-/* $OpenBSD: in.h,v 1.7 1997/02/20 01:07:45 deraadt Exp $ */
+/* $OpenBSD: in.h,v 1.8 1997/02/28 03:44:52 angelos Exp $ */
/* $NetBSD: in.h,v 1.20 1996/02/13 23:41:47 christos Exp $ */
/*
#define IP_DROP_MEMBERSHIP 13 /* ip_mreq; drop an IP group membership */
/* 14-17 left empty for future compatibility with FreeBSD */
#define IP_PORTRANGE 19 /* int; range to choose for unspec port */
+#define IP_AUTH_LEVEL 20 /* u_char; authentication used */
+#define IP_ESP_TRANS_LEVEL 21 /* u_char; transport encryption */
+#define IP_ESP_NETWORK_LEVEL 22 /* u_char; full-packet encryption */
+
+
+/*
+ * Security levels - IPsec, not IPSO
+ */
+
+#define IPSEC_LEVEL_BYPASS 0x00 /* Bypass policy altogether */
+#define IPSEC_LEVEL_NONE 0x00 /* Send clear, accept any */
+#define IPSEC_LEVEL_AVAIL 0x01 /* Send secure if SA available */
+#define IPSEC_LEVEL_USE 0x02 /* Send secure, accept any */
+#define IPSEC_LEVEL_REQUIRE 0x03 /* Require secure inbound, also use */
+#define IPSEC_LEVEL_UNIQUE 0x04 /* Use outbound SA that is unique */
+#define IPSEC_LEVEL_DEFAULT IPSEC_LEVEL_NONE
+
+#define IPSEC_AUTH_LEVEL_DEFAULT IPSEC_LEVEL_DEFAULT
+#define IPSEC_ESP_TRANS_LEVEL_DEFAULT IPSEC_LEVEL_DEFAULT
+#define IPSEC_ESP_NETWORK_LEVEL_DEFAULT IPSEC_LEVEL_DEFAULT
+
/*
* Defaults and limits for options
-/* $OpenBSD: ip_input.c,v 1.24 1997/02/22 13:25:28 angelos Exp $ */
+/* $OpenBSD: ip_input.c,v 1.25 1997/02/28 03:44:53 angelos Exp $ */
/* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
/*
int ipprintfs = 0;
#endif
+u_char ipsec_auth_default_level = IPSEC_AUTH_LEVEL_DEFAULT;
+u_char ipsec_esp_trans_default_level = IPSEC_ESP_TRANS_LEVEL_DEFAULT;
+u_char ipsec_esp_network_default_level = IPSEC_ESP_NETWORK_LEVEL_DEFAULT;
+
/* from in_pcb.c */
extern int ipport_firstauto;
extern int ipport_lastauto;
-/* $OpenBSD: ip_output.c,v 1.7 1997/02/20 01:08:06 deraadt Exp $ */
+/* $OpenBSD: ip_output.c,v 1.8 1997/02/28 03:44:54 angelos Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
}
break;
+ case IP_AUTH_LEVEL:
+ case IP_ESP_TRANS_LEVEL:
+ case IP_ESP_NETWORK_LEVEL:
+#ifndef IPSEC
+ error = EINVAL;
+#else
+ if (m == 0 || m->m_len != sizeof(u_char))
+ error = EINVAL;
+ else {
+ optval = *mtod(m, u_char *);
+
+ switch (optname) {
+ case IP_AUTH_LEVEL:
+ so->so_seclevel[SL_AUTH] = optval;
+ break;
+
+ case IP_ESP_TRANS_LEVEL:
+ so->so_seclevel[SL_ESP_TRANS] = optval;
+ break;
+
+ case IP_ESP_NETWORK_LEVEL:
+ so->so_seclevel[SL_ESP_NETWORK] = optval;
+ break;
+ }
+
+ }
+#endif
+ break;
+
default:
error = ENOPROTOOPT;
break;
*mtod(m, int *) = optval;
break;
+ case IP_AUTH_LEVEL:
+ case IP_ESP_TRANS_LEVEL:
+ case IP_ESP_NETWORK_LEVEL:
+#ifndef IPSEC
+ *mtod(m, int *) = IPSEC_LEVEL_NONE;
+#else
+ switch (optname) {
+ case IP_AUTH_LEVEL:
+ optval = so->so_seclevel[SL_AUTH];
+ break;
+
+ case IP_ESP_TRANS_LEVEL:
+ optval = so->so_seclevel[SL_ESP_TRANS];
+ break;
+
+ case IP_ESP_NETWORK_LEVEL:
+ optval = so->so_seclevel[SL_ESP_NETWORK];
+ break;
+ }
+
+ *mtod(m, int *) = optval;
+#endif
+ break;
+
default:
error = ENOPROTOOPT;
break;
projects / openbsd / commitdiff