5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 */
26
27 #ifndef _INET_IPSEC_IMPL_H
28 #define _INET_IPSEC_IMPL_H
29
30 #include <inet/ip.h>
31 #include <inet/ipdrop.h>
32
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36
37 #define IPSEC_CONF_SRC_ADDRESS 0 /* Source Address */
38 #define IPSEC_CONF_SRC_PORT 1 /* Source Port */
39 #define IPSEC_CONF_DST_ADDRESS 2 /* Dest Address */
40 #define IPSEC_CONF_DST_PORT 3 /* Dest Port */
41 #define IPSEC_CONF_SRC_MASK 4 /* Source Address Mask */
42 #define IPSEC_CONF_DST_MASK 5 /* Destination Address Mask */
43 #define IPSEC_CONF_ULP 6 /* Upper layer Port */
44 #define IPSEC_CONF_IPSEC_PROT 7 /* AH or ESP or AH_ESP */
93 #include <sys/avl.h>
94
95 /*
96 * Maximum number of authentication algorithms (can be indexed by one byte
97 * per PF_KEY and the IKE IPsec DOI.
98 */
99 #define MAX_AALGS 256
100
101 /*
102 * IPsec task queue constants.
103 */
104 #define IPSEC_TASKQ_MIN 10
105 #define IPSEC_TASKQ_MAX 20
106
107 /*
108 * So we can access IPsec global variables that live in keysock.c.
109 */
110 extern boolean_t keysock_extended_reg(netstack_t *);
111 extern uint32_t keysock_next_seq(netstack_t *);
112
113 /*
114 * Locking for ipsec policy rules:
115 *
116 * policy heads: system policy is static; per-conn polheads are dynamic,
117 * and refcounted (and inherited); use atomic refcounts and "don't let
118 * go with both hands".
119 *
120 * policy: refcounted; references from polhead, ipsec_out
121 *
122 * actions: refcounted; referenced from: action hash table, policy, ipsec_out
123 * selectors: refcounted; referenced from: selector hash table, policy.
124 */
125
126 /*
127 * the following are inspired by, but not directly based on,
128 * some of the sys/queue.h type-safe pseudo-polymorphic macros
129 * found in BSD.
130 *
131 * XXX If we use these more generally, we'll have to make the names
132 * less generic (HASH_* will probably clobber other namespaces).
|
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 * Copyright 2017 Joyent, Inc.
26 */
27
28 #ifndef _INET_IPSEC_IMPL_H
29 #define _INET_IPSEC_IMPL_H
30
31 #include <inet/ip.h>
32 #include <inet/ipdrop.h>
33
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37
38 #define IPSEC_CONF_SRC_ADDRESS 0 /* Source Address */
39 #define IPSEC_CONF_SRC_PORT 1 /* Source Port */
40 #define IPSEC_CONF_DST_ADDRESS 2 /* Dest Address */
41 #define IPSEC_CONF_DST_PORT 3 /* Dest Port */
42 #define IPSEC_CONF_SRC_MASK 4 /* Source Address Mask */
43 #define IPSEC_CONF_DST_MASK 5 /* Destination Address Mask */
44 #define IPSEC_CONF_ULP 6 /* Upper layer Port */
45 #define IPSEC_CONF_IPSEC_PROT 7 /* AH or ESP or AH_ESP */
94 #include <sys/avl.h>
95
96 /*
97 * Maximum number of authentication algorithms (can be indexed by one byte
98 * per PF_KEY and the IKE IPsec DOI.
99 */
100 #define MAX_AALGS 256
101
102 /*
103 * IPsec task queue constants.
104 */
105 #define IPSEC_TASKQ_MIN 10
106 #define IPSEC_TASKQ_MAX 20
107
108 /*
109 * So we can access IPsec global variables that live in keysock.c.
110 */
111 extern boolean_t keysock_extended_reg(netstack_t *);
112 extern uint32_t keysock_next_seq(netstack_t *);
113
114 /* Common-code for spdsock and keysock. */
115 extern void keysock_spdsock_wput_iocdata(queue_t *, mblk_t *, sa_family_t);
116
117 /*
118 * Locking for ipsec policy rules:
119 *
120 * policy heads: system policy is static; per-conn polheads are dynamic,
121 * and refcounted (and inherited); use atomic refcounts and "don't let
122 * go with both hands".
123 *
124 * policy: refcounted; references from polhead, ipsec_out
125 *
126 * actions: refcounted; referenced from: action hash table, policy, ipsec_out
127 * selectors: refcounted; referenced from: selector hash table, policy.
128 */
129
130 /*
131 * the following are inspired by, but not directly based on,
132 * some of the sys/queue.h type-safe pseudo-polymorphic macros
133 * found in BSD.
134 *
135 * XXX If we use these more generally, we'll have to make the names
136 * less generic (HASH_* will probably clobber other namespaces).
|