usr/src/uts/common/inet/tun.h - illumos-gate - Gitiles

 /*
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
  * Common Development and Distribution License (the "License").
  * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
  * See the License for the specific language governing permissions
  * and limitations under the License.
  *
  * When distributing Covered Code, include this CDDL HEADER in each
  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  * If applicable, add the following below this CDDL HEADER, with the
  * fields enclosed by brackets "[]" replaced with your own identifying
  * information: Portions Copyright [yyyy] [name of copyright owner]
  *
  * CDDL HEADER END
  */
 /*
  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */


 #ifndef	_INET_TUN_H
 #define	_INET_TUN_H

 #pragma ident	"%Z%%M%	%I%	%E% SMI"

 #ifdef	__cplusplus
 extern "C" {
 #endif

 /* tunneling module names */
 #define	TUN_NAME	"tun"
 #define	ATUN_NAME	"atun"
 #define	TUN6TO4_NAME	"6to4tun"

 /* IOCTL's for set/getting 6to4 Relay Router(RR) destination IPv4 Address */
 #define	SIOCS6TO4TUNRRADDR	4	/* ipaddr_t */
 #define	SIOCG6TO4TUNRRADDR	5	/* ipaddr_t */

 #ifdef	_KERNEL

 #include <sys/netstack.h>

 #define	TUN_MODID	5134
 #define	ATUN_MODID	5135
 #define	TUN6TO4_MODID	5136

 /*
  * We request ire information for the tunnel destination in order to obtain
  * its path MTU information.  We use that to calculate the link MTU of
  * tunnels.  If the path MTU of the tunnel destination becomes smaller than
  * the link MTU of the tunnel, then we will receive a packet too big (aka
  * fragmentation needed) ICMP error, and we will request new ire
  * information at that time.
  *
  * We also request the ire information periodically to make sure the link
  * MTU of a tunnel doesn't become stale if the path MTU of the tunnel
  * destination becomes larger than the link MTU of the tunnel.  The period
  * for the requests is ten minutes in accordance with rfc1191.
  */
 #define	TUN_IRE_AGE	SEC_TO_TICK(600)
 #define	TUN_IRE_TOO_OLD(atp)	(lbolt - (atp)->tun_ire_lastreq > TUN_IRE_AGE)

 /*
  * The default MTU for automatic and 6to4 tunnels.  We make this as large
  * as possible.  These tunnels communicate with an unknown number of other
  * tunnel endpoints that have potentially differing path MTU's.  We let
  * IPv4 fragmentation take care of packets that are too large.
  */
 #define	ATUN_MTU	(IP_MAXPACKET - sizeof (ipha_t))

 struct	tunstat {
 	struct	kstat_named	tuns_nocanput;
 	struct	kstat_named	tuns_xmtretry;
 	struct	kstat_named	tuns_allocbfail;

 	struct	kstat_named	tuns_ipackets;	/* ifInUcastPkts */
 	struct	kstat_named	tuns_opackets;	/* ifOutUcastPkts */
 	struct	kstat_named	tuns_InErrors;
 	struct	kstat_named	tuns_OutErrors;

 	struct  kstat_named	tuns_rcvbytes;	/* # octets received */
 						/* MIB - ifInOctets */
 	struct  kstat_named	tuns_xmtbytes;  /* # octets transmitted */
 						/* MIB - ifOutOctets */
 	struct  kstat_named	tuns_multircv;	/* # multicast packets */
 						/* delivered to upper layer */
 						/* MIB - ifInNUcastPkts */
 	struct  kstat_named	tuns_multixmt;	/* # multicast packets */
 						/* requested to be sent */
 						/* MIB - ifOutNUcastPkts */
 	struct  kstat_named	tuns_InDiscard;	/* # rcv packets discarded */
 						/* MIB - ifInDiscards */
 	struct  kstat_named	tuns_OutDiscard; /* # xmt packets discarded */
 						/* MIB - ifOutDiscards */
 	struct	kstat_named	tuns_HCInOctets;
 	struct	kstat_named	tuns_HCInUcastPkts;
 	struct	kstat_named	tuns_HCInMulticastPkts;
 	struct	kstat_named	tuns_HCOutOctets;
 	struct	kstat_named	tuns_HCOutUcastPkts;
 	struct	kstat_named	tuns_HCOutMulticastPkts;
 };

 typedef struct tun_stats_s {
 	/* Protected by tun_global_lock. */
 	struct tun_stats_s *ts_next;
 	kmutex_t	ts_lock;		/* protects from here down */
 	struct tun_s	*ts_atp;
 	uint_t		ts_refcnt;
 	uint_t		ts_lower;
 	uint_t		ts_type;
 	t_uscalar_t	ts_ppa;
 	kstat_t		*ts_ksp;
 } tun_stats_t;

 /*  Used for recovery from memory allocation failure */
 typedef struct eventid_s {
 	bufcall_id_t	ev_wbufcid;		/* needed for recovery */
 	bufcall_id_t	ev_rbufcid;		/* needed for recovery */
 	timeout_id_t	ev_wtimoutid;		/* needed for recovery */
 	timeout_id_t	ev_rtimoutid;		/* needed for recovery */
 } eventid_t;

 /* IPv6 destination option header for tunnel encapsulation limit option. */
 struct tun_encap_limit {
 	ip6_dest_t		tel_destopt;
 	struct ip6_opt_tunnel	tel_telopt;
 	char			tel_padn[3];
 };
 #define	IPV6_TUN_ENCAP_OPT_LEN	(sizeof (struct tun_encap_limit))

 /* per-instance data structure */
 /* Note: if t_recnt > 1, then t_indirect must be null */
 typedef struct tun_s {
 	struct tun_s	*tun_next;	/* For linked-list of tunnels by */
 	struct tun_s	**tun_ptpn;	/* ip address. */

 	/* Links v4-upper and v6-upper instances so they can share kstats. */
 	struct tun_s	*tun_kstat_next;

 	queue_t		*tun_wq;
 	kmutex_t	tun_lock;		/* protects from here down */
 	eventid_t	tun_events;
 	t_uscalar_t	tun_state;		/* protected by qwriter */
 	t_uscalar_t	tun_ppa;
 	mblk_t		*tun_iocmp;
 	ipsec_req_t	tun_secinfo;
 	/*
 	 * tun_polcy_index is used to keep track if a tunnel's policy
 	 * was altered by ipsecconf(1m)/PF_POLICY instead of ioctl()s.
 	 * (Only ioctl()s can update this field.)
 	 */
 	uint64_t	tun_policy_index;
 	struct ipsec_tun_pol_s *tun_itp;
 	uint64_t	tun_itp_gen;
 	uint_t		tun_ipsec_overhead;	/* Length of IPsec headers. */
 	uint_t		tun_flags;
 	in6_addr_t	tun_laddr;
 	in6_addr_t	tun_faddr;
 	zoneid_t	tun_zoneid;
 	uint32_t	tun_mtu;
 	uint32_t	tun_notifications;	/* For DL_NOTIFY_IND */
 	int16_t		tun_encap_lim;
 	uint8_t		tun_hop_limit;
 	uint32_t	tun_extra_offset;
 	clock_t		tun_ire_lastreq;
 	union {
 		ipha_t	tun_u_ipha;
 		struct {
 			ip6_t			tun_u_ip6h;
 			struct tun_encap_limit	tun_u_telopt;
 		} tun_u_ip6hdrs;
 		double	tun_u_aligner;
 	} tun_u;
 	dev_t		tun_dev;
 #define	tun_ipha		tun_u.tun_u_ipha
 #define	tun_ip6h		tun_u.tun_u_ip6hdrs.tun_u_ip6h
 #define	tun_telopt		tun_u.tun_u_ip6hdrs.tun_u_telopt
 	tun_stats_t	*tun_stats;
 	char tun_lifname[LIFNAMSIZ];
 	uint32_t tun_nocanput;		/* # input canput() returned false */
 	uint32_t tun_xmtretry;		/* # output canput() returned false */
 	uint32_t tun_allocbfail;	/* # esballoc/allocb failed */

 	/*
 	 *  MIB II variables
 	 */
 	uint32_t tun_InDiscard;
 	uint32_t tun_InErrors;
 	uint32_t tun_OutDiscard;
 	uint32_t tun_OutErrors;

 	uint64_t tun_HCInOctets;	/* # Total Octets received */
 	uint64_t tun_HCInUcastPkts;	/* # Packets delivered */
 	uint64_t tun_HCInMulticastPkts;	/* # Mulitcast Packets delivered */
 	uint64_t tun_HCOutOctets;	/* # Total Octets sent */
 	uint64_t tun_HCOutUcastPkts;	/* # Packets requested */
 	uint64_t tun_HCOutMulticastPkts; /* Multicast Packets requested */
 	netstack_t	*tun_netstack;
 } tun_t;


 /*
  * First 4 bits of flags are used to determine what version of IP is
  * is above the tunnel or below the tunnel
  */

 #define	TUN_U_V4	0x01		/* upper protocol is v4 */
 #define	TUN_U_V6	0x02		/* upper protocol is v6 */
 #define	TUN_L_V4	0x04		/* lower protocol is v4 */
 #define	TUN_L_V6	0x08		/* lower protocol is v6 */
 #define	TUN_UPPER_MASK	(TUN_U_V4 | TUN_U_V6)
 #define	TUN_LOWER_MASK	(TUN_L_V4 | TUN_L_V6)

 /*
  * tunnel flags
  * TUN_BOUND is set when we get the ok ack back for the T_BIND_REQ
  */
 #define	TUN_BOUND		0x010	/* tunnel is bound */
 #define	TUN_BIND_SENT		0x020	/* our version of dl pending */
 #define	TUN_SRC			0x040	/* Source address set */
 #define	TUN_DST			0x080	/* Destination address set */
 #define	TUN_AUTOMATIC		0x100	/* tunnel is an automatic tunnel */
 #define	TUN_FASTPATH		0x200	/* fastpath has been acked */
 #define	TUN_SECURITY		0x400	/* Security properties present */
 #define	TUN_HOP_LIM		0x800	/* Hop limit non-default */
 #define	TUN_ENCAP_LIM		0x1000	/* Encapsulation limit non-default */
 #define	TUN_6TO4		0x2000	/* tunnel is 6to4 tunnel */
 #define	TUN_COMPLEX_SECURITY	0x4000	/* tunnel has full tunnel-mode policy */

 struct old_iftun_req {
 	char		ifta_lifr_name[LIFNAMSIZ]; /* if name */
 	struct sockaddr_storage ifta_saddr;	/* source address */
 	struct sockaddr_storage ifta_daddr;	/* destination address */
 	uint_t		ifta_flags;		/* See below */
 	/* IP version information is read only */
 	enum ifta_proto	ifta_upper;		/* IP version above tunnel */
 	enum ifta_proto	ifta_lower;		/* IP version below tunnel */
 	uint_t		ifta_vers;		/* Version number */
 	uint32_t	ifta_secinfo[IFTUN_SECINFOLEN]; /* Security prefs. */
 };

 #define	OSIOCGTUNPARAM	_IOR('i',  147, struct old_iftun_req)
 							/* get tunnel */
 							/* parameters */
 #define	OSIOCSTUNPARAM	_IOW('i',  148, struct old_iftun_req)
 							/* set tunnel */
 							/* parameters */

 /*
  * Linked list of tunnels.
  */

 #define	TUN_PPA_SZ	64
 #define	TUN_LIST_HASH(ppa)	((ppa) % TUN_PPA_SZ)

 #define	TUN_T_SZ	251
 #define	TUN_BYADDR_LIST_HASH(a) (((a).s6_addr32[3]) % (TUN_T_SZ))

 /*
  * tunnel stack instances
  */
 struct tun_stack {
 	netstack_t	*tuns_netstack;	/* Common netstack */

 	/*
 	 * protects global data structures such as tun_ppa_list
 	 * also protects tun_t at ts_next and *ts_atp
 	 * should be acquired before ts_lock
 	 */
 	kmutex_t	tuns_global_lock;
 	tun_stats_t	*tuns_ppa_list[TUN_PPA_SZ];
 	tun_t		*tuns_byaddr_list[TUN_T_SZ];

 	ipaddr_t	tuns_relay_rtr_addr_v4;
 };
 typedef struct tun_stack tun_stack_t;


 int	tun_open(queue_t *, dev_t *, int, int, cred_t *);
 int	tun_close(queue_t *, int, cred_t *);
 void	tun_rput(queue_t *q, mblk_t  *mp);
 void	tun_rsrv(queue_t *q);
 void	tun_wput(queue_t *q, mblk_t  *mp);
 void	tun_wsrv(queue_t *q);

 extern void tun_ipsec_load_complete(void);

 #endif	/* _KERNEL */

 #ifdef	__cplusplus
 }
 #endif

 #endif	/* _INET_TUN_H */
	/*
	* CDDL HEADER START
	*
	* The contents of this file are subject to the terms of the
	* Common Development and Distribution License (the "License").
	* You may not use this file except in compliance with the License.
	*
	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	* or http://www.opensolaris.org/os/licensing.
	* See the License for the specific language governing permissions
	* and limitations under the License.
	*
	* When distributing Covered Code, include this CDDL HEADER in each
	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	* If applicable, add the following below this CDDL HEADER, with the
	* fields enclosed by brackets "[]" replaced with your own identifying
	* information: Portions Copyright [yyyy] [name of copyright owner]
	*
	* CDDL HEADER END
	*/
	/*
	* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
	* Use is subject to license terms.
	*/


	#ifndef _INET_TUN_H
	#define _INET_TUN_H

	#pragma ident "%Z%%M% %I% %E% SMI"

	#ifdef __cplusplus
	extern "C" {
	#endif

	/* tunneling module names */
	#define TUN_NAME "tun"
	#define ATUN_NAME "atun"
	#define TUN6TO4_NAME "6to4tun"

	/* IOCTL's for set/getting 6to4 Relay Router(RR) destination IPv4 Address */
	#define SIOCS6TO4TUNRRADDR 4 /* ipaddr_t */
	#define SIOCG6TO4TUNRRADDR 5 /* ipaddr_t */

	#ifdef _KERNEL

	#include <sys/netstack.h>

	#define TUN_MODID 5134
	#define ATUN_MODID 5135
	#define TUN6TO4_MODID 5136

	/*
	* We request ire information for the tunnel destination in order to obtain
	* its path MTU information. We use that to calculate the link MTU of
	* tunnels. If the path MTU of the tunnel destination becomes smaller than
	* the link MTU of the tunnel, then we will receive a packet too big (aka
	* fragmentation needed) ICMP error, and we will request new ire
	* information at that time.
	*
	* We also request the ire information periodically to make sure the link
	* MTU of a tunnel doesn't become stale if the path MTU of the tunnel
	* destination becomes larger than the link MTU of the tunnel. The period
	* for the requests is ten minutes in accordance with rfc1191.
	*/
	#define TUN_IRE_AGE SEC_TO_TICK(600)
	#define TUN_IRE_TOO_OLD(atp) (lbolt - (atp)->tun_ire_lastreq > TUN_IRE_AGE)

	/*
	* The default MTU for automatic and 6to4 tunnels. We make this as large
	* as possible. These tunnels communicate with an unknown number of other
	* tunnel endpoints that have potentially differing path MTU's. We let
	* IPv4 fragmentation take care of packets that are too large.
	*/
	#define ATUN_MTU (IP_MAXPACKET - sizeof (ipha_t))

	struct tunstat {
	struct kstat_named tuns_nocanput;
	struct kstat_named tuns_xmtretry;
	struct kstat_named tuns_allocbfail;

	struct kstat_named tuns_ipackets; /* ifInUcastPkts */
	struct kstat_named tuns_opackets; /* ifOutUcastPkts */
	struct kstat_named tuns_InErrors;
	struct kstat_named tuns_OutErrors;

	struct kstat_named tuns_rcvbytes; /* # octets received */
	/* MIB - ifInOctets */
	struct kstat_named tuns_xmtbytes; /* # octets transmitted */
	/* MIB - ifOutOctets */
	struct kstat_named tuns_multircv; /* # multicast packets */
	/* delivered to upper layer */
	/* MIB - ifInNUcastPkts */
	struct kstat_named tuns_multixmt; /* # multicast packets */
	/* requested to be sent */
	/* MIB - ifOutNUcastPkts */
	struct kstat_named tuns_InDiscard; /* # rcv packets discarded */
	/* MIB - ifInDiscards */
	struct kstat_named tuns_OutDiscard; /* # xmt packets discarded */
	/* MIB - ifOutDiscards */
	struct kstat_named tuns_HCInOctets;
	struct kstat_named tuns_HCInUcastPkts;
	struct kstat_named tuns_HCInMulticastPkts;
	struct kstat_named tuns_HCOutOctets;
	struct kstat_named tuns_HCOutUcastPkts;
	struct kstat_named tuns_HCOutMulticastPkts;
	};

	typedef struct tun_stats_s {
	/* Protected by tun_global_lock. */
	struct tun_stats_s *ts_next;
	kmutex_t ts_lock; /* protects from here down */
	struct tun_s *ts_atp;
	uint_t ts_refcnt;
	uint_t ts_lower;
	uint_t ts_type;
	t_uscalar_t ts_ppa;
	kstat_t *ts_ksp;
	} tun_stats_t;

	/* Used for recovery from memory allocation failure */
	typedef struct eventid_s {
	bufcall_id_t ev_wbufcid; /* needed for recovery */
	bufcall_id_t ev_rbufcid; /* needed for recovery */
	timeout_id_t ev_wtimoutid; /* needed for recovery */
	timeout_id_t ev_rtimoutid; /* needed for recovery */
	} eventid_t;

	/* IPv6 destination option header for tunnel encapsulation limit option. */
	struct tun_encap_limit {
	ip6_dest_t tel_destopt;
	struct ip6_opt_tunnel tel_telopt;
	char tel_padn[3];
	};
	#define IPV6_TUN_ENCAP_OPT_LEN (sizeof (struct tun_encap_limit))

	/* per-instance data structure */
	/* Note: if t_recnt > 1, then t_indirect must be null */
	typedef struct tun_s {
	struct tun_s tun_next; / For linked-list of tunnels by */
	struct tun_s *tun_ptpn; / ip address. */

	/* Links v4-upper and v6-upper instances so they can share kstats. */
	struct tun_s *tun_kstat_next;

	queue_t *tun_wq;
	kmutex_t tun_lock; /* protects from here down */
	eventid_t tun_events;
	t_uscalar_t tun_state; /* protected by qwriter */
	t_uscalar_t tun_ppa;
	mblk_t *tun_iocmp;
	ipsec_req_t tun_secinfo;
	/*
	* tun_polcy_index is used to keep track if a tunnel's policy
	* was altered by ipsecconf(1m)/PF_POLICY instead of ioctl()s.
	* (Only ioctl()s can update this field.)
	*/
	uint64_t tun_policy_index;
	struct ipsec_tun_pol_s *tun_itp;
	uint64_t tun_itp_gen;
	uint_t tun_ipsec_overhead; /* Length of IPsec headers. */
	uint_t tun_flags;
	in6_addr_t tun_laddr;
	in6_addr_t tun_faddr;
	zoneid_t tun_zoneid;
	uint32_t tun_mtu;
	uint32_t tun_notifications; /* For DL_NOTIFY_IND */
	int16_t tun_encap_lim;
	uint8_t tun_hop_limit;
	uint32_t tun_extra_offset;
	clock_t tun_ire_lastreq;
	union {
	ipha_t tun_u_ipha;
	struct {
	ip6_t tun_u_ip6h;
	struct tun_encap_limit tun_u_telopt;
	} tun_u_ip6hdrs;
	double tun_u_aligner;
	} tun_u;
	dev_t tun_dev;
	#define tun_ipha tun_u.tun_u_ipha
	#define tun_ip6h tun_u.tun_u_ip6hdrs.tun_u_ip6h
	#define tun_telopt tun_u.tun_u_ip6hdrs.tun_u_telopt
	tun_stats_t *tun_stats;
	char tun_lifname[LIFNAMSIZ];
	uint32_t tun_nocanput; /* # input canput() returned false */
	uint32_t tun_xmtretry; /* # output canput() returned false */
	uint32_t tun_allocbfail; /* # esballoc/allocb failed */

	/*
	* MIB II variables
	*/
	uint32_t tun_InDiscard;
	uint32_t tun_InErrors;
	uint32_t tun_OutDiscard;
	uint32_t tun_OutErrors;

	uint64_t tun_HCInOctets; /* # Total Octets received */
	uint64_t tun_HCInUcastPkts; /* # Packets delivered */
	uint64_t tun_HCInMulticastPkts; /* # Mulitcast Packets delivered */
	uint64_t tun_HCOutOctets; /* # Total Octets sent */
	uint64_t tun_HCOutUcastPkts; /* # Packets requested */
	uint64_t tun_HCOutMulticastPkts; /* Multicast Packets requested */
	netstack_t *tun_netstack;
	} tun_t;


	/*
	* First 4 bits of flags are used to determine what version of IP is
	* is above the tunnel or below the tunnel
	*/

	#define TUN_U_V4 0x01 /* upper protocol is v4 */
	#define TUN_U_V6 0x02 /* upper protocol is v6 */
	#define TUN_L_V4 0x04 /* lower protocol is v4 */
	#define TUN_L_V6 0x08 /* lower protocol is v6 */
	#define TUN_UPPER_MASK (TUN_U_V4 \| TUN_U_V6)
	#define TUN_LOWER_MASK (TUN_L_V4 \| TUN_L_V6)

	/*
	* tunnel flags
	* TUN_BOUND is set when we get the ok ack back for the T_BIND_REQ
	*/
	#define TUN_BOUND 0x010 /* tunnel is bound */
	#define TUN_BIND_SENT 0x020 /* our version of dl pending */
	#define TUN_SRC 0x040 /* Source address set */
	#define TUN_DST 0x080 /* Destination address set */
	#define TUN_AUTOMATIC 0x100 /* tunnel is an automatic tunnel */
	#define TUN_FASTPATH 0x200 /* fastpath has been acked */
	#define TUN_SECURITY 0x400 /* Security properties present */
	#define TUN_HOP_LIM 0x800 /* Hop limit non-default */
	#define TUN_ENCAP_LIM 0x1000 /* Encapsulation limit non-default */
	#define TUN_6TO4 0x2000 /* tunnel is 6to4 tunnel */
	#define TUN_COMPLEX_SECURITY 0x4000 /* tunnel has full tunnel-mode policy */

	struct old_iftun_req {
	char ifta_lifr_name[LIFNAMSIZ]; /* if name */
	struct sockaddr_storage ifta_saddr; /* source address */
	struct sockaddr_storage ifta_daddr; /* destination address */
	uint_t ifta_flags; /* See below */
	/* IP version information is read only */
	enum ifta_proto ifta_upper; /* IP version above tunnel */
	enum ifta_proto ifta_lower; /* IP version below tunnel */
	uint_t ifta_vers; /* Version number */
	uint32_t ifta_secinfo[IFTUN_SECINFOLEN]; /* Security prefs. */
	};

	#define OSIOCGTUNPARAM _IOR('i', 147, struct old_iftun_req)
	/* get tunnel */
	/* parameters */
	#define OSIOCSTUNPARAM _IOW('i', 148, struct old_iftun_req)
	/* set tunnel */
	/* parameters */

	/*
	* Linked list of tunnels.
	*/

	#define TUN_PPA_SZ 64
	#define TUN_LIST_HASH(ppa) ((ppa) % TUN_PPA_SZ)

	#define TUN_T_SZ 251
	#define TUN_BYADDR_LIST_HASH(a) (((a).s6_addr32[3]) % (TUN_T_SZ))

	/*
	* tunnel stack instances
	*/
	struct tun_stack {
	netstack_t tuns_netstack; / Common netstack */

	/*
	* protects global data structures such as tun_ppa_list
	* also protects tun_t at ts_next and *ts_atp
	* should be acquired before ts_lock
	*/
	kmutex_t tuns_global_lock;
	tun_stats_t *tuns_ppa_list[TUN_PPA_SZ];
	tun_t *tuns_byaddr_list[TUN_T_SZ];

	ipaddr_t tuns_relay_rtr_addr_v4;
	};
	typedef struct tun_stack tun_stack_t;


	int tun_open(queue_t , dev_t , int, int, cred_t *);
	int tun_close(queue_t , int, cred_t );
	void tun_rput(queue_t q, mblk_t mp);
	void tun_rsrv(queue_t *q);
	void tun_wput(queue_t q, mblk_t mp);
	void tun_wsrv(queue_t *q);

	extern void tun_ipsec_load_complete(void);

	#endif /* _KERNEL */

	#ifdef __cplusplus
	}
	#endif

	#endif /* _INET_TUN_H */