diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-03-17 10:25:24 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-03-17 10:25:24 +0000 |
commit | 8e443bb412cd99bc42a06075e051d052fd4a22b3 (patch) | |
tree | 247821026b0dff878f188e40d6daa0ea0597e0f3 /sys/netinet/ip_esp.h | |
parent | fa4f02f39ae2b2603192374afd1fef211e15b3e3 (diff) |
Cryptographic services framework, and software "device driver". The
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto
No support for a userland device yet.
IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).
Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.
Diffstat (limited to 'sys/netinet/ip_esp.h')
-rw-r--r-- | sys/netinet/ip_esp.h | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/sys/netinet/ip_esp.h b/sys/netinet/ip_esp.h index 2438f1a8c8d..f7cae5bbe6c 100644 --- a/sys/netinet/ip_esp.h +++ b/sys/netinet/ip_esp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.h,v 1.31 2000/01/27 08:09:10 angelos Exp $ */ +/* $OpenBSD: ip_esp.h,v 1.32 2000/03/17 10:25:22 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -42,7 +42,7 @@ struct espstat { - u_int32_t esps_hdrops; /* packet shorter than header shows */ + u_int32_t esps_hdrops; /* Packet shorter than header shows */ u_int32_t esps_nopf; /* Protocol family not supported */ u_int32_t esps_notdb; u_int32_t esps_badkcr; @@ -55,11 +55,12 @@ struct espstat u_int32_t esps_replay; /* Possible packet replay detected */ u_int32_t esps_input; /* Input ESP packets */ u_int32_t esps_output; /* Output ESP packets */ - u_int32_t esps_invalid; /* Trying to use an invalid TDB */ - u_int64_t esps_ibytes; /* input bytes */ - u_int64_t esps_obytes; /* output bytes */ - u_int32_t esps_toobig; /* packet got larger than IP_MAXPACKET */ - u_int32_t esps_pdrops; /* packet blocked due to policy */ + u_int32_t esps_invalid; /* Trying to use an invalid TDB */ + u_int64_t esps_ibytes; /* Input bytes */ + u_int64_t esps_obytes; /* Output bytes */ + u_int32_t esps_toobig; /* Packet got larger than IP_MAXPACKET */ + u_int32_t esps_pdrops; /* Packet blocked due to policy */ + u_int32_t esps_crypto; /* Crypto processing failure */ }; /* |