summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ipsp.h
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>1999-03-27 21:04:22 +0000
committerNiels Provos <provos@cvs.openbsd.org>1999-03-27 21:04:22 +0000
commitdefd96f785a6fc79d07307a2e69e27c048f432af (patch)
tree22a5f004782330ad329e92ec854e4f9bb9d51b5c /sys/netinet/ip_ipsp.h
parentbdf0fa84baff8b71398e2760eb959d794df83839 (diff)
add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
Diffstat (limited to 'sys/netinet/ip_ipsp.h')
-rw-r--r--sys/netinet/ip_ipsp.h15
1 files changed, 14 insertions, 1 deletions
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index f0048366b3c..e963410849f 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.27 1999/02/25 01:30:49 angelos Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.28 1999/03/27 21:04:19 provos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -43,6 +43,7 @@
*/
#include <sys/types.h>
+#include <sys/queue.h>
#include <netinet/in.h>
#include <sys/md5k.h>
#include <netinet/ip_sha1.h>
@@ -283,10 +284,21 @@ struct tdb /* tunnel descriptor block */
u_int16_t tdb_dstid_type;
struct flow *tdb_flow; /* Which flows use this SA */
+
+ struct tdb *tdb_bind_out; /* Outgoing SA to use */
+ TAILQ_HEAD(tdb_bind_head, tdb) tdb_bind_in;
+ TAILQ_ENTRY(tdb) tdb_bind_in_next; /* Refering Incoming SAs */
+ TAILQ_HEAD(tdb_inp_head, inpcb) tdb_inp;
};
#define TDB_HASHMOD 257
+struct tdb_ident {
+ u_int32_t spi;
+ union sockaddr_union dst;
+ u_int8_t proto;
+};
+
struct auth_hash {
int type;
char *name;
@@ -418,6 +430,7 @@ extern char *inet_ntoa4(struct in_addr);
extern char *ipsp_address(union sockaddr_union);
/* TDB management routines */
+extern void tdb_add_inp(struct tdb *tdb, struct inpcb *inp);
extern u_int32_t reserve_spi(u_int32_t, u_int32_t, union sockaddr_union *,
union sockaddr_union *, u_int8_t, int *);
extern struct tdb *gettdb(u_int32_t, union sockaddr_union *, u_int8_t);