1 0 stevel /* 2 0 stevel * CDDL HEADER START 3 0 stevel * 4 0 stevel * The contents of this file are subject to the terms of the 5 3055 danmcd * Common Development and Distribution License (the "License"). 6 3055 danmcd * You may not use this file except in compliance with the License. 7 0 stevel * 8 0 stevel * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 0 stevel * or http://www.opensolaris.org/os/licensing. 10 0 stevel * See the License for the specific language governing permissions 11 0 stevel * and limitations under the License. 12 0 stevel * 13 0 stevel * When distributing Covered Code, include this CDDL HEADER in each 14 0 stevel * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 0 stevel * If applicable, add the following below this CDDL HEADER, with the 16 0 stevel * fields enclosed by brackets "[]" replaced with your own identifying 17 0 stevel * information: Portions Copyright [yyyy] [name of copyright owner] 18 0 stevel * 19 0 stevel * CDDL HEADER END 20 0 stevel */ 21 0 stevel /* 22 8485 Peter * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 0 stevel * Use is subject to license terms. 24 0 stevel */ 25 0 stevel 26 0 stevel #ifndef _INET_IPSEC_INFO_H 27 0 stevel #define _INET_IPSEC_INFO_H 28 0 stevel 29 0 stevel #ifdef __cplusplus 30 0 stevel extern "C" { 31 0 stevel #endif 32 0 stevel 33 0 stevel #include <sys/crypto/common.h> 34 0 stevel 35 0 stevel /* 36 0 stevel * IPsec informational messages. These are M_CTL STREAMS messages, which 37 11042 Erik * convey IPsec information between various IP and related modules. Most 38 11042 Erik * have been deprecated by the de-STREAMS-ing of TCP/IP. What remains is: 39 0 stevel * 40 0 stevel * * Keysock consumer interface - These messages are wrappers for 41 0 stevel * PF_KEY messages. They flow between AH/ESP and keysock. 42 3448 dh155122 * 43 0 stevel */ 44 0 stevel 45 0 stevel /* 46 0 stevel * The IPsec M_CTL value MUST be something that will not be even close 47 0 stevel * to an IPv4 or IPv6 header. This means the first byte must not be 48 0 stevel * 0x40 - 0x4f or 0x60-0x6f. For big-endian machines, this is fixable with 49 0 stevel * the IPSEC_M_CTL prefix. For little-endian machines, the actual M_CTL 50 0 stevel * _type_ must not be in the aforementioned ranges. 51 0 stevel * 52 0 stevel * The reason for this avoidance is because M_CTL's with a real IPv4/IPv6 53 0 stevel * datagram get sent from to TCP or UDP when an ICMP datagram affects a 54 0 stevel * TCP/UDP session. 55 0 stevel */ 56 134 danmcd #define IPSEC_M_CTL 0x73706900 57 0 stevel 58 0 stevel /* 59 0 stevel * M_CTL types for IPsec messages. Remember, the values 0x40 - 0x4f and 0x60 60 0 stevel * - 0x6f are not to be used because of potential little-endian confusion. 61 0 stevel * 62 11042 Erik * Offsets 3-7 (decimal) are in use, spread through this file. 63 0 stevel * Check for duplicates through the whole file before adding. 64 0 stevel */ 65 0 stevel 66 0 stevel /* 67 0 stevel * Keysock consumer interface. 68 0 stevel * 69 0 stevel * The driver/module keysock (which is a driver to PF_KEY sockets, but is 70 0 stevel * a module to 'consumers' like AH and ESP) uses keysock consumer interface 71 0 stevel * messages to pass on PF_KEY messages to consumers who process and act upon 72 0 stevel * them. 73 0 stevel */ 74 0 stevel #define KEYSOCK_IN (IPSEC_M_CTL + 3) 75 0 stevel #define KEYSOCK_OUT (IPSEC_M_CTL + 4) 76 0 stevel #define KEYSOCK_OUT_ERR (IPSEC_M_CTL + 5) 77 0 stevel #define KEYSOCK_HELLO (IPSEC_M_CTL + 6) 78 0 stevel #define KEYSOCK_HELLO_ACK (IPSEC_M_CTL + 7) 79 0 stevel 80 0 stevel /* 81 0 stevel * KEYSOCK_HELLO is sent by keysock to a consumer when it is pushed on top 82 0 stevel * of one (i.e. opened as a module). 83 0 stevel * 84 0 stevel * NOTE: Keysock_hello is simply an ipsec_info_t 85 0 stevel */ 86 0 stevel 87 0 stevel /* 88 0 stevel * KEYSOCK_HELLO_ACK is sent by a consumer to acknowledge a KEYSOCK_HELLO. 89 0 stevel * It contains the PF_KEYv2 sa_type, so keysock can redirect PF_KEY messages 90 0 stevel * to the right consumer. 91 0 stevel */ 92 0 stevel typedef struct keysock_hello_ack_s { 93 0 stevel uint32_t ks_hello_type; 94 0 stevel uint32_t ks_hello_len; 95 0 stevel uint8_t ks_hello_satype; /* PF_KEYv2 sa_type of ks client */ 96 0 stevel } keysock_hello_ack_t; 97 0 stevel 98 0 stevel #define KS_IN_ADDR_UNKNOWN 0 99 0 stevel #define KS_IN_ADDR_NOTTHERE 1 100 0 stevel #define KS_IN_ADDR_UNSPEC 2 101 0 stevel #define KS_IN_ADDR_ME 3 102 0 stevel #define KS_IN_ADDR_NOTME 4 103 0 stevel #define KS_IN_ADDR_MBCAST 5 104 3055 danmcd #define KS_IN_ADDR_DONTCARE 6 105 0 stevel 106 0 stevel /* 107 0 stevel * KEYSOCK_IN is a PF_KEY message from a PF_KEY socket destined for a consumer. 108 0 stevel */ 109 0 stevel typedef struct keysock_in_s { 110 0 stevel uint32_t ks_in_type; 111 0 stevel uint32_t ks_in_len; 112 0 stevel /* 113 0 stevel * NOTE: These pointers MUST be into the M_DATA that follows 114 0 stevel * this M_CTL message. If they aren't, weirdness 115 0 stevel * results. 116 0 stevel */ 117 0 stevel struct sadb_ext *ks_in_extv[SADB_EXT_MAX + 1]; 118 0 stevel int ks_in_srctype; /* Source address type. */ 119 0 stevel int ks_in_dsttype; /* Dest address type. */ 120 0 stevel minor_t ks_in_serial; /* Serial # of sending socket. */ 121 0 stevel } keysock_in_t; 122 0 stevel 123 0 stevel /* 124 0 stevel * KEYSOCK_OUT is a PF_KEY message from a consumer destined for a PF_KEY 125 0 stevel * socket. 126 0 stevel */ 127 0 stevel typedef struct keysock_out_s { 128 0 stevel uint32_t ks_out_type; 129 0 stevel uint32_t ks_out_len; 130 0 stevel minor_t ks_out_serial; /* Serial # of sending socket. */ 131 0 stevel } keysock_out_t; 132 0 stevel 133 0 stevel /* 134 0 stevel * KEYSOCK_OUT_ERR is sent to a consumer from keysock if for some reason 135 0 stevel * keysock could not find a PF_KEY socket to deliver a consumer-originated 136 0 stevel * message (e.g. SADB_ACQUIRE). 137 0 stevel */ 138 0 stevel typedef struct keysock_out_err_s { 139 0 stevel uint32_t ks_err_type; 140 0 stevel uint32_t ks_err_len; 141 0 stevel minor_t ks_err_serial; 142 0 stevel int ks_err_errno; 143 0 stevel /* 144 0 stevel * Other, richer error information may end up going here eventually. 145 0 stevel */ 146 0 stevel } keysock_out_err_t; 147 0 stevel 148 0 stevel /* 149 0 stevel * All IPsec informational messages are placed into the ipsec_info_t 150 0 stevel * union, so that allocation can be done once, and IPsec informational 151 0 stevel * messages can be recycled. 152 0 stevel */ 153 0 stevel typedef union ipsec_info_u { 154 0 stevel struct { 155 0 stevel uint32_t ipsec_allu_type; 156 0 stevel uint32_t ipsec_allu_len; /* In bytes */ 157 0 stevel } ipsec_allu; 158 0 stevel keysock_hello_ack_t keysock_hello_ack; 159 0 stevel keysock_in_t keysock_in; 160 0 stevel keysock_out_t keysock_out; 161 0 stevel keysock_out_err_t keysock_out_err; 162 0 stevel } ipsec_info_t; 163 0 stevel #define ipsec_info_type ipsec_allu.ipsec_allu_type 164 0 stevel #define ipsec_info_len ipsec_allu.ipsec_allu_len 165 0 stevel 166 0 stevel #ifdef __cplusplus 167 0 stevel } 168 0 stevel #endif 169 0 stevel 170 0 stevel #endif /* _INET_IPSEC_INFO_H */ 171
Indexes created Wed Nov 25 22:49:30 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.