1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
/*
* Definitions relevant to IPSEC lifetimes
* Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
* and Michael Richardson <mcr@freeswan.org>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: ipsec_life.h,v 1.1 2004/03/15 20:35:25 as Exp $
*
* This file derived from ipsec_xform.h on 2001/9/18 by mcr.
*
*/
/*
* This file describes the book keeping fields for the
* IPsec Security Association Structure. ("ipsec_sa")
*
* This structure is never allocated directly by kernel code,
* (it is always a static/auto or is part of a structure)
* so it does not have a reference count.
*
*/
#ifndef _IPSEC_LIFE_H_
/*
* _count is total count.
* _hard is hard limit (kill SA after this number)
* _soft is soft limit (try to renew SA after this number)
* _last is used in some special cases.
*
*/
struct ipsec_lifetime64
{
__u64 ipl_count;
__u64 ipl_soft;
__u64 ipl_hard;
__u64 ipl_last;
};
struct ipsec_lifetimes
{
/* number of bytes processed */
struct ipsec_lifetime64 ipl_bytes;
/* number of packets processed */
struct ipsec_lifetime64 ipl_packets;
/* time since SA was added */
struct ipsec_lifetime64 ipl_addtime;
/* time since SA was first used */
struct ipsec_lifetime64 ipl_usetime;
/* from rfc2367:
* For CURRENT, the number of different connections,
* endpoints, or flows that the association has been
* allocated towards. For HARD and SOFT, the number of
* these the association may be allocated towards
* before it expires. The concept of a connection,
* flow, or endpoint is system specific.
*
* mcr(2001-9-18) it is unclear what purpose these serve for FreeSWAN.
* They are maintained for PF_KEY compatibility.
*/
struct ipsec_lifetime64 ipl_allocations;
};
enum ipsec_life_alive {
ipsec_life_harddied = -1,
ipsec_life_softdied = 0,
ipsec_life_okay = 1
};
enum ipsec_life_type {
ipsec_life_timebased = 1,
ipsec_life_countbased= 0
};
#define _IPSEC_LIFE_H_
#endif /* _IPSEC_LIFE_H_ */
|
