1 /* $Id: ike_pfkey.h,v 1.20 2008/02/05 09:03:22 mk Exp $ */
2
3 /*
4 * Copyright (C) 2004 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #ifndef __IKE_PFKEY_H__
33 #define __IKE_PFKEY_H__
34
35 #include <sys/types.h>
36 #include <sys/queue.h>
37 #if 1
38 /* #include "if_pfkeyv2.h" */
39 #else
40 #include "if_pfkey.h"
41 #endif
42
43 #include "var.h"
44
45 /*
46 * +--------------------+
47 * |child_sa |
48 * +--------------------+ +--------------------+
49 * | | ..|(*getspi)() ------->sadb_getspi()
50 * |+------------+ | : |(*acquire_error)() ------>sadb_acquire_error()
51 * ||sadb_request|......... |(*update_inbound)() ------->sadb_update()
52 * || |... | |(*update_outbound)() ------->sadb_add()
53 * |+------------+ : | +--------------------+
54 * | : |
55 * +----------------:---+
56 * ........(*getspi_response)()
57 */
58
59 /*
60 * conf_to_proposal ikev2_child_proposal_spi<---+
61 * | ^ |
62 * | |(*req->method->getspi)() |(*req->getspi_response)()
63 * v | |
64 * sadb_getspi |
65 * | ^ sadb_getspi_callback
66 * | | ^
67 * | | | |
68 * v | | |
69 * rcpfk_send_getspi v |
70 * | ^ rcpfk_handler---->rcpfk_recv_getspi
71 * | | ^
72 * | | :
73 * v | :
74 * SADB_GETSPI --------------[response]
75 *
76 */
77
78 struct sadb_request_method {
79 int (*getspi) ();
80 int (*acquire_error) ();
81 int (*update_inbound) ();
82 int (*add_outbound) ();
83 int (*delete_sa) ();
84 int (*get) ();
85 #ifdef sun
86 int (*inverse_acquire)();
87 #endif /* sun/OpenSolaris */
88 };
89
90 struct sadb_response_method {
91 int (*getspi_response)();
92 int (*update_response)();
93 int (*expired)();
94 int (*get_response)();
95 };
96
97 #define SADB_LIST_HEAD(nam_, typ_) TAILQ_HEAD(nam_, typ_)
98 #define SADB_LIST_INIT(head_) TAILQ_INIT(head_)
99 #define SADB_LIST_ENTRY(typ_) TAILQ_ENTRY(typ_)
100 #define SADB_LIST_FIRST(head_) ((head_)->tqh_first)
101 #define SADB_LIST_NEXT(p_) TAILQ_NEXT((p_), link)
102 #define SADB_LIST_END(p_) (! (p_))
103 #define SADB_LIST_LINK(head_, p_) TAILQ_INSERT_TAIL((head_), (p_), link)
104 #define SADB_LIST_REMOVE(head_, p_) TAILQ_REMOVE((head_), (p_), link)
105
106 struct sadb_request {
107 struct sadb_request_method *method;
108 struct sadb_response_method *callback;
109 uint32_t seqno;
110 /* pid_t pid; */
111 void *sa; /* should be a pointer to child_sa */
112
113 SADB_LIST_ENTRY(sadb_request) link;
114 };
115
116 extern struct sadb_request_method sadb_initiator_request_method;
117 extern struct sadb_request_method sadb_responder_request_method;
118 extern struct sadb_request_method sadb_rekey_request_method;
119 extern struct sadb_request_method sadb_null_method;
120 extern struct sadb_request_method sadb_force_initiate_method;
121
122 /* #ifdef DEBUG */
123 extern struct sadb_request_method sadb_debug_method;
124 /* #endif */
125 #endif
126
127 extern int sadb_init(void);
128 #ifdef DEBUG
129 void sadb_list_dump(void);
130 #endif
131 extern int sadb_socket(void);
132 extern uint32_t sadb_new_seq(void);
133 extern void sadb_poll(void);
134 extern void sadb_request_initialize(struct sadb_request *,
135 struct sadb_request_method *,
136 struct sadb_response_method *,
137 uint32_t,
138 void *);
139 extern void sadb_request_finish(struct sadb_request *);
140 #ifdef sun
141 #ifndef _INVACQ_T
142 #define _INVACQ_T /* Guard against double-include. */
143 typedef struct invacq_s {
144 /* IKEv1 data */
145 struct ph2handle *iph2; /* Referenced */
146
147 /* IKEv2 data */
148 struct ikev2_sa *ikev2_sa; /* Referenced */
149 struct sockaddr *local; /* Alloced/copied */
150 struct sockaddr *remote; /* Alloced/copied */
151 struct ikev2_payload_header *sa_payload;/* Alloced/copied */
152 struct ikev2_payload_header *ts_i; /* Alloced/copied */
153 struct ikev2_payload_header *ts_r; /* Alloced/copied */
154 struct ikev2_payload_header *cfg; /* Alloced/copied */
155 rc_vchar_t *g_i; /* Alloced/copied */
156 rc_vchar_t *n_i; /* Alloced/copied */
157 struct ikev2_child_param *child_param; /* Alloced/copied */
158 struct ikev2_child_sa *old_child_sa; /* Referenced. */
159 uint32_t message_id; /* Copied */
160 boolean_t is_createchild; /* Copied */
161 rc_vchar_t *packet;
162
163 /* inverse-ACQUIRE data. */
164 struct rcpfk_msg *answer;
165 int (*receiver)(struct invacq_s *);
166 struct sadb_request request;
167 } invacq_t;
168 #endif
169 extern int extract_extended_acquire(struct rcpfk_msg *, struct rcf_selector **,
170 struct rcf_remote **);
171 #endif