Return to libpfkey.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / libipsec |
1.1 ! misho 1: /* $NetBSD: libpfkey.h,v 1.18 2010/12/03 14:32:52 tteras Exp $ */ ! 2: ! 3: /* Id: libpfkey.h,v 1.13 2005/12/04 20:26:43 manubsd Exp */ ! 4: ! 5: /* ! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. ! 7: * All rights reserved. ! 8: * ! 9: * Redistribution and use in source and binary forms, with or without ! 10: * modification, are permitted provided that the following conditions ! 11: * are met: ! 12: * 1. Redistributions of source code must retain the above copyright ! 13: * notice, this list of conditions and the following disclaimer. ! 14: * 2. Redistributions in binary form must reproduce the above copyright ! 15: * notice, this list of conditions and the following disclaimer in the ! 16: * documentation and/or other materials provided with the distribution. ! 17: * 3. Neither the name of the project nor the names of its contributors ! 18: * may be used to endorse or promote products derived from this software ! 19: * without specific prior written permission. ! 20: * ! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ! 31: * SUCH DAMAGE. ! 32: */ ! 33: ! 34: #ifndef _LIBPFKEY_H ! 35: #define _LIBPFKEY_H ! 36: ! 37: #ifndef KAME_LIBPFKEY_H ! 38: #define KAME_LIBPFKEY_H ! 39: ! 40: #define PRIORITY_LOW 0xC0000000 ! 41: #define PRIORITY_DEFAULT 0x80000000 ! 42: #define PRIORITY_HIGH 0x40000000 ! 43: ! 44: #define PRIORITY_OFFSET_POSITIVE_MAX 0x3fffffff ! 45: #define PRIORITY_OFFSET_NEGATIVE_MAX 0x40000000 ! 46: ! 47: struct sadb_msg; ! 48: extern void pfkey_sadump __P((struct sadb_msg *)); ! 49: extern void pfkey_sadump_withports __P((struct sadb_msg *)); ! 50: extern void pfkey_spdump __P((struct sadb_msg *)); ! 51: extern void pfkey_spdump_withports __P((struct sadb_msg *)); ! 52: ! 53: struct sockaddr; ! 54: struct sadb_alg; ! 55: ! 56: /* Accomodate different prototypes in <netinet6/ipsec.h> */ ! 57: #include <sys/types.h> ! 58: #include PATH_IPSEC_H ! 59: ! 60: #ifndef HAVE_IPSEC_POLICY_T ! 61: typedef caddr_t ipsec_policy_t; ! 62: #define __ipsec_const ! 63: #else ! 64: #define __ipsec_const const ! 65: #endif ! 66: ! 67: struct pfkey_send_sa_args { ! 68: int so; /* socket */ ! 69: u_int type; ! 70: u_int satype; ! 71: u_int mode; ! 72: struct sockaddr *src; /* IP src address for SA */ ! 73: struct sockaddr *dst; /* IP dst address for SA */ ! 74: u_int32_t spi; /* SA's spi */ ! 75: u_int32_t reqid; ! 76: u_int wsize; ! 77: caddr_t keymat; ! 78: u_int e_type, e_keylen; /* Encryption alg and keylen */ ! 79: u_int a_type, a_keylen; /* Authentication alg and key */ ! 80: u_int flags; ! 81: u_int32_t l_alloc; ! 82: u_int32_t l_bytes; ! 83: u_int32_t l_addtime; ! 84: u_int32_t l_usetime; ! 85: u_int32_t seq; ! 86: u_int8_t l_natt_type; ! 87: u_int16_t l_natt_sport, l_natt_dport; ! 88: struct sockaddr *l_natt_oa; ! 89: u_int16_t l_natt_frag; ! 90: u_int8_t ctxdoi, ctxalg; /* Security context DOI and algorithm */ ! 91: caddr_t ctxstr; /* Security context string */ ! 92: u_int16_t ctxstrlen; /* length of security context string */ ! 93: }; ! 94: ! 95: /* The options built into libipsec */ ! 96: extern int libipsec_opt; ! 97: #define LIBIPSEC_OPT_NATT 0x01 ! 98: #define LIBIPSEC_OPT_FRAG 0x02 ! 99: #define LIBIPSEC_OPT_SEC_CTX 0x04 ! 100: ! 101: /* IPsec Library Routines */ ! 102: ! 103: int ipsec_check_keylen __P((u_int, u_int, u_int)); ! 104: int ipsec_check_keylen2 __P((u_int, u_int, u_int)); ! 105: int ipsec_get_keylen __P((u_int, u_int, struct sadb_alg *)); ! 106: char *ipsec_dump_policy_withports __P((void *, const char *)); ! 107: void ipsec_hexdump __P((const void *, int)); ! 108: const char *ipsec_strerror __P((void)); ! 109: void kdebug_sadb __P((struct sadb_msg *)); ! 110: ipsec_policy_t ipsec_set_policy __P((__ipsec_const char *, int)); ! 111: int ipsec_get_policylen __P((ipsec_policy_t)); ! 112: char *ipsec_dump_policy __P((ipsec_policy_t, __ipsec_const char *)); ! 113: ! 114: /* PFKey Routines */ ! 115: ! 116: u_int pfkey_set_softrate __P((u_int, u_int)); ! 117: u_int pfkey_get_softrate __P((u_int)); ! 118: int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *, ! 119: struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t)); ! 120: int pfkey_send_getspi_nat __P((int, u_int, u_int, ! 121: struct sockaddr *, struct sockaddr *, u_int8_t, u_int16_t, u_int16_t, ! 122: u_int32_t, u_int32_t, u_int32_t, u_int32_t)); ! 123: ! 124: int pfkey_send_update2 __P((struct pfkey_send_sa_args *)); ! 125: int pfkey_send_add2 __P((struct pfkey_send_sa_args *)); ! 126: int pfkey_send_delete __P((int, u_int, u_int, ! 127: struct sockaddr *, struct sockaddr *, u_int32_t)); ! 128: int pfkey_send_delete_all __P((int, u_int, u_int, ! 129: struct sockaddr *, struct sockaddr *)); ! 130: int pfkey_send_get __P((int, u_int, u_int, ! 131: struct sockaddr *, struct sockaddr *, u_int32_t)); ! 132: int pfkey_send_register __P((int, u_int)); ! 133: int pfkey_recv_register __P((int)); ! 134: int pfkey_set_supported __P((struct sadb_msg *, int)); ! 135: int pfkey_send_flush __P((int, u_int)); ! 136: int pfkey_send_dump __P((int, u_int)); ! 137: int pfkey_send_promisc_toggle __P((int, int)); ! 138: int pfkey_send_spdadd __P((int, struct sockaddr *, u_int, ! 139: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); ! 140: int pfkey_send_spdadd2 __P((int, struct sockaddr *, u_int, ! 141: struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t, ! 142: caddr_t, int, u_int32_t)); ! 143: int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int, ! 144: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); ! 145: int pfkey_send_spdupdate2 __P((int, struct sockaddr *, u_int, ! 146: struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t, ! 147: caddr_t, int, u_int32_t)); ! 148: int pfkey_send_spddelete __P((int, struct sockaddr *, u_int, ! 149: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); ! 150: int pfkey_send_spddelete2 __P((int, u_int32_t)); ! 151: int pfkey_send_spdget __P((int, u_int32_t)); ! 152: int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int, ! 153: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); ! 154: int pfkey_send_spdflush __P((int)); ! 155: int pfkey_send_spddump __P((int)); ! 156: #ifdef SADB_X_MIGRATE ! 157: int pfkey_send_migrate __P((int, struct sockaddr *, struct sockaddr *, ! 158: struct sockaddr *, u_int, struct sockaddr *, u_int, u_int, ! 159: caddr_t, int, u_int32_t)); ! 160: #endif ! 161: ! 162: /* XXX should be somewhere else !!! ! 163: */ ! 164: #ifdef SADB_X_EXT_NAT_T_TYPE ! 165: #define PFKEY_ADDR_X_PORT(ext) (ntohs(((struct sadb_x_nat_t_port *)ext)->sadb_x_nat_t_port_port)) ! 166: #define PFKEY_ADDR_X_NATTYPE(ext) ( ext != NULL && ((struct sadb_x_nat_t_type *)ext)->sadb_x_nat_t_type_type ) ! 167: #endif ! 168: ! 169: ! 170: int pfkey_open __P((void)); ! 171: void pfkey_close __P((int)); ! 172: int pfkey_set_buffer_size __P((int, int)); ! 173: struct sadb_msg *pfkey_recv __P((int)); ! 174: int pfkey_send __P((int, struct sadb_msg *, int)); ! 175: int pfkey_align __P((struct sadb_msg *, caddr_t *)); ! 176: int pfkey_check __P((caddr_t *)); ! 177: ! 178: /* ! 179: * Deprecated, available for backward compatibility with third party ! 180: * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead ! 181: */ ! 182: int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *, ! 183: struct sockaddr *, u_int32_t, u_int32_t, u_int, ! 184: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, ! 185: u_int64_t, u_int64_t, u_int32_t)); ! 186: int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *, ! 187: struct sockaddr *, u_int32_t, u_int32_t, u_int, ! 188: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, ! 189: u_int64_t, u_int64_t, u_int32_t, ! 190: u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t)); ! 191: int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *, ! 192: struct sockaddr *, u_int32_t, u_int32_t, u_int, ! 193: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, ! 194: u_int64_t, u_int64_t, u_int32_t)); ! 195: int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *, ! 196: struct sockaddr *, u_int32_t, u_int32_t, u_int, ! 197: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, ! 198: u_int64_t, u_int64_t, u_int32_t, ! 199: u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t)); ! 200: ! 201: #ifndef __SYSDEP_SA_LEN__ ! 202: #define __SYSDEP_SA_LEN__ ! 203: #include <netinet/in.h> ! 204: ! 205: #ifndef IPPROTO_IPV4 ! 206: #define IPPROTO_IPV4 IPPROTO_IPIP ! 207: #endif ! 208: ! 209: #ifndef IPPROTO_IPCOMP ! 210: #define IPPROTO_IPCOMP IPPROTO_COMP ! 211: #endif ! 212: ! 213: #ifndef IPPROTO_MH ! 214: #define IPPROTO_MH 135 ! 215: #endif ! 216: ! 217: static __inline u_int8_t ! 218: sysdep_sa_len (const struct sockaddr *sa) ! 219: { ! 220: #ifdef __linux__ ! 221: switch (sa->sa_family) ! 222: { ! 223: case AF_INET: ! 224: return sizeof (struct sockaddr_in); ! 225: case AF_INET6: ! 226: return sizeof (struct sockaddr_in6); ! 227: } ! 228: // log_print ("sysdep_sa_len: unknown sa family %d", sa->sa_family); ! 229: return sizeof (struct sockaddr_in); ! 230: #else ! 231: return sa->sa_len; ! 232: #endif ! 233: } ! 234: #endif ! 235: ! 236: #endif /* KAME_LIBPFKEY_H */ ! 237: ! 238: #endif /* _LIBPFKEY_H */