URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [tags/] [LINUX_2_4_26_OR32/] [linux/] [linux-2.4/] [include/] [linux/] [ipsec.h] - Blame information for rev 1765

Details | Compare with Previous | View Log


/*
 *      Definitions for the SECurity layer
 *
 *      Author:
 *              Robert Muchsel <muchsel@acm.org>
 *
 *      This program is free software; you can redistribute it and/or
 *      modify it under the terms of the GNU General Public License
 *      as published by the Free Software Foundation; either version
 *      2 of the License, or (at your option) any later version.
 */
 
#ifndef _LINUX_IPSEC_H
#define _LINUX_IPSEC_H
 
#include <linux/config.h>
#include <linux/socket.h>
#include <net/sock.h>
#include <linux/skbuff.h>
 
/* Values for the set/getsockopt calls */
 
/* These defines are compatible with NRL IPv6, however their semantics
   is different */
 
#define IPSEC_LEVEL_NONE        -1      /* send plaintext, accept any */
#define IPSEC_LEVEL_DEFAULT     0        /* encrypt/authenticate if possible */
                                        /* the default MUST be 0, because a */
                                        /* socket is initialized with 0's */
#define IPSEC_LEVEL_USE         1       /* use outbound, don't require inbound */
#define IPSEC_LEVEL_REQUIRE     2       /* require both directions */
#define IPSEC_LEVEL_UNIQUE      2       /* for compatibility only */
 
#ifdef __KERNEL__
 
/* skb bit flags set on packet input processing */
 
#define RCV_SEC                 0x0f    /* options on receive */
#define RCV_AUTH                0x01    /* was authenticated */
#define RCV_CRYPT               0x02    /* was encrypted */
#define RCV_TUNNEL              0x04    /* was tunneled */
#define SND_SEC                 0xf0    /* options on send, these are */
#define SND_AUTH                0x10    /* currently unused */
#define SND_CRYPT               0x20
#define SND_TUNNEL              0x40
 
/*
 *      FIXME: ignores network encryption for now..
 */
 
#ifdef CONFIG_NET_SECURITY
static __inline__ int ipsec_sk_policy(struct sock *sk, struct sk_buff *skb)
{
        return ((sk->authentication < IPSEC_LEVEL_REQUIRE) ||
                (skb->security & RCV_AUTH)) &&
                ((sk->encryption < IPSEC_LEVEL_REQUIRE) ||
                (skb->security & RCV_CRYPT));
}
 
#else
 
static __inline__ int ipsec_sk_policy(struct sock *sk, struct sk_buff *skb)
{
        return 1;
}
#endif /* CONFIG */
 
#endif  /* __KERNEL__ */
#endif  /* _LINUX_IPSEC_H */

Line No.	Rev	Author	Line
1	1275	phoenix	`/*`
2			`* Definitions for the SECurity layer`
3			`*`
4			`* Author:`
5			`* Robert Muchsel <muchsel@acm.org>`
6			`*`
7			`* This program is free software; you can redistribute it and/or`
8			`* modify it under the terms of the GNU General Public License`
9			`* as published by the Free Software Foundation; either version`
10			`* 2 of the License, or (at your option) any later version.`
11			`*/`
12
13			`#ifndef _LINUX_IPSEC_H`
14			`#define _LINUX_IPSEC_H`
15
16			`#include <linux/config.h>`
17			`#include <linux/socket.h>`
18			`#include <net/sock.h>`
19			`#include <linux/skbuff.h>`
20
21			`/* Values for the set/getsockopt calls */`
22
23			`/* These defines are compatible with NRL IPv6, however their semantics`
24			`is different */`
25
26			`#define IPSEC_LEVEL_NONE -1 /* send plaintext, accept any */`
27			`#define IPSEC_LEVEL_DEFAULT 0 /* encrypt/authenticate if possible */`
28			`/* the default MUST be 0, because a */`
29			`/* socket is initialized with 0's */`
30			`#define IPSEC_LEVEL_USE 1 /* use outbound, don't require inbound */`
31			`#define IPSEC_LEVEL_REQUIRE 2 /* require both directions */`
32			`#define IPSEC_LEVEL_UNIQUE 2 /* for compatibility only */`
33
34			`#ifdef __KERNEL__`
35
36			`/* skb bit flags set on packet input processing */`
37
38			`#define RCV_SEC 0x0f /* options on receive */`
39			`#define RCV_AUTH 0x01 /* was authenticated */`
40			`#define RCV_CRYPT 0x02 /* was encrypted */`
41			`#define RCV_TUNNEL 0x04 /* was tunneled */`
42			`#define SND_SEC 0xf0 /* options on send, these are */`
43			`#define SND_AUTH 0x10 /* currently unused */`
44			`#define SND_CRYPT 0x20`
45			`#define SND_TUNNEL 0x40`
46
47			`/*`
48			`* FIXME: ignores network encryption for now..`
49			`*/`
50
51			`#ifdef CONFIG_NET_SECURITY`
52			`static __inline__ int ipsec_sk_policy(struct sock sk, struct sk_buff skb)`
53			`{`
54			`return ((sk->authentication < IPSEC_LEVEL_REQUIRE) \|\|`
55			`(skb->security & RCV_AUTH)) &&`
56			`((sk->encryption < IPSEC_LEVEL_REQUIRE) \|\|`
57			`(skb->security & RCV_CRYPT));`
58			`}`
59
60			`#else`
61
62			`static __inline__ int ipsec_sk_policy(struct sock sk, struct sk_buff skb)`
63			`{`
64			`return 1;`
65			`}`
66			`#endif /* CONFIG */`
67
68			`#endif /* __KERNEL__ */`
69			`#endif /* _LINUX_IPSEC_H */`

Browse

Tools

Subversion Repositories or1k

[/] [or1k/] [tags/] [LINUX_2_4_26_OR32/] [linux/] [linux-2.4/] [include/] [linux/] [ipsec.h] - Blame information for rev 1765