diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-10 06:59:24 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-10 06:59:24 +0000 |
| commit | 6cab92913b6dd4b4a1ce48d7f19a5aeaf4cad228 (patch) | |
| tree | b806084fe675175c1cb8346be4ddc2bc839893a2 /sys/netinet/ip_ipsp.h | |
| parent | 683b04ca6c357c3e7f418e0e648f3131b8f6d9ad (diff) | |
Add 10 new ipsec-related sysctl variables...they are currently under
net.inet.ip; perhaps they should be moved under net.inet.ipsec or some
such.
Diffstat (limited to 'sys/netinet/ip_ipsp.h')
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 6246421bdd7..fc9efeac2ee 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.54 2000/01/10 04:30:53 angelos Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.55 2000/01/10 06:59:23 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -104,8 +104,19 @@ union sockaddr_union #define SPI_RESERVED_MIN 1 #define SPI_RESERVED_MAX 255 -/* How long are we going to keep embryonic SAs (default value) */ +/* sysctl default values */ #define IPSEC_DEFAULT_EMBRYONIC_SA_TIMEOUT 60 /* 1 minute */ +#define IPSEC_DEFAULT_PFS 1 +#define IPSEC_DEFAULT_SOFT_ALLOCATIONS 0 +#define IPSEC_DEFAULT_EXP_ALLOCATIONS 0 +#define IPSEC_DEFAULT_SOFT_BYTES 0 +#define IPSEC_DEFAULT_EXP_BYTES 0 +#define IPSEC_DEFAULT_SOFT_TIMEOUT 80000 +#define IPSEC_DEFAULT_EXP_TIMEOUT 86400 +#define IPSEC_DEFAULT_SOFT_FIRST_USE 3600 +#define IPSEC_DEFAULT_EXP_FIRST_USE 7200 +#define IPSEC_DEFAULT_DEF_ENC "3des" +#define IPSEC_DEFAULT_DEF_AUTH "hmac-sha1" struct sockaddr_encap { @@ -444,8 +455,30 @@ extern int encdebug; extern int ipsec_acl; extern int ipsec_keep_invalid; extern int ipsec_in_use; +extern int ipsec_require_pfs; + extern u_int8_t hmac_ipad_buffer[64]; extern u_int8_t hmac_opad_buffer[64]; +extern int ipsec_soft_allocations; +extern int ipsec_exp_allocations; +extern int ipsec_soft_bytes; +extern int ipsec_exp_bytes; +extern int ipsec_soft_timeout; +extern int ipsec_exp_timeout; +extern int ipsec_soft_first_use; +extern int ipsec_exp_first_use; +extern char ipsec_def_enc[]; +extern char ipsec_def_auth[]; + +extern struct enc_xform enc_xform_des; +extern struct enc_xform enc_xform_3des; +extern struct enc_xform enc_xform_blf; +extern struct enc_xform enc_xform_cast5; +extern struct enc_xform enc_xform_skipjack; + +extern struct auth_hash auth_hash_hmac_md5_96; +extern struct auth_hash auth_hash_hmac_sha1_96; +extern struct auth_hash auth_hash_hmac_ripemd_160_96; extern TAILQ_HEAD(expclusterlist_head, tdb) expclusterlist; extern TAILQ_HEAD(explist_head, tdb) explist; |