1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _INET_SPDSOCK_H 27 #define _INET_SPDSOCK_H 28 29 #include <sys/netstack.h> 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 /* 36 * SPDSOCK stack instances 37 */ 38 struct spd_stack { 39 netstack_t *spds_netstack; /* Common netstack */ 40 41 caddr_t spds_g_nd; 42 struct spdsockparam_s *spds_params; 43 kmutex_t spds_param_lock; 44 /* Protects the NDD variables. */ 45 46 /* 47 * To save algorithm update messages that are processed only after 48 * IPsec is loaded. 49 */ 50 struct spd_ext *spds_extv_algs[SPD_EXT_MAX + 1]; 51 mblk_t *spds_mp_algs; 52 boolean_t spds_algs_pending; 53 struct ipsec_alginfo 54 *spds_algs[IPSEC_NALGTYPES][IPSEC_MAX_ALGS]; 55 int spds_algs_exec_mode[IPSEC_NALGTYPES]; 56 kmutex_t spds_alg_lock; 57 }; 58 typedef struct spd_stack spd_stack_t; 59 60 61 /* 62 * spdsock (PF_POLICY) session state; one per open PF_POLICY socket. 63 * 64 * These are kept on a linked list by the spdsock module. 65 */ 66 67 typedef struct spdsock_s 68 { 69 uint_t spdsock_state; /* TLI gorp */ 70 71 minor_t spdsock_minor; 72 73 /* 74 * In-progress SPD_DUMP state, valid if spdsock_dump_req is non-NULL. 75 * 76 * spdsock_dump_req is the request which got us started. 77 * spdsock_dump_head is a reference to a policy head. 78 * spdsock_dump_cur_* tell us where we are in the policy walk, 79 * validated by looking at spdsock_dump_gen vs 80 * dump_head->iph_gen after taking a read lock on the policy 81 * head. 82 */ 83 mblk_t *spdsock_dump_req; 84 ipsec_policy_head_t *spdsock_dump_head; 85 uint64_t spdsock_dump_gen; 86 timeout_id_t spdsock_timeout; 87 mblk_t *spdsock_timeout_arg; 88 int spdsock_dump_cur_type; 89 int spdsock_dump_cur_af; 90 ipsec_policy_t *spdsock_dump_cur_rule; 91 uint32_t spdsock_dump_cur_chain; 92 uint32_t spdsock_dump_count; 93 spd_stack_t *spdsock_spds; 94 /* These are used for all-polhead dumps. */ 95 int spdsock_dump_tun_gen; 96 boolean_t spdsock_dump_active; 97 boolean_t spdsock_dump_tunnel; 98 int spdsock_dump_remaining_polheads; 99 ipsec_tun_pol_t *spdsock_itp; 100 } spdsock_t; 101 102 #define LOADCHECK_INTERVAL (drv_usectohz(30000)) 103 104 /* 105 * Socket option boilerplate code. 106 */ 107 108 extern optdb_obj_t spdsock_opt_obj; 109 extern uint_t spdsock_max_optsize; 110 111 extern int spdsock_opt_get(queue_t *, int, int, uchar_t *); 112 extern int spdsock_opt_set(queue_t *, uint_t, int, int, uint_t, uchar_t *, 113 uint_t *, uchar_t *, void *, cred_t *); 114 115 #ifdef __cplusplus 116 } 117 #endif 118 119 #endif /* _INET_SPDSOCK_H */ 120