Date: Mon, 9 Jan 2006 08:40:19 GMT From: "George V. Neville-Neil" <gnn@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 89406 for review Message-ID: <200601090840.k098eJ35011572@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=89406 Change 89406 by gnn@gnn_laptop_fast_ipsec on 2006/01/09 08:39:19 An initial restructuring of data-structures to break the PF_KEY/keydb dependency. Affected files ... .. //depot/projects/fast_ipsec/src/sys/netipsec/keydb.h#2 edit Differences ... ==== //depot/projects/fast_ipsec/src/sys/netipsec/keydb.h#2 (text+ko) ==== @@ -60,14 +60,40 @@ /* see IPSEC_MANUAL_REQID_MAX. */ }; +/* As part of decoupling the kernel implementation from the key socket + * messaging system we define three structures that are present in the + * messaging system, but put them privately in the kernel and remove + * the bits that are necessary when building packets, like the length, + * type and reserved entries in the structs. + */ + +/* The secident structure parallels the sadb_ident structure. */ +struct secident { + u_int16_t type; + u_int64_t id; +}; + +/* A security key which parallels sadb_key. */ +struct seckey { + u_int16_t bits; +}; + +/* A lifetime structure which parallels sadb_lifetime. */ +struct seclifetime { + u_int32_t allocations; + u_int64_t bytes; + u_int64_t addtime; + u_int64_t usetime; +}; + /* Security Association Data Base */ struct secashead { LIST_ENTRY(secashead) chain; struct secasindex saidx; - struct sadb_ident *idents; /* source identity */ - struct sadb_ident *identd; /* destination identity */ + struct secasident *idents; /* source identity */ + struct secasident *identd; /* destination identity */ /* XXX I don't know how to use them. */ u_int8_t state; /* MATURE or DEAD. */ @@ -97,8 +123,8 @@ u_int32_t spi; /* SPI Value, network byte order */ u_int32_t flags; /* holder for SADB_KEY_FLAGS */ - struct sadb_key *key_auth; /* Key for Authentication */ - struct sadb_key *key_enc; /* Key for Encryption */ + struct seckey *key_auth; /* Key for Authentication */ + struct seckey *key_enc; /* Key for Encryption */ caddr_t iv; /* Initilization Vector */ u_int ivlen; /* length of IV */ void *sched; /* intermediate encryption key */ @@ -107,9 +133,9 @@ struct secreplay *replay; /* replay prevention */ time_t created; /* for lifetime */ - struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ - struct sadb_lifetime *lft_h; /* HARD lifetime */ - struct sadb_lifetime *lft_s; /* SOFT lifetime */ + struct seclifetime *lft_c; /* CURRENT lifetime, it's constant. */ + struct seclifetime *lft_h; /* HARD lifetime */ + struct seclifetime *lft_s; /* SOFT lifetime */ u_int32_t seq; /* sequence number */ pid_t pid; /* message's pid */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601090840.k098eJ35011572>