New fields in policy and TDB.

1 files changed, 35 insertions, 22 deletions

diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index eff20e27fd3..0e508c0ceae 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.h,v 1.119 2002/03/14 01:27:11 millert Exp $	*/
+/*	$OpenBSD: ip_ipsp.h,v 1.120 2002/05/31 02:39:53 angelos Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -168,8 +168,10 @@ struct ipsec_acquire {
 	struct sockaddr_encap		ipa_mask;
 	struct timeout			ipa_timeout;
 	struct ipsec_policy		*ipa_policy;
+	struct inpcb                    *ipa_pcb;
 	TAILQ_ENTRY(ipsec_acquire)	ipa_ipo_next;
 	TAILQ_ENTRY(ipsec_acquire)	ipa_next;
+	TAILQ_ENTRY(ipsec_acquire)      ipa_inp_next;
 };
 
 struct ipsec_policy {
@@ -192,6 +194,8 @@ struct ipsec_policy {
 	u_int8_t		ipo_type;	/* USE/ACQUIRE/... */
 	u_int8_t		ipo_sproto;	/* ESP/AH; if zero, use system dflts */
 
+	int                     ipo_ref_count;
+       
 	struct tdb		*ipo_tdb;		/* Cached entry */
 
 	struct ipsec_ref	*ipo_srcid;
@@ -339,10 +343,8 @@ struct tdb {				/* tunnel descriptor block */
 
 	u_int32_t	tdb_rpl;	/* Replay counter */
 	u_int32_t	tdb_bitmap;	/* Used for replay sliding window */
-	u_int32_t	tdb_initial;	/* Initial replay value */
 
 	u_int32_t	tdb_epoch;	/* Used by the kernfs interface */
-
 	u_int8_t	tdb_iv[4];	/* Used for HALF-IV ESP */
 
 	struct ipsec_ref	*tdb_local_cred;
@@ -355,6 +357,9 @@ struct tdb {				/* tunnel descriptor block */
 	u_int32_t	tdb_mtu;	/* MTU at this point in the chain */
 	u_int64_t	tdb_mtutimeout;	/* When to ignore this entry */
 
+	struct sockaddr_encap   tdb_filter; /* What traffic is acceptable */
+	struct sockaddr_encap   tdb_filtermask; /* And the mask */
+
 	TAILQ_HEAD(tdb_inp_head_in, inpcb)	tdb_inp_in;
 	TAILQ_HEAD(tdb_inp_head_out, inpcb)	tdb_inp_out;
 	TAILQ_HEAD(tdb_policy_head, ipsec_policy)	tdb_policy_head;
@@ -385,18 +390,6 @@ struct ipsecinit {
 	u_int8_t	ii_compalg;
 };
 
-struct xformsw {
-	u_short	xf_type;		/* Unique ID of xform */
-	u_short	xf_flags;		/* flags (see below) */
-	char	*xf_name;		/* human-readable name */
-	int	(*xf_attach)(void);	/* called at config time */
-	int	(*xf_init)(struct tdb *, struct xformsw *, struct ipsecinit *);
-	int	(*xf_zeroize)(struct tdb *); /* termination */
-	int	(*xf_input)(struct mbuf *, struct tdb *, int, int); /* input */
-	int	(*xf_output)(struct mbuf *, struct tdb *, struct mbuf **,
-	    int, int);        /* output */
-};
-
 /* xform IDs */
 #define	XF_IP4		1	/* IP inside IP */
 #define	XF_AH		2	/* AH */
@@ -436,6 +429,18 @@ htonq(u_int64_t q)
 
 #ifdef _KERNEL
 
+struct xformsw {
+	u_short	xf_type;		/* Unique ID of xform */
+	u_short	xf_flags;		/* flags (see below) */
+	char	*xf_name;		/* human-readable name */
+	int	(*xf_attach)(void);	/* called at config time */
+	int	(*xf_init)(struct tdb *, struct xformsw *, struct ipsecinit *);
+	int	(*xf_zeroize)(struct tdb *); /* termination */
+	int	(*xf_input)(struct mbuf *, struct tdb *, int, int); /* input */
+	int	(*xf_output)(struct mbuf *, struct tdb *, struct mbuf **,
+	    int, int);        /* output */
+};
+
 /*
  * Protects all tdb lists.
  * Must at least be splsoftnet (note: do not use splsoftclock as it is
@@ -513,10 +518,12 @@ extern void tdb_add_inp(struct tdb *, struct inpcb *, int);
 extern u_int32_t reserve_spi(u_int32_t, u_int32_t, union sockaddr_union *,
     union sockaddr_union *, u_int8_t, int *);
 extern struct tdb *gettdb(u_int32_t, union sockaddr_union *, u_int8_t);
-extern struct tdb *gettdbbyaddr(union sockaddr_union *, struct ipsec_policy *,
-    struct mbuf *, int);
-extern struct tdb *gettdbbysrc(union sockaddr_union *, struct ipsec_policy *,
-    struct mbuf *, int);
+extern struct tdb *gettdbbyaddr(union sockaddr_union *, u_int8_t,
+    struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *,
+    struct mbuf *, int, struct sockaddr_encap *, struct sockaddr_encap *);
+extern struct tdb *gettdbbysrc(union sockaddr_union *, u_int8_t,
+    struct ipsec_ref *, struct ipsec_ref *, struct mbuf *, int,
+    struct sockaddr_encap *, struct sockaddr_encap *);
 extern void puttdb(struct tdb *);
 extern void tdb_delete(struct tdb *);
 extern struct tdb *tdb_alloc(void);
@@ -622,7 +629,7 @@ extern caddr_t m_pad(struct mbuf *, int);
 
 /* Replay window */
 extern int checkreplaywindow32(u_int32_t, u_int32_t, u_int32_t *, u_int32_t,
-    u_int32_t *);
+    u_int32_t *, int);
 
 extern unsigned char ipseczeroes[];
 
@@ -637,8 +644,9 @@ extern int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int,
     struct m_tag *);
 extern int ipsp_acquire_sa(struct ipsec_policy *, union sockaddr_union *,
     union sockaddr_union *, struct sockaddr_encap *, struct mbuf *);
-extern struct ipsec_policy *ipsec_add_policy(struct sockaddr_encap *,
-    struct sockaddr_encap *, union sockaddr_union *, int, int);
+extern struct ipsec_policy *ipsec_add_policy(struct inpcb *, int, int);
+extern void ipsec_update_policy(struct inpcb *, struct ipsec_policy *,
+    int, int);
 extern int ipsec_delete_policy(struct ipsec_policy *);
 extern struct ipsec_acquire *ipsp_pending_acquire(struct ipsec_policy *,
     union sockaddr_union *);
@@ -653,5 +661,10 @@ extern ssize_t ipsec_hdrsz(struct tdb *);
 extern void ipsec_adjust_mtu(struct mbuf *, u_int32_t);
 extern int ipsp_print_tdb(struct tdb *, char *);
 extern struct ipsec_acquire *ipsec_get_acquire(u_int32_t);
+extern int ipsp_aux_match(struct ipsec_ref *, struct ipsec_ref *,
+    struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *,
+    struct ipsec_ref *, struct ipsec_ref *, struct ipsec_ref *,
+    struct sockaddr_encap *, struct sockaddr_encap *,
+    struct sockaddr_encap *, struct sockaddr_encap *);
 #endif /* _KERNEL */
 #endif /* _NETINET_IPSP_H_ */