![[BACK]](/icons/back.gif){kind=icon}
Return to if_sec.h CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / sys / net|
Return to if_sec.h CVS log | Up to [local] / src / sys / net |
| File: [local] / src / sys / net / if_sec.h (download)
Revision 1.1, Mon Aug 7 01:57:33 2023 UTC (10 months ago) by dlg
add sec(4) to support route based ipsec vpns. ipsec security associations (SAs, aka tdbs inside the kernel) can now specify that they're to be used with an interface (using TDBF_IFACE) rather than the ipsec security policy database. sec(4) is the driver providing that interface. the name is specifically chosen to not be ipsec(4) because that's already taken by the manpage for the ipsec stack generally. sec(4) is short, easy to type and pronounce, and kind of sounds like ipsec anyway. the names for this type of interface in other platforms seems to be universally terrible and too generic, so i didn't want to copy any of those either. sec(4) can be considered equivalent to gif(4) protected by ipsec, and on the wire it actually looks the same. sec(4) exists to better support how security associations for route-based ipsec VPNs are negotiated and to avoid SPD entries for them. the code is a little green, but i'm putting it in now so it can be hacked on in the tree. support from many including markus@ tobhe@ claudio@ sthen@ patrick@ now is a good time deraadt@ |
/* $OpenBSD: if_sec.h,v 1.1 2023/08/07 01:57:33 dlg Exp $ */ /* * Copyright (c) 2023 David Gwynne <dlg@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _NET_IF_SEC_H #define _NET_IF_SEC_H #ifdef _KERNEL struct sec_softc; struct tdb; /* * let the IPsec stack hand packets to sec(4) for input */ struct sec_softc *sec_get(unsigned int); void sec_input(struct sec_softc * , int, int, struct mbuf *); void sec_put(struct sec_softc *); /* * let the IPsec stack give tdbs to sec(4) for output */ void sec_tdb_insert(struct tdb *); void sec_tdb_remove(struct tdb *); #endif /* _KERNEL */ #endif /* _NET_IF_SEC_H */