hard and soft limits for SPI's per absolute timer, relative since establish,

relative since first use timers, packet and byte counters. notify key mgmt
on soft limits. key mgmt can now specify limits. new encap messages:
EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI

1 files changed, 133 insertions, 63 deletions

diff --git a/sys/net/encap.h b/sys/net/encap.h
index 328d29eabe7..d5b28c8a942 100644
--- a/sys/net/encap.h
+++ b/sys/net/encap.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: encap.h,v 1.3 1997/06/17 23:25:54 deraadt Exp $	*/
+/*	$OpenBSD: encap.h,v 1.4 1997/06/25 07:53:20 provos Exp $	*/
 
 /*
  * The author of this code is John Ioannidis, ji@tla.org,
@@ -49,43 +49,44 @@
 
 struct sockaddr_encap
 {
-	u_int8_t	sen_len;		/* length */
-	u_int8_t	sen_family;		/* AF_ENCAP */
-	u_int16_t	sen_type;		/* see SENT_* */
-	union
+    u_int8_t	sen_len;		/* length */
+    u_int8_t	sen_family;		/* AF_ENCAP */
+    u_int16_t	sen_type;		/* see SENT_* */
+    union
+    {
+	u_int8_t	Data[16];	/* other stuff mapped here */
+	struct sockaddr Dfl;	/* SENT_DEFIF */
+	struct			/* SENT_SA */
 	{
-		u_int8_t	Data[16];	/* other stuff mapped here */
-		struct sockaddr Dfl;	/* SENT_DEFIF */
-		struct			/* SENT_SA */
-		{
-			struct sockaddr Src;
-			struct sockaddr Dst;
-		} Sa;
+	    struct sockaddr Src;
+	    struct sockaddr Dst;
+	} Sa;
 #ifdef INET
-		struct			/* SENT_SAIN */
-		{
-			struct sockaddr_in Src;
-			struct sockaddr_in Dst;
-		} Sin;
-		struct			/* SENT_IP4 */
-		{
-			struct in_addr Src;
-			struct in_addr Dst;
-			u_int16_t Sport;
-			u_int16_t Dport;
-			u_int8_t Proto;
-			u_int8_t Filler[3];
-		} Sip4;
-		struct			/* SENT_IPSP */
-		{
-			struct in_addr Src;
-			struct in_addr Dst;
-			u_int32_t Spi;
-			u_int8_t Ifn;
-			u_int8_t Filler[3];
-		} Sipsp;
+	struct			/* SENT_SAIN */
+	{
+	    struct sockaddr_in Src;
+	    struct sockaddr_in Dst;
+	} Sin;
+	struct			/* SENT_IP4 */
+	{
+	    struct in_addr Src;
+	    struct in_addr Dst;
+	    u_int16_t Sport;
+	    u_int16_t Dport;
+	    u_int8_t Proto;
+	    u_int8_t Filler[3];
+	} Sip4;
+	struct			/* SENT_IPSP */
+	{
+	    struct in_addr Src;
+	    struct in_addr Dst;
+	    u_int32_t Spi;
+	    u_int8_t Ifn;
+	    u_int8_t Filler[3];
+	} Sipsp;
+	
 #endif
-	} Sen;
+    } Sen;
 };
 
 #define sen_data	Sen.Data
@@ -170,37 +171,92 @@ struct enc_softc
 
 struct encap_msghdr
 {
-	u_int16_t	em_msglen;		/* message length */
-	u_int8_t	em_version;		/* for future expansion */
-	u_int8_t	em_type;		/* message type */
-	union
+    u_int16_t	em_msglen;		/* message length */
+    u_int8_t	em_version;		/* for future expansion */
+    u_int8_t	em_type;		/* message type */
+    union
+    {
+	struct
+	{
+	    struct in_addr Ia;
+	    u_int8_t	Ifn;
+	    u_int8_t  xxx[3];		/* makes life a lot easier */
+	} Ifa;
+	
+	struct
 	{
-		struct
-		{
-			struct in_addr Ia;
-			u_int8_t	Ifn;
-			u_int8_t  xxx[3];	/* makes life a lot easier */
-		} Ifa;
-
-		struct
-		{
-			u_int32_t Spi;	/* SPI */
-			struct in_addr Dst; /* Destination address */
-			u_int32_t If;		/* enc i/f for input */
-			int32_t Alg;	/* Algorithm to use */
-			u_int8_t Dat[1];	/* Data */
-		} Xfm;
-		
-		struct
-		{
-			u_int32_t emr_spi;	/* SPI */
-			struct in_addr emr_dst; /* Dest */
-			struct tdb * emr_tdb; /* used internally! */
-			
-		} Rel[EM_MAXRELSPIS];
-	} Eu;
+	    u_int32_t Spi;		/* SPI */
+	    struct in_addr Dst;		/* Destination address */
+	    u_int64_t Relative_Hard;	/* Expire relative to creation */
+	    u_int64_t Relative_Soft;
+	    u_int64_t First_Use_Hard;	/* Expire relative to first use */
+	    u_int64_t First_Use_Soft;
+	    u_int64_t Expire_Hard;	/* Expire at fixed point in time */
+	    u_int64_t Expire_Soft;
+	    u_int64_t Bytes_Hard;	/* Expire after bytes recved/sent */
+	    u_int64_t Bytes_Soft;
+	    u_int64_t Packets_Hard;	/* Expire after packets recved/sent */
+	    u_int64_t Packets_Soft;
+	    u_int32_t If;		/* enc i/f for input */
+	    int32_t Alg;		/* Algorithm to use */
+	    u_int8_t Dat[1];		/* Data */
+	} Xfm;
+
+	/*
+ 	 * For expiration notifications, the kernel fills in
+	 * Notification_Type, Spi and Dst. No direct response is expected.
+	 *
+ 	 * For SA Requests, the kernel fills in
+	 * Notification_Type, MsgID, Spi, Seclevel, Dst (and optionally
+	 * Protocol, Src, Sport, Dport and UserID).
+ 	 *
+	 * The response should have the same values in all the fields
+	 * and:
+	 * Spi/Spi2/Spi3 will hold the SPIs for the three seclevels
+	 * UserID can optionally hold the peer's UserID (if applicable)
+	 */
+	struct				/* kernel->userland notifications */
+	{
+	    u_int32_t Notification_Type;
+#define  NOTIFY_SOFT_EXPIRE     0	/* Soft expiration of SA */
+#define  NOTIFY_HARD_EXPIRE     1	/* Hard expiration of SA */
+#define  NOTIFY_REQUEST_SA      2	/* Establish an SA */
+	    u_int32_t MsgID;		/* Request ID */
+	    u_int32_t Spi;		
+	    u_int32_t Spi2;
+	    u_int32_t Spi3;
+	    u_int8_t Seclevel[3];	/* see netinet/in_pcb.h */
+	    u_int8_t Protocol;		/* Transport mode for which protocol */
+	    struct in_addr Dst;		/* Peer */
+	    struct in_addr Src;		/* Might have our local address */
+	    u_int16_t Sport;		/* Source port */
+            u_int16_t Dport;		/* Destination port */
+	    u_int8_t UserID[1];		/* Might be used to indicate user */
+	} Notify;
+	
+	struct
+	{
+	    u_int32_t emr_spi;		/* SPI */
+	    struct in_addr emr_dst;	/* Dest */
+	    struct tdb *emr_tdb;	/* used internally! */
+	    
+	} Rel[EM_MAXRELSPIS];
+    } Eu;
 };
 
+#define em_not_type      Eu.Notify.Notification_Type
+#define em_not_spi       Eu.Notify.Spi
+#define em_not_spi2      Eu.Notify.Spi2
+#define em_not_spi3      Eu.Notify.Spi3
+#define em_not_src       Eu.Notify.Src
+#define em_not_dst       Eu.Notify.Dst
+#define em_not_seclevel  Eu.Notify.Seclevel
+#define em_not_userid    Eu.Notify.UserID
+#define em_not_msgid     Eu.Notify.MsgID
+#define em_not_sport     Eu.Notify.Sport
+#define em_not_dport     Eu.Notify.Dport
+#define em_not_protocol  Eu.Notify.Protocol
+
 #define em_ifa	Eu.Ifa.Ia
 #define em_ifn	Eu.Ifa.Ifn
 
@@ -209,6 +265,16 @@ struct encap_msghdr
 #define em_if	Eu.Xfm.If
 #define em_alg	Eu.Xfm.Alg
 #define em_dat	Eu.Xfm.Dat
+#define em_relative_hard  Eu.Xfm.Relative_Hard
+#define em_relative_soft  Eu.Xfm.Relative_Soft
+#define em_first_use_hard Eu.Xfm.First_Use_Hard
+#define em_first_use_soft Eu.Xfm.First_Use_Soft
+#define em_expire_hard    Eu.Xfm.Expire_Hard
+#define em_expire_soft    Eu.Xfm.Expire_Soft
+#define em_bytes_hard     Eu.Xfm.Bytes_Hard
+#define em_bytes_soft     Eu.Xfm.Bytes_Soft
+#define em_packets_hard   Eu.Xfm.Packets_Hard
+#define em_packets_soft   Eu.Xfm.Packets_Soft
 
 #define em_rel	Eu.Rel
 
@@ -217,6 +283,10 @@ struct encap_msghdr
 #define EMT_GRPSPIS	3		/* Group SPIs (output order)  */
 #define EMT_DELSPI	4		/* delete an SPI */
 #define EMT_DELSPICHAIN 5		/* delete an SPI chain starting from */
+#define EMT_RESERVESPI  6		/* Give us an SPI */
+#define EMT_ENABLESPI   7		/* Enable an SA */
+#define EMT_DISABLESPI  8		/* Disable an SA */
+#define EMT_NOTIFY      9		/* kernel->userland key mgmt not. */
 
 #define EM_MINLEN	8		/* count!!! */
 #define EMT_IFADDR_LEN	12