Annotation of sys/net/pfkeyv2.h, Revision 1.1.1.1
1.1 nbrk 1: /* $OpenBSD: pfkeyv2.h,v 1.56 2006/11/24 13:52:14 reyk Exp $ */
2: /*
3: * @(#)COPYRIGHT 1.1 (NRL) January 1998
4: *
5: * NRL grants permission for redistribution and use in source and binary
6: * forms, with or without modification, of the software and documentation
7: * created at NRL provided that the following conditions are met:
8: *
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: * 3. All advertising materials mentioning features or use of this software
15: * must display the following acknowledgements:
16: * This product includes software developed by the University of
17: * California, Berkeley and its contributors.
18: * This product includes software developed at the Information
19: * Technology Division, US Naval Research Laboratory.
20: * 4. Neither the name of the NRL nor the names of its contributors
21: * may be used to endorse or promote products derived from this software
22: * without specific prior written permission.
23: *
24: * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
25: * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
26: * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
27: * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
28: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
29: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
30: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
31: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35: *
36: * The views and conclusions contained in the software and documentation
37: * are those of the authors and should not be interpreted as representing
38: * official policies, either expressed or implied, of the US Naval
39: * Research Laboratory (NRL).
40: */
41:
42: #ifndef _NET_PFKEY_V2_H_
43: #define _NET_PFKEY_V2_H_
44:
45: #define PF_KEY_V2 2
46: #define PFKEYV2_REVISION 199806L
47:
48: /* This should be updated whenever the API is altered. */
49: #define _OPENBSD_IPSEC_API_VERSION 2
50:
51: #define SADB_RESERVED 0
52: #define SADB_GETSPI 1
53: #define SADB_UPDATE 2
54: #define SADB_ADD 3
55: #define SADB_DELETE 4
56: #define SADB_GET 5
57: #define SADB_ACQUIRE 6
58: #define SADB_REGISTER 7
59: #define SADB_EXPIRE 8
60: #define SADB_FLUSH 9
61: #define SADB_DUMP 10
62: #define SADB_X_PROMISC 11
63: #define SADB_X_ADDFLOW 12
64: #define SADB_X_DELFLOW 13
65: #define SADB_X_GRPSPIS 14
66: #define SADB_X_ASKPOLICY 15
67: #define SADB_X_SPDDUMP 16
68: #define SADB_MAX 16
69:
70: struct sadb_msg {
71: uint8_t sadb_msg_version;
72: uint8_t sadb_msg_type;
73: uint8_t sadb_msg_errno;
74: uint8_t sadb_msg_satype;
75: uint16_t sadb_msg_len;
76: uint16_t sadb_msg_reserved;
77: uint32_t sadb_msg_seq;
78: uint32_t sadb_msg_pid;
79: };
80:
81: struct sadb_ext {
82: uint16_t sadb_ext_len;
83: uint16_t sadb_ext_type;
84: };
85:
86: struct sadb_sa {
87: uint16_t sadb_sa_len;
88: uint16_t sadb_sa_exttype;
89: uint32_t sadb_sa_spi;
90: uint8_t sadb_sa_replay;
91: uint8_t sadb_sa_state;
92: uint8_t sadb_sa_auth;
93: uint8_t sadb_sa_encrypt;
94: uint32_t sadb_sa_flags;
95: };
96:
97: struct sadb_lifetime {
98: uint16_t sadb_lifetime_len;
99: uint16_t sadb_lifetime_exttype;
100: uint32_t sadb_lifetime_allocations;
101: uint64_t sadb_lifetime_bytes;
102: uint64_t sadb_lifetime_addtime;
103: uint64_t sadb_lifetime_usetime;
104: };
105:
106: struct sadb_address {
107: uint16_t sadb_address_len;
108: uint16_t sadb_address_exttype;
109: uint32_t sadb_address_reserved;
110: };
111:
112: struct sadb_key {
113: uint16_t sadb_key_len;
114: uint16_t sadb_key_exttype;
115: uint16_t sadb_key_bits;
116: uint16_t sadb_key_reserved;
117: };
118:
119: struct sadb_ident {
120: uint16_t sadb_ident_len;
121: uint16_t sadb_ident_exttype;
122: uint16_t sadb_ident_type;
123: uint16_t sadb_ident_reserved;
124: uint64_t sadb_ident_id;
125: };
126:
127: struct sadb_sens {
128: uint16_t sadb_sens_len;
129: uint16_t sadb_sens_exttype;
130: uint32_t sadb_sens_dpd;
131: uint8_t sadb_sens_sens_level;
132: uint8_t sadb_sens_sens_len;
133: uint8_t sadb_sens_integ_level;
134: uint8_t sadb_sens_integ_len;
135: uint32_t sadb_sens_reserved;
136: };
137:
138: struct sadb_prop {
139: uint16_t sadb_prop_len;
140: uint16_t sadb_prop_exttype;
141: uint8_t sadb_prop_num;
142: uint8_t sadb_prop_replay;
143: uint16_t sadb_prop_reserved;
144: };
145:
146: struct sadb_comb {
147: uint8_t sadb_comb_auth;
148: uint8_t sadb_comb_encrypt;
149: uint16_t sadb_comb_flags;
150: uint16_t sadb_comb_auth_minbits;
151: uint16_t sadb_comb_auth_maxbits;
152: uint16_t sadb_comb_encrypt_minbits;
153: uint16_t sadb_comb_encrypt_maxbits;
154: uint32_t sadb_comb_reserved;
155: uint32_t sadb_comb_soft_allocations;
156: uint32_t sadb_comb_hard_allocations;
157: uint64_t sadb_comb_soft_bytes;
158: uint64_t sadb_comb_hard_bytes;
159: uint64_t sadb_comb_soft_addtime;
160: uint64_t sadb_comb_hard_addtime;
161: uint64_t sadb_comb_soft_usetime;
162: uint64_t sadb_comb_hard_usetime;
163: };
164:
165: struct sadb_supported {
166: uint16_t sadb_supported_len;
167: uint16_t sadb_supported_exttype;
168: uint32_t sadb_supported_reserved;
169: };
170:
171: struct sadb_alg {
172: uint8_t sadb_alg_id;
173: uint8_t sadb_alg_ivlen;
174: uint16_t sadb_alg_minbits;
175: uint16_t sadb_alg_maxbits;
176: uint16_t sadb_alg_reserved;
177: };
178:
179: struct sadb_spirange {
180: uint16_t sadb_spirange_len;
181: uint16_t sadb_spirange_exttype;
182: uint32_t sadb_spirange_min;
183: uint32_t sadb_spirange_max;
184: uint32_t sadb_spirange_reserved;
185: };
186:
187: struct sadb_protocol {
188: uint16_t sadb_protocol_len;
189: uint16_t sadb_protocol_exttype;
190: uint8_t sadb_protocol_proto;
191: uint8_t sadb_protocol_direction;
192: uint8_t sadb_protocol_flags;
193: uint8_t sadb_protocol_reserved2;
194: };
195:
196: struct sadb_x_policy {
197: uint16_t sadb_x_policy_len;
198: uint16_t sadb_x_policy_exttype;
199: u_int32_t sadb_x_policy_seq;
200: };
201:
202: struct sadb_x_cred {
203: uint16_t sadb_x_cred_len;
204: uint16_t sadb_x_cred_exttype;
205: uint16_t sadb_x_cred_type;
206: uint16_t sadb_x_cred_reserved;
207: };
208:
209: struct sadb_x_udpencap {
210: uint16_t sadb_x_udpencap_len;
211: uint16_t sadb_x_udpencap_exttype;
212: uint16_t sadb_x_udpencap_port;
213: uint16_t sadb_x_udpencap_reserved;
214: };
215:
216: struct sadb_x_tag {
217: uint16_t sadb_x_tag_len;
218: uint16_t sadb_x_tag_exttype;
219: u_int32_t sadb_x_tag_taglen;
220: };
221:
222: #ifdef _KERNEL
223: #define SADB_X_GETSPROTO(x) \
224: ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
225: (x) == SADB_SATYPE_ESP ? IPPROTO_ESP :\
226: (x) == SADB_X_SATYPE_TCPSIGNATURE ? IPPROTO_TCP :\
227: (x) == SADB_X_SATYPE_IPCOMP ? IPPROTO_IPCOMP: IPPROTO_IPIP )
228: #endif
229:
230: #define SADB_EXT_RESERVED 0
231: #define SADB_EXT_SA 1
232: #define SADB_EXT_LIFETIME_CURRENT 2
233: #define SADB_EXT_LIFETIME_HARD 3
234: #define SADB_EXT_LIFETIME_SOFT 4
235: #define SADB_EXT_ADDRESS_SRC 5
236: #define SADB_EXT_ADDRESS_DST 6
237: #define SADB_EXT_ADDRESS_PROXY 7
238: #define SADB_EXT_KEY_AUTH 8
239: #define SADB_EXT_KEY_ENCRYPT 9
240: #define SADB_EXT_IDENTITY_SRC 10
241: #define SADB_EXT_IDENTITY_DST 11
242: #define SADB_EXT_SENSITIVITY 12
243: #define SADB_EXT_PROPOSAL 13
244: #define SADB_EXT_SUPPORTED_AUTH 14
245: #define SADB_EXT_SUPPORTED_ENCRYPT 15
246: #define SADB_EXT_SPIRANGE 16
247: #define SADB_X_EXT_SRC_MASK 17
248: #define SADB_X_EXT_DST_MASK 18
249: #define SADB_X_EXT_PROTOCOL 19
250: #define SADB_X_EXT_FLOW_TYPE 20
251: #define SADB_X_EXT_SRC_FLOW 21
252: #define SADB_X_EXT_DST_FLOW 22
253: #define SADB_X_EXT_SA2 23
254: #define SADB_X_EXT_DST2 24
255: #define SADB_X_EXT_POLICY 25
256: #define SADB_X_EXT_LOCAL_CREDENTIALS 26
257: #define SADB_X_EXT_REMOTE_CREDENTIALS 27
258: #define SADB_X_EXT_LOCAL_AUTH 28
259: #define SADB_X_EXT_REMOTE_AUTH 29
260: #define SADB_X_EXT_SUPPORTED_COMP 30
261: #define SADB_X_EXT_UDPENCAP 31
262: #define SADB_X_EXT_LIFETIME_LASTUSE 32
263: #define SADB_X_EXT_TAG 33
264: #define SADB_EXT_MAX 33
265:
266: /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
267: #define SADB_SATYPE_UNSPEC 0
268: #define SADB_SATYPE_AH 1
269: #define SADB_SATYPE_ESP 2
270: #define SADB_SATYPE_RSVP 3
271: #define SADB_SATYPE_OSPFV2 4
272: #define SADB_SATYPE_RIPV2 5
273: #define SADB_SATYPE_MIP 6
274: #define SADB_X_SATYPE_IPIP 7
275: #define SADB_X_SATYPE_TCPSIGNATURE 8
276: #define SADB_X_SATYPE_IPCOMP 9
277: #define SADB_SATYPE_MAX 9
278:
279: #define SADB_SASTATE_LARVAL 0
280: #define SADB_SASTATE_MATURE 1
281: #define SADB_SASTATE_DYING 2
282: #define SADB_SASTATE_DEAD 3
283: #define SADB_SASTATE_MAX 3
284:
285: #define SADB_AALG_NONE 0
286: #define SADB_AALG_MD5HMAC 2
287: #define SADB_AALG_SHA1HMAC 3
288: #define SADB_X_AALG_DES 4
289: #define SADB_X_AALG_SHA2_256 5
290: #define SADB_X_AALG_SHA2_384 6
291: #define SADB_X_AALG_SHA2_512 7
292: #define SADB_X_AALG_RIPEMD160HMAC 8
293: #define SADB_X_AALG_MD5 249
294: #define SADB_X_AALG_SHA1 250
295: #define SADB_AALG_MAX 250
296:
297: #define SADB_EALG_NONE 0
298: #define SADB_X_EALG_DES_IV64 1
299: #define SADB_EALG_DESCBC 2
300: #define SADB_EALG_3DESCBC 3
301: #define SADB_X_EALG_RC5 4
302: #define SADB_X_EALG_IDEA 5
303: #define SADB_X_EALG_CAST 6
304: #define SADB_X_EALG_BLF 7
305: #define SADB_X_EALG_3IDEA 8
306: #define SADB_X_EALG_DES_IV32 9
307: #define SADB_X_EALG_RC4 10
308: #define SADB_EALG_NULL 11
309: #define SADB_X_EALG_AES 12
310: #define SADB_X_EALG_AESCTR 13
311: #define SADB_X_EALG_SKIPJACK 249
312: #define SADB_EALG_MAX 249
313:
314: #define SADB_X_CALG_NONE 0
315: #define SADB_X_CALG_OUI 1
316: #define SADB_X_CALG_DEFLATE 2
317: #define SADB_X_CALG_LZS 3
318: #define SADB_X_CALG_MAX 3
319:
320: #define SADB_SAFLAGS_PFS 0x001 /* perfect forward secrecy */
321: #define SADB_X_SAFLAGS_HALFIV 0x002 /* Used for ESP-old */
322: #define SADB_X_SAFLAGS_TUNNEL 0x004 /* Force tunneling */
323: #define SADB_X_SAFLAGS_CHAINDEL 0x008 /* Delete whole SA chain */
324: #define SADB_X_SAFLAGS_RANDOMPADDING 0x080 /* Random ESP padding */
325: #define SADB_X_SAFLAGS_NOREPLAY 0x100 /* No replay counter */
326: #define SADB_X_SAFLAGS_UDPENCAP 0x200 /* ESP in UDP */
327:
328: #define SADB_X_POLICYFLAGS_POLICY 0x0001 /* This is a static policy */
329:
330: #define SADB_IDENTTYPE_RESERVED 0
331: #define SADB_IDENTTYPE_PREFIX 1
332: #define SADB_IDENTTYPE_FQDN 2
333: #define SADB_IDENTTYPE_USERFQDN 3
334: #define SADB_X_IDENTTYPE_CONNECTION 4
335: #define SADB_IDENTTYPE_MAX 4
336:
337: #define SADB_KEY_FLAGS_MAX 0
338:
339: #ifdef _KERNEL
340: #define PFKEYV2_LIFETIME_HARD 0
341: #define PFKEYV2_LIFETIME_SOFT 1
342: #define PFKEYV2_LIFETIME_CURRENT 2
343: #define PFKEYV2_LIFETIME_LASTUSE 3
344:
345: #define PFKEYV2_IDENTITY_SRC 0
346: #define PFKEYV2_IDENTITY_DST 1
347:
348: #define PFKEYV2_ENCRYPTION_KEY 0
349: #define PFKEYV2_AUTHENTICATION_KEY 1
350:
351: #define PFKEYV2_SOCKETFLAGS_REGISTERED 1
352: #define PFKEYV2_SOCKETFLAGS_PROMISC 2
353:
354: #define PFKEYV2_SENDMESSAGE_UNICAST 1
355: #define PFKEYV2_SENDMESSAGE_REGISTERED 2
356: #define PFKEYV2_SENDMESSAGE_BROADCAST 3
357: #endif /* _KERNEL */
358:
359: #define SADB_X_CREDTYPE_NONE 0
360: #define SADB_X_CREDTYPE_X509 1 /* ASN1 encoding of the certificate */
361: #define SADB_X_CREDTYPE_KEYNOTE 2 /* NUL-terminated buffer */
362: #define SADB_X_CREDTYPE_MAX 3
363:
364: #ifdef _KERNEL
365: #define PFKEYV2_AUTH_LOCAL 0
366: #define PFKEYV2_AUTH_REMOTE 1
367:
368: #define PFKEYV2_CRED_LOCAL 0
369: #define PFKEYV2_CRED_REMOTE 1
370: #endif /* _KERNEL */
371:
372: #define SADB_X_AUTHTYPE_NONE 0
373: #define SADB_X_AUTHTYPE_PASSPHRASE 1
374: #define SADB_X_AUTHTYPE_RSA 2
375: #define SADB_X_AUTHTYPE_MAX 2
376:
377: #define SADB_X_FLOW_TYPE_USE 1
378: #define SADB_X_FLOW_TYPE_ACQUIRE 2
379: #define SADB_X_FLOW_TYPE_REQUIRE 3
380: #define SADB_X_FLOW_TYPE_BYPASS 4
381: #define SADB_X_FLOW_TYPE_DENY 5
382: #define SADB_X_FLOW_TYPE_DONTACQ 6
383:
384: #ifdef _KERNEL
385: struct tdb;
386: struct socket;
387: struct mbuf;
388:
389: #define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t))
390: #define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1))
391:
392: struct pfkey_version
393: {
394: int protocol;
395: int (*create)(struct socket *socket);
396: int (*release)(struct socket *socket);
397: int (*send)(struct socket *socket, void *message, int len);
398: int (*sysctl)(int *, u_int, void *, size_t *, void *, size_t);
399: };
400:
401: struct pfkeyv2_socket
402: {
403: struct pfkeyv2_socket *next;
404: struct socket *socket;
405: int flags;
406: uint32_t pid;
407: uint32_t registration; /* Increase size if SATYPE_MAX > 31 */
408: };
409:
410: struct dump_state
411: {
412: struct sadb_msg *sadb_msg;
413: struct socket *socket;
414: };
415:
416: int pfkeyv2_init(void);
417: int pfkeyv2_cleanup(void);
418: int pfkeyv2_parsemessage(void *, int, void **);
419: int pfkeyv2_expire(struct tdb *, u_int16_t);
420: int pfkeyv2_acquire(struct ipsec_policy *, union sockaddr_union *,
421: union sockaddr_union *, u_int32_t *, struct sockaddr_encap *);
422:
423: int pfkey_register(struct pfkey_version *version);
424: int pfkey_unregister(struct pfkey_version *version);
425: int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);
426:
427: int pfkeyv2_create(struct socket *);
428: int pfkeyv2_get(struct tdb *, void **, void **, int *);
429: int pfkeyv2_policy(struct ipsec_acquire *, void **, void **);
430: int pfkeyv2_release(struct socket *);
431: int pfkeyv2_send(struct socket *, void *, int);
432: int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int);
433: int pfkeyv2_dump_policy(struct ipsec_policy *, void **, void **, int *);
434: int pfkeyv2_dump_walker(struct tdb *, void *, int);
435: int pfkeyv2_flush_walker(struct tdb *, void *, int);
436: int pfkeyv2_get_proto_alg(u_int8_t, u_int8_t *, int *);
437: int pfkeyv2_sysctl(int *, u_int, void *, size_t *, void *, size_t);
438: int pfkeyv2_sysctl_walker(struct tdb *, void *, int);
439: int pfkeyv2_ipo_walk(int (*)(struct ipsec_policy *, void *), void *);
440: int pfkeyv2_sysctl_dump(void *);
441: int pfkeyv2_sysctl_policydumper(struct ipsec_policy *, void *);
442:
443: int pfdatatopacket(void *, int, struct mbuf **);
444:
445: void export_address(void **, struct sockaddr *);
446: void export_identity(void **, struct tdb *, int);
447: void export_lifetime(void **, struct tdb *, int);
448: void export_credentials(void **, struct tdb *, int);
449: void export_sa(void **, struct tdb *);
450: void export_flow(void **, u_int8_t, struct sockaddr_encap *,
451: struct sockaddr_encap *, void **);
452: void export_key(void **, struct tdb *, int);
453: void export_auth(void **, struct tdb *, int);
454: void export_udpencap(void **, struct tdb *);
455: void export_tag(void **, struct tdb *);
456:
457: void import_auth(struct tdb *, struct sadb_x_cred *, int);
458: void import_address(struct sockaddr *, struct sadb_address *);
459: void import_identity(struct tdb *, struct sadb_ident *, int);
460: void import_key(struct ipsecinit *, struct sadb_key *, int);
461: void import_lifetime(struct tdb *, struct sadb_lifetime *, int);
462: void import_credentials(struct tdb *, struct sadb_x_cred *, int);
463: void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);
464: void import_flow(struct sockaddr_encap *, struct sockaddr_encap *,
465: struct sadb_address *, struct sadb_address *, struct sadb_address *,
466: struct sadb_address *, struct sadb_protocol *, struct sadb_protocol *);
467: void import_udpencap(struct tdb *, struct sadb_x_udpencap *);
468: void import_tag(struct tdb *, struct sadb_x_tag *);
469: #endif /* _KERNEL */
470: #endif /* _NET_PFKEY_V2_H_ */
CVSweb