ia64/xen-unstable

view tools/vnet/vnet-module/sa.h @ 6946:e703abaf6e3d

Add behaviour to the remove methods to remove the transaction's path itself. This allows us to write Remove(path) to remove the specified path rather than having to slice the path ourselves.
author emellor@ewan
date Sun Sep 18 14:42:13 2005 +0100 (2005-09-18)
parents 0a4b76b6b5a0
children 71b0f00f6344
line source
1 /*
2 * Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free software Foundation, Inc.,
16 * 59 Temple Place, suite 330, Boston, MA 02111-1307 USA
17 *
18 */
19 #ifndef __VNET_SA_H__
20 #define __VNET_SA_H__
22 #include <linux/types.h>
23 #include <linux/crypto.h>
25 #include <tunnel.h>
27 #ifndef CRYPTO_MAX_KEY_BYTES
28 #define CRYPTO_MAX_KEY_BYTES 64
29 #define CRYPTO_MAX_KEY_BITS (CRYPTO_MAX_KEY_BYTES * 8)
30 #endif
32 typedef struct SALimits {
33 u64 bytes_soft;
34 u64 bytes_hard;
35 u64 packets_soft;
36 u64 packets_hard;
37 } SALimits;
39 typedef struct SACounts {
40 u64 bytes;
41 u64 packets;
42 u32 integrity_failures;
43 } SACounts;
45 typedef struct SAReplay {
46 int replay;
47 u32 send_seq;
48 u32 recv_seq;
49 u32 bitmap;
50 u32 replay_window;
51 } SAReplay;
53 typedef struct SAKey {
54 char name[CRYPTO_MAX_ALG_NAME];
55 int bits;
56 char key[CRYPTO_MAX_KEY_BYTES];
57 } SAKey;
59 typedef struct SAKeying {
60 u8 state;
61 u8 dying;
62 } SAKeying;
64 typedef struct SAIdent {
65 u32 id;
66 u32 spi;
67 u32 addr;
68 u32 protocol;
69 } SAIdent;
71 struct SAType;
73 /** Security assocation (SA). */
74 typedef struct SAState {
75 atomic_t refcount;
76 spinlock_t lock;
77 /** Identifier. */
78 struct SAIdent ident;
79 /** Security flags. */
80 int security;
81 /** Keying state. */
82 struct SAKeying keying;
83 /** Byte counts etc. */
84 struct SACounts counts;
85 /** Byte limits etc. */
86 struct SALimits limits;
87 /** Replay protection. */
88 struct SAReplay replay;
89 /** Digest algorithm. */
90 struct SAKey digest;
91 /** Cipher algorithm. */
92 struct SAKey cipher;
93 /** Compress algorith. */
94 struct SAKey compress;
95 /** SA type (ESP, AH). */
96 struct SAType *type;
97 /** Data for the SA type to use. */
98 void *data;
99 } SAState;
101 typedef struct SAType {
102 char *name;
103 int protocol;
104 int (*init)(SAState *state, void *args);
105 void (*fini)(SAState *state);
106 int (*recv)(SAState *state, struct sk_buff *skb);
107 int (*send)(SAState *state, struct sk_buff *skb, Tunnel *tunnel);
108 u32 (*size)(SAState *state, int size);
109 } SAType;
111 /** Information needed to create an SA.
112 * Unused algorithms have zero key size.
113 */
114 typedef struct SAInfo {
115 /** Identifier. */
116 SAIdent ident;
117 /** Security flags. */
118 int security;
119 /** Digest algorithm and key. */
120 SAKey digest;
121 /** Cipher algorithm and key. */
122 SAKey cipher;
123 /** Compress algorithm and key. */
124 SAKey compress;
125 /** SA lifetime limits. */
126 SALimits limits;
127 /** Replay protection window. */
128 int replay_window;
129 } SAInfo;
131 enum sa_alg_type {
132 SA_ALG_DIGEST = 1,
133 SA_ALG_CIPHER = 2,
134 SA_ALG_COMPRESS = 3,
135 };
137 extern int SAType_add(SAType *type);
138 extern int SAType_del(SAType *type);
139 extern int SAType_get(int protocol, SAType **type);
141 extern int sa_table_init(void);
142 extern void sa_table_exit(void);
143 extern int sa_table_delete(SAState *state);
144 extern int sa_table_add(SAState *state);
145 extern SAState * sa_table_lookup_spi(u32 spi, u32 protocol, u32 addr);
146 extern SAState * sa_table_lookup_id(u32 id);
148 /** Increment reference count.
149 *
150 * @param sa security association (may be null)
151 */
152 static inline void SAState_incref(SAState *sa){
153 if(!sa) return;
154 atomic_inc(&sa->refcount);
155 }
157 /** Decrement reference count, freeing if zero.
158 *
159 * @param sa security association (may be null)
160 */
161 static inline void SAState_decref(SAState *sa){
162 if(!sa) return;
163 if(atomic_dec_and_test(&sa->refcount)){
164 sa->type->fini(sa);
165 kfree(sa);
166 }
167 }
169 extern SAState *SAState_alloc(void);
170 extern int SAState_init(SAIdent *id, SAState **statep);
171 extern int SAState_create(SAInfo *info, SAState **statep);
173 static inline int SAState_send(SAState *sa, struct sk_buff *skb, Tunnel *tunnel){
174 return sa->type->send(sa, skb, tunnel);
175 }
177 static inline int SAState_recv(SAState *sa, struct sk_buff *skb){
178 return sa->type->recv(sa, skb);
179 }
181 static inline int SAState_size(SAState *sa, int n){
182 return sa->type->size(sa, n);
183 }
185 extern int sa_create(int security, u32 spi, u32 protocol, u32 addr, SAState **sa);
186 extern int sa_set(SAInfo *info, int update, SAState **val);
187 extern int sa_delete(int id);
189 enum {
190 SA_AUTH = 1,
191 SA_CONF = 2
192 };
194 enum {
195 SA_STATE_ACQUIRE = 1,
196 SA_STATE_VALID = 2,
197 };
199 #endif /* !__VNET_SA_H__ */