aboutsummaryrefslogtreecommitdiffstats
path: root/include/rxrpc
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2007-04-26 18:48:28 -0400
committerDavid S. Miller <davem@davemloft.net>2007-04-26 18:48:28 -0400
commit17926a79320afa9b95df6b977b40cca6d8713cea (patch)
tree5cedff43b69520ad17b86783d3752053686ec99c /include/rxrpc
parente19dff1fdd99a25819af74cf0710e147fff4fd3a (diff)
[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both
Provide AF_RXRPC sockets that can be used to talk to AFS servers, or serve answers to AFS clients. KerberosIV security is fully supported. The patches and some example test programs can be found in: http://people.redhat.com/~dhowells/rxrpc/ This will eventually replace the old implementation of kernel-only RxRPC currently resident in net/rxrpc/. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/rxrpc')
-rw-r--r--include/rxrpc/packet.h85
1 files changed, 83 insertions, 2 deletions
diff --git a/include/rxrpc/packet.h b/include/rxrpc/packet.h
index 1447f0aaa0e..452a9bb02d4 100644
--- a/include/rxrpc/packet.h
+++ b/include/rxrpc/packet.h
@@ -33,7 +33,8 @@ struct rxrpc_header
33#define RXRPC_MAXCALLS 4 /* max active calls per conn */ 33#define RXRPC_MAXCALLS 4 /* max active calls per conn */
34#define RXRPC_CHANNELMASK (RXRPC_MAXCALLS-1) /* mask for channel ID */ 34#define RXRPC_CHANNELMASK (RXRPC_MAXCALLS-1) /* mask for channel ID */
35#define RXRPC_CIDMASK (~RXRPC_CHANNELMASK) /* mask for connection ID */ 35#define RXRPC_CIDMASK (~RXRPC_CHANNELMASK) /* mask for connection ID */
36#define RXRPC_CIDSHIFT 2 /* shift for connection ID */ 36#define RXRPC_CIDSHIFT ilog2(RXRPC_MAXCALLS) /* shift for connection ID */
37#define RXRPC_CID_INC (1 << RXRPC_CIDSHIFT) /* connection ID increment */
37 38
38 __be32 callNumber; /* call ID (0 for connection-level packets) */ 39 __be32 callNumber; /* call ID (0 for connection-level packets) */
39#define RXRPC_PROCESS_MAXCALLS (1<<2) /* maximum number of active calls per conn (power of 2) */ 40#define RXRPC_PROCESS_MAXCALLS (1<<2) /* maximum number of active calls per conn (power of 2) */
@@ -62,7 +63,10 @@ struct rxrpc_header
62 63
63 uint8_t userStatus; /* app-layer defined status */ 64 uint8_t userStatus; /* app-layer defined status */
64 uint8_t securityIndex; /* security protocol ID */ 65 uint8_t securityIndex; /* security protocol ID */
65 __be16 _rsvd; /* reserved (used by kerberos security as cksum) */ 66 union {
67 __be16 _rsvd; /* reserved */
68 __be16 cksum; /* kerberos security checksum */
69 };
66 __be16 serviceId; /* service ID */ 70 __be16 serviceId; /* service ID */
67 71
68} __attribute__((packed)); 72} __attribute__((packed));
@@ -124,4 +128,81 @@ struct rxrpc_ackpacket
124 128
125} __attribute__((packed)); 129} __attribute__((packed));
126 130
131/*
132 * ACK packets can have a further piece of information tagged on the end
133 */
134struct rxrpc_ackinfo {
135 __be32 rxMTU; /* maximum Rx MTU size (bytes) [AFS 3.3] */
136 __be32 maxMTU; /* maximum interface MTU size (bytes) [AFS 3.3] */
137 __be32 rwind; /* Rx window size (packets) [AFS 3.4] */
138 __be32 jumbo_max; /* max packets to stick into a jumbo packet [AFS 3.5] */
139};
140
141/*****************************************************************************/
142/*
143 * Kerberos security type-2 challenge packet
144 */
145struct rxkad_challenge {
146 __be32 version; /* version of this challenge type */
147 __be32 nonce; /* encrypted random number */
148 __be32 min_level; /* minimum security level */
149 __be32 __padding; /* padding to 8-byte boundary */
150} __attribute__((packed));
151
152/*****************************************************************************/
153/*
154 * Kerberos security type-2 response packet
155 */
156struct rxkad_response {
157 __be32 version; /* version of this reponse type */
158 __be32 __pad;
159
160 /* encrypted bit of the response */
161 struct {
162 __be32 epoch; /* current epoch */
163 __be32 cid; /* parent connection ID */
164 __be32 checksum; /* checksum */
165 __be32 securityIndex; /* security type */
166 __be32 call_id[4]; /* encrypted call IDs */
167 __be32 inc_nonce; /* challenge nonce + 1 */
168 __be32 level; /* desired level */
169 } encrypted;
170
171 __be32 kvno; /* Kerberos key version number */
172 __be32 ticket_len; /* Kerberos ticket length */
173} __attribute__((packed));
174
175/*****************************************************************************/
176/*
177 * RxRPC-level abort codes
178 */
179#define RX_CALL_DEAD -1 /* call/conn has been inactive and is shut down */
180#define RX_INVALID_OPERATION -2 /* invalid operation requested / attempted */
181#define RX_CALL_TIMEOUT -3 /* call timeout exceeded */
182#define RX_EOF -4 /* unexpected end of data on read op */
183#define RX_PROTOCOL_ERROR -5 /* low-level protocol error */
184#define RX_USER_ABORT -6 /* generic user abort */
185#define RX_ADDRINUSE -7 /* UDP port in use */
186#define RX_DEBUGI_BADTYPE -8 /* bad debugging packet type */
187
188/*
189 * Rx kerberos security abort codes
190 * - unfortunately we have no generalised security abort codes to say things
191 * like "unsupported security", so we have to use these instead and hope the
192 * other side understands
193 */
194#define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */
195#define RXKADPACKETSHORT 19270401 /* packet too short for security challenge */
196#define RXKADLEVELFAIL 19270402 /* security level negotiation failed */
197#define RXKADTICKETLEN 19270403 /* ticket length too short or too long */
198#define RXKADOUTOFSEQUENCE 19270404 /* packet had bad sequence number */
199#define RXKADNOAUTH 19270405 /* caller not authorised */
200#define RXKADBADKEY 19270406 /* illegal key: bad parity or weak */
201#define RXKADBADTICKET 19270407 /* security object was passed a bad ticket */
202#define RXKADUNKNOWNKEY 19270408 /* ticket contained unknown key version number */
203#define RXKADEXPIRED 19270409 /* authentication expired */
204#define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */
205#define RXKADDATALEN 19270411 /* user data too long */
206#define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */
207
127#endif /* _LINUX_RXRPC_PACKET_H */ 208#endif /* _LINUX_RXRPC_PACKET_H */