Annotation of embedaddon/strongswan/src/include/linux/pfkeyv2.h, revision 1.1.1.1
1.1 misho 1: /* PF_KEY user interface, this is defined by rfc2367 so
2: * do not make arbitrary modifications or else this header
3: * file will not be compliant.
4: */
5:
6: #ifndef _LINUX_PFKEY2_H
7: #define _LINUX_PFKEY2_H
8:
9: #include <linux/types.h>
10:
11: #define PF_KEY_V2 2
12: #define PFKEYV2_REVISION 199806L
13:
14: struct sadb_msg {
15: uint8_t sadb_msg_version;
16: uint8_t sadb_msg_type;
17: uint8_t sadb_msg_errno;
18: uint8_t sadb_msg_satype;
19: uint16_t sadb_msg_len;
20: uint16_t sadb_msg_reserved;
21: uint32_t sadb_msg_seq;
22: uint32_t sadb_msg_pid;
23: } __attribute__((packed));
24: /* sizeof(struct sadb_msg) == 16 */
25:
26: struct sadb_ext {
27: uint16_t sadb_ext_len;
28: uint16_t sadb_ext_type;
29: } __attribute__((packed));
30: /* sizeof(struct sadb_ext) == 4 */
31:
32: struct sadb_sa {
33: uint16_t sadb_sa_len;
34: uint16_t sadb_sa_exttype;
35: uint32_t sadb_sa_spi;
36: uint8_t sadb_sa_replay;
37: uint8_t sadb_sa_state;
38: uint8_t sadb_sa_auth;
39: uint8_t sadb_sa_encrypt;
40: uint32_t sadb_sa_flags;
41: } __attribute__((packed));
42: /* sizeof(struct sadb_sa) == 16 */
43:
44: struct sadb_lifetime {
45: uint16_t sadb_lifetime_len;
46: uint16_t sadb_lifetime_exttype;
47: uint32_t sadb_lifetime_allocations;
48: uint64_t sadb_lifetime_bytes;
49: uint64_t sadb_lifetime_addtime;
50: uint64_t sadb_lifetime_usetime;
51: } __attribute__((packed));
52: /* sizeof(struct sadb_lifetime) == 32 */
53:
54: struct sadb_address {
55: uint16_t sadb_address_len;
56: uint16_t sadb_address_exttype;
57: uint8_t sadb_address_proto;
58: uint8_t sadb_address_prefixlen;
59: uint16_t sadb_address_reserved;
60: } __attribute__((packed));
61: /* sizeof(struct sadb_address) == 8 */
62:
63: struct sadb_key {
64: uint16_t sadb_key_len;
65: uint16_t sadb_key_exttype;
66: uint16_t sadb_key_bits;
67: uint16_t sadb_key_reserved;
68: } __attribute__((packed));
69: /* sizeof(struct sadb_key) == 8 */
70:
71: struct sadb_ident {
72: uint16_t sadb_ident_len;
73: uint16_t sadb_ident_exttype;
74: uint16_t sadb_ident_type;
75: uint16_t sadb_ident_reserved;
76: uint64_t sadb_ident_id;
77: } __attribute__((packed));
78: /* sizeof(struct sadb_ident) == 16 */
79:
80: struct sadb_sens {
81: uint16_t sadb_sens_len;
82: uint16_t sadb_sens_exttype;
83: uint32_t sadb_sens_dpd;
84: uint8_t sadb_sens_sens_level;
85: uint8_t sadb_sens_sens_len;
86: uint8_t sadb_sens_integ_level;
87: uint8_t sadb_sens_integ_len;
88: uint32_t sadb_sens_reserved;
89: } __attribute__((packed));
90: /* sizeof(struct sadb_sens) == 16 */
91:
92: /* followed by:
93: uint64_t sadb_sens_bitmap[sens_len];
94: uint64_t sadb_integ_bitmap[integ_len]; */
95:
96: struct sadb_prop {
97: uint16_t sadb_prop_len;
98: uint16_t sadb_prop_exttype;
99: uint8_t sadb_prop_replay;
100: uint8_t sadb_prop_reserved[3];
101: } __attribute__((packed));
102: /* sizeof(struct sadb_prop) == 8 */
103:
104: /* followed by:
105: struct sadb_comb sadb_combs[(sadb_prop_len +
106: sizeof(uint64_t) - sizeof(struct sadb_prop)) /
107: sizeof(struct sadb_comb)]; */
108:
109: struct sadb_comb {
110: uint8_t sadb_comb_auth;
111: uint8_t sadb_comb_encrypt;
112: uint16_t sadb_comb_flags;
113: uint16_t sadb_comb_auth_minbits;
114: uint16_t sadb_comb_auth_maxbits;
115: uint16_t sadb_comb_encrypt_minbits;
116: uint16_t sadb_comb_encrypt_maxbits;
117: uint32_t sadb_comb_reserved;
118: uint32_t sadb_comb_soft_allocations;
119: uint32_t sadb_comb_hard_allocations;
120: uint64_t sadb_comb_soft_bytes;
121: uint64_t sadb_comb_hard_bytes;
122: uint64_t sadb_comb_soft_addtime;
123: uint64_t sadb_comb_hard_addtime;
124: uint64_t sadb_comb_soft_usetime;
125: uint64_t sadb_comb_hard_usetime;
126: } __attribute__((packed));
127: /* sizeof(struct sadb_comb) == 72 */
128:
129: struct sadb_supported {
130: uint16_t sadb_supported_len;
131: uint16_t sadb_supported_exttype;
132: uint32_t sadb_supported_reserved;
133: } __attribute__((packed));
134: /* sizeof(struct sadb_supported) == 8 */
135:
136: /* followed by:
137: struct sadb_alg sadb_algs[(sadb_supported_len +
138: sizeof(uint64_t) - sizeof(struct sadb_supported)) /
139: sizeof(struct sadb_alg)]; */
140:
141: struct sadb_alg {
142: uint8_t sadb_alg_id;
143: uint8_t sadb_alg_ivlen;
144: uint16_t sadb_alg_minbits;
145: uint16_t sadb_alg_maxbits;
146: uint16_t sadb_alg_reserved;
147: } __attribute__((packed));
148: /* sizeof(struct sadb_alg) == 8 */
149:
150: struct sadb_spirange {
151: uint16_t sadb_spirange_len;
152: uint16_t sadb_spirange_exttype;
153: uint32_t sadb_spirange_min;
154: uint32_t sadb_spirange_max;
155: uint32_t sadb_spirange_reserved;
156: } __attribute__((packed));
157: /* sizeof(struct sadb_spirange) == 16 */
158:
159: struct sadb_x_kmprivate {
160: uint16_t sadb_x_kmprivate_len;
161: uint16_t sadb_x_kmprivate_exttype;
162: uint32_t sadb_x_kmprivate_reserved;
163: } __attribute__((packed));
164: /* sizeof(struct sadb_x_kmprivate) == 8 */
165:
166: struct sadb_x_sa2 {
167: uint16_t sadb_x_sa2_len;
168: uint16_t sadb_x_sa2_exttype;
169: uint8_t sadb_x_sa2_mode;
170: uint8_t sadb_x_sa2_reserved1;
171: uint16_t sadb_x_sa2_reserved2;
172: uint32_t sadb_x_sa2_sequence;
173: uint32_t sadb_x_sa2_reqid;
174: } __attribute__((packed));
175: /* sizeof(struct sadb_x_sa2) == 16 */
176:
177: struct sadb_x_policy {
178: uint16_t sadb_x_policy_len;
179: uint16_t sadb_x_policy_exttype;
180: uint16_t sadb_x_policy_type;
181: uint8_t sadb_x_policy_dir;
182: uint8_t sadb_x_policy_reserved;
183: uint32_t sadb_x_policy_id;
184: uint32_t sadb_x_policy_priority;
185: } __attribute__((packed));
186: /* sizeof(struct sadb_x_policy) == 16 */
187:
188: struct sadb_x_ipsecrequest {
189: uint16_t sadb_x_ipsecrequest_len;
190: uint16_t sadb_x_ipsecrequest_proto;
191: uint8_t sadb_x_ipsecrequest_mode;
192: uint8_t sadb_x_ipsecrequest_level;
193: uint16_t sadb_x_ipsecrequest_reserved1;
194: uint32_t sadb_x_ipsecrequest_reqid;
195: uint32_t sadb_x_ipsecrequest_reserved2;
196: } __attribute__((packed));
197: /* sizeof(struct sadb_x_ipsecrequest) == 16 */
198:
199: /* This defines the TYPE of Nat Traversal in use. Currently only one
200: * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06
201: */
202: struct sadb_x_nat_t_type {
203: uint16_t sadb_x_nat_t_type_len;
204: uint16_t sadb_x_nat_t_type_exttype;
205: uint8_t sadb_x_nat_t_type_type;
206: uint8_t sadb_x_nat_t_type_reserved[3];
207: } __attribute__((packed));
208: /* sizeof(struct sadb_x_nat_t_type) == 8 */
209:
210: /* Pass a NAT Traversal port (Source or Dest port) */
211: struct sadb_x_nat_t_port {
212: uint16_t sadb_x_nat_t_port_len;
213: uint16_t sadb_x_nat_t_port_exttype;
214: uint16_t sadb_x_nat_t_port_port;
215: uint16_t sadb_x_nat_t_port_reserved;
216: } __attribute__((packed));
217: /* sizeof(struct sadb_x_nat_t_port) == 8 */
218:
219: /* Generic LSM security context */
220: struct sadb_x_sec_ctx {
221: uint16_t sadb_x_sec_len;
222: uint16_t sadb_x_sec_exttype;
223: uint8_t sadb_x_ctx_alg; /* LSMs: e.g., selinux == 1 */
224: uint8_t sadb_x_ctx_doi;
225: uint16_t sadb_x_ctx_len;
226: } __attribute__((packed));
227: /* sizeof(struct sadb_sec_ctx) = 8 */
228:
229: /* Used by MIGRATE to pass addresses IKE will use to perform
230: * negotiation with the peer */
231: struct sadb_x_kmaddress {
232: uint16_t sadb_x_kmaddress_len;
233: uint16_t sadb_x_kmaddress_exttype;
234: uint32_t sadb_x_kmaddress_reserved;
235: } __attribute__((packed));
236: /* sizeof(struct sadb_x_kmaddress) == 8 */
237:
238: /* Message types */
239: #define SADB_RESERVED 0
240: #define SADB_GETSPI 1
241: #define SADB_UPDATE 2
242: #define SADB_ADD 3
243: #define SADB_DELETE 4
244: #define SADB_GET 5
245: #define SADB_ACQUIRE 6
246: #define SADB_REGISTER 7
247: #define SADB_EXPIRE 8
248: #define SADB_FLUSH 9
249: #define SADB_DUMP 10
250: #define SADB_X_PROMISC 11
251: #define SADB_X_PCHANGE 12
252: #define SADB_X_SPDUPDATE 13
253: #define SADB_X_SPDADD 14
254: #define SADB_X_SPDDELETE 15
255: #define SADB_X_SPDGET 16
256: #define SADB_X_SPDACQUIRE 17
257: #define SADB_X_SPDDUMP 18
258: #define SADB_X_SPDFLUSH 19
259: #define SADB_X_SPDSETIDX 20
260: #define SADB_X_SPDEXPIRE 21
261: #define SADB_X_SPDDELETE2 22
262: #define SADB_X_NAT_T_NEW_MAPPING 23
263: #define SADB_X_MIGRATE 24
264: #define SADB_MAX 24
265:
266: /* Security Association flags */
267: #define SADB_SAFLAGS_PFS 1
268: #define SADB_SAFLAGS_NOPMTUDISC 0x20000000
269: #define SADB_SAFLAGS_DECAP_DSCP 0x40000000
270: #define SADB_SAFLAGS_NOECN 0x80000000
271:
272: /* Security Association states */
273: #define SADB_SASTATE_LARVAL 0
274: #define SADB_SASTATE_MATURE 1
275: #define SADB_SASTATE_DYING 2
276: #define SADB_SASTATE_DEAD 3
277: #define SADB_SASTATE_MAX 3
278:
279: /* Security Association types */
280: #define SADB_SATYPE_UNSPEC 0
281: #define SADB_SATYPE_AH 2
282: #define SADB_SATYPE_ESP 3
283: #define SADB_SATYPE_RSVP 5
284: #define SADB_SATYPE_OSPFV2 6
285: #define SADB_SATYPE_RIPV2 7
286: #define SADB_SATYPE_MIP 8
287: #define SADB_X_SATYPE_IPCOMP 9
288: #define SADB_SATYPE_MAX 9
289:
290: /* Authentication algorithms */
291: #define SADB_AALG_NONE 0
292: #define SADB_AALG_MD5HMAC 2
293: #define SADB_AALG_SHA1HMAC 3
294: #define SADB_X_AALG_SHA2_256HMAC 5
295: #define SADB_X_AALG_SHA2_384HMAC 6
296: #define SADB_X_AALG_SHA2_512HMAC 7
297: #define SADB_X_AALG_RIPEMD160HMAC 8
298: #define SADB_X_AALG_AES_XCBC_MAC 9
299: #define SADB_X_AALG_NULL 251 /* kame */
300: #define SADB_AALG_MAX 251
301:
302: /* Encryption algorithms */
303: #define SADB_EALG_NONE 0
304: #define SADB_EALG_DESCBC 2
305: #define SADB_EALG_3DESCBC 3
306: #define SADB_X_EALG_CASTCBC 6
307: #define SADB_X_EALG_BLOWFISHCBC 7
308: #define SADB_EALG_NULL 11
309: #define SADB_X_EALG_AESCBC 12
310: #define SADB_X_EALG_AESCTR 13
311: #define SADB_X_EALG_AES_CCM_ICV8 14
312: #define SADB_X_EALG_AES_CCM_ICV12 15
313: #define SADB_X_EALG_AES_CCM_ICV16 16
314: #define SADB_X_EALG_AES_GCM_ICV8 18
315: #define SADB_X_EALG_AES_GCM_ICV12 19
316: #define SADB_X_EALG_AES_GCM_ICV16 20
317: #define SADB_X_EALG_CAMELLIACBC 22
318: #define SADB_X_EALG_NULL_AES_GMAC 23
319: #define SADB_EALG_MAX 253 /* last EALG */
320: /* private allocations should use 249-255 (RFC2407) */
321: #define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
322: #define SADB_X_EALG_TWOFISHCBC 253 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
323:
324: /* Compression algorithms */
325: #define SADB_X_CALG_NONE 0
326: #define SADB_X_CALG_OUI 1
327: #define SADB_X_CALG_DEFLATE 2
328: #define SADB_X_CALG_LZS 3
329: #define SADB_X_CALG_LZJH 4
330: #define SADB_X_CALG_MAX 4
331:
332: /* Extension Header values */
333: #define SADB_EXT_RESERVED 0
334: #define SADB_EXT_SA 1
335: #define SADB_EXT_LIFETIME_CURRENT 2
336: #define SADB_EXT_LIFETIME_HARD 3
337: #define SADB_EXT_LIFETIME_SOFT 4
338: #define SADB_EXT_ADDRESS_SRC 5
339: #define SADB_EXT_ADDRESS_DST 6
340: #define SADB_EXT_ADDRESS_PROXY 7
341: #define SADB_EXT_KEY_AUTH 8
342: #define SADB_EXT_KEY_ENCRYPT 9
343: #define SADB_EXT_IDENTITY_SRC 10
344: #define SADB_EXT_IDENTITY_DST 11
345: #define SADB_EXT_SENSITIVITY 12
346: #define SADB_EXT_PROPOSAL 13
347: #define SADB_EXT_SUPPORTED_AUTH 14
348: #define SADB_EXT_SUPPORTED_ENCRYPT 15
349: #define SADB_EXT_SPIRANGE 16
350: #define SADB_X_EXT_KMPRIVATE 17
351: #define SADB_X_EXT_POLICY 18
352: #define SADB_X_EXT_SA2 19
353: /* The next four entries are for setting up NAT Traversal */
354: #define SADB_X_EXT_NAT_T_TYPE 20
355: #define SADB_X_EXT_NAT_T_SPORT 21
356: #define SADB_X_EXT_NAT_T_DPORT 22
357: #define SADB_X_EXT_NAT_T_OA 23
358: #define SADB_X_EXT_SEC_CTX 24
359: /* Used with MIGRATE to pass @ to IKE for negotiation */
360: #define SADB_X_EXT_KMADDRESS 25
361: #define SADB_EXT_MAX 25
362:
363: /* Identity Extension values */
364: #define SADB_IDENTTYPE_RESERVED 0
365: #define SADB_IDENTTYPE_PREFIX 1
366: #define SADB_IDENTTYPE_FQDN 2
367: #define SADB_IDENTTYPE_USERFQDN 3
368: #define SADB_IDENTTYPE_MAX 3
369:
370: #endif /* !(_LINUX_PFKEY2_H) */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>