xref: /illumos-gate/usr/src/uts/common/inet/keysock.h (revision 8b80e8cb6855118d46f605e91b5ed4ce83417395) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_INET_KEYSOCK_H
27 #define	_INET_KEYSOCK_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 extern int keysock_opt_get(queue_t *, int, int, uchar_t *);
36 extern int keysock_opt_set(queue_t *, uint_t, int, int, uint_t,
37     uchar_t *, uint_t *, uchar_t *, void *, cred_t *cr, mblk_t *mblk);
38 
39 /*
40  * Object to represent database of options to search passed to
41  * {sock,tpi}optcom_req() interface routine to take care of option
42  * management and associated methods.
43  */
44 
45 extern optdb_obj_t	keysock_opt_obj;
46 extern uint_t		keysock_max_optsize;
47 
48 /*
49  * KEYSOCK stack instances
50  */
51 struct keysock_stack {
52 	netstack_t		*keystack_netstack;	/* Common netstack */
53 	/*
54 	 * keysock_plumbed: zero if plumb not attempted, positive if it
55 	 * succeeded,  negative if it failed.
56 	 */
57 	int			keystack_plumbed;
58 	caddr_t			keystack_g_nd;
59 	struct keysockparam_s	*keystack_params;
60 
61 	kmutex_t		keystack_param_lock;
62 				/* Protects the NDD variables. */
63 
64 	/* List of open PF_KEY sockets, protected by keysock_list_lock. */
65 	kmutex_t		keystack_list_lock;
66 	struct keysock_s	*keystack_list;
67 
68 	/*
69 	 * Consumers table. If an entry is NULL, keysock maintains
70 	 * the table.
71 	 */
72 	kmutex_t		keystack_consumers_lock;
73 
74 #define	KEYSOCK_MAX_CONSUMERS 256
75 	struct keysock_consumer_s *keystack_consumers[KEYSOCK_MAX_CONSUMERS];
76 
77 	/*
78 	 * State for flush/dump.  This would normally be a boolean_t, but
79 	 * cas32() works best for a known 32-bit quantity.
80 	 */
81 	uint32_t		keystack_flushdump;
82 	int			keystack_flushdump_errno;
83 
84 	/*
85 	 * This integer counts the number of extended REGISTERed sockets.  This
86 	 * determines if we should send extended REGISTERs.
87 	 */
88 	uint32_t		keystack_num_extended;
89 
90 	/*
91 	 * Global sequence space for SADB_ACQUIRE messages of any sort.
92 	 */
93 	uint32_t		keystack_acquire_seq;
94 };
95 typedef struct keysock_stack keysock_stack_t;
96 
97 /*
98  * keysock session state (one per open PF_KEY socket (i.e. as a driver))
99  *
100  * I keep these in a linked list, and assign a monotonically increasing
101  * serial ## (which is also the minor number).
102  */
103 
104 typedef struct keysock_s {
105 	/* Protected by keysock_list_lock. */
106 	struct keysock_s *keysock_next; /* Next in list */
107 	struct keysock_s **keysock_ptpn; /* Pointer to previous next */
108 
109 	kmutex_t keysock_lock; /* Protects the following. */
110 	queue_t *keysock_rq;   /* Read queue - putnext() to userland */
111 	queue_t *keysock_wq;   /* Write queue */
112 
113 	uint_t keysock_state;
114 	uint_t keysock_flags;
115 	/* If SADB_SATYPE_MAX (in net/pfkeyv2.h) > 255, rewhack this. */
116 	uint64_t keysock_registered[4]; /* Registered types for this socket. */
117 
118 	/* Also protected by keysock_list_lock. */
119 	minor_t keysock_serial; /* Serial number of this socket. */
120 	keysock_stack_t		*keysock_keystack;
121 } keysock_t;
122 
123 #define	KEYSOCK_NOLOOP	0x1	/* Don't loopback messages (no replies). */
124 #define	KEYSOCK_PROMISC	0x2	/* Give me all outbound messages. */
125 				/* DANGER:	Setting this requires EXTRA */
126 				/* 		privilege on an MLS box. */
127 #define	KEYSOCK_EXTENDED 0x4	/* Extended REGISTER received. */
128 
129 /* My apologies for the ugliness of this macro.  And using constants. */
130 #define	KEYSOCK_ISREG(ks, satype) (((ks)->keysock_registered[(satype) >> 3]) & \
131 	(1 << ((satype) & 63)))
132 #define	KEYSOCK_SETREG(ks, satype) (ks)->keysock_registered[(satype) >> 3] |= \
133 	(1 << ((satype) & 63))
134 
135 /*
136  * Keysock consumers (i.e. AH, ESP), in array based on sadb_msg_satype.
137  * For module instances.
138  */
139 
140 typedef struct keysock_consumer_s {
141 	kmutex_t kc_lock;	/* Protects instance. */
142 
143 	queue_t *kc_rq;		/* Read queue, requests from AH, ESP. */
144 	queue_t *kc_wq;		/* Write queue, putnext down */
145 
146 	/* Other goodies as a need them. */
147 	uint8_t			kc_sa_type;	/* What sort of SA am I? */
148 	uint_t			kc_flags;
149 	keysock_stack_t		*kc_keystack;
150 } keysock_consumer_t;
151 
152 /* Can only set flags when keysock_consumer_lock is held. */
153 #define	KC_INTERNAL 0x1		/* Consumer maintained by keysock itself. */
154 #define	KC_FLUSHING 0x2		/* SADB_FLUSH pending on this consumer. */
155 
156 extern int keysock_plumb_ipsec(netstack_t *);
157 
158 #ifdef	__cplusplus
159 }
160 #endif
161 
162 #endif /* _INET_KEYSOCK_H */
163