Print this page
Bayard's initial drop, needs finishing, or at least testing.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/inet/ipsecah.h
+++ new/usr/src/uts/common/inet/ipsecah.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
24 25 */
25 26
26 27 #ifndef _INET_IPSECAH_H
27 28 #define _INET_IPSECAH_H
28 29
29 30 #include <inet/ip.h>
30 31 #include <inet/ipdrop.h>
31 32
32 33 #ifdef __cplusplus
33 34 extern "C" {
34 35 #endif
35 36
36 37 #include <sys/note.h>
37 38
38 39 #ifdef _KERNEL
39 40 /* Named Dispatch Parameter Management Structure */
40 41 typedef struct ipsecahparam_s {
41 42 uint_t ipsecah_param_min;
42 43 uint_t ipsecah_param_max;
43 44 uint_t ipsecah_param_value;
44 45 char *ipsecah_param_name;
45 46 } ipsecahparam_t;
46 47
47 48 /*
48 49 * Stats. This may eventually become a full-blown SNMP MIB once that spec
49 50 * stabilizes.
50 51 */
51 52 typedef struct ah_kstats_s
52 53 {
53 54 kstat_named_t ah_stat_num_aalgs;
54 55 kstat_named_t ah_stat_good_auth;
55 56 kstat_named_t ah_stat_bad_auth;
56 57 kstat_named_t ah_stat_replay_failures;
57 58 kstat_named_t ah_stat_replay_early_failures;
58 59 kstat_named_t ah_stat_keysock_in;
59 60 kstat_named_t ah_stat_out_requests;
60 61 kstat_named_t ah_stat_acquire_requests;
61 62 kstat_named_t ah_stat_bytes_expired;
62 63 kstat_named_t ah_stat_out_discards;
63 64 kstat_named_t ah_stat_crypto_sync;
64 65 kstat_named_t ah_stat_crypto_async;
65 66 kstat_named_t ah_stat_crypto_failures;
66 67 } ah_kstats_t;
67 68
68 69 /*
69 70 * ahstack->ah_kstats is equal to ahstack->ah_ksp->ks_data if
70 71 * kstat_create_netstack for ahstack->ah_ksp succeeds, but when it
71 72 * fails, it will be NULL. Note this is done for all stack instances,
72 73 * so it *could* fail. hence a non-NULL checking is done for
73 74 * AH_BUMP_STAT and AH_DEBUMP_STAT
74 75 */
75 76 #define AH_BUMP_STAT(ahstack, x) \
76 77 do { \
77 78 if (ahstack->ah_kstats != NULL) \
78 79 (ahstack->ah_kstats->ah_stat_ ## x).value.ui64++; \
79 80 _NOTE(CONSTCOND) \
80 81 } while (0)
81 82 #define AH_DEBUMP_STAT(ahstack, x) \
82 83 do { \
83 84 if (ahstack->ah_kstats != NULL) \
84 85 (ahstack->ah_kstats->ah_stat_ ## x).value.ui64--; \
85 86 _NOTE(CONSTCOND) \
86 87 } while (0)
87 88
88 89 /*
89 90 * IPSECAH stack instances
90 91 */
91 92 struct ipsecah_stack {
92 93 netstack_t *ipsecah_netstack; /* Common netstack */
93 94
94 95 caddr_t ipsecah_g_nd;
95 96 ipsecahparam_t *ipsecah_params;
96 97 kmutex_t ipsecah_param_lock; /* Protects params */
97 98
98 99 sadbp_t ah_sadb;
99 100
100 101 /* Packet dropper for AH drops. */
101 102 ipdropper_t ah_dropper;
102 103
103 104 kstat_t *ah_ksp;
104 105 ah_kstats_t *ah_kstats;
105 106
106 107 /*
|
↓ open down ↓ |
73 lines elided |
↑ open up ↑ |
107 108 * Keysock instance of AH. There can be only one per stack instance.
108 109 * Use casptr() on this because I don't set it until KEYSOCK_HELLO
109 110 * comes down.
110 111 * Paired up with the ah_pfkey_q is the ah_event, which will age SAs.
111 112 */
112 113 queue_t *ah_pfkey_q;
113 114 timeout_id_t ah_event;
114 115 };
115 116 typedef struct ipsecah_stack ipsecah_stack_t;
116 117
118 +#define ipsecah_debug ipsecah_params[0].ipsecah_param_value
119 +#define ipsecah_age_interval ipsecah_params[1].ipsecah_param_value
120 +#define ipsecah_age_int_max ipsecah_params[1].ipsecah_param_max
121 +#define ipsecah_reap_delay ipsecah_params[2].ipsecah_param_value
122 +#define ipsecah_replay_size ipsecah_params[3].ipsecah_param_value
123 +#define ipsecah_acquire_timeout ipsecah_params[4].ipsecah_param_value
124 +#define ipsecah_larval_timeout ipsecah_params[5].ipsecah_param_value
125 +#define ipsecah_default_soft_bytes ipsecah_params[6].ipsecah_param_value
126 +#define ipsecah_default_hard_bytes ipsecah_params[7].ipsecah_param_value
127 +#define ipsecah_default_soft_addtime ipsecah_params[8].ipsecah_param_value
128 +#define ipsecah_default_hard_addtime ipsecah_params[9].ipsecah_param_value
129 +#define ipsecah_default_soft_usetime ipsecah_params[10].ipsecah_param_value
130 +#define ipsecah_default_hard_usetime ipsecah_params[11].ipsecah_param_value
131 +#define ipsecah_log_unknown_spi ipsecah_params[12].ipsecah_param_value
132 +
117 133 #endif /* _KERNEL */
118 134
119 135 /*
120 136 * For now, only provide "aligned" version of header.
121 137 * If aligned version is needed, we'll go with the naming conventions then.
122 138 */
123 139
124 140 typedef struct ah {
125 141 uint8_t ah_nexthdr;
126 142 uint8_t ah_length;
127 143 uint16_t ah_reserved;
128 144 uint32_t ah_spi;
129 145 uint32_t ah_replay;
130 146 } ah_t;
131 147
132 148 #define AH_BASELEN 12
133 149 #define AH_TOTAL_LEN(ah) (((ah)->ah_length << 2) + AH_BASELEN - \
134 150 sizeof ((ah)->ah_replay))
135 151
136 152 /* "Old" AH, without replay. For 1827-29 compatibility. */
137 153
138 154 typedef struct ahold {
139 155 uint8_t ah_nexthdr;
140 156 uint8_t ah_length;
141 157 uint16_t ah_reserved;
142 158 uint32_t ah_spi;
143 159 } ahold_t;
144 160
145 161 #define AHOLD_BASELEN 8
146 162 #define AHOLD_TOTAL_LEN(ah) (((ah)->ah_length << 2) + AH_BASELEN)
147 163
148 164 #ifdef __cplusplus
149 165 }
150 166 #endif
151 167
152 168 #endif /* _INET_IPSECAH_H */
|
↓ open down ↓ |
26 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX