Annotation of sys/net/pfkeyv2.h, Revision 1.1
1.1 ! nbrk 1: /* $OpenBSD: pfkeyv2.h,v 1.56 2006/11/24 13:52:14 reyk Exp $ */
! 2: /*
! 3: * @(#)COPYRIGHT 1.1 (NRL) January 1998
! 4: *
! 5: * NRL grants permission for redistribution and use in source and binary
! 6: * forms, with or without modification, of the software and documentation
! 7: * created at NRL provided that the following conditions are met:
! 8: *
! 9: * 1. Redistributions of source code must retain the above copyright
! 10: * notice, this list of conditions and the following disclaimer.
! 11: * 2. Redistributions in binary form must reproduce the above copyright
! 12: * notice, this list of conditions and the following disclaimer in the
! 13: * documentation and/or other materials provided with the distribution.
! 14: * 3. All advertising materials mentioning features or use of this software
! 15: * must display the following acknowledgements:
! 16: * This product includes software developed by the University of
! 17: * California, Berkeley and its contributors.
! 18: * This product includes software developed at the Information
! 19: * Technology Division, US Naval Research Laboratory.
! 20: * 4. Neither the name of the NRL nor the names of its contributors
! 21: * may be used to endorse or promote products derived from this software
! 22: * without specific prior written permission.
! 23: *
! 24: * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
! 25: * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
! 26: * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
! 27: * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
! 28: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
! 29: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
! 30: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
! 31: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
! 32: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
! 33: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
! 34: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 35: *
! 36: * The views and conclusions contained in the software and documentation
! 37: * are those of the authors and should not be interpreted as representing
! 38: * official policies, either expressed or implied, of the US Naval
! 39: * Research Laboratory (NRL).
! 40: */
! 41:
! 42: #ifndef _NET_PFKEY_V2_H_
! 43: #define _NET_PFKEY_V2_H_
! 44:
! 45: #define PF_KEY_V2 2
! 46: #define PFKEYV2_REVISION 199806L
! 47:
! 48: /* This should be updated whenever the API is altered. */
! 49: #define _OPENBSD_IPSEC_API_VERSION 2
! 50:
! 51: #define SADB_RESERVED 0
! 52: #define SADB_GETSPI 1
! 53: #define SADB_UPDATE 2
! 54: #define SADB_ADD 3
! 55: #define SADB_DELETE 4
! 56: #define SADB_GET 5
! 57: #define SADB_ACQUIRE 6
! 58: #define SADB_REGISTER 7
! 59: #define SADB_EXPIRE 8
! 60: #define SADB_FLUSH 9
! 61: #define SADB_DUMP 10
! 62: #define SADB_X_PROMISC 11
! 63: #define SADB_X_ADDFLOW 12
! 64: #define SADB_X_DELFLOW 13
! 65: #define SADB_X_GRPSPIS 14
! 66: #define SADB_X_ASKPOLICY 15
! 67: #define SADB_X_SPDDUMP 16
! 68: #define SADB_MAX 16
! 69:
! 70: struct sadb_msg {
! 71: uint8_t sadb_msg_version;
! 72: uint8_t sadb_msg_type;
! 73: uint8_t sadb_msg_errno;
! 74: uint8_t sadb_msg_satype;
! 75: uint16_t sadb_msg_len;
! 76: uint16_t sadb_msg_reserved;
! 77: uint32_t sadb_msg_seq;
! 78: uint32_t sadb_msg_pid;
! 79: };
! 80:
! 81: struct sadb_ext {
! 82: uint16_t sadb_ext_len;
! 83: uint16_t sadb_ext_type;
! 84: };
! 85:
! 86: struct sadb_sa {
! 87: uint16_t sadb_sa_len;
! 88: uint16_t sadb_sa_exttype;
! 89: uint32_t sadb_sa_spi;
! 90: uint8_t sadb_sa_replay;
! 91: uint8_t sadb_sa_state;
! 92: uint8_t sadb_sa_auth;
! 93: uint8_t sadb_sa_encrypt;
! 94: uint32_t sadb_sa_flags;
! 95: };
! 96:
! 97: struct sadb_lifetime {
! 98: uint16_t sadb_lifetime_len;
! 99: uint16_t sadb_lifetime_exttype;
! 100: uint32_t sadb_lifetime_allocations;
! 101: uint64_t sadb_lifetime_bytes;
! 102: uint64_t sadb_lifetime_addtime;
! 103: uint64_t sadb_lifetime_usetime;
! 104: };
! 105:
! 106: struct sadb_address {
! 107: uint16_t sadb_address_len;
! 108: uint16_t sadb_address_exttype;
! 109: uint32_t sadb_address_reserved;
! 110: };
! 111:
! 112: struct sadb_key {
! 113: uint16_t sadb_key_len;
! 114: uint16_t sadb_key_exttype;
! 115: uint16_t sadb_key_bits;
! 116: uint16_t sadb_key_reserved;
! 117: };
! 118:
! 119: struct sadb_ident {
! 120: uint16_t sadb_ident_len;
! 121: uint16_t sadb_ident_exttype;
! 122: uint16_t sadb_ident_type;
! 123: uint16_t sadb_ident_reserved;
! 124: uint64_t sadb_ident_id;
! 125: };
! 126:
! 127: struct sadb_sens {
! 128: uint16_t sadb_sens_len;
! 129: uint16_t sadb_sens_exttype;
! 130: uint32_t sadb_sens_dpd;
! 131: uint8_t sadb_sens_sens_level;
! 132: uint8_t sadb_sens_sens_len;
! 133: uint8_t sadb_sens_integ_level;
! 134: uint8_t sadb_sens_integ_len;
! 135: uint32_t sadb_sens_reserved;
! 136: };
! 137:
! 138: struct sadb_prop {
! 139: uint16_t sadb_prop_len;
! 140: uint16_t sadb_prop_exttype;
! 141: uint8_t sadb_prop_num;
! 142: uint8_t sadb_prop_replay;
! 143: uint16_t sadb_prop_reserved;
! 144: };
! 145:
! 146: struct sadb_comb {
! 147: uint8_t sadb_comb_auth;
! 148: uint8_t sadb_comb_encrypt;
! 149: uint16_t sadb_comb_flags;
! 150: uint16_t sadb_comb_auth_minbits;
! 151: uint16_t sadb_comb_auth_maxbits;
! 152: uint16_t sadb_comb_encrypt_minbits;
! 153: uint16_t sadb_comb_encrypt_maxbits;
! 154: uint32_t sadb_comb_reserved;
! 155: uint32_t sadb_comb_soft_allocations;
! 156: uint32_t sadb_comb_hard_allocations;
! 157: uint64_t sadb_comb_soft_bytes;
! 158: uint64_t sadb_comb_hard_bytes;
! 159: uint64_t sadb_comb_soft_addtime;
! 160: uint64_t sadb_comb_hard_addtime;
! 161: uint64_t sadb_comb_soft_usetime;
! 162: uint64_t sadb_comb_hard_usetime;
! 163: };
! 164:
! 165: struct sadb_supported {
! 166: uint16_t sadb_supported_len;
! 167: uint16_t sadb_supported_exttype;
! 168: uint32_t sadb_supported_reserved;
! 169: };
! 170:
! 171: struct sadb_alg {
! 172: uint8_t sadb_alg_id;
! 173: uint8_t sadb_alg_ivlen;
! 174: uint16_t sadb_alg_minbits;
! 175: uint16_t sadb_alg_maxbits;
! 176: uint16_t sadb_alg_reserved;
! 177: };
! 178:
! 179: struct sadb_spirange {
! 180: uint16_t sadb_spirange_len;
! 181: uint16_t sadb_spirange_exttype;
! 182: uint32_t sadb_spirange_min;
! 183: uint32_t sadb_spirange_max;
! 184: uint32_t sadb_spirange_reserved;
! 185: };
! 186:
! 187: struct sadb_protocol {
! 188: uint16_t sadb_protocol_len;
! 189: uint16_t sadb_protocol_exttype;
! 190: uint8_t sadb_protocol_proto;
! 191: uint8_t sadb_protocol_direction;
! 192: uint8_t sadb_protocol_flags;
! 193: uint8_t sadb_protocol_reserved2;
! 194: };
! 195:
! 196: struct sadb_x_policy {
! 197: uint16_t sadb_x_policy_len;
! 198: uint16_t sadb_x_policy_exttype;
! 199: u_int32_t sadb_x_policy_seq;
! 200: };
! 201:
! 202: struct sadb_x_cred {
! 203: uint16_t sadb_x_cred_len;
! 204: uint16_t sadb_x_cred_exttype;
! 205: uint16_t sadb_x_cred_type;
! 206: uint16_t sadb_x_cred_reserved;
! 207: };
! 208:
! 209: struct sadb_x_udpencap {
! 210: uint16_t sadb_x_udpencap_len;
! 211: uint16_t sadb_x_udpencap_exttype;
! 212: uint16_t sadb_x_udpencap_port;
! 213: uint16_t sadb_x_udpencap_reserved;
! 214: };
! 215:
! 216: struct sadb_x_tag {
! 217: uint16_t sadb_x_tag_len;
! 218: uint16_t sadb_x_tag_exttype;
! 219: u_int32_t sadb_x_tag_taglen;
! 220: };
! 221:
! 222: #ifdef _KERNEL
! 223: #define SADB_X_GETSPROTO(x) \
! 224: ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
! 225: (x) == SADB_SATYPE_ESP ? IPPROTO_ESP :\
! 226: (x) == SADB_X_SATYPE_TCPSIGNATURE ? IPPROTO_TCP :\
! 227: (x) == SADB_X_SATYPE_IPCOMP ? IPPROTO_IPCOMP: IPPROTO_IPIP )
! 228: #endif
! 229:
! 230: #define SADB_EXT_RESERVED 0
! 231: #define SADB_EXT_SA 1
! 232: #define SADB_EXT_LIFETIME_CURRENT 2
! 233: #define SADB_EXT_LIFETIME_HARD 3
! 234: #define SADB_EXT_LIFETIME_SOFT 4
! 235: #define SADB_EXT_ADDRESS_SRC 5
! 236: #define SADB_EXT_ADDRESS_DST 6
! 237: #define SADB_EXT_ADDRESS_PROXY 7
! 238: #define SADB_EXT_KEY_AUTH 8
! 239: #define SADB_EXT_KEY_ENCRYPT 9
! 240: #define SADB_EXT_IDENTITY_SRC 10
! 241: #define SADB_EXT_IDENTITY_DST 11
! 242: #define SADB_EXT_SENSITIVITY 12
! 243: #define SADB_EXT_PROPOSAL 13
! 244: #define SADB_EXT_SUPPORTED_AUTH 14
! 245: #define SADB_EXT_SUPPORTED_ENCRYPT 15
! 246: #define SADB_EXT_SPIRANGE 16
! 247: #define SADB_X_EXT_SRC_MASK 17
! 248: #define SADB_X_EXT_DST_MASK 18
! 249: #define SADB_X_EXT_PROTOCOL 19
! 250: #define SADB_X_EXT_FLOW_TYPE 20
! 251: #define SADB_X_EXT_SRC_FLOW 21
! 252: #define SADB_X_EXT_DST_FLOW 22
! 253: #define SADB_X_EXT_SA2 23
! 254: #define SADB_X_EXT_DST2 24
! 255: #define SADB_X_EXT_POLICY 25
! 256: #define SADB_X_EXT_LOCAL_CREDENTIALS 26
! 257: #define SADB_X_EXT_REMOTE_CREDENTIALS 27
! 258: #define SADB_X_EXT_LOCAL_AUTH 28
! 259: #define SADB_X_EXT_REMOTE_AUTH 29
! 260: #define SADB_X_EXT_SUPPORTED_COMP 30
! 261: #define SADB_X_EXT_UDPENCAP 31
! 262: #define SADB_X_EXT_LIFETIME_LASTUSE 32
! 263: #define SADB_X_EXT_TAG 33
! 264: #define SADB_EXT_MAX 33
! 265:
! 266: /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
! 267: #define SADB_SATYPE_UNSPEC 0
! 268: #define SADB_SATYPE_AH 1
! 269: #define SADB_SATYPE_ESP 2
! 270: #define SADB_SATYPE_RSVP 3
! 271: #define SADB_SATYPE_OSPFV2 4
! 272: #define SADB_SATYPE_RIPV2 5
! 273: #define SADB_SATYPE_MIP 6
! 274: #define SADB_X_SATYPE_IPIP 7
! 275: #define SADB_X_SATYPE_TCPSIGNATURE 8
! 276: #define SADB_X_SATYPE_IPCOMP 9
! 277: #define SADB_SATYPE_MAX 9
! 278:
! 279: #define SADB_SASTATE_LARVAL 0
! 280: #define SADB_SASTATE_MATURE 1
! 281: #define SADB_SASTATE_DYING 2
! 282: #define SADB_SASTATE_DEAD 3
! 283: #define SADB_SASTATE_MAX 3
! 284:
! 285: #define SADB_AALG_NONE 0
! 286: #define SADB_AALG_MD5HMAC 2
! 287: #define SADB_AALG_SHA1HMAC 3
! 288: #define SADB_X_AALG_DES 4
! 289: #define SADB_X_AALG_SHA2_256 5
! 290: #define SADB_X_AALG_SHA2_384 6
! 291: #define SADB_X_AALG_SHA2_512 7
! 292: #define SADB_X_AALG_RIPEMD160HMAC 8
! 293: #define SADB_X_AALG_MD5 249
! 294: #define SADB_X_AALG_SHA1 250
! 295: #define SADB_AALG_MAX 250
! 296:
! 297: #define SADB_EALG_NONE 0
! 298: #define SADB_X_EALG_DES_IV64 1
! 299: #define SADB_EALG_DESCBC 2
! 300: #define SADB_EALG_3DESCBC 3
! 301: #define SADB_X_EALG_RC5 4
! 302: #define SADB_X_EALG_IDEA 5
! 303: #define SADB_X_EALG_CAST 6
! 304: #define SADB_X_EALG_BLF 7
! 305: #define SADB_X_EALG_3IDEA 8
! 306: #define SADB_X_EALG_DES_IV32 9
! 307: #define SADB_X_EALG_RC4 10
! 308: #define SADB_EALG_NULL 11
! 309: #define SADB_X_EALG_AES 12
! 310: #define SADB_X_EALG_AESCTR 13
! 311: #define SADB_X_EALG_SKIPJACK 249
! 312: #define SADB_EALG_MAX 249
! 313:
! 314: #define SADB_X_CALG_NONE 0
! 315: #define SADB_X_CALG_OUI 1
! 316: #define SADB_X_CALG_DEFLATE 2
! 317: #define SADB_X_CALG_LZS 3
! 318: #define SADB_X_CALG_MAX 3
! 319:
! 320: #define SADB_SAFLAGS_PFS 0x001 /* perfect forward secrecy */
! 321: #define SADB_X_SAFLAGS_HALFIV 0x002 /* Used for ESP-old */
! 322: #define SADB_X_SAFLAGS_TUNNEL 0x004 /* Force tunneling */
! 323: #define SADB_X_SAFLAGS_CHAINDEL 0x008 /* Delete whole SA chain */
! 324: #define SADB_X_SAFLAGS_RANDOMPADDING 0x080 /* Random ESP padding */
! 325: #define SADB_X_SAFLAGS_NOREPLAY 0x100 /* No replay counter */
! 326: #define SADB_X_SAFLAGS_UDPENCAP 0x200 /* ESP in UDP */
! 327:
! 328: #define SADB_X_POLICYFLAGS_POLICY 0x0001 /* This is a static policy */
! 329:
! 330: #define SADB_IDENTTYPE_RESERVED 0
! 331: #define SADB_IDENTTYPE_PREFIX 1
! 332: #define SADB_IDENTTYPE_FQDN 2
! 333: #define SADB_IDENTTYPE_USERFQDN 3
! 334: #define SADB_X_IDENTTYPE_CONNECTION 4
! 335: #define SADB_IDENTTYPE_MAX 4
! 336:
! 337: #define SADB_KEY_FLAGS_MAX 0
! 338:
! 339: #ifdef _KERNEL
! 340: #define PFKEYV2_LIFETIME_HARD 0
! 341: #define PFKEYV2_LIFETIME_SOFT 1
! 342: #define PFKEYV2_LIFETIME_CURRENT 2
! 343: #define PFKEYV2_LIFETIME_LASTUSE 3
! 344:
! 345: #define PFKEYV2_IDENTITY_SRC 0
! 346: #define PFKEYV2_IDENTITY_DST 1
! 347:
! 348: #define PFKEYV2_ENCRYPTION_KEY 0
! 349: #define PFKEYV2_AUTHENTICATION_KEY 1
! 350:
! 351: #define PFKEYV2_SOCKETFLAGS_REGISTERED 1
! 352: #define PFKEYV2_SOCKETFLAGS_PROMISC 2
! 353:
! 354: #define PFKEYV2_SENDMESSAGE_UNICAST 1
! 355: #define PFKEYV2_SENDMESSAGE_REGISTERED 2
! 356: #define PFKEYV2_SENDMESSAGE_BROADCAST 3
! 357: #endif /* _KERNEL */
! 358:
! 359: #define SADB_X_CREDTYPE_NONE 0
! 360: #define SADB_X_CREDTYPE_X509 1 /* ASN1 encoding of the certificate */
! 361: #define SADB_X_CREDTYPE_KEYNOTE 2 /* NUL-terminated buffer */
! 362: #define SADB_X_CREDTYPE_MAX 3
! 363:
! 364: #ifdef _KERNEL
! 365: #define PFKEYV2_AUTH_LOCAL 0
! 366: #define PFKEYV2_AUTH_REMOTE 1
! 367:
! 368: #define PFKEYV2_CRED_LOCAL 0
! 369: #define PFKEYV2_CRED_REMOTE 1
! 370: #endif /* _KERNEL */
! 371:
! 372: #define SADB_X_AUTHTYPE_NONE 0
! 373: #define SADB_X_AUTHTYPE_PASSPHRASE 1
! 374: #define SADB_X_AUTHTYPE_RSA 2
! 375: #define SADB_X_AUTHTYPE_MAX 2
! 376:
! 377: #define SADB_X_FLOW_TYPE_USE 1
! 378: #define SADB_X_FLOW_TYPE_ACQUIRE 2
! 379: #define SADB_X_FLOW_TYPE_REQUIRE 3
! 380: #define SADB_X_FLOW_TYPE_BYPASS 4
! 381: #define SADB_X_FLOW_TYPE_DENY 5
! 382: #define SADB_X_FLOW_TYPE_DONTACQ 6
! 383:
! 384: #ifdef _KERNEL
! 385: struct tdb;
! 386: struct socket;
! 387: struct mbuf;
! 388:
! 389: #define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t))
! 390: #define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1))
! 391:
! 392: struct pfkey_version
! 393: {
! 394: int protocol;
! 395: int (*create)(struct socket *socket);
! 396: int (*release)(struct socket *socket);
! 397: int (*send)(struct socket *socket, void *message, int len);
! 398: int (*sysctl)(int *, u_int, void *, size_t *, void *, size_t);
! 399: };
! 400:
! 401: struct pfkeyv2_socket
! 402: {
! 403: struct pfkeyv2_socket *next;
! 404: struct socket *socket;
! 405: int flags;
! 406: uint32_t pid;
! 407: uint32_t registration; /* Increase size if SATYPE_MAX > 31 */
! 408: };
! 409:
! 410: struct dump_state
! 411: {
! 412: struct sadb_msg *sadb_msg;
! 413: struct socket *socket;
! 414: };
! 415:
! 416: int pfkeyv2_init(void);
! 417: int pfkeyv2_cleanup(void);
! 418: int pfkeyv2_parsemessage(void *, int, void **);
! 419: int pfkeyv2_expire(struct tdb *, u_int16_t);
! 420: int pfkeyv2_acquire(struct ipsec_policy *, union sockaddr_union *,
! 421: union sockaddr_union *, u_int32_t *, struct sockaddr_encap *);
! 422:
! 423: int pfkey_register(struct pfkey_version *version);
! 424: int pfkey_unregister(struct pfkey_version *version);
! 425: int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);
! 426:
! 427: int pfkeyv2_create(struct socket *);
! 428: int pfkeyv2_get(struct tdb *, void **, void **, int *);
! 429: int pfkeyv2_policy(struct ipsec_acquire *, void **, void **);
! 430: int pfkeyv2_release(struct socket *);
! 431: int pfkeyv2_send(struct socket *, void *, int);
! 432: int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int);
! 433: int pfkeyv2_dump_policy(struct ipsec_policy *, void **, void **, int *);
! 434: int pfkeyv2_dump_walker(struct tdb *, void *, int);
! 435: int pfkeyv2_flush_walker(struct tdb *, void *, int);
! 436: int pfkeyv2_get_proto_alg(u_int8_t, u_int8_t *, int *);
! 437: int pfkeyv2_sysctl(int *, u_int, void *, size_t *, void *, size_t);
! 438: int pfkeyv2_sysctl_walker(struct tdb *, void *, int);
! 439: int pfkeyv2_ipo_walk(int (*)(struct ipsec_policy *, void *), void *);
! 440: int pfkeyv2_sysctl_dump(void *);
! 441: int pfkeyv2_sysctl_policydumper(struct ipsec_policy *, void *);
! 442:
! 443: int pfdatatopacket(void *, int, struct mbuf **);
! 444:
! 445: void export_address(void **, struct sockaddr *);
! 446: void export_identity(void **, struct tdb *, int);
! 447: void export_lifetime(void **, struct tdb *, int);
! 448: void export_credentials(void **, struct tdb *, int);
! 449: void export_sa(void **, struct tdb *);
! 450: void export_flow(void **, u_int8_t, struct sockaddr_encap *,
! 451: struct sockaddr_encap *, void **);
! 452: void export_key(void **, struct tdb *, int);
! 453: void export_auth(void **, struct tdb *, int);
! 454: void export_udpencap(void **, struct tdb *);
! 455: void export_tag(void **, struct tdb *);
! 456:
! 457: void import_auth(struct tdb *, struct sadb_x_cred *, int);
! 458: void import_address(struct sockaddr *, struct sadb_address *);
! 459: void import_identity(struct tdb *, struct sadb_ident *, int);
! 460: void import_key(struct ipsecinit *, struct sadb_key *, int);
! 461: void import_lifetime(struct tdb *, struct sadb_lifetime *, int);
! 462: void import_credentials(struct tdb *, struct sadb_x_cred *, int);
! 463: void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);
! 464: void import_flow(struct sockaddr_encap *, struct sockaddr_encap *,
! 465: struct sadb_address *, struct sadb_address *, struct sadb_address *,
! 466: struct sadb_address *, struct sadb_protocol *, struct sadb_protocol *);
! 467: void import_udpencap(struct tdb *, struct sadb_x_udpencap *);
! 468: void import_tag(struct tdb *, struct sadb_x_tag *);
! 469: #endif /* _KERNEL */
! 470: #endif /* _NET_PFKEY_V2_H_ */
CVSweb