Annotation of embedaddon/ipsec-tools/src/libipsec/libpfkey.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: libpfkey.h,v 1.18 2010/12/03 14:32:52 tteras Exp $ */
! 2:
! 3: /* Id: libpfkey.h,v 1.13 2005/12/04 20:26:43 manubsd Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifndef _LIBPFKEY_H
! 35: #define _LIBPFKEY_H
! 36:
! 37: #ifndef KAME_LIBPFKEY_H
! 38: #define KAME_LIBPFKEY_H
! 39:
! 40: #define PRIORITY_LOW 0xC0000000
! 41: #define PRIORITY_DEFAULT 0x80000000
! 42: #define PRIORITY_HIGH 0x40000000
! 43:
! 44: #define PRIORITY_OFFSET_POSITIVE_MAX 0x3fffffff
! 45: #define PRIORITY_OFFSET_NEGATIVE_MAX 0x40000000
! 46:
! 47: struct sadb_msg;
! 48: extern void pfkey_sadump __P((struct sadb_msg *));
! 49: extern void pfkey_sadump_withports __P((struct sadb_msg *));
! 50: extern void pfkey_spdump __P((struct sadb_msg *));
! 51: extern void pfkey_spdump_withports __P((struct sadb_msg *));
! 52:
! 53: struct sockaddr;
! 54: struct sadb_alg;
! 55:
! 56: /* Accomodate different prototypes in <netinet6/ipsec.h> */
! 57: #include <sys/types.h>
! 58: #include PATH_IPSEC_H
! 59:
! 60: #ifndef HAVE_IPSEC_POLICY_T
! 61: typedef caddr_t ipsec_policy_t;
! 62: #define __ipsec_const
! 63: #else
! 64: #define __ipsec_const const
! 65: #endif
! 66:
! 67: struct pfkey_send_sa_args {
! 68: int so; /* socket */
! 69: u_int type;
! 70: u_int satype;
! 71: u_int mode;
! 72: struct sockaddr *src; /* IP src address for SA */
! 73: struct sockaddr *dst; /* IP dst address for SA */
! 74: u_int32_t spi; /* SA's spi */
! 75: u_int32_t reqid;
! 76: u_int wsize;
! 77: caddr_t keymat;
! 78: u_int e_type, e_keylen; /* Encryption alg and keylen */
! 79: u_int a_type, a_keylen; /* Authentication alg and key */
! 80: u_int flags;
! 81: u_int32_t l_alloc;
! 82: u_int32_t l_bytes;
! 83: u_int32_t l_addtime;
! 84: u_int32_t l_usetime;
! 85: u_int32_t seq;
! 86: u_int8_t l_natt_type;
! 87: u_int16_t l_natt_sport, l_natt_dport;
! 88: struct sockaddr *l_natt_oa;
! 89: u_int16_t l_natt_frag;
! 90: u_int8_t ctxdoi, ctxalg; /* Security context DOI and algorithm */
! 91: caddr_t ctxstr; /* Security context string */
! 92: u_int16_t ctxstrlen; /* length of security context string */
! 93: };
! 94:
! 95: /* The options built into libipsec */
! 96: extern int libipsec_opt;
! 97: #define LIBIPSEC_OPT_NATT 0x01
! 98: #define LIBIPSEC_OPT_FRAG 0x02
! 99: #define LIBIPSEC_OPT_SEC_CTX 0x04
! 100:
! 101: /* IPsec Library Routines */
! 102:
! 103: int ipsec_check_keylen __P((u_int, u_int, u_int));
! 104: int ipsec_check_keylen2 __P((u_int, u_int, u_int));
! 105: int ipsec_get_keylen __P((u_int, u_int, struct sadb_alg *));
! 106: char *ipsec_dump_policy_withports __P((void *, const char *));
! 107: void ipsec_hexdump __P((const void *, int));
! 108: const char *ipsec_strerror __P((void));
! 109: void kdebug_sadb __P((struct sadb_msg *));
! 110: ipsec_policy_t ipsec_set_policy __P((__ipsec_const char *, int));
! 111: int ipsec_get_policylen __P((ipsec_policy_t));
! 112: char *ipsec_dump_policy __P((ipsec_policy_t, __ipsec_const char *));
! 113:
! 114: /* PFKey Routines */
! 115:
! 116: u_int pfkey_set_softrate __P((u_int, u_int));
! 117: u_int pfkey_get_softrate __P((u_int));
! 118: int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
! 119: struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
! 120: int pfkey_send_getspi_nat __P((int, u_int, u_int,
! 121: struct sockaddr *, struct sockaddr *, u_int8_t, u_int16_t, u_int16_t,
! 122: u_int32_t, u_int32_t, u_int32_t, u_int32_t));
! 123:
! 124: int pfkey_send_update2 __P((struct pfkey_send_sa_args *));
! 125: int pfkey_send_add2 __P((struct pfkey_send_sa_args *));
! 126: int pfkey_send_delete __P((int, u_int, u_int,
! 127: struct sockaddr *, struct sockaddr *, u_int32_t));
! 128: int pfkey_send_delete_all __P((int, u_int, u_int,
! 129: struct sockaddr *, struct sockaddr *));
! 130: int pfkey_send_get __P((int, u_int, u_int,
! 131: struct sockaddr *, struct sockaddr *, u_int32_t));
! 132: int pfkey_send_register __P((int, u_int));
! 133: int pfkey_recv_register __P((int));
! 134: int pfkey_set_supported __P((struct sadb_msg *, int));
! 135: int pfkey_send_flush __P((int, u_int));
! 136: int pfkey_send_dump __P((int, u_int));
! 137: int pfkey_send_promisc_toggle __P((int, int));
! 138: int pfkey_send_spdadd __P((int, struct sockaddr *, u_int,
! 139: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
! 140: int pfkey_send_spdadd2 __P((int, struct sockaddr *, u_int,
! 141: struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
! 142: caddr_t, int, u_int32_t));
! 143: int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int,
! 144: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
! 145: int pfkey_send_spdupdate2 __P((int, struct sockaddr *, u_int,
! 146: struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
! 147: caddr_t, int, u_int32_t));
! 148: int pfkey_send_spddelete __P((int, struct sockaddr *, u_int,
! 149: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
! 150: int pfkey_send_spddelete2 __P((int, u_int32_t));
! 151: int pfkey_send_spdget __P((int, u_int32_t));
! 152: int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int,
! 153: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
! 154: int pfkey_send_spdflush __P((int));
! 155: int pfkey_send_spddump __P((int));
! 156: #ifdef SADB_X_MIGRATE
! 157: int pfkey_send_migrate __P((int, struct sockaddr *, struct sockaddr *,
! 158: struct sockaddr *, u_int, struct sockaddr *, u_int, u_int,
! 159: caddr_t, int, u_int32_t));
! 160: #endif
! 161:
! 162: /* XXX should be somewhere else !!!
! 163: */
! 164: #ifdef SADB_X_EXT_NAT_T_TYPE
! 165: #define PFKEY_ADDR_X_PORT(ext) (ntohs(((struct sadb_x_nat_t_port *)ext)->sadb_x_nat_t_port_port))
! 166: #define PFKEY_ADDR_X_NATTYPE(ext) ( ext != NULL && ((struct sadb_x_nat_t_type *)ext)->sadb_x_nat_t_type_type )
! 167: #endif
! 168:
! 169:
! 170: int pfkey_open __P((void));
! 171: void pfkey_close __P((int));
! 172: int pfkey_set_buffer_size __P((int, int));
! 173: struct sadb_msg *pfkey_recv __P((int));
! 174: int pfkey_send __P((int, struct sadb_msg *, int));
! 175: int pfkey_align __P((struct sadb_msg *, caddr_t *));
! 176: int pfkey_check __P((caddr_t *));
! 177:
! 178: /*
! 179: * Deprecated, available for backward compatibility with third party
! 180: * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead
! 181: */
! 182: int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
! 183: struct sockaddr *, u_int32_t, u_int32_t, u_int,
! 184: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
! 185: u_int64_t, u_int64_t, u_int32_t));
! 186: int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *,
! 187: struct sockaddr *, u_int32_t, u_int32_t, u_int,
! 188: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
! 189: u_int64_t, u_int64_t, u_int32_t,
! 190: u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
! 191: int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
! 192: struct sockaddr *, u_int32_t, u_int32_t, u_int,
! 193: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
! 194: u_int64_t, u_int64_t, u_int32_t));
! 195: int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *,
! 196: struct sockaddr *, u_int32_t, u_int32_t, u_int,
! 197: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
! 198: u_int64_t, u_int64_t, u_int32_t,
! 199: u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
! 200:
! 201: #ifndef __SYSDEP_SA_LEN__
! 202: #define __SYSDEP_SA_LEN__
! 203: #include <netinet/in.h>
! 204:
! 205: #ifndef IPPROTO_IPV4
! 206: #define IPPROTO_IPV4 IPPROTO_IPIP
! 207: #endif
! 208:
! 209: #ifndef IPPROTO_IPCOMP
! 210: #define IPPROTO_IPCOMP IPPROTO_COMP
! 211: #endif
! 212:
! 213: #ifndef IPPROTO_MH
! 214: #define IPPROTO_MH 135
! 215: #endif
! 216:
! 217: static __inline u_int8_t
! 218: sysdep_sa_len (const struct sockaddr *sa)
! 219: {
! 220: #ifdef __linux__
! 221: switch (sa->sa_family)
! 222: {
! 223: case AF_INET:
! 224: return sizeof (struct sockaddr_in);
! 225: case AF_INET6:
! 226: return sizeof (struct sockaddr_in6);
! 227: }
! 228: // log_print ("sysdep_sa_len: unknown sa family %d", sa->sa_family);
! 229: return sizeof (struct sockaddr_in);
! 230: #else
! 231: return sa->sa_len;
! 232: #endif
! 233: }
! 234: #endif
! 235:
! 236: #endif /* KAME_LIBPFKEY_H */
! 237:
! 238: #endif /* _LIBPFKEY_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>