1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/* $OpenBSD: ip_ah.h,v 1.17 1999/10/29 02:10:01 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
* Niels Provos (provos@physnet.uni-hamburg.de).
*
* This code was written by John Ioannidis for BSD/OS in Athens, Greece,
* in November 1995.
*
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis.
*
* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
* and Niels Provos.
*
* Additional features in 1999 by Angelos D. Keromytis.
*
* Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
* Angelos D. Keromytis and Niels Provos.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
* all copies of any software which is or includes a copy or
* modification of this software.
* You may use this code under the GNU public license if you so wish. Please
* contribute changes back to the authors under this freer than GPL license
* so that we may further the use of strong encryption without limitations to
* all.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
/*
* Authentication Header Processing
* Per RFC1826 (Atkinson, 1995)
*/
struct ah_old
{
u_int8_t ah_nh; /* Next header (protocol) */
u_int8_t ah_hl; /* AH length, in 32-bit words */
u_int16_t ah_rv; /* reserved, must be 0 */
u_int32_t ah_spi; /* Security Parameters Index */
u_int8_t ah_data[1]; /* More, really */
};
#define AH_OLD_FLENGTH 8 /* size of fixed part */
struct ahstat
{
u_int32_t ahs_hdrops; /* packet shorter than header shows */
u_int32_t ahs_notdb;
u_int32_t ahs_badkcr;
u_int32_t ahs_badauth;
u_int32_t ahs_noxform;
u_int32_t ahs_qfull;
u_int32_t ahs_wrap;
u_int32_t ahs_replay;
u_int32_t ahs_badauthl; /* bad authenticator length */
u_int32_t ahs_input; /* Input AH packets */
u_int32_t ahs_output; /* Output AH packets */
u_int32_t ahs_invalid; /* Trying to use an invalid TDB */
u_int64_t ahs_ibytes; /* input bytes */
u_int64_t ahs_obytes; /* output bytes */
u_int32_t ahs_toobig; /* packet got larger than IP_MAXPACKET */
u_int32_t ahs_pdrops; /* packet blocked due to policy */
};
struct ah_new
{
u_int8_t ah_nh; /* Next header (protocol) */
u_int8_t ah_hl; /* AH length, in 32-bit words */
u_int16_t ah_rv; /* reserved, must be 0 */
u_int32_t ah_spi; /* Security Parameters Index */
u_int32_t ah_rpl; /* Replay prevention */
u_int8_t ah_data[AH_HMAC_HASHLEN];/* Authenticator */
};
#define AH_NEW_FLENGTH (sizeof(struct ah_new))
/*
* Names for AH sysctl objects
*/
#define AHCTL_ENABLE 1 /* Enable AH processing */
#define AHCTL_MAXID 2
#define AHCTL_NAMES { \
{ 0, 0 }, \
{ "enable", CTLTYPE_INT }, \
}
#ifdef _KERNEL
void ah_input __P((struct mbuf *, ...));
int ah_output __P((struct mbuf *, struct tdb *, struct mbuf **));
int ah_sysctl __P((int *, u_int, void *, size_t *, void *, size_t));
extern int ah_enable;
struct ahstat ahstat;
#endif /* _KERNEL */
|