summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ipsp.h
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1999-05-14 23:36:22 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1999-05-14 23:36:22 +0000
commit80d37d4a76e48037997eefe5ca18b7f795ecec23 (patch)
tree1a3bd00bd4ebe5da48daf5179f06be5b3d5f0005 /sys/netinet/ip_ipsp.h
parent7a72d8171dfa72f742eaa892e879c4eeb4f54334 (diff)
A new scalable IPsec SA expiration model.
Diffstat (limited to 'sys/netinet/ip_ipsp.h')
-rw-r--r--sys/netinet/ip_ipsp.h38
1 files changed, 16 insertions, 22 deletions
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index d30f3e3fd24..931f32a0ba3 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,9 +1,10 @@
-/* $OpenBSD: ip_ipsp.h,v 1.30 1999/05/11 22:57:17 niklas Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.31 1999/05/14 23:36:21 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
- * Angelos D. Keromytis (kermit@csd.uch.gr) and
- * Niels Provos (provos@physnet.uni-hamburg.de).
+ * Angelos D. Keromytis (kermit@csd.uch.gr),
+ * Niels Provos (provos@physnet.uni-hamburg.de) and
+ * Niklas Hallqvist (niklas@appli.se).
*
* This code was written by John Ioannidis for BSD/OS in Athens, Greece,
* in November 1995.
@@ -14,11 +15,12 @@
* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
* and Niels Provos.
*
- * Additional features in 1999 by Angelos D. Keromytis.
+ * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
*
- * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
* Angelos D. Keromytis and Niels Provos.
- *
+ * Copyright (c) 1999 Niklas Hallqvist.
+ *
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
* all copies of any software which is or includes a copy or
@@ -180,16 +182,6 @@ struct route_enc {
struct sockaddr_encap re_dst;
};
-struct expiration
-{
- u_int32_t exp_timeout;
- union sockaddr_union exp_dst;
- u_int32_t exp_spi;
- u_int8_t exp_sproto;
- struct expiration *exp_next;
- struct expiration *exp_prev;
-};
-
struct flow
{
struct flow *flow_next; /* Next in flow chain */
@@ -228,6 +220,9 @@ struct tdb /* tunnel descriptor block */
#define TDBF_TUNNELING 0x01000 /* Force IP-IP encapsulation */
u_int32_t tdb_flags; /* Flags related to this TDB */
+ TAILQ_ENTRY(tdb) tdb_expnext; /* Expiration cluster list link */
+ LIST_ENTRY(tdb) tdb_explink; /* Expiration ordered list link */
+
u_int32_t tdb_exp_allocations; /* Expire after so many flows */
u_int32_t tdb_soft_allocations; /* Expiration warning */
u_int32_t tdb_cur_allocations; /* Total number of allocations */
@@ -239,11 +234,13 @@ struct tdb /* tunnel descriptor block */
u_int64_t tdb_exp_timeout; /* When does the SPI expire */
u_int64_t tdb_soft_timeout; /* Send a soft-expire warning */
u_int64_t tdb_established; /* When was the SPI established */
+ u_int64_t tdb_timeout; /* Next absolute expiration time. */
u_int64_t tdb_first_use; /* When was it first used */
u_int64_t tdb_soft_first_use; /* Soft warning */
u_int64_t tdb_exp_first_use; /* Expire if tdb_first_use +
* tdb_exp_first_use <= curtime */
+
u_int32_t tdb_spi; /* SPI */
u_int16_t tdb_amxkeylen; /* AH-old only */
u_int16_t tdb_ivlen; /* IV length */
@@ -385,7 +382,8 @@ extern u_int8_t hmac_ipad_buffer[64];
extern u_int8_t hmac_opad_buffer[64];
struct tdb *tdbh[TDB_HASHMOD];
-struct expiration *explist;
+extern TAILQ_HEAD(expclusterlist_head, tdb) expclusterlist;
+extern LIST_HEAD(explist_head, tdb) explist;
extern struct xformsw xformsw[], *xformswNXFORMSW;
/* Check if a given tdb has encryption, authentication and/or tunneling */
@@ -418,12 +416,8 @@ extern struct tdb *gettdb(u_int32_t, union sockaddr_union *, u_int8_t);
extern void puttdb(struct tdb *);
extern int tdb_delete(struct tdb *, int);
extern int tdb_init (struct tdb *, u_int16_t, struct ipsecinit *);
-
-/* Expiration management routines */
-extern struct expiration *get_expiration(void);
-extern void put_expiration(struct expiration *);
+extern void tdb_expiration(struct tdb *, int);
extern void handle_expirations(void *);
-extern void cleanup_expirations(union sockaddr_union *, u_int32_t, u_int8_t);
/* Flow management routines */
extern struct flow *get_flow(void);