1 |
1254 |
phoenix |
//==========================================================================
|
2 |
|
|
//
|
3 |
|
|
// include/netinet/ip_ah.h
|
4 |
|
|
//
|
5 |
|
|
//
|
6 |
|
|
//
|
7 |
|
|
//==========================================================================
|
8 |
|
|
//####BSDCOPYRIGHTBEGIN####
|
9 |
|
|
//
|
10 |
|
|
// -------------------------------------------
|
11 |
|
|
//
|
12 |
|
|
// Portions of this software may have been derived from OpenBSD or other sources,
|
13 |
|
|
// and are covered by the appropriate copyright disclaimers included herein.
|
14 |
|
|
//
|
15 |
|
|
// -------------------------------------------
|
16 |
|
|
//
|
17 |
|
|
//####BSDCOPYRIGHTEND####
|
18 |
|
|
//==========================================================================
|
19 |
|
|
//#####DESCRIPTIONBEGIN####
|
20 |
|
|
//
|
21 |
|
|
// Author(s): gthomas
|
22 |
|
|
// Contributors: gthomas
|
23 |
|
|
// Date: 2000-01-10
|
24 |
|
|
// Purpose:
|
25 |
|
|
// Description:
|
26 |
|
|
//
|
27 |
|
|
//
|
28 |
|
|
//####DESCRIPTIONEND####
|
29 |
|
|
//
|
30 |
|
|
//==========================================================================
|
31 |
|
|
|
32 |
|
|
|
33 |
|
|
/* $OpenBSD: ip_ah.h,v 1.19 1999/12/09 10:11:11 angelos Exp $ */
|
34 |
|
|
|
35 |
|
|
/*
|
36 |
|
|
* The authors of this code are John Ioannidis (ji@tla.org),
|
37 |
|
|
* Angelos D. Keromytis (kermit@csd.uch.gr) and
|
38 |
|
|
* Niels Provos (provos@physnet.uni-hamburg.de).
|
39 |
|
|
*
|
40 |
|
|
* This code was written by John Ioannidis for BSD/OS in Athens, Greece,
|
41 |
|
|
* in November 1995.
|
42 |
|
|
*
|
43 |
|
|
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
|
44 |
|
|
* by Angelos D. Keromytis.
|
45 |
|
|
*
|
46 |
|
|
* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
|
47 |
|
|
* and Niels Provos.
|
48 |
|
|
*
|
49 |
|
|
* Additional features in 1999 by Angelos D. Keromytis.
|
50 |
|
|
*
|
51 |
|
|
* Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
|
52 |
|
|
* Angelos D. Keromytis and Niels Provos.
|
53 |
|
|
*
|
54 |
|
|
* Permission to use, copy, and modify this software without fee
|
55 |
|
|
* is hereby granted, provided that this entire notice is included in
|
56 |
|
|
* all copies of any software which is or includes a copy or
|
57 |
|
|
* modification of this software.
|
58 |
|
|
* You may use this code under the GNU public license if you so wish. Please
|
59 |
|
|
* contribute changes back to the authors under this freer than GPL license
|
60 |
|
|
* so that we may further the use of strong encryption without limitations to
|
61 |
|
|
* all.
|
62 |
|
|
*
|
63 |
|
|
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
|
64 |
|
|
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
|
65 |
|
|
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
|
66 |
|
|
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
|
67 |
|
|
* PURPOSE.
|
68 |
|
|
*/
|
69 |
|
|
|
70 |
|
|
#ifndef _NETINET_IP_AH_H_
|
71 |
|
|
#define _NETINET_IP_AH_H_
|
72 |
|
|
|
73 |
|
|
/*
|
74 |
|
|
* Authentication Header Processing
|
75 |
|
|
* Per RFC1826 (Atkinson, 1995)
|
76 |
|
|
*/
|
77 |
|
|
|
78 |
|
|
struct ah_old
|
79 |
|
|
{
|
80 |
|
|
u_int8_t ah_nh; /* Next header (protocol) */
|
81 |
|
|
u_int8_t ah_hl; /* AH length, in 32-bit words */
|
82 |
|
|
u_int16_t ah_rv; /* reserved, must be 0 */
|
83 |
|
|
u_int32_t ah_spi; /* Security Parameters Index */
|
84 |
|
|
u_int8_t ah_data[1]; /* More, really */
|
85 |
|
|
};
|
86 |
|
|
|
87 |
|
|
#define AH_OLD_FLENGTH 8 /* size of fixed part */
|
88 |
|
|
|
89 |
|
|
struct ahstat
|
90 |
|
|
{
|
91 |
|
|
u_int32_t ahs_hdrops; /* packet shorter than header shows */
|
92 |
|
|
u_int32_t ahs_notdb;
|
93 |
|
|
u_int32_t ahs_badkcr;
|
94 |
|
|
u_int32_t ahs_badauth;
|
95 |
|
|
u_int32_t ahs_noxform;
|
96 |
|
|
u_int32_t ahs_qfull;
|
97 |
|
|
u_int32_t ahs_wrap;
|
98 |
|
|
u_int32_t ahs_replay;
|
99 |
|
|
u_int32_t ahs_badauthl; /* bad authenticator length */
|
100 |
|
|
u_int32_t ahs_input; /* Input AH packets */
|
101 |
|
|
u_int32_t ahs_output; /* Output AH packets */
|
102 |
|
|
u_int32_t ahs_invalid; /* Trying to use an invalid TDB */
|
103 |
|
|
u_int64_t ahs_ibytes; /* input bytes */
|
104 |
|
|
u_int64_t ahs_obytes; /* output bytes */
|
105 |
|
|
u_int32_t ahs_toobig; /* packet got larger than IP_MAXPACKET */
|
106 |
|
|
u_int32_t ahs_pdrops; /* packet blocked due to policy */
|
107 |
|
|
};
|
108 |
|
|
|
109 |
|
|
struct ah_new
|
110 |
|
|
{
|
111 |
|
|
u_int8_t ah_nh; /* Next header (protocol) */
|
112 |
|
|
u_int8_t ah_hl; /* AH length, in 32-bit words */
|
113 |
|
|
u_int16_t ah_rv; /* reserved, must be 0 */
|
114 |
|
|
u_int32_t ah_spi; /* Security Parameters Index */
|
115 |
|
|
u_int32_t ah_rpl; /* Replay prevention */
|
116 |
|
|
u_int8_t ah_data[AH_HMAC_HASHLEN];/* Authenticator */
|
117 |
|
|
};
|
118 |
|
|
|
119 |
|
|
#define AH_NEW_FLENGTH (sizeof(struct ah_new))
|
120 |
|
|
|
121 |
|
|
/* Size of the largest hash function output used in AH-new, in bytes */
|
122 |
|
|
#define AH_MAX_HASHLEN 20
|
123 |
|
|
|
124 |
|
|
/*
|
125 |
|
|
* Names for AH sysctl objects
|
126 |
|
|
*/
|
127 |
|
|
#define AHCTL_ENABLE 1 /* Enable AH processing */
|
128 |
|
|
#define AHCTL_MAXID 2
|
129 |
|
|
|
130 |
|
|
#define AHCTL_NAMES { \
|
131 |
|
|
{ 0, 0 }, \
|
132 |
|
|
{ "enable", CTLTYPE_INT }, \
|
133 |
|
|
}
|
134 |
|
|
|
135 |
|
|
#ifdef _KERNEL
|
136 |
|
|
void ah_input __P((struct mbuf *, ...));
|
137 |
|
|
int ah_output __P((struct mbuf *, struct tdb *, struct mbuf **));
|
138 |
|
|
int ah_sysctl __P((int *, u_int, void *, size_t *, void *, size_t));
|
139 |
|
|
|
140 |
|
|
#ifdef INET6
|
141 |
|
|
void ah6_input __P((struct mbuf *, ...));
|
142 |
|
|
#endif /* INET6 */
|
143 |
|
|
|
144 |
|
|
extern int ah_enable;
|
145 |
|
|
struct ahstat ahstat;
|
146 |
|
|
#endif /* _KERNEL */
|
147 |
|
|
|
148 |
|
|
#endif // _NETINET_IP_AH_H_
|