[people/ms/strongswan.git] / linux / include / freeswan / ipsec_tunnel.h

/*
 * IPSEC tunneling code
 * Copyright (C) 1996, 1997  John Ioannidis.
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003  Richard Guy Briggs.
 * 
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * RCSID $Id: ipsec_tunnel.h,v 1.1 2004/03/15 20:35:25 as Exp $
 */


#ifdef NET_21
# define DEV_QUEUE_XMIT(skb, device, pri) {\
	skb->dev = device; \
	neigh_compat_output(skb); \
	/* skb->dst->output(skb); */ \
 }
# define ICMP_SEND(skb_in, type, code, info, dev) \
	icmp_send(skb_in, type, code, htonl(info))
# define IP_SEND(skb, dev) \
	ip_send(skb);
#else /* NET_21 */
# define DEV_QUEUE_XMIT(skb, device, pri) {\
	dev_queue_xmit(skb, device, pri); \
 }
# define ICMP_SEND(skb_in, type, code, info, dev) \
	icmp_send(skb_in, type, code, info, dev)
# define IP_SEND(skb, dev) \
	if(ntohs(iph->tot_len) > physmtu) { \
		ip_fragment(NULL, skb, dev, 0); \
		ipsec_kfree_skb(skb); \
	} else { \
		dev_queue_xmit(skb, dev, SOPRI_NORMAL); \
	}
#endif /* NET_21 */


/*
 * Heavily based on drivers/net/new_tunnel.c.  Lots
 * of ideas also taken from the 2.1.x version of drivers/net/shaper.c
 */

struct ipsectunnelconf
{
	__u32	cf_cmd;
	union
	{
		char 	cfu_name[12];
	} cf_u;
#define cf_name cf_u.cfu_name
};

#define IPSEC_SET_DEV	(SIOCDEVPRIVATE)
#define IPSEC_DEL_DEV	(SIOCDEVPRIVATE + 1)
#define IPSEC_CLR_DEV	(SIOCDEVPRIVATE + 2)

#ifdef __KERNEL__
#include <linux/version.h>
#ifndef KERNEL_VERSION
#  define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
#endif
struct ipsecpriv
{
	struct sk_buff_head sendq;
	struct device *dev;
	struct wait_queue *wait_queue;
	char locked;
	int  (*hard_start_xmit) (struct sk_buff *skb,
		struct device *dev);
	int  (*hard_header) (struct sk_buff *skb,
		struct device *dev,
		unsigned short type,
		void *daddr,
		void *saddr,
		unsigned len);
#ifdef NET_21
	int  (*rebuild_header)(struct sk_buff *skb);
#else /* NET_21 */
	int  (*rebuild_header)(void *buff, struct device *dev,
			unsigned long raddr, struct sk_buff *skb);
#endif /* NET_21 */
	int  (*set_mac_address)(struct device *dev, void *addr);
#ifndef NET_21
	void (*header_cache_bind)(struct hh_cache **hhp, struct device *dev,
				 unsigned short htype, __u32 daddr);
#endif /* !NET_21 */
	void (*header_cache_update)(struct hh_cache *hh, struct device *dev, unsigned char *  haddr);
	struct net_device_stats *(*get_stats)(struct device *dev);
	struct net_device_stats mystats;
	int mtu;	/* What is the desired MTU? */
};

extern char ipsec_tunnel_c_version[];

extern struct device *ipsecdevices[IPSEC_NUM_IF];

int ipsec_tunnel_init_devices(void);

/* void */ int ipsec_tunnel_cleanup_devices(void);

extern /* void */ int ipsec_init(void);

extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev);

#ifdef CONFIG_IPSEC_DEBUG
extern int debug_tunnel;
extern int sysctl_ipsec_debug_verbose;
#endif /* CONFIG_IPSEC_DEBUG */
#endif /* __KERNEL__ */

#ifdef CONFIG_IPSEC_DEBUG
#define DB_TN_INIT	0x0001
#define DB_TN_PROCFS	0x0002
#define DB_TN_XMIT	0x0010
#define DB_TN_OHDR	0x0020
#define DB_TN_CROUT	0x0040
#define DB_TN_OXFS	0x0080
#define DB_TN_REVEC	0x0100
#endif /* CONFIG_IPSEC_DEBUG */

/*
 * $Log: ipsec_tunnel.h,v $
 * Revision 1.1  2004/03/15 20:35:25  as
 * added files from freeswan-2.04-x509-1.5.3
 *
 * Revision 1.28  2003/06/24 20:22:32  mcr
 * 	added new global: ipsecdevices[] so that we can keep track of
 * 	the ipsecX devices. They will be referenced with dev_hold(),
 * 	so 2.2 may need this as well.
 *
 * Revision 1.27  2003/04/03 17:38:09  rgb
 * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
 *
 * Revision 1.26  2003/02/12 19:32:20  rgb
 * Updated copyright year.
 *
 * Revision 1.25  2002/05/27 18:56:07  rgb
 * Convert to dynamic ipsec device allocation.
 *
 * Revision 1.24  2002/04/24 07:36:48  mcr
 * Moved from ./klips/net/ipsec/ipsec_tunnel.h,v
 *
 * Revision 1.23  2001/11/06 19:50:44  rgb
 * Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for
 * use also by pfkey_v2_parser.c
 *
 * Revision 1.22  2001/09/15 16:24:05  rgb
 * Re-inject first and last HOLD packet when an eroute REPLACE is done.
 *
 * Revision 1.21  2001/06/14 19:35:10  rgb
 * Update copyright date.
 *
 * Revision 1.20  2000/09/15 11:37:02  rgb
 * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
 * IPCOMP zlib deflate code.
 *
 * Revision 1.19  2000/09/08 19:12:56  rgb
 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
 *
 * Revision 1.18  2000/07/28 13:50:54  rgb
 * Changed enet_statistics to net_device_stats and added back compatibility
 * for pre-2.1.19.
 *
 * Revision 1.17  1999/11/19 01:12:15  rgb
 * Purge unneeded proc_info prototypes, now that static linking uses
 * dynamic proc_info registration.
 *
 * Revision 1.16  1999/11/18 18:51:00  rgb
 * Changed all device registrations for static linking to
 * dynamic to reduce the number and size of patches.
 *
 * Revision 1.15  1999/11/18 04:14:21  rgb
 * Replaced all kernel version macros to shorter, readable form.
 * Added CONFIG_PROC_FS compiler directives in case it is shut off.
 * Added Marc Boucher's 2.3.25 proc patches.
 *
 * Revision 1.14  1999/05/25 02:50:10  rgb
 * Fix kernel version macros for 2.0.x static linking.
 *
 * Revision 1.13  1999/05/25 02:41:06  rgb
 * Add ipsec_klipsdebug support for static linking.
 *
 * Revision 1.12  1999/05/05 22:02:32  rgb
 * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
 *
 * Revision 1.11  1999/04/29 15:19:50  rgb
 * Add return values to init and cleanup functions.
 *
 * Revision 1.10  1999/04/16 16:02:39  rgb
 * Bump up macro to 4 ipsec I/Fs.
 *
 * Revision 1.9  1999/04/15 15:37:25  rgb
 * Forward check changes from POST1_00 branch.
 *
 * Revision 1.5.2.1  1999/04/02 04:26:14  rgb
 * Backcheck from HEAD, pre1.0.
 *
 * Revision 1.8  1999/04/11 00:29:01  henry
 * GPL boilerplate
 *
 * Revision 1.7  1999/04/06 04:54:28  rgb
 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy.  This includes
 * patch shell fixes.
 *
 * Revision 1.6  1999/03/31 05:44:48  rgb
 * Keep PMTU reduction private.
 *
 * Revision 1.5  1999/02/10 22:31:20  rgb
 * Change rebuild_header member to reflect generality of link layer.
 *
 * Revision 1.4  1998/12/01 13:22:04  rgb
 * Added support for debug printing of version info.
 *
 * Revision 1.3  1998/07/29 20:42:46  rgb
 * Add a macro for clearing all tunnel devices.
 * Rearrange structures and declarations for sharing with userspace.
 *
 * Revision 1.2  1998/06/25 20:01:45  rgb
 * Make prototypes available for ipsec_init and ipsec proc_dir_entries
 * for static linking.
 *
 * Revision 1.1  1998/06/18 21:27:50  henry
 * move sources from klips/src to klips/net/ipsec, to keep stupid
 * kernel-build scripts happier in the presence of symlinks
 *
 * Revision 1.3  1998/05/18 21:51:50  rgb
 * Added macros for num of I/F's and a procfs debug switch.
 *
 * Revision 1.2  1998/04/21 21:29:09  rgb
 * Rearrange debug switches to change on the fly debug output from user
 * space.  Only kernel changes checked in at this time.  radij.c was also
 * changed to temporarily remove buggy debugging code in rj_delete causing
 * an OOPS and hence, netlink device open errors.
 *
 * Revision 1.1  1998/04/09 03:06:13  henry
 * sources moved up from linux/net/ipsec
 *
 * Revision 1.1.1.1  1998/04/08 05:35:05  henry
 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
 *
 * Revision 0.5  1997/06/03 04:24:48  ji
 * Added transport mode.
 * Changed the way routing is done.
 * Lots of bug fixes.
 *
 * Revision 0.4  1997/01/15 01:28:15  ji
 * No changes.
 *
 * Revision 0.3  1996/11/20 14:39:04  ji
 * Minor cleanups.
 * Rationalized debugging code.
 *
 * Revision 0.2  1996/11/02 00:18:33  ji
 * First limited release.
 *
 *
 */
Commit	Line	Data
997358a6 MW	1	/*
	2	* IPSEC tunneling code
	3	* Copyright (C) 1996, 1997 John Ioannidis.
	4	* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs.
	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2 of the License, or (at your
	9	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	10	*
	11	* This program is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	13	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	14	* for more details.
	15	*
	16	* RCSID $Id: ipsec_tunnel.h,v 1.1 2004/03/15 20:35:25 as Exp $
	17	*/
	18
	19
	20	#ifdef NET_21
	21	# define DEV_QUEUE_XMIT(skb, device, pri) {\
	22	skb->dev = device; \
	23	neigh_compat_output(skb); \
	24	/* skb->dst->output(skb); */ \
	25	}
	26	# define ICMP_SEND(skb_in, type, code, info, dev) \
	27	icmp_send(skb_in, type, code, htonl(info))
	28	# define IP_SEND(skb, dev) \
	29	ip_send(skb);
	30	#else /* NET_21 */
	31	# define DEV_QUEUE_XMIT(skb, device, pri) {\
	32	dev_queue_xmit(skb, device, pri); \
	33	}
	34	# define ICMP_SEND(skb_in, type, code, info, dev) \
	35	icmp_send(skb_in, type, code, info, dev)
	36	# define IP_SEND(skb, dev) \
	37	if(ntohs(iph->tot_len) > physmtu) { \
	38	ip_fragment(NULL, skb, dev, 0); \
	39	ipsec_kfree_skb(skb); \
	40	} else { \
	41	dev_queue_xmit(skb, dev, SOPRI_NORMAL); \
	42	}
	43	#endif /* NET_21 */
	44
	45
	46	/*
	47	* Heavily based on drivers/net/new_tunnel.c. Lots
	48	* of ideas also taken from the 2.1.x version of drivers/net/shaper.c
	49	*/
	50
	51	struct ipsectunnelconf
	52	{
	53	__u32 cf_cmd;
	54	union
	55	{
	56	char cfu_name[12];
	57	} cf_u;
	58	#define cf_name cf_u.cfu_name
	59	};
	60
	61	#define IPSEC_SET_DEV (SIOCDEVPRIVATE)
	62	#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1)
	63	#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2)
	64
65	#ifdef __KERNEL__
66	#include <linux/version.h>
67	#ifndef KERNEL_VERSION
68	# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
69	#endif
70	struct ipsecpriv
71	{
72	struct sk_buff_head sendq;
73	struct device *dev;
74	struct wait_queue *wait_queue;
75	char locked;
76	int (hard_start_xmit) (struct sk_buff skb,
77	struct device *dev);
78	int (hard_header) (struct sk_buff skb,
79	struct device *dev,
80	unsigned short type,
81	void *daddr,
82	void *saddr,
83	unsigned len);
84	#ifdef NET_21
85	int (rebuild_header)(struct sk_buff skb);
86	#else /* NET_21 */
87	int (rebuild_header)(void buff, struct device *dev,
88	unsigned long raddr, struct sk_buff *skb);
89	#endif /* NET_21 */
90	int (set_mac_address)(struct device dev, void *addr);
91	#ifndef NET_21
92	void (header_cache_bind)(struct hh_cache hhp, struct device dev,
93	unsigned short htype, __u32 daddr);
94	#endif /* !NET_21 */
95	void (header_cache_update)(struct hh_cache hh, struct device dev, unsigned char haddr);
96	struct net_device_stats (get_stats)(struct device *dev);
97	struct net_device_stats mystats;
98	int mtu; /* What is the desired MTU? */
99	};
100
101	extern char ipsec_tunnel_c_version[];
102
103	extern struct device *ipsecdevices[IPSEC_NUM_IF];
104
105	int ipsec_tunnel_init_devices(void);
106
107	/* void */ int ipsec_tunnel_cleanup_devices(void);
108
109	extern /* void */ int ipsec_init(void);
110
111	extern int ipsec_tunnel_start_xmit(struct sk_buff skb, struct device dev);
112
113	#ifdef CONFIG_IPSEC_DEBUG
114	extern int debug_tunnel;
115	extern int sysctl_ipsec_debug_verbose;
116	#endif /* CONFIG_IPSEC_DEBUG */
117	#endif /* __KERNEL__ */
118
119	#ifdef CONFIG_IPSEC_DEBUG
120	#define DB_TN_INIT 0x0001
121	#define DB_TN_PROCFS 0x0002
122	#define DB_TN_XMIT 0x0010
123	#define DB_TN_OHDR 0x0020
124	#define DB_TN_CROUT 0x0040
125	#define DB_TN_OXFS 0x0080
126	#define DB_TN_REVEC 0x0100
127	#endif /* CONFIG_IPSEC_DEBUG */
128
129	/*
130	* $Log: ipsec_tunnel.h,v $
131	* Revision 1.1 2004/03/15 20:35:25 as
132	* added files from freeswan-2.04-x509-1.5.3
133	*
134	* Revision 1.28 2003/06/24 20:22:32 mcr
135	* added new global: ipsecdevices[] so that we can keep track of
136	* the ipsecX devices. They will be referenced with dev_hold(),
137	* so 2.2 may need this as well.
138	*
139	* Revision 1.27 2003/04/03 17:38:09 rgb
140	* Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
141	*
142	* Revision 1.26 2003/02/12 19:32:20 rgb
143	* Updated copyright year.
144	*
145	* Revision 1.25 2002/05/27 18:56:07 rgb
146	* Convert to dynamic ipsec device allocation.
147	*
148	* Revision 1.24 2002/04/24 07:36:48 mcr
149	* Moved from ./klips/net/ipsec/ipsec_tunnel.h,v
150	*
151	* Revision 1.23 2001/11/06 19:50:44 rgb
152	* Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for
153	* use also by pfkey_v2_parser.c
154	*
155	* Revision 1.22 2001/09/15 16:24:05 rgb
156	* Re-inject first and last HOLD packet when an eroute REPLACE is done.
157	*
158	* Revision 1.21 2001/06/14 19:35:10 rgb
159	* Update copyright date.
160	*
161	* Revision 1.20 2000/09/15 11:37:02 rgb
162	* Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
163	* IPCOMP zlib deflate code.
164	*
165	* Revision 1.19 2000/09/08 19:12:56 rgb
166	* Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
167	*
168	* Revision 1.18 2000/07/28 13:50:54 rgb
169	* Changed enet_statistics to net_device_stats and added back compatibility
170	* for pre-2.1.19.
171	*
172	* Revision 1.17 1999/11/19 01:12:15 rgb
173	* Purge unneeded proc_info prototypes, now that static linking uses
174	* dynamic proc_info registration.
175	*
176	* Revision 1.16 1999/11/18 18:51:00 rgb
177	* Changed all device registrations for static linking to
178	* dynamic to reduce the number and size of patches.
179	*
180	* Revision 1.15 1999/11/18 04:14:21 rgb
181	* Replaced all kernel version macros to shorter, readable form.
182	* Added CONFIG_PROC_FS compiler directives in case it is shut off.
183	* Added Marc Boucher's 2.3.25 proc patches.
184	*
185	* Revision 1.14 1999/05/25 02:50:10 rgb
186	* Fix kernel version macros for 2.0.x static linking.
187	*
188	* Revision 1.13 1999/05/25 02:41:06 rgb
189	* Add ipsec_klipsdebug support for static linking.
190	*
191	* Revision 1.12 1999/05/05 22:02:32 rgb
192	* Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
193	*
194	* Revision 1.11 1999/04/29 15:19:50 rgb
195	* Add return values to init and cleanup functions.
196	*
197	* Revision 1.10 1999/04/16 16:02:39 rgb
198	* Bump up macro to 4 ipsec I/Fs.
199	*
200	* Revision 1.9 1999/04/15 15:37:25 rgb
201	* Forward check changes from POST1_00 branch.
202	*
203	* Revision 1.5.2.1 1999/04/02 04:26:14 rgb
204	* Backcheck from HEAD, pre1.0.
205	*
206	* Revision 1.8 1999/04/11 00:29:01 henry
207	* GPL boilerplate
208	*
209	* Revision 1.7 1999/04/06 04:54:28 rgb
210	* Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
211	* patch shell fixes.
212	*
213	* Revision 1.6 1999/03/31 05:44:48 rgb
214	* Keep PMTU reduction private.
215	*
216	* Revision 1.5 1999/02/10 22:31:20 rgb
217	* Change rebuild_header member to reflect generality of link layer.
218	*
219	* Revision 1.4 1998/12/01 13:22:04 rgb
220	* Added support for debug printing of version info.
221	*
222	* Revision 1.3 1998/07/29 20:42:46 rgb
223	* Add a macro for clearing all tunnel devices.
224	* Rearrange structures and declarations for sharing with userspace.
225	*
226	* Revision 1.2 1998/06/25 20:01:45 rgb
227	* Make prototypes available for ipsec_init and ipsec proc_dir_entries
228	* for static linking.
229	*
230	* Revision 1.1 1998/06/18 21:27:50 henry
231	* move sources from klips/src to klips/net/ipsec, to keep stupid
232	* kernel-build scripts happier in the presence of symlinks
233	*
234	* Revision 1.3 1998/05/18 21:51:50 rgb
235	* Added macros for num of I/F's and a procfs debug switch.
236	*
237	* Revision 1.2 1998/04/21 21:29:09 rgb
238	* Rearrange debug switches to change on the fly debug output from user
239	* space. Only kernel changes checked in at this time. radij.c was also
240	* changed to temporarily remove buggy debugging code in rj_delete causing
241	* an OOPS and hence, netlink device open errors.
242	*
243	* Revision 1.1 1998/04/09 03:06:13 henry
244	* sources moved up from linux/net/ipsec
245	*
246	* Revision 1.1.1.1 1998/04/08 05:35:05 henry
247	* RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
248	*
249	* Revision 0.5 1997/06/03 04:24:48 ji
250	* Added transport mode.
251	* Changed the way routing is done.
252	* Lots of bug fixes.
253	*
254	* Revision 0.4 1997/01/15 01:28:15 ji
255	* No changes.
256	*
257	* Revision 0.3 1996/11/20 14:39:04 ji
258	* Minor cleanups.
259	* Rationalized debugging code.
260	*
261	* Revision 0.2 1996/11/02 00:18:33 ji
262	* First limited release.
263	*
264	*
265	*/