1: /* $NetBSD: libpfkey.h,v 1.18 2010/12/03 14:32:52 tteras Exp $ */
2:
3: /* Id: libpfkey.h,v 1.13 2005/12/04 20:26:43 manubsd Exp */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #ifndef _LIBPFKEY_H
35: #define _LIBPFKEY_H
36:
37: #ifndef KAME_LIBPFKEY_H
38: #define KAME_LIBPFKEY_H
39:
40: #define PRIORITY_LOW 0xC0000000
41: #define PRIORITY_DEFAULT 0x80000000
42: #define PRIORITY_HIGH 0x40000000
43:
44: #define PRIORITY_OFFSET_POSITIVE_MAX 0x3fffffff
45: #define PRIORITY_OFFSET_NEGATIVE_MAX 0x40000000
46:
47: struct sadb_msg;
48: extern void pfkey_sadump __P((struct sadb_msg *));
49: extern void pfkey_sadump_withports __P((struct sadb_msg *));
50: extern void pfkey_spdump __P((struct sadb_msg *));
51: extern void pfkey_spdump_withports __P((struct sadb_msg *));
52:
53: struct sockaddr;
54: struct sadb_alg;
55:
56: /* Accomodate different prototypes in <netinet6/ipsec.h> */
57: #include <sys/types.h>
58: #include PATH_IPSEC_H
59:
60: #ifndef HAVE_IPSEC_POLICY_T
61: typedef caddr_t ipsec_policy_t;
62: #define __ipsec_const
63: #else
64: #define __ipsec_const const
65: #endif
66:
67: struct pfkey_send_sa_args {
68: int so; /* socket */
69: u_int type;
70: u_int satype;
71: u_int mode;
72: struct sockaddr *src; /* IP src address for SA */
73: struct sockaddr *dst; /* IP dst address for SA */
74: u_int32_t spi; /* SA's spi */
75: u_int32_t reqid;
76: u_int wsize;
77: caddr_t keymat;
78: u_int e_type, e_keylen; /* Encryption alg and keylen */
79: u_int a_type, a_keylen; /* Authentication alg and key */
80: u_int flags;
81: u_int32_t l_alloc;
82: u_int32_t l_bytes;
83: u_int32_t l_addtime;
84: u_int32_t l_usetime;
85: u_int32_t seq;
86: u_int8_t l_natt_type;
87: u_int16_t l_natt_sport, l_natt_dport;
88: struct sockaddr *l_natt_oa;
89: u_int16_t l_natt_frag;
90: u_int8_t ctxdoi, ctxalg; /* Security context DOI and algorithm */
91: caddr_t ctxstr; /* Security context string */
92: u_int16_t ctxstrlen; /* length of security context string */
93: };
94:
95: /* The options built into libipsec */
96: extern int libipsec_opt;
97: #define LIBIPSEC_OPT_NATT 0x01
98: #define LIBIPSEC_OPT_FRAG 0x02
99: #define LIBIPSEC_OPT_SEC_CTX 0x04
100:
101: /* IPsec Library Routines */
102:
103: int ipsec_check_keylen __P((u_int, u_int, u_int));
104: int ipsec_check_keylen2 __P((u_int, u_int, u_int));
105: int ipsec_get_keylen __P((u_int, u_int, struct sadb_alg *));
106: char *ipsec_dump_policy_withports __P((void *, const char *));
107: void ipsec_hexdump __P((const void *, int));
108: const char *ipsec_strerror __P((void));
109: void kdebug_sadb __P((struct sadb_msg *));
110: ipsec_policy_t ipsec_set_policy __P((__ipsec_const char *, int));
111: int ipsec_get_policylen __P((ipsec_policy_t));
112: char *ipsec_dump_policy __P((ipsec_policy_t, __ipsec_const char *));
113:
114: /* PFKey Routines */
115:
116: u_int pfkey_set_softrate __P((u_int, u_int));
117: u_int pfkey_get_softrate __P((u_int));
118: int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
119: struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
120: int pfkey_send_getspi_nat __P((int, u_int, u_int,
121: struct sockaddr *, struct sockaddr *, u_int8_t, u_int16_t, u_int16_t,
122: u_int32_t, u_int32_t, u_int32_t, u_int32_t));
123:
124: int pfkey_send_update2 __P((struct pfkey_send_sa_args *));
125: int pfkey_send_add2 __P((struct pfkey_send_sa_args *));
126: int pfkey_send_delete __P((int, u_int, u_int,
127: struct sockaddr *, struct sockaddr *, u_int32_t));
128: int pfkey_send_delete_all __P((int, u_int, u_int,
129: struct sockaddr *, struct sockaddr *));
130: int pfkey_send_get __P((int, u_int, u_int,
131: struct sockaddr *, struct sockaddr *, u_int32_t));
132: int pfkey_send_register __P((int, u_int));
133: int pfkey_recv_register __P((int));
134: int pfkey_set_supported __P((struct sadb_msg *, int));
135: int pfkey_send_flush __P((int, u_int));
136: int pfkey_send_dump __P((int, u_int));
137: int pfkey_send_promisc_toggle __P((int, int));
138: int pfkey_send_spdadd __P((int, struct sockaddr *, u_int,
139: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
140: int pfkey_send_spdadd2 __P((int, struct sockaddr *, u_int,
141: struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
142: caddr_t, int, u_int32_t));
143: int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int,
144: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
145: int pfkey_send_spdupdate2 __P((int, struct sockaddr *, u_int,
146: struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
147: caddr_t, int, u_int32_t));
148: int pfkey_send_spddelete __P((int, struct sockaddr *, u_int,
149: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
150: int pfkey_send_spddelete2 __P((int, u_int32_t));
151: int pfkey_send_spdget __P((int, u_int32_t));
152: int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int,
153: struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
154: int pfkey_send_spdflush __P((int));
155: int pfkey_send_spddump __P((int));
156: #ifdef SADB_X_MIGRATE
157: int pfkey_send_migrate __P((int, struct sockaddr *, struct sockaddr *,
158: struct sockaddr *, u_int, struct sockaddr *, u_int, u_int,
159: caddr_t, int, u_int32_t));
160: #endif
161:
162: /* XXX should be somewhere else !!!
163: */
164: #ifdef SADB_X_EXT_NAT_T_TYPE
165: #define PFKEY_ADDR_X_PORT(ext) (ntohs(((struct sadb_x_nat_t_port *)ext)->sadb_x_nat_t_port_port))
166: #define PFKEY_ADDR_X_NATTYPE(ext) ( ext != NULL && ((struct sadb_x_nat_t_type *)ext)->sadb_x_nat_t_type_type )
167: #endif
168:
169:
170: int pfkey_open __P((void));
171: void pfkey_close __P((int));
172: int pfkey_set_buffer_size __P((int, int));
173: struct sadb_msg *pfkey_recv __P((int));
174: int pfkey_send __P((int, struct sadb_msg *, int));
175: int pfkey_align __P((struct sadb_msg *, caddr_t *));
176: int pfkey_check __P((caddr_t *));
177:
178: /*
179: * Deprecated, available for backward compatibility with third party
180: * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead
181: */
182: int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
183: struct sockaddr *, u_int32_t, u_int32_t, u_int,
184: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
185: u_int64_t, u_int64_t, u_int32_t));
186: int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *,
187: struct sockaddr *, u_int32_t, u_int32_t, u_int,
188: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
189: u_int64_t, u_int64_t, u_int32_t,
190: u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
191: int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
192: struct sockaddr *, u_int32_t, u_int32_t, u_int,
193: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
194: u_int64_t, u_int64_t, u_int32_t));
195: int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *,
196: struct sockaddr *, u_int32_t, u_int32_t, u_int,
197: caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
198: u_int64_t, u_int64_t, u_int32_t,
199: u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
200:
201: #ifndef __SYSDEP_SA_LEN__
202: #define __SYSDEP_SA_LEN__
203: #include <netinet/in.h>
204:
205: #ifndef IPPROTO_IPV4
206: #define IPPROTO_IPV4 IPPROTO_IPIP
207: #endif
208:
209: #ifndef IPPROTO_IPCOMP
210: #define IPPROTO_IPCOMP IPPROTO_COMP
211: #endif
212:
213: #ifndef IPPROTO_MH
214: #define IPPROTO_MH 135
215: #endif
216:
217: static __inline u_int8_t
218: sysdep_sa_len (const struct sockaddr *sa)
219: {
220: #ifdef __linux__
221: switch (sa->sa_family)
222: {
223: case AF_INET:
224: return sizeof (struct sockaddr_in);
225: case AF_INET6:
226: return sizeof (struct sockaddr_in6);
227: }
228: // log_print ("sysdep_sa_len: unknown sa family %d", sa->sa_family);
229: return sizeof (struct sockaddr_in);
230: #else
231: return sa->sa_len;
232: #endif
233: }
234: #endif
235:
236: #endif /* KAME_LIBPFKEY_H */
237:
238: #endif /* _LIBPFKEY_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to libpfkey.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / libipsec