diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2006-03-20 22:16:40 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-20 22:16:40 -0500 |
commit | 980ebd25794f0f87ac32844e2c73e9e81f0a72ba (patch) | |
tree | da52df6e31bd4b2527c223ca2585e0d792bf3ea2 /include/net | |
parent | d51d081d65048a7a6f9956a7809c3bb504f3b95d (diff) |
[IPSEC]: Sync series - acquire insert
This introduces a feature similar to the one described in RFC 2367:
"
... the application needing an SA sends a PF_KEY
SADB_ACQUIRE message down to the Key Engine, which then either
returns an error or sends a similar SADB_ACQUIRE message up to one or
more key management applications capable of creating such SAs.
...
...
The third is where an application-layer consumer of security
associations (e.g. an OSPFv2 or RIPv2 daemon) needs a security
association.
Send an SADB_ACQUIRE message from a user process to the kernel.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The kernel returns an SADB_ACQUIRE message to registered
sockets.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The user-level consumer waits for an SADB_UPDATE or SADB_ADD
message for its particular type, and then can use that
association by using SADB_GET messages.
"
An app such as OSPF could then use ipsec KM to get keys
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/xfrm.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index bc005e62e434..30a940b147b0 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -214,10 +214,10 @@ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); | |||
214 | extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); | 214 | extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); |
215 | extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); | 215 | extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); |
216 | extern void km_state_notify(struct xfrm_state *x, struct km_event *c); | 216 | extern void km_state_notify(struct xfrm_state *x, struct km_event *c); |
217 | |||
218 | #define XFRM_ACQ_EXPIRES 30 | 217 | #define XFRM_ACQ_EXPIRES 30 |
219 | 218 | ||
220 | struct xfrm_tmpl; | 219 | struct xfrm_tmpl; |
220 | extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); | ||
221 | struct xfrm_state_afinfo { | 221 | struct xfrm_state_afinfo { |
222 | unsigned short family; | 222 | unsigned short family; |
223 | rwlock_t lock; | 223 | rwlock_t lock; |