00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00041 #ifndef __SA_H__
00042 #define __SA_H__
00043
00044 #include "ipsec/types.h"
00045 #include "ipsec/util.h"
00046 #include "ipsec/ipsec.h"
00047
00048
00049 #define IPSEC_MAX_SAD_ENTRIES (10)
00050 #define IPSEC_MAX_SPD_ENTRIES (10)
00052 #define IPSEC_FREE (0)
00053 #define IPSEC_USED (1)
00055 #define POLICY_APPLY (0)
00056 #define POLICY_BYPASS (1)
00057 #define POLICY_DISCARD (2)
00059 #define IPSEC_TUNNEL (1)
00060 #define IPSEC_TRANSPORT (2)
00062 #define IPSEC_DES (1)
00063 #define IPSEC_3DES (2)
00064 #define IPSEC_IDEA (3)
00066 #define IPSEC_HMAC_MD5 (1)
00067 #define IPSEC_HMAC_SHA1 (2)
00069 #define IPSEC_NR_NETIFS (1)
00071 typedef struct sa_entry_struct sad_entry ;
00076 struct sa_entry_struct
00077 {
00078
00079 __u32 dest;
00080 __u32 dest_netaddr ;
00081 __u32 spi;
00082 __u8 protocol ;
00083 __u8 mode ;
00084
00085 __u32 sequence_number ;
00086 __u8 replay_win ;
00087 __u32 lifetime ;
00088 __u16 path_mtu ;
00089
00090 __u8 enc_alg ;
00091 __u8 enckey[IPSEC_MAX_ENCKEY_LEN];
00092 __u8 auth_alg ;
00093 __u8 authkey[IPSEC_MAX_AUTHKEY_LEN] ;
00094 sad_entry *next ;
00095 sad_entry *prev ;
00096 __u8 use_flag ;
00099 };
00100
00101 typedef struct spd_entry_struct spd_entry ;
00106 struct spd_entry_struct
00107 {
00108 __u32 src ;
00109 __u32 src_netaddr ;
00110 __u32 dest ;
00111 __u32 dest_netaddr ;
00112 __u8 protocol ;
00113 __u16 src_port ;
00114 __u16 dest_port ;
00115 __u8 policy ;
00116 sad_entry *sa ;
00117 spd_entry *next ;
00118 spd_entry *prev ;
00119 __u8 use_flag ;
00120 };
00121
00125 typedef struct spd_table_struct
00126 {
00127 spd_entry *table ;
00128 spd_entry *first ;
00129 spd_entry *last ;
00130 int size ;
00131 } spd_table;
00132
00133 typedef struct sad_table_struct
00134 {
00135 sad_entry *table ;
00136 sad_entry *first ;
00137 sad_entry *last ;
00138 } sad_table ;
00139
00140 typedef struct db_set_netif_struct
00141 {
00142 spd_table inbound_spd ;
00143 spd_table outbound_spd ;
00144 sad_table inbound_sad ;
00145 sad_table outbound_sad ;
00146 __u8 use_flag ;
00147 } db_set_netif ;
00148
00149
00150 #define SPD_ENTRY(s1, s2, s3, s4, sn1, sn2, sn3, sn4, d1, d2, d3, d4, dn1, dn2, dn3, dn4, proto, src_port, dest_port, policy, sa_ptr) \
00151 IPSEC_IP4_ADDR_NET(s1, s2, s3, s4), \
00152 IPSEC_IP4_ADDR_NET(sn1, sn2, sn3, sn4), \
00153 IPSEC_IP4_ADDR_NET(d1, d2, d3, d4), \
00154 IPSEC_IP4_ADDR_NET(dn1, dn2, dn3, dn4), \
00155 proto, IPSEC_HTONS(src_port), IPSEC_HTONS(dest_port), policy, sa_ptr, 0, 0, \
00156 IPSEC_USED
00158 #define SAD_ENTRY(d1, d2, d3, d4, dn1, dn2, dn3, dn4, spi, proto, mode, enc_alg, ek1, ek2, ek3, ek4, ek5, ek6, ek7, ek8, ek9, ek10, ek11, ek12, ek13, ek14, ek15, ek16, ek17, ek18, ek19, ek20, ek21, ek22, ek23, ek24, auth_alg, ak1, ak2, ak3, ak4, ak5, ak6, ak7, ak8, ak9, ak10, ak11, ak12, ak13, ak14, ak15, ak16, ak17, ak18, ak19, ak20) \
00159 IPSEC_IP4_ADDR_2(d1, d2, d3, d4), \
00160 IPSEC_IP4_ADDR_2(dn1, dn2, dn3, dn4), \
00161 IPSEC_HTONL(spi), \
00162 proto, \
00163 mode, \
00164 0, 0, 0, 1450, \
00165 enc_alg, \
00166 {ek1, ek2, ek3, ek4, ek5, ek6, ek7, ek8, ek9, ek10, ek11, ek12, ek13, ek14, ek15, ek16, ek17, ek18, ek19, ek20, ek21, ek22, ek23, ek24}, \
00167 auth_alg, \
00168 {ak1, ak2, ak3, ak4, ak5, ak6, ak7, ak8, ak9, ak10, ak11, ak12, ak13, ak14, ak15, ak16, ak17, ak18, ak19, ak20}, \
00169 0,0, IPSEC_USED
00171 #define EMPTY_SAD_ENTRY { 0, 0, 0, 0, 0, 0, \
00172 0, 0, 0, 0, 0, 0, \
00173 0, 0, 0, 0, 0, 0, \
00174 0, 0, 0, 0, 0, 0, \
00175 0, 0, 0, 0, 0, 0, \
00176 0, 0, 0, 0, 0, 0, \
00177 0, 0, 0, 0, 0, 0, \
00178 0, 0, 0, 0, 0, 0, \
00179 0, 0, 0, 0, 0, 0, \
00180 IPSEC_FREE }
00182 #define EMPTY_SPD_ENTRY { 0, 0, 0, 0, 0, 0, \
00183 0, IPSEC_FREE }
00186
00187 db_set_netif *ipsec_spd_load_dbs(spd_entry *inbound_spd_data, spd_entry *outbound_spd_data, sad_entry *inbound_sad_data, sad_entry *outbound_sad_data) ;
00188
00189 ipsec_status ipsec_spd_release_dbs(db_set_netif *dbs) ;
00190
00191 spd_entry *ipsec_spd_get_free(spd_table *table) ;
00192
00193 spd_entry *ipsec_spd_add(__u32 src, __u32 src_net, __u32 dst,
00194 __u32 dst_net, __u8 proto, __u16 src_port,
00195 __u16 dst_port, __u8 policy, spd_table *table) ;
00196
00197 ipsec_status ipsec_spd_del(spd_entry *entry, spd_table *table) ;
00198
00199 ipsec_status ipsec_spd_add_sa(spd_entry *entry, sad_entry *sa) ;
00200
00201 spd_entry *ipsec_spd_lookup(ipsec_ip_header *header, spd_table *table) ;
00202
00203 void ipsec_spd_print_single(spd_entry *entry) ;
00204
00205 void ipsec_spd_print(spd_table *table) ;
00206
00207
00208 sad_entry *ipsec_sad_get_free(sad_table *table) ;
00209
00210 sad_entry *ipsec_sad_add(sad_entry *entry, sad_table *table) ;
00211
00212 ipsec_status ipsec_sad_del(sad_entry *entry, sad_table *table) ;
00213
00214 sad_entry *ipsec_sad_lookup(__u32 dest, __u8 proto, __u32 spi, sad_table *table) ;
00215
00216 void ipsec_sad_print_single(sad_entry *entry) ;
00217
00218 void ipsec_sad_print(sad_table *table) ;
00219
00220 __u32 ipsec_sad_get_spi(ipsec_ip_header *header) ;
00221
00222 ipsec_status ipsec_spd_flush(spd_table *table, spd_entry *def_entry) ;
00223
00224 ipsec_status ipsec_sad_flush(sad_table *table) ;
00225
00226 #endif