ia64/xen-unstable

view tools/vnet/vnet-module/sa.h @ 8740:3d7ea7972b39

Update patches for linux 2.6.15.

Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
author cl349@firebug.cl.cam.ac.uk
date Thu Feb 02 17:16:00 2006 +0000 (2006-02-02)
parents 0a4b76b6b5a0
children 71b0f00f6344
line source
1 /*
2 * Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free software Foundation, Inc.,
16 * 59 Temple Place, suite 330, Boston, MA 02111-1307 USA
17 *
18 */
19 #ifndef __VNET_SA_H__
20 #define __VNET_SA_H__
22 #include <linux/types.h>
23 #include <linux/crypto.h>
25 #include <tunnel.h>
27 #ifndef CRYPTO_MAX_KEY_BYTES
28 #define CRYPTO_MAX_KEY_BYTES 64
29 #define CRYPTO_MAX_KEY_BITS (CRYPTO_MAX_KEY_BYTES * 8)
30 #endif
32 typedef struct SALimits {
33 u64 bytes_soft;
34 u64 bytes_hard;
35 u64 packets_soft;
36 u64 packets_hard;
37 } SALimits;
39 typedef struct SACounts {
40 u64 bytes;
41 u64 packets;
42 u32 integrity_failures;
43 } SACounts;
45 typedef struct SAReplay {
46 int replay;
47 u32 send_seq;
48 u32 recv_seq;
49 u32 bitmap;
50 u32 replay_window;
51 } SAReplay;
53 typedef struct SAKey {
54 char name[CRYPTO_MAX_ALG_NAME];
55 int bits;
56 char key[CRYPTO_MAX_KEY_BYTES];
57 } SAKey;
59 typedef struct SAKeying {
60 u8 state;
61 u8 dying;
62 } SAKeying;
64 typedef struct SAIdent {
65 u32 id;
66 u32 spi;
67 u32 addr;
68 u32 protocol;
69 } SAIdent;
71 struct SAType;
73 /** Security assocation (SA). */
74 typedef struct SAState {
75 atomic_t refcount;
76 spinlock_t lock;
77 /** Identifier. */
78 struct SAIdent ident;
79 /** Security flags. */
80 int security;
81 /** Keying state. */
82 struct SAKeying keying;
83 /** Byte counts etc. */
84 struct SACounts counts;
85 /** Byte limits etc. */
86 struct SALimits limits;
87 /** Replay protection. */
88 struct SAReplay replay;
89 /** Digest algorithm. */
90 struct SAKey digest;
91 /** Cipher algorithm. */
92 struct SAKey cipher;
93 /** Compress algorith. */
94 struct SAKey compress;
95 /** SA type (ESP, AH). */
96 struct SAType *type;
97 /** Data for the SA type to use. */
98 void *data;
99 } SAState;
101 typedef struct SAType {
102 char *name;
103 int protocol;
104 int (*init)(SAState *state, void *args);
105 void (*fini)(SAState *state);
106 int (*recv)(SAState *state, struct sk_buff *skb);
107 int (*send)(SAState *state, struct sk_buff *skb, Tunnel *tunnel);
108 u32 (*size)(SAState *state, int size);
109 } SAType;
111 /** Information needed to create an SA.
112 * Unused algorithms have zero key size.
113 */
114 typedef struct SAInfo {
115 /** Identifier. */
116 SAIdent ident;
117 /** Security flags. */
118 int security;
119 /** Digest algorithm and key. */
120 SAKey digest;
121 /** Cipher algorithm and key. */
122 SAKey cipher;
123 /** Compress algorithm and key. */
124 SAKey compress;
125 /** SA lifetime limits. */
126 SALimits limits;
127 /** Replay protection window. */
128 int replay_window;
129 } SAInfo;
131 enum sa_alg_type {
132 SA_ALG_DIGEST = 1,
133 SA_ALG_CIPHER = 2,
134 SA_ALG_COMPRESS = 3,
135 };
137 extern int SAType_add(SAType *type);
138 extern int SAType_del(SAType *type);
139 extern int SAType_get(int protocol, SAType **type);
141 extern int sa_table_init(void);
142 extern void sa_table_exit(void);
143 extern int sa_table_delete(SAState *state);
144 extern int sa_table_add(SAState *state);
145 extern SAState * sa_table_lookup_spi(u32 spi, u32 protocol, u32 addr);
146 extern SAState * sa_table_lookup_id(u32 id);
148 /** Increment reference count.
149 *
150 * @param sa security association (may be null)
151 */
152 static inline void SAState_incref(SAState *sa){
153 if(!sa) return;
154 atomic_inc(&sa->refcount);
155 }
157 /** Decrement reference count, freeing if zero.
158 *
159 * @param sa security association (may be null)
160 */
161 static inline void SAState_decref(SAState *sa){
162 if(!sa) return;
163 if(atomic_dec_and_test(&sa->refcount)){
164 sa->type->fini(sa);
165 kfree(sa);
166 }
167 }
169 extern SAState *SAState_alloc(void);
170 extern int SAState_init(SAIdent *id, SAState **statep);
171 extern int SAState_create(SAInfo *info, SAState **statep);
173 static inline int SAState_send(SAState *sa, struct sk_buff *skb, Tunnel *tunnel){
174 return sa->type->send(sa, skb, tunnel);
175 }
177 static inline int SAState_recv(SAState *sa, struct sk_buff *skb){
178 return sa->type->recv(sa, skb);
179 }
181 static inline int SAState_size(SAState *sa, int n){
182 return sa->type->size(sa, n);
183 }
185 extern int sa_create(int security, u32 spi, u32 protocol, u32 addr, SAState **sa);
186 extern int sa_set(SAInfo *info, int update, SAState **val);
187 extern int sa_delete(int id);
189 enum {
190 SA_AUTH = 1,
191 SA_CONF = 2
192 };
194 enum {
195 SA_STATE_ACQUIRE = 1,
196 SA_STATE_VALID = 2,
197 };
199 #endif /* !__VNET_SA_H__ */