int);
+#if INET
+extern struct mbuf * ipsec4_splithdr(struct mbuf *);
+extern int ipsec4_encapsulate(struct mbuf *, struct secasvar *);
+extern int ipsec4_encapsulate_utun_esp_keepalive(struct mbuf **, struct secasvar *);
+#endif
+#if INET6
+extern struct mbuf * ipsec6_splithdr(struct mbuf *);
+extern int ipsec6_encapsulate(struct mbuf *, struct secasvar *);
+extern int ipsec6_encapsulate_utun_esp_keepalive(struct mbuf **, struct secasvar *);
+#endif
 extern int ipsec4_tunnel_validate(struct mbuf *, int, u_int, struct secasvar *, sa_family_t *);
 extern struct mbuf *ipsec_copypkt(struct mbuf *);
 extern void ipsec_delaux(struct mbuf *);
@@ -347,8 +377,7 @@ extern struct socket *ipsec_getsocket(struct mbuf *);
 extern int ipsec_addhist(struct mbuf *, int, u_int32_t); 
 extern struct ipsec_history *ipsec_gethist(struct mbuf *, int *);
 extern void ipsec_clearhist(struct mbuf *);
-#endif /* KERNEL */
-#endif /* KERNEL_PRIVATE */
+#endif /* BSD_KERNEL_PRIVATE */
 
 #ifndef KERNEL
 __BEGIN_DECLS