diff options
| author | Kris Kennaway <kris@FreeBSD.org> | 2000-07-15 07:14:44 +0000 |
|---|---|---|
| committer | Kris Kennaway <kris@FreeBSD.org> | 2000-07-15 07:14:44 +0000 |
| commit | 8b0561f1900283a280aa406a12c2db7e4c7eaea0 (patch) | |
| tree | 87550c877d9d96aa7ce727eaf679e2778cfc4efc /sys/net | |
| parent | de4bebdf7bb847f473841f980337590aa922bb21 (diff) | |
Notes
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_ethersubr.c | 4 | ||||
| -rw-r--r-- | sys/net/if_gif.c | 335 | ||||
| -rw-r--r-- | sys/net/if_gif.h | 52 | ||||
| -rw-r--r-- | sys/net/if_loop.c | 2 | ||||
| -rw-r--r-- | sys/net/if_types.h | 1 | ||||
| -rw-r--r-- | sys/net/net_osdep.c | 6 | ||||
| -rw-r--r-- | sys/net/net_osdep.h | 56 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.h | 544 |
8 files changed, 581 insertions, 419 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 203b4b3ae17f..7ae976e0f65c 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -66,7 +66,6 @@ #endif #ifdef INET6 #include <netinet6/nd6.h> -#include <netinet6/in6_ifattach.h> #endif #ifdef IPX @@ -669,9 +668,6 @@ ether_ifattach(ifp) sdl->sdl_type = IFT_ETHER; sdl->sdl_alen = ifp->if_addrlen; bcopy((IFP2AC(ifp))->ac_enaddr, LLADDR(sdl), ifp->if_addrlen); -#ifdef INET6 - in6_ifattach_getifid(ifp); -#endif if (ng_ether_attach_p != NULL) (*ng_ether_attach_p)(ifp); } diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 0b326574f5f9..0337a61e80fa 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -1,3 +1,6 @@ +/* $FreeBSD$ */ +/* $KAME: if_gif.c,v 1.28 2000/06/20 12:30:03 jinmei Exp $ */ + /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -25,12 +28,6 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -/* - * gif.c */ #include "opt_inet.h" @@ -46,6 +43,7 @@ #include <sys/errno.h> #include <sys/time.h> #include <sys/syslog.h> +#include <sys/protosw.h> #include <machine/cpu.h> #include <net/if.h> @@ -70,21 +68,47 @@ #include <netinet/ip6.h> #include <netinet6/ip6_var.h> #include <netinet6/in6_gif.h> +#include <netinet6/ip6protosw.h> #endif /* INET6 */ +#include <netinet/ip_encap.h> #include <net/if_gif.h> #include "gif.h" +#include "bpf.h" +#define NBPFILTER NBPF #include <net/net_osdep.h> +#if NGIF > 0 + void gifattach __P((void *)); +static int gif_encapcheck __P((const struct mbuf *, int, int, void *)); +#ifdef INET +extern struct protosw in_gif_protosw; +#endif +#ifdef INET6 +extern struct ip6protosw in6_gif_protosw; +#endif /* * gif global variable definitions */ -int ngif = NGIF + 1; /* number of interfaces. +1 for stf. */ -struct gif_softc *gif = 0; +static int ngif; /* number of interfaces */ +static struct gif_softc *gif = 0; + +#ifndef MAX_GIF_NEST +/* + * This macro controls the upper limitation on nesting of gif tunnels. + * Since, setting a large value to this macro with a careless configuration + * may introduce system crash, we don't allow any nestings by default. + * If you need to configure nested gif tunnels, you can define this macro + * in your kernel configuration file. However, if you do so, please be + * careful to configure the tunnels so that it won't make a loop. + */ +#define MAX_GIF_NEST 1 +#endif +static int max_gif_nesting = MAX_GIF_NEST; void gifattach(dummy) @@ -93,34 +117,111 @@ gifattach(dummy) register struct gif_softc *sc; register int i; + ngif = NGIF; gif = sc = malloc (ngif * sizeof(struct gif_softc), M_DEVBUF, M_WAIT); bzero(sc, ngif * sizeof(struct gif_softc)); - for (i = 0; i < ngif - 1; sc++, i++) { /* leave last one for stf */ + for (i = 0; i < ngif; sc++, i++) { sc->gif_if.if_name = "gif"; sc->gif_if.if_unit = i; + + sc->encap_cookie4 = sc->encap_cookie6 = NULL; +#ifdef INET + sc->encap_cookie4 = encap_attach_func(AF_INET, -1, + gif_encapcheck, &in_gif_protosw, sc); + if (sc->encap_cookie4 == NULL) { + printf("%s: attach failed\n", if_name(&sc->gif_if)); + continue; + } +#endif +#ifdef INET6 + sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, + gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc); + if (sc->encap_cookie6 == NULL) { + if (sc->encap_cookie4) { + encap_detach(sc->encap_cookie4); + sc->encap_cookie4 = NULL; + } + printf("%s: attach failed\n", if_name(&sc->gif_if)); + continue; + } +#endif + sc->gif_if.if_mtu = GIF_MTU; sc->gif_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; sc->gif_if.if_ioctl = gif_ioctl; sc->gif_if.if_output = gif_output; sc->gif_if.if_type = IFT_GIF; - sc->gif_if.if_snd.ifq_maxlen = ifqmaxlen; + sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN; if_attach(&sc->gif_if); +#if NBPFILTER > 0 +#ifdef HAVE_OLD_BPF bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int)); +#else + bpfattach(&sc->gif_if.if_bpf, &sc->gif_if, DLT_NULL, sizeof(u_int)); +#endif +#endif } - sc->gif_if.if_name = "stf"; - sc->gif_if.if_unit = 0; - sc->gif_if.if_mtu = GIF_MTU; - sc->gif_if.if_flags = IFF_MULTICAST; - sc->gif_if.if_ioctl = gif_ioctl; - sc->gif_if.if_output = gif_output; - sc->gif_if.if_type = IFT_GIF; - sc->gif_if.if_snd.ifq_maxlen = ifqmaxlen; - if_attach(&sc->gif_if); - bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int)); } PSEUDO_SET(gifattach, if_gif); +static int +gif_encapcheck(m, off, proto, arg) + const struct mbuf *m; + int off; + int proto; + void *arg; +{ + struct ip ip; + struct gif_softc *sc; + + sc = (struct gif_softc *)arg; + if (sc == NULL) + return 0; + + if ((sc->gif_if.if_flags & IFF_UP) == 0) + return 0; + + /* no physical address */ + if (!sc->gif_psrc || !sc->gif_pdst) + return 0; + + switch (proto) { +#ifdef INET + case IPPROTO_IPV4: + break; +#endif +#ifdef INET6 + case IPPROTO_IPV6: + break; +#endif + default: + return 0; + } + + /* LINTED const cast */ + m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip); + + switch (ip.ip_v) { +#ifdef INET + case 4: + if (sc->gif_psrc->sa_family != AF_INET || + sc->gif_pdst->sa_family != AF_INET) + return 0; + return gif_encapcheck4(m, off, proto, arg); +#endif +#ifdef INET6 + case 6: + if (sc->gif_psrc->sa_family != AF_INET6 || + sc->gif_pdst->sa_family != AF_INET6) + return 0; + return gif_encapcheck6(m, off, proto, arg); +#endif + default: + return 0; + } +} + int gif_output(ifp, m, dst, rt) struct ifnet *ifp; @@ -131,7 +232,6 @@ gif_output(ifp, m, dst, rt) register struct gif_softc *sc = (struct gif_softc*)ifp; int error = 0; static int called = 0; /* XXX: MUTEX */ - int calllimit = 10; /* XXX: adhoc */ /* * gif may cause infinite recursion calls when misconfigured. @@ -140,7 +240,7 @@ gif_output(ifp, m, dst, rt) * mutual exclusion of the variable CALLED, especially if we * use kernel thread. */ - if (++called >= calllimit) { + if (++called > max_gif_nesting) { log(LOG_NOTICE, "gif_output: recursively called too many times(%d)\n", called); @@ -148,6 +248,7 @@ gif_output(ifp, m, dst, rt) error = EIO; /* is there better errno? */ goto end; } + getmicrotime(&ifp->if_lastchange); m->m_flags &= ~(M_BCAST|M_MCAST); if (!(ifp->if_flags & IFF_UP) || @@ -157,6 +258,7 @@ gif_output(ifp, m, dst, rt) goto end; } +#if NBPFILTER > 0 if (ifp->if_bpf) { /* * We need to prepend the address family as @@ -171,12 +273,19 @@ gif_output(ifp, m, dst, rt) m0.m_next = m; m0.m_len = 4; m0.m_data = (char *)⁡ - + +#ifdef HAVE_OLD_BPF bpf_mtap(ifp, &m0); +#else + bpf_mtap(ifp->if_bpf, &m0); +#endif } - ifp->if_opackets++; +#endif + ifp->if_opackets++; ifp->if_obytes += m->m_pkthdr.len; + /* XXX should we check if our outer source is legal? */ + switch (sc->gif_psrc->sa_family) { #ifdef INET case AF_INET: @@ -189,7 +298,7 @@ gif_output(ifp, m, dst, rt) break; #endif default: - m_freem(m); + m_freem(m); error = ENETDOWN; } @@ -214,9 +323,9 @@ gif_input(m, af, gifp) return; } - if (m->m_pkthdr.rcvif) - m->m_pkthdr.rcvif = gifp; - + m->m_pkthdr.rcvif = gifp; + +#if NBPFILTER > 0 if (gifp->if_bpf) { /* * We need to prepend the address family as @@ -227,13 +336,18 @@ gif_input(m, af, gifp) */ struct mbuf m0; u_int af = AF_INET6; - + m0.m_next = m; m0.m_len = 4; m0.m_data = (char *)⁡ - + +#ifdef HAVE_OLD_BPF bpf_mtap(gifp, &m0); +#else + bpf_mtap(gifp->if_bpf, &m0); +#endif } +#endif /*NBPFILTER > 0*/ /* * Put the packet to the network layer input queue according to the @@ -282,7 +396,7 @@ gif_input(m, af, gifp) return; } - +/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ int gif_ioctl(ifp, cmd, data) struct ifnet *ifp; @@ -292,12 +406,15 @@ gif_ioctl(ifp, cmd, data) struct gif_softc *sc = (struct gif_softc*)ifp; struct ifreq *ifr = (struct ifreq*)data; int error = 0, size; - struct sockaddr *sa, *dst, *src; - + struct sockaddr *dst, *src; + struct sockaddr *sa; + int i; + struct gif_softc *sc2; + switch (cmd) { case SIOCSIFADDR: break; - + case SIOCSIFDSTADDR: break; @@ -305,8 +422,10 @@ gif_ioctl(ifp, cmd, data) case SIOCDELMULTI: break; +#ifdef SIOCSIFMTU /* xxx */ case SIOCGIFMTU: break; + case SIOCSIFMTU: { u_long mtu; @@ -317,103 +436,125 @@ gif_ioctl(ifp, cmd, data) ifp->if_mtu = mtu; } break; +#endif /* SIOCSIFMTU */ case SIOCSIFPHYADDR: #ifdef INET6 case SIOCSIFPHYADDR_IN6: #endif /* INET6 */ - switch (ifr->ifr_addr.sa_family) { -#ifdef INET - case AF_INET: + switch (cmd) { + case SIOCSIFPHYADDR: src = (struct sockaddr *) &(((struct in_aliasreq *)data)->ifra_addr); dst = (struct sockaddr *) &(((struct in_aliasreq *)data)->ifra_dstaddr); + break; +#ifdef INET6 + case SIOCSIFPHYADDR_IN6: + src = (struct sockaddr *) + &(((struct in6_aliasreq *)data)->ifra_addr); + dst = (struct sockaddr *) + &(((struct in6_aliasreq *)data)->ifra_dstaddr); + break; +#endif + } - /* only one gif can have dst = INADDR_ANY */ -#define satosaddr(sa) (((struct sockaddr_in *)(sa))->sin_addr.s_addr) + for (i = 0; i < ngif; i++) { + sc2 = gif + i; + if (sc2 == sc) + continue; + if (!sc2->gif_pdst || !sc2->gif_psrc) + continue; + if (sc2->gif_pdst->sa_family != dst->sa_family || + sc2->gif_pdst->sa_len != dst->sa_len || + sc2->gif_psrc->sa_family != src->sa_family || + sc2->gif_psrc->sa_len != src->sa_len) + continue; + /* can't configure same pair of address onto two gifs */ + if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && + bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { + error = EADDRNOTAVAIL; + goto bad; + } + /* can't configure multiple multi-dest interfaces */ +#define multidest(x) \ + (((struct sockaddr_in *)(x))->sin_addr.s_addr == INADDR_ANY) #ifdef INET6 - if (bcmp(ifp->if_name, "stf", 3) == 0) - satosaddr(dst) = INADDR_BROADCAST; +#define multidest6(x) \ + (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(x))->sin6_addr)) #endif - - if (satosaddr(dst) == INADDR_ANY) { - int i; - struct gif_softc *sc2; - - for (i = 0, sc2 = gif; i < ngif; i++, sc2++) { - if (sc2 == sc) continue; - if (sc2->gif_pdst && - satosaddr(sc2->gif_pdst) - == INADDR_ANY) { - error = EADDRNOTAVAIL; - goto bad; - } - } + if (dst->sa_family == AF_INET && + multidest(dst) && multidest(sc2->gif_pdst)) { + error = EADDRNOTAVAIL; + goto bad; } +#ifdef INET6 + if (dst->sa_family == AF_INET6 && + multidest6(dst) && multidest6(sc2->gif_pdst)) { + error = EADDRNOTAVAIL; + goto bad; + } +#endif + } + + if (src->sa_family != dst->sa_family || + src->sa_len != dst->sa_len) { + error = EINVAL; + break; + } + switch (src->sa_family) { +#ifdef INET + case AF_INET: size = sizeof(struct sockaddr_in); break; -#endif /* INET */ +#endif #ifdef INET6 case AF_INET6: - src = (struct sockaddr *) - &(((struct in6_aliasreq *)data)->ifra_addr); - dst = (struct sockaddr *) - &(((struct in6_aliasreq *)data)->ifra_dstaddr); - - /* only one gif can have dst = in6addr_any */ -#define satoin6(sa) (&((struct sockaddr_in6 *)(sa))->sin6_addr) - - if (IN6_IS_ADDR_UNSPECIFIED(satoin6(dst))) { - int i; - struct gif_softc *sc2; - - for (i = 0, sc2 = gif; i < ngif; i++, sc2++) { - if (sc2 == sc) continue; - if (sc2->gif_pdst && - IN6_IS_ADDR_UNSPECIFIED( - satoin6(sc2->gif_pdst) - )) { - error = EADDRNOTAVAIL; - goto bad; - } - } - } size = sizeof(struct sockaddr_in6); break; -#endif /* INET6 */ +#endif default: - error = EPROTOTYPE; + error = EAFNOSUPPORT; goto bad; + } + if (src->sa_len != size) { + error = EINVAL; break; } - if (sc->gif_psrc != NULL) - free((caddr_t)sc->gif_psrc, M_IFADDR); - if (sc->gif_pdst != NULL) - free((caddr_t)sc->gif_pdst, M_IFADDR); + if (sc->gif_psrc) + free((caddr_t)sc->gif_psrc, M_IFADDR); sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); - bzero((caddr_t)sa, size); bcopy((caddr_t)src, (caddr_t)sa, size); sc->gif_psrc = sa; + if (sc->gif_pdst) + free((caddr_t)sc->gif_pdst, M_IFADDR); sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); - bzero((caddr_t)sa, size); bcopy((caddr_t)dst, (caddr_t)sa, size); sc->gif_pdst = sa; - ifp->if_flags |= (IFF_UP|IFF_RUNNING); - { - int s; - - s = splnet(); - if_up(ifp); /* send up RTM_IFINFO */ - splx(s); - } + ifp->if_flags |= IFF_UP; + if_up(ifp); /* send up RTM_IFINFO */ + error = 0; break; +#ifdef SIOCDIFPHYADDR + case SIOCDIFPHYADDR: + if (sc->gif_psrc) { + free((caddr_t)sc->gif_psrc, M_IFADDR); + sc->gif_psrc = NULL; + } + if (sc->gif_pdst) { + free((caddr_t)sc->gif_pdst, M_IFADDR); + sc->gif_pdst = NULL; + } + /* change the IFF_UP flag as well? */ + break; +#endif + case SIOCGIFPSRCADDR: #ifdef INET6 case SIOCGIFPSRCADDR_IN6: @@ -443,7 +584,7 @@ gif_ioctl(ifp, cmd, data) } bcopy((caddr_t)src, (caddr_t)dst, size); break; - + case SIOCGIFPDSTADDR: #ifdef INET6 case SIOCGIFPDSTADDR_IN6: @@ -475,6 +616,7 @@ gif_ioctl(ifp, cmd, data) break; case SIOCSIFFLAGS: + /* if_ioctl() takes care of it */ break; default: @@ -484,3 +626,4 @@ gif_ioctl(ifp, cmd, data) bad: return error; } +#endif /*NGIF > 0*/ diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h index cc26938b1951..36992861898e 100644 --- a/sys/net/if_gif.h +++ b/sys/net/if_gif.h @@ -1,3 +1,6 @@ +/* $FreeBSD$ */ +/* $KAME: if_gif.h,v 1.13 2000/06/17 20:34:24 itojun Exp $ */ + /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -25,8 +28,6 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $FreeBSD$ */ /* @@ -36,33 +37,46 @@ #ifndef _NET_IF_GIF_H_ #define _NET_IF_GIF_H_ + +#if (defined(__FreeBSD__) && __FreeBSD__ >= 3) || defined(__NetBSD__) +#if defined(_KERNEL) && !defined(_LKM) +#include "opt_inet.h" +#endif +#endif + +#include <netinet/in.h> +/* xxx sigh, why route have struct route instead of pointer? */ + +struct encaptab; + struct gif_softc { - struct ifnet gif_if; /* common area */ - struct sockaddr *gif_psrc; /* Physical src addr */ - struct sockaddr *gif_pdst; /* Physical dst addr */ + struct ifnet gif_if; /* common area - must be at the top */ + struct sockaddr *gif_psrc; /* Physical src addr */ + struct sockaddr *gif_pdst; /* Physical dst addr */ union { - struct route gifscr_ro; /* xxx */ - struct route_in6 gifscr_ro6; /* xxx */ + struct route gifscr_ro; /* xxx */ +#ifdef INET6 + struct route_in6 gifscr_ro6; /* xxx */ +#endif } gifsc_gifscr; - int gif_flags; + int gif_flags; + const struct encaptab *encap_cookie4; + const struct encaptab *encap_cookie6; }; -#define gif_ro gifsc_gifscr.gifscr_ro -#define gif_ro6 gifsc_gifscr.gifscr_ro6 +#define gif_ro gifsc_gifscr.gifscr_ro +#ifdef INET6 +#define gif_ro6 gifsc_gifscr.gifscr_ro6 +#endif -#define GIFF_INUSE 0x1 /* gif is in use */ - -#define GIF_MTU (1280) /* Default MTU */ +#define GIF_MTU (1280) /* Default MTU */ #define GIF_MTU_MIN (1280) /* Minimum MTU */ #define GIF_MTU_MAX (8192) /* Maximum MTU */ -extern int ngif; -extern struct gif_softc *gif; - /* Prototypes */ -void gif_input __P((struct mbuf *, int, struct ifnet *)); -int gif_output __P((struct ifnet *, struct mbuf *, +void gif_input __P((struct mbuf *, int, struct ifnet *)); +int gif_output __P((struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *)); -int gif_ioctl __P((struct ifnet *, u_long, caddr_t)); +int gif_ioctl __P((struct ifnet *, u_long, caddr_t)); #endif /* _NET_IF_GIF_H_ */ diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c index cf1580e418bf..a3d3a3b128b2 100644 --- a/sys/net/if_loop.c +++ b/sys/net/if_loop.c @@ -72,7 +72,7 @@ #include <netinet/in.h> #endif #include <netinet6/in6_var.h> -#include <netinet6/ip6.h> +#include <netinet/ip6.h> #endif #ifdef NS diff --git a/sys/net/if_types.h b/sys/net/if_types.h index 318b35660096..13cdcdd66421 100644 --- a/sys/net/if_types.h +++ b/sys/net/if_types.h @@ -99,5 +99,6 @@ #define IFT_PROPMUX 0x36 /* Proprietary Multiplexing */ #define IFT_GIF 0x37 #define IFT_FAITH 0x38 +#define IFT_STF 0x39 #endif diff --git a/sys/net/net_osdep.c b/sys/net/net_osdep.c index 81dd3a8e525c..05b041cce42a 100644 --- a/sys/net/net_osdep.c +++ b/sys/net/net_osdep.c @@ -1,3 +1,6 @@ +/* $FreeBSD$ */ +/* $KAME: net_osdep.c,v 1.4 2000/03/25 07:23:34 sumikawa Exp $ */ + /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -25,8 +28,6 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $FreeBSD$ */ #include <sys/param.h> @@ -45,6 +46,7 @@ #include <net/netisr.h> #include <net/route.h> #include <net/bpf.h> + #include <net/net_osdep.h> const char * diff --git a/sys/net/net_osdep.h b/sys/net/net_osdep.h index 11fc27c3cd41..47f52161f1e7 100644 --- a/sys/net/net_osdep.h +++ b/sys/net/net_osdep.h @@ -1,3 +1,6 @@ +/* $FreeBSD$ */ +/* $KAME: net_osdep.h,v 1.21 2000/07/02 23:34:38 itojun Exp $ */ + /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -25,8 +28,6 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $FreeBSD$ */ /* * glue for kernel code programming differences. @@ -35,11 +36,25 @@ /* * OS dependencies: * + * - struct rt_addrinfo + * all *BSDs except bsdi4 only have two members; rti_addrs and rti_info[]. + * bsdi4 has additional members; rti_flags, rti_ifa, rti_ifp, and rti_rtm. + * + * - side effects of rtrequest[1](RTM_DELETE) + * BSDI[34]: delete all cloned routes underneath the route. + * FreeBSD[234]: delete all protocol-cloned routes underneath the route. + * note that cloned routes from an interface direct route + * still remain. + * NetBSD, OpenBSD: no side effects. * - privileged process * NetBSD, FreeBSD 3 * struct proc *p; * if (p && !suser(p->p_ucred, &p->p_acflag)) * privileged; + * FreeBSD 4 + * struct proc *p; + * if (p && !suser(p)) + * privileged; * OpenBSD, BSDI [34], FreeBSD 2 * struct socket *so; * if (so->so_state & SS_PRIV) @@ -76,7 +91,7 @@ * NetBSD, OpenBSD, BSDI [34], FreeBSD 2 * timeout() is a void function * FreeBSD 3 - * timeout() is non-void, must keep returned value for untimeuot() + * timeout() is non-void, must keep returned value for untimeout() * - sysctl * NetBSD, OpenBSD * foo_sysctl() @@ -106,16 +121,45 @@ * * - dtom() * NEVER USE IT! + * + * - struct ifnet for loopback interface + * BSDI3: struct ifnet loif; + * BSDI4: struct ifnet *loifp; + * NetBSD, OpenBSD, FreeBSD2: struct ifnet loif[NLOOP]; + * + * odd thing is that many of them refers loif as ifnet *loif, + * not loif[NLOOP], from outside of if_loop.c. + * + * - number of bpf pseudo devices + * others: bpfilter.h, NBPFILTER + * FreeBSD4: bpf.h, NBPF + * solution: + * #if defined(__FreeBSD__) && __FreeBSD__ >= 4 + * #include "bpf.h" + * #define NBPFILTER NBPF + * #else + * #include "bpfilter.h" + * #endif + * + * - protosw for IPv4 (sys/netinet) + * FreeBSD4: struct ipprotosw in netinet/ipprotosw.h + * others: struct protosw in sys/protosw.h + * + * - header files with defopt (opt_xx.h) + * FreeBSD3: opt_{inet,ipsec,ip6fw,altq}.h + * FreeBSD4: opt_{inet,inet6,ipsec,ip6fw,altq}.h + * NetBSD: opt_{inet,ipsec,altq}.h + * others: does not use defopt */ #ifndef __NET_NET_OSDEP_H_DEFINED_ -#define __NET_NET_OSDEP_H_DEFINED_ +#define __NET_NET_OSDEP_H_DEFINED_ #ifdef _KERNEL struct ifnet; -extern const char *if_name __P((struct ifnet *)); +extern const char *if_name __P((struct ifnet *)); -#define HAVE_OLD_BPF +#define HAVE_OLD_BPF #endif /*_KERNEL*/ #endif /*__NET_NET_OSDEP_H_DEFINED_ */ diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index e8831f70df7f..4c41c8072b68 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -1,3 +1,6 @@ +/* $FreeBSD$ */ +/* $KAME: pfkeyv2.h,v 1.17 2000/06/22 08:38:33 sakane Exp $ */ + /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. @@ -25,12 +28,8 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $FreeBSD$ */ -/* $Id: keyv2.h,v 1.1.6.1.6.4 1999/06/08 05:33:39 itojun Exp $ */ - /* * This file has been derived rfc 2367, * And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_. @@ -38,7 +37,7 @@ */ #ifndef _NET_PFKEYV2_H_ -#define _NET_PFKEYV2_H_ +#define _NET_PFKEYV2_H_ /* This file defines structures and symbols for the PF_KEY Version 2 @@ -47,177 +46,187 @@ Laboratory. This file is in the public domain. The authors ask that you leave this credit intact on any copies of this file. */ #ifndef __PFKEY_V2_H -#define __PFKEY_V2_H 1 - -#define PF_KEY_V2 2 -#define PFKEYV2_REVISION 199806L - -#define SADB_RESERVED 0 -#define SADB_GETSPI 1 -#define SADB_UPDATE 2 -#define SADB_ADD 3 -#define SADB_DELETE 4 -#define SADB_GET 5 -#define SADB_ACQUIRE 6 -#define SADB_REGISTER 7 -#define SADB_EXPIRE 8 -#define SADB_FLUSH 9 -#define SADB_DUMP 10 -#define SADB_X_PROMISC 11 -#define SADB_X_PCHANGE 12 - -#define SADB_X_SPDUPDATE 13 /* not yet */ -#define SADB_X_SPDADD 14 -#define SADB_X_SPDDELETE 15 -#define SADB_X_SPDGET 16 /* not yet */ -#define SADB_X_SPDACQUIRE 17 /* not yet */ -#define SADB_X_SPDDUMP 18 -#define SADB_X_SPDFLUSH 19 -#define SADB_MAX 19 +#define __PFKEY_V2_H 1 + +#define PF_KEY_V2 2 +#define PFKEYV2_REVISION 199806L + +#define SADB_RESERVED 0 +#define SADB_GETSPI 1 +#define SADB_UPDATE 2 +#define SADB_ADD 3 +#define SADB_DELETE 4 +#define SADB_GET 5 +#define SADB_ACQUIRE 6 +#define SADB_REGISTER 7 +#define SADB_EXPIRE 8 +#define SADB_FLUSH 9 +#define SADB_DUMP 10 +#define SADB_X_PROMISC 11 +#define SADB_X_PCHANGE 12 + +#define SADB_X_SPDUPDATE 13 +#define SADB_X_SPDADD 14 +#define SADB_X_SPDDELETE 15 /* by policy index */ +#define SADB_X_SPDGET 16 +#define SADB_X_SPDACQUIRE 17 +#define SADB_X_SPDDUMP 18 +#define SADB_X_SPDFLUSH 19 +#define SADB_X_SPDSETIDX 20 +#define SADB_X_SPDEXPIRE 21 /* not yet */ +#define SADB_X_SPDDELETE2 22 /* by policy id */ +#define SADB_MAX 22 struct sadb_msg { - u_int8_t sadb_msg_version; - u_int8_t sadb_msg_type; - u_int8_t sadb_msg_errno; - u_int8_t sadb_msg_satype; - u_int16_t sadb_msg_len; - u_int8_t sadb_msg_mode; /* XXX */ - u_int8_t sadb_msg_reserved; - u_int32_t sadb_msg_seq; - u_int32_t sadb_msg_pid; + u_int8_t sadb_msg_version; + u_int8_t sadb_msg_type; + u_int8_t sadb_msg_errno; + u_int8_t sadb_msg_satype; + u_int16_t sadb_msg_len; + u_int16_t sadb_msg_reserved; + u_int32_t sadb_msg_seq; + u_int32_t sadb_msg_pid; }; struct sadb_ext { - u_int16_t sadb_ext_len; - u_int16_t sadb_ext_type; + u_int16_t sadb_ext_len; + u_int16_t sadb_ext_type; }; struct sadb_sa { - u_int16_t sadb_sa_len; - u_int16_t sadb_sa_exttype; - u_int32_t sadb_sa_spi; - u_int8_t sadb_sa_replay; - u_int8_t sadb_sa_state; - u_int8_t sadb_sa_auth; - u_int8_t sadb_sa_encrypt; - u_int32_t sadb_sa_flags; + u_int16_t sadb_sa_len; + u_int16_t sadb_sa_exttype; + u_int32_t sadb_sa_spi; + u_int8_t sadb_sa_replay; + u_int8_t sadb_sa_state; + u_int8_t sadb_sa_auth; + u_int8_t sadb_sa_encrypt; + u_int32_t sadb_sa_flags; }; struct sadb_lifetime { - u_int16_t sadb_lifetime_len; - u_int16_t sadb_lifetime_exttype; - u_int32_t sadb_lifetime_allocations; - u_int64_t sadb_lifetime_bytes; - u_int64_t sadb_lifetime_addtime; - u_int64_t sadb_lifetime_usetime; + u_int16_t sadb_lifetime_len; + u_int16_t sadb_lifetime_exttype; + u_int32_t sadb_lifetime_allocations; + u_int64_t sadb_lifetime_bytes; + u_int64_t sadb_lifetime_addtime; + u_int64_t sadb_lifetime_usetime; }; struct sadb_address { - u_int16_t sadb_address_len; - u_int16_t sadb_address_exttype; - u_int8_t sadb_address_proto; - u_int8_t sadb_address_prefixlen; - u_int16_t sadb_address_reserved; + u_int16_t sadb_address_len; + u_int16_t sadb_address_exttype; + u_int8_t sadb_address_proto; + u_int8_t sadb_address_prefixlen; + u_int16_t sadb_address_reserved; }; struct sadb_key { - u_int16_t sadb_key_len; - u_int16_t sadb_key_exttype; - u_int16_t sadb_key_bits; - u_int16_t sadb_key_reserved; + u_int16_t sadb_key_len; + u_int16_t sadb_key_exttype; + u_int16_t sadb_key_bits; + u_int16_t sadb_key_reserved; }; struct sadb_ident { - u_int16_t sadb_ident_len; - u_int16_t sadb_ident_exttype; - u_int16_t sadb_ident_type; - u_int16_t sadb_ident_reserved; - u_int64_t sadb_ident_id; -}; -/* in order to use to divide sadb_ident.sadb_ident_id */ -union sadb_x_ident_id { - u_int64_t sadb_x_ident_id; - struct _sadb_x_ident_id_addr { - u_int16_t prefix; - u_int16_t ul_proto; - u_int32_t reserved; - } sadb_x_ident_id_addr; + u_int16_t sadb_ident_len; + u_int16_t sadb_ident_exttype; + u_int16_t sadb_ident_type; + u_int16_t sadb_ident_reserved; + u_int64_t sadb_ident_id; }; struct sadb_sens { - u_int16_t sadb_sens_len; - u_int16_t sadb_sens_exttype; - u_int32_t sadb_sens_dpd; - u_int8_t sadb_sens_sens_level; - u_int8_t sadb_sens_sens_len; - u_int8_t sadb_sens_integ_level; - u_int8_t sadb_sens_integ_len; - u_int32_t sadb_sens_reserved; + u_int16_t sadb_sens_len; + u_int16_t sadb_sens_exttype; + u_int32_t sadb_sens_dpd; + u_int8_t sadb_sens_sens_level; + u_int8_t sadb_sens_sens_len; + u_int8_t sadb_sens_integ_level; + u_int8_t sadb_sens_integ_len; + u_int32_t sadb_sens_reserved; }; struct sadb_prop { - u_int16_t sadb_prop_len; - u_int16_t sadb_prop_exttype; - u_int8_t sadb_prop_replay; - u_int8_t sadb_prop_reserved[3]; + u_int16_t sadb_prop_len; + u_int16_t sadb_prop_exttype; + u_int8_t sadb_prop_replay; + u_int8_t sadb_prop_reserved[3]; }; struct sadb_comb { - u_int8_t sadb_comb_auth; - u_int8_t sadb_comb_encrypt; - u_int16_t sadb_comb_flags; - u_int16_t sadb_comb_auth_minbits; - u_int16_t sadb_comb_auth_maxbits; - u_int16_t sadb_comb_encrypt_minbits; - u_int16_t sadb_comb_encrypt_maxbits; - u_int32_t sadb_comb_reserved; - u_int32_t sadb_comb_soft_allocations; - u_int32_t sadb_comb_hard_allocations; - u_int64_t sadb_comb_soft_bytes; - u_int64_t sadb_comb_hard_bytes; - u_int64_t sadb_comb_soft_addtime; - u_int64_t sadb_comb_hard_addtime; - u_int64_t sadb_comb_soft_usetime; - u_int64_t sadb_comb_hard_usetime; + u_int8_t sadb_comb_auth; + u_int8_t sadb_comb_encrypt; + u_int16_t sadb_comb_flags; + u_int16_t sadb_comb_auth_minbits; + u_int16_t sadb_comb_auth_maxbits; + u_int16_t sadb_comb_encrypt_minbits; + u_int16_t sadb_comb_encrypt_maxbits; + u_int32_t sadb_comb_reserved; + u_int32_t sadb_comb_soft_allocations; + u_int32_t sadb_comb_hard_allocations; + u_int64_t sadb_comb_soft_bytes; + u_int64_t sadb_comb_hard_bytes; + u_int64_t sadb_comb_soft_addtime; + u_int64_t sadb_comb_hard_addtime; + u_int64_t sadb_comb_soft_usetime; + u_int64_t sadb_comb_hard_usetime; }; struct sadb_supported { - u_int16_t sadb_supported_len; - u_int16_t sadb_supported_exttype; - u_int32_t sadb_supported_reserved; + u_int16_t sadb_supported_len; + u_int16_t sadb_supported_exttype; + u_int32_t sadb_supported_reserved; }; struct sadb_alg { - u_int8_t sadb_alg_id; - u_int8_t sadb_alg_ivlen; - u_int16_t sadb_alg_minbits; - u_int16_t sadb_alg_maxbits; - u_int16_t sadb_alg_reserved; + u_int8_t sadb_alg_id; + u_int8_t sadb_alg_ivlen; + u_int16_t sadb_alg_minbits; + u_int16_t sadb_alg_maxbits; + u_int16_t sadb_alg_reserved; }; struct sadb_spirange { - u_int16_t sadb_spirange_len; - u_int16_t sadb_spirange_exttype; - u_int32_t sadb_spirange_min; - u_int32_t sadb_spirange_max; - u_int32_t sadb_spirange_reserved; + u_int16_t sadb_spirange_len; + u_int16_t sadb_spirange_exttype; + u_int32_t sadb_spirange_min; + u_int32_t sadb_spirange_max; + u_int32_t sadb_spirange_reserved; }; struct sadb_x_kmprivate { - u_int16_t sadb_x_kmprivate_len; - u_int16_t sadb_x_kmprivate_exttype; - u_int32_t sadb_x_kmprivate_reserved; + u_int16_t sadb_x_kmprivate_len; + u_int16_t sadb_x_kmprivate_exttype; + u_int32_t sadb_x_kmprivate_reserved; +}; + +/* + * XXX Additional SA Extension. + * mode: tunnel or transport + * reqid: to make SA unique nevertheless the address pair of SA are same. + * Mainly it's for VPN. + */ +struct sadb_x_sa2 { + u_int16_t sadb_x_sa2_len; + u_int16_t sadb_x_sa2_exttype; + u_int8_t sadb_x_sa2_mode; + u_int8_t sadb_x_sa2_reserved1; + u_int16_t sadb_x_sa2_reserved2; + u_int32_t sadb_x_sa2_reserved3; + u_int32_t sadb_x_sa2_reqid; }; /* XXX Policy Extension */ -/* sizeof(struct sadb_x_policy) == 8 */ +/* sizeof(struct sadb_x_policy) == 16 */ struct sadb_x_policy { - u_int16_t sadb_x_policy_len; - u_int16_t sadb_x_policy_exttype; - /* See policy type of ipsec.h */ - u_int16_t sadb_x_policy_type; - u_int8_t sadb_x_policy_dir; /* direction, see ipsec.h */ - u_int8_t sadb_x_policy_reserved; + u_int16_t sadb_x_policy_len; + u_int16_t sadb_x_policy_exttype; + u_int16_t sadb_x_policy_type; /* See policy type of ipsec.h */ + u_int8_t sadb_x_policy_dir; /* direction, see ipsec.h */ + u_int8_t sadb_x_policy_reserved; + u_int32_t sadb_x_policy_id; + u_int32_t sadb_x_policy_reserved2; }; /* * When policy_type == IPSEC, it is followed by some of @@ -231,190 +240,143 @@ struct sadb_x_policy { * This structure is aligned 8 bytes. */ struct sadb_x_ipsecrequest { - u_int16_t sadb_x_ipsecrequest_len; - /* structure length aligned to 8 bytes. - * This value is true length of bytes. - * Not in units of 64 bits. */ - u_int16_t sadb_x_ipsecrequest_proto; /* See ipsec.h */ - /* See ipsec.h. Not SADB_SATYPE_XX */ - u_int16_t sadb_x_ipsecrequest_mode; - u_int16_t sadb_x_ipsecrequest_level; /* See ipsec.h */ - - /* - * followed by source IP address of SA, and immediately followed by - * destination IP address of SA. These encoded into two of sockaddr - * structure without any padding. Must set each sa_len exactly. - * Each of length of the sockaddr structure are not aligned to 64bits, - * but sum of x_request and addresses is aligned to 64bits. - */ + u_int16_t sadb_x_ipsecrequest_len; /* structure length aligned to 8 bytes. + * This value is true length of bytes. + * Not in units of 64 bits. */ + u_int16_t sadb_x_ipsecrequest_proto; /* See ipsec.h */ + u_int8_t sadb_x_ipsecrequest_mode; /* See IPSEC_MODE_XX in ipsec.h. */ + u_int8_t sadb_x_ipsecrequest_level; /* See IPSEC_LEVEL_XX in ipsec.h */ + u_int16_t sadb_x_ipsecrequest_reqid; /* See ipsec.h */ + + /* + * followed by source IP address of SA, and immediately followed by + * destination IP address of SA. These encoded into two of sockaddr + * structure without any padding. Must set each sa_len exactly. + * Each of length of the sockaddr structure are not aligned to 64bits, + * but sum of x_request and addresses is aligned to 64bits. + */ }; -#define SADB_EXT_RESERVED 0 -#define SADB_EXT_SA 1 -#define SADB_EXT_LIFETIME_CURRENT 2 -#define SADB_EXT_LIFETIME_HARD 3 -#define SADB_EXT_LIFETIME_SOFT 4 -#define SADB_EXT_ADDRESS_SRC 5 -#define SADB_EXT_ADDRESS_DST 6 -#define SADB_EXT_ADDRESS_PROXY 7 -#define SADB_EXT_KEY_AUTH 8 -#define SADB_EXT_KEY_ENCRYPT 9 -#define SADB_EXT_IDENTITY_SRC 10 -#define SADB_EXT_IDENTITY_DST 11 -#define SADB_EXT_SENSITIVITY 12 -#define SADB_EXT_PROPOSAL 13 -#define SADB_EXT_SUPPORTED_AUTH 14 -#define SADB_EXT_SUPPORTED_ENCRYPT 15 -#define SADB_EXT_SPIRANGE 16 -#define SADB_X_EXT_KMPRIVATE 17 -#define SADB_X_EXT_POLICY 18 -#define SADB_EXT_MAX 18 - -#define SADB_SATYPE_UNSPEC 0 -#define SADB_SATYPE_AH 2 -#define SADB_SATYPE_ESP 3 -#define SADB_SATYPE_RSVP 5 -#define SADB_SATYPE_OSPFV2 6 -#define SADB_SATYPE_RIPV2 7 -#define SADB_SATYPE_MIP 8 -#define SADB_X_SATYPE_IPCOMP 9 -#define SADB_SATYPE_MAX 9 - -#define SADB_SASTATE_LARVAL 0 -#define SADB_SASTATE_MATURE 1 -#define SADB_SASTATE_DYING 2 -#define SADB_SASTATE_DEAD 3 -#define SADB_SASTATE_MAX 3 -#define SADB_SAFLAGS_PFS 1 - -#define SADB_AALG_NONE 0 -#define SADB_AALG_MD5HMAC 1 /* 2 */ -#define SADB_AALG_SHA1HMAC 2 /* 3 */ -#define SADB_AALG_MD5 3 /* Keyed MD5 */ -#define SADB_AALG_SHA 4 /* Keyed SHA */ -#define SADB_AALG_NULL 5 /* null authentication */ -#define SADB_AALG_MAX 6 - -#define SADB_EALG_NONE 0 -#define SADB_EALG_DESCBC 1 /* 2 */ -#define SADB_EALG_3DESCBC 2 /* 3 */ -#define SADB_EALG_NULL 3 /* 11 */ -#define SADB_EALG_BLOWFISHCBC 4 -#define SADB_EALG_CAST128CBC 5 -#define SADB_EALG_RC5CBC 6 -#define SADB_EALG_MAX 7 - -/*nonstandard */ -#define SADB_X_CALG_NONE 0 -#define SADB_X_CALG_OUI 1 -#define SADB_X_CALG_DEFLATE 2 -#define SADB_X_CALG_LZS 3 - -#define SADB_IDENTTYPE_RESERVED 0 -#define SADB_IDENTTYPE_PREFIX 1 -#define SADB_IDENTTYPE_FQDN 2 -#define SADB_IDENTTYPE_USERFQDN 3 -#define SADB_X_IDENTTYPE_ADDR 4 -#define SADB_IDENTTYPE_MAX 4 +#define SADB_EXT_RESERVED 0 +#define SADB_EXT_SA 1 +#define SADB_EXT_LIFETIME_CURRENT 2 +#define SADB_EXT_LIFETIME_HARD 3 +#define SADB_EXT_LIFETIME_SOFT 4 +#define SADB_EXT_ADDRESS_SRC 5 +#define SADB_EXT_ADDRESS_DST 6 +#define SADB_EXT_ADDRESS_PROXY 7 +#define SADB_EXT_KEY_AUTH 8 +#define SADB_EXT_KEY_ENCRYPT 9 +#define SADB_EXT_IDENTITY_SRC 10 +#define SADB_EXT_IDENTITY_DST 11 +#define SADB_EXT_SENSITIVITY 12 +#define SADB_EXT_PROPOSAL 13 +#define SADB_EXT_SUPPORTED_AUTH 14 +#define SADB_EXT_SUPPORTED_ENCRYPT 15 +#define SADB_EXT_SPIRANGE 16 +#define SADB_X_EXT_KMPRIVATE 17 +#define SADB_X_EXT_POLICY 18 +#define SADB_X_EXT_SA2 19 +#define SADB_EXT_MAX 19 + +#define SADB_SATYPE_UNSPEC 0 +#define SADB_SATYPE_AH 2 +#define SADB_SATYPE_ESP 3 +#define SADB_SATYPE_RSVP 5 +#define SADB_SATYPE_OSPFV2 6 +#define SADB_SATYPE_RIPV2 7 +#define SADB_SATYPE_MIP 8 +#define SADB_X_SATYPE_IPCOMP 9 +#define SADB_X_SATYPE_POLICY 10 +#define SADB_SATYPE_MAX 11 + +#define SADB_SASTATE_LARVAL 0 +#define SADB_SASTATE_MATURE 1 +#define SADB_SASTATE_DYING 2 +#define SADB_SASTATE_DEAD 3 +#define SADB_SASTATE_MAX 3 + +#define SADB_SAFLAGS_PFS 1 + +#define SADB_AALG_NONE 0 +#define SADB_AALG_MD5HMAC 1 /* 2 */ +#define SADB_AALG_SHA1HMAC 2 /* 3 */ +#define SADB_AALG_MD5 3 /* Keyed MD5 */ +#define SADB_AALG_SHA 4 /* Keyed SHA */ +#define SADB_AALG_NULL 5 /* null authentication */ +#define SADB_AALG_MAX 6 + +#define SADB_EALG_NONE 0 +#define SADB_EALG_DESCBC 1 /* 2 */ +#define SADB_EALG_3DESCBC 2 /* 3 */ +#define SADB_EALG_NULL 3 /* 11 */ +#define SADB_EALG_BLOWFISHCBC 4 +#define SADB_EALG_CAST128CBC 5 +#define SADB_EALG_RC5CBC 6 +#define SADB_EALG_MAX 7 + +#if 1 /*nonstandard */ +#define SADB_X_CALG_NONE 0 +#define SADB_X_CALG_OUI 1 +#define SADB_X_CALG_DEFLATE 2 +#define SADB_X_CALG_LZS 3 +#define SADB_X_CALG_MAX 4 +#endif + +#define SADB_IDENTTYPE_RESERVED 0 +#define SADB_IDENTTYPE_PREFIX 1 +#define SADB_IDENTTYPE_FQDN 2 +#define SADB_IDENTTYPE_USERFQDN 3 +#define SADB_X_IDENTTYPE_ADDR 4 +#define SADB_IDENTTYPE_MAX 4 /* `flags' in sadb_sa structure holds followings */ -#define SADB_X_EXT_NONE 0x0000 /* i.e. new format. */ -#define SADB_X_EXT_OLD 0x0001 /* old format. */ +#define SADB_X_EXT_NONE 0x0000 /* i.e. new format. */ +#define SADB_X_EXT_OLD 0x0001 /* old format. */ -#define SADB_X_EXT_IV4B 0x0010 /* IV length of 4 bytes in use */ -#define SADB_X_EXT_DERIV 0x0020 /* DES derived */ -#define SADB_X_EXT_CYCSEQ 0x0040 /* allowing to cyclic sequence. */ +#define SADB_X_EXT_IV4B 0x0010 /* IV length of 4 bytes in use */ +#define SADB_X_EXT_DERIV 0x0020 /* DES derived */ +#define SADB_X_EXT_CYCSEQ 0x0040 /* allowing to cyclic sequence. */ /* three of followings are exclusive flags each them */ -#define SADB_X_EXT_PSEQ 0x0000 /* sequencial padding for ESP */ -#define SADB_X_EXT_PRAND 0x0100 /* random padding for ESP */ -#define SADB_X_EXT_PZERO 0x0200 /* zero padding for ESP */ -#define SADB_X_EXT_PMASK 0x0300 /* mask for padding flag */ +#define SADB_X_EXT_PSEQ 0x0000 /* sequencial padding for ESP */ +#define SADB_X_EXT_PRAND 0x0100 /* random padding for ESP */ +#define SADB_X_EXT_PZERO 0x0200 /* zero padding for ESP */ +#define SADB_X_EXT_PMASK 0x0300 /* mask for padding flag */ -#define SADB_X_EXT_RAWCPI 0x0080 /* use well known CPI (IPComp) */ +#if 1 +#define SADB_X_EXT_RAWCPI 0x0080 /* use well known CPI (IPComp) */ +#endif -#define SADB_KEY_FLAGS_MAX 0x0fff +#define SADB_KEY_FLAGS_MAX 0x0fff /* SPI size for PF_KEYv2 */ -#define PFKEY_SPI_SIZE sizeof(u_int32_t) +#define PFKEY_SPI_SIZE sizeof(u_int32_t) /* Identifier for menber of lifetime structure */ -#define SADB_X_LIFETIME_ALLOCATIONS 0 -#define SADB_X_LIFETIME_BYTES 1 -#define SADB_X_LIFETIME_ADDTIME 2 -#define SADB_X_LIFETIME_USETIME 3 +#define SADB_X_LIFETIME_ALLOCATIONS 0 +#define SADB_X_LIFETIME_BYTES 1 +#define SADB_X_LIFETIME_ADDTIME 2 +#define SADB_X_LIFETIME_USETIME 3 /* The rate for SOFT lifetime against HARD one. */ -#define PFKEY_SOFT_LIFETIME_RATE 80 +#define PFKEY_SOFT_LIFETIME_RATE 80 /* Utilities */ -#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) +#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) #define PFKEY_EXTLEN(msg) \ PFKEY_UNUNIT64(((struct sadb_ext *)(msg))->sadb_ext_len) -#define PFKEY_ADDR_PREFIX(ext) \ +#define PFKEY_ADDR_PREFIX(ext) \ (((struct sadb_address *)(ext))->sadb_address_prefixlen) -#define PFKEY_ADDR_PROTO(ext) \ +#define PFKEY_ADDR_PROTO(ext) \ (((struct sadb_address *)(ext))->sadb_address_proto) -#define PFKEY_ADDR_SADDR(ext) \ +#define PFKEY_ADDR_SADDR(ext) \ ((struct sockaddr *)((caddr_t)(ext) + sizeof(struct sadb_address))) /* in 64bits */ #define PFKEY_UNUNIT64(a) ((a) << 3) #define PFKEY_UNIT64(a) ((a) >> 3) -#ifndef _KERNEL -struct sockaddr; - -int ipsec_check_keylen __P((u_int supported, u_int alg_id, u_int keylen)); -int pfkey_align __P((struct sadb_msg *msg, caddr_t *mhp)); -int pfkey_check __P((caddr_t *mhp)); -void pfkey_close __P((int so)); -u_int pfkey_get_softrate __P((u_int type)); -u_int pfkey_set_softrate __P((u_int type, u_int rate)); -int pfkey_open __P((void)); -struct sadb_msg *pfkey_recv __P((int so)); -int pfkey_recv_register __P((int so)); -int pfkey_send_register __P((int so, u_int satype)); -void pfkey_sadump __P((struct sadb_msg *m)); -void pfkey_spdump __P((struct sadb_msg *m)); -int pfkey_send __P((int so, struct sadb_msg *msg, int len)); -int pfkey_send_add __P((int so, u_int satype, u_int mode, - struct sockaddr *src, struct sockaddr *dst, - u_int32_t spi, u_int wsize, caddr_t keymat, - u_int e_type, u_int e_keylen, u_int a_type, - u_int a_keylen, u_int flags, u_int32_t l_alloc, - u_int64_t l_bytes, u_int64_t l_addtime, - u_int64_t l_usetime, u_int32_t seq)); -int pfkey_send_delete __P((int so, u_int satype, u_int mode, - struct sockaddr *src, struct sockaddr *dst, - u_int32_t spi)); -int pfkey_send_dump __P((int so, u_int satype)); -int pfkey_send_flush __P((int so, u_int satype)); -int pfkey_send_get __P((int so, u_int satype, u_int mode, - struct sockaddr *src, struct sockaddr *dst, - u_int32_t spi)); -int pfkey_send_getspi __P((int so, u_int satype, u_int mode, - struct sockaddr *src, struct sockaddr *dst, - u_int32_t min, u_int32_t max, u_int32_t seq)); -int pfkey_send_promisc_toggle __P((int so, int flag)); -int pfkey_send_spdadd __P((int so, struct sockaddr *src, u_int prefs, - struct sockaddr *dst, u_int prefd, u_int proto, - caddr_t policy, int policylen, u_int32_t seq)); -int pfkey_send_spddelete __P((int so, struct sockaddr *src, u_int prefs, - struct sockaddr *dst, u_int prefd, - u_int proto, u_int32_t seq)); -int pfkey_send_spddump __P((int so)); -int pfkey_send_spdflush __P((int so)); -int pfkey_send_update __P((int so, u_int satype, u_int mode, - struct sockaddr *src, struct sockaddr *dst, - u_int32_t spi, u_int wsize, caddr_t keymat, - u_int e_type, u_int e_keylen, u_int a_type, - u_int a_keylen, u_int flags, u_int32_t l_alloc, - u_int64_t l_bytes, u_int64_t l_addtime, - u_int64_t l_usetime, u_int32_t seq)); - -#endif /*!_KERNEL*/ - -#endif /* !__PFKEY_V2_H */ - -#endif /* !_NET_PFKEYV2_H_ */ +#endif /* __PFKEY_V2_H */ + +#endif /* _NET_PFKEYV2_H_ */ |