PERFORCE change 89406 for review

George V. Neville-Neil gnn at FreeBSD.org
Mon Jan 9 00:40:21 PST 2006 

http://perforce.freebsd.org/chv.cgi?CH=89406

Change 89406 by gnn at gnn_laptop_fast_ipsec on 2006/01/09 08:39:19

	An initial restructuring of data-structures to break the PF_KEY/keydb dependency.

Affected files ...

.. //depot/projects/fast_ipsec/src/sys/netipsec/keydb.h#2 edit

Differences ...

==== //depot/projects/fast_ipsec/src/sys/netipsec/keydb.h#2 (text+ko) ====

@@ -60,14 +60,40 @@
 					/* see IPSEC_MANUAL_REQID_MAX. */
 };
 
+/* As part of decoupling the kernel implementation from the key socket
+ * messaging system we define three structures that are present in the
+ * messaging system, but put them privately in the kernel and remove
+ * the bits that are necessary when building packets, like the length,
+ * type and reserved entries in the structs.
+ */
+
+/* The secident structure parallels the sadb_ident structure. */
+struct secident {
+	u_int16_t type;
+	u_int64_t id;
+};
+
+/* A security key which parallels sadb_key. */
+struct seckey {
+	u_int16_t bits;
+};
+
+/* A lifetime structure which parallels sadb_lifetime. */
+struct seclifetime {
+	u_int32_t allocations;
+	u_int64_t bytes;
+	u_int64_t addtime;
+	u_int64_t usetime;
+};
+
 /* Security Association Data Base */
 struct secashead {
 	LIST_ENTRY(secashead) chain;
 
 	struct secasindex saidx;
 
-	struct sadb_ident *idents;	/* source identity */
-	struct sadb_ident *identd;	/* destination identity */
+	struct secasident *idents;	/* source identity */
+	struct secasident *identd;	/* destination identity */
 					/* XXX I don't know how to use them. */
 
 	u_int8_t state;			/* MATURE or DEAD. */
@@ -97,8 +123,8 @@
 	u_int32_t spi;			/* SPI Value, network byte order */
 	u_int32_t flags;		/* holder for SADB_KEY_FLAGS */
 
-	struct sadb_key *key_auth;	/* Key for Authentication */
-	struct sadb_key *key_enc;	/* Key for Encryption */
+	struct seckey *key_auth;	/* Key for Authentication */
+	struct seckey *key_enc;	/* Key for Encryption */
 	caddr_t iv;			/* Initilization Vector */
 	u_int ivlen;			/* length of IV */
 	void *sched;			/* intermediate encryption key */
@@ -107,9 +133,9 @@
 	struct secreplay *replay;	/* replay prevention */
 	time_t created;			/* for lifetime */
 
-	struct sadb_lifetime *lft_c;	/* CURRENT lifetime, it's constant. */
-	struct sadb_lifetime *lft_h;	/* HARD lifetime */
-	struct sadb_lifetime *lft_s;	/* SOFT lifetime */
+	struct seclifetime *lft_c;	/* CURRENT lifetime, it's constant. */
+	struct seclifetime *lft_h;	/* HARD lifetime */
+	struct seclifetime *lft_s;	/* SOFT lifetime */
 
 	u_int32_t seq;			/* sequence number */
 	pid_t pid;			/* message's pid */

More information about the p4-projects mailing list