Annotation of src/sys/net/pfkeyv2.h, Revision 1.22.4.1
1.22.4.1! yamt 1: /* $NetBSD: pfkeyv2.h,v 1.22 2005/06/28 15:33:27 christos Exp $ */
1.14 itojun 2: /* $KAME: pfkeyv2.h,v 1.36 2003/07/25 09:33:37 itojun Exp $ */
1.3 itojun 3:
4: /*
5: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6: * All rights reserved.
1.5 itojun 7: *
1.3 itojun 8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
16: * 3. Neither the name of the project nor the names of its contributors
17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
1.5 itojun 19: *
1.3 itojun 20: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
32:
1.4 itojun 33: /*
34: * This file has been derived rfc 2367,
35: * And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_.
36: * sakane@ydc.co.jp
37: */
38:
1.3 itojun 39: #ifndef _NET_PFKEYV2_H_
40: #define _NET_PFKEYV2_H_
41:
1.4 itojun 42: /*
43: This file defines structures and symbols for the PF_KEY Version 2
44: key management interface. It was written at the U.S. Naval Research
45: Laboratory. This file is in the public domain. The authors ask that
46: you leave this credit intact on any copies of this file.
47: */
48: #ifndef __PFKEY_V2_H
49: #define __PFKEY_V2_H 1
50:
51: #define PF_KEY_V2 2
52: #define PFKEYV2_REVISION 199806L
53:
54: #define SADB_RESERVED 0
55: #define SADB_GETSPI 1
56: #define SADB_UPDATE 2
57: #define SADB_ADD 3
58: #define SADB_DELETE 4
59: #define SADB_GET 5
60: #define SADB_ACQUIRE 6
61: #define SADB_REGISTER 7
62: #define SADB_EXPIRE 8
63: #define SADB_FLUSH 9
64: #define SADB_DUMP 10
65: #define SADB_X_PROMISC 11
66: #define SADB_X_PCHANGE 12
67:
1.5 itojun 68: #define SADB_X_SPDUPDATE 13
1.4 itojun 69: #define SADB_X_SPDADD 14
1.5 itojun 70: #define SADB_X_SPDDELETE 15 /* by policy index */
71: #define SADB_X_SPDGET 16
72: #define SADB_X_SPDACQUIRE 17
1.4 itojun 73: #define SADB_X_SPDDUMP 18
74: #define SADB_X_SPDFLUSH 19
1.5 itojun 75: #define SADB_X_SPDSETIDX 20
1.4 itojun 76: #define SADB_X_SPDEXPIRE 21 /* not yet */
1.5 itojun 77: #define SADB_X_SPDDELETE2 22 /* by policy id */
1.19 manu 78: #define SADB_X_NAT_T_NEW_MAPPING 23
1.22.4.1! yamt 79: #if 0
! 80: #define SADB_X_MIGRATE 23 /* KAME */
! 81: #endif
1.19 manu 82: #define SADB_MAX 23
1.4 itojun 83:
84: struct sadb_msg {
85: u_int8_t sadb_msg_version;
86: u_int8_t sadb_msg_type;
87: u_int8_t sadb_msg_errno;
88: u_int8_t sadb_msg_satype;
89: u_int16_t sadb_msg_len;
1.5 itojun 90: u_int16_t sadb_msg_reserved;
1.4 itojun 91: u_int32_t sadb_msg_seq;
92: u_int32_t sadb_msg_pid;
93: };
94:
95: struct sadb_ext {
96: u_int16_t sadb_ext_len;
97: u_int16_t sadb_ext_type;
98: };
99:
100: struct sadb_sa {
101: u_int16_t sadb_sa_len;
102: u_int16_t sadb_sa_exttype;
103: u_int32_t sadb_sa_spi;
104: u_int8_t sadb_sa_replay;
105: u_int8_t sadb_sa_state;
106: u_int8_t sadb_sa_auth;
107: u_int8_t sadb_sa_encrypt;
108: u_int32_t sadb_sa_flags;
109: };
110:
111: struct sadb_lifetime {
112: u_int16_t sadb_lifetime_len;
113: u_int16_t sadb_lifetime_exttype;
114: u_int32_t sadb_lifetime_allocations;
115: u_int64_t sadb_lifetime_bytes;
116: u_int64_t sadb_lifetime_addtime;
117: u_int64_t sadb_lifetime_usetime;
118: };
119:
120: struct sadb_address {
121: u_int16_t sadb_address_len;
122: u_int16_t sadb_address_exttype;
123: u_int8_t sadb_address_proto;
124: u_int8_t sadb_address_prefixlen;
125: u_int16_t sadb_address_reserved;
126: };
127:
128: struct sadb_key {
129: u_int16_t sadb_key_len;
130: u_int16_t sadb_key_exttype;
131: u_int16_t sadb_key_bits;
132: u_int16_t sadb_key_reserved;
133: };
134:
135: struct sadb_ident {
136: u_int16_t sadb_ident_len;
137: u_int16_t sadb_ident_exttype;
138: u_int16_t sadb_ident_type;
139: u_int16_t sadb_ident_reserved;
140: u_int64_t sadb_ident_id;
141: };
142:
143: struct sadb_sens {
144: u_int16_t sadb_sens_len;
145: u_int16_t sadb_sens_exttype;
146: u_int32_t sadb_sens_dpd;
147: u_int8_t sadb_sens_sens_level;
148: u_int8_t sadb_sens_sens_len;
149: u_int8_t sadb_sens_integ_level;
150: u_int8_t sadb_sens_integ_len;
151: u_int32_t sadb_sens_reserved;
152: };
153:
154: struct sadb_prop {
155: u_int16_t sadb_prop_len;
156: u_int16_t sadb_prop_exttype;
157: u_int8_t sadb_prop_replay;
158: u_int8_t sadb_prop_reserved[3];
159: };
160:
161: struct sadb_comb {
162: u_int8_t sadb_comb_auth;
163: u_int8_t sadb_comb_encrypt;
164: u_int16_t sadb_comb_flags;
165: u_int16_t sadb_comb_auth_minbits;
166: u_int16_t sadb_comb_auth_maxbits;
167: u_int16_t sadb_comb_encrypt_minbits;
168: u_int16_t sadb_comb_encrypt_maxbits;
169: u_int32_t sadb_comb_reserved;
170: u_int32_t sadb_comb_soft_allocations;
171: u_int32_t sadb_comb_hard_allocations;
172: u_int64_t sadb_comb_soft_bytes;
173: u_int64_t sadb_comb_hard_bytes;
174: u_int64_t sadb_comb_soft_addtime;
175: u_int64_t sadb_comb_hard_addtime;
176: u_int64_t sadb_comb_soft_usetime;
177: u_int64_t sadb_comb_hard_usetime;
178: };
179:
180: struct sadb_supported {
181: u_int16_t sadb_supported_len;
182: u_int16_t sadb_supported_exttype;
183: u_int32_t sadb_supported_reserved;
184: };
185:
186: struct sadb_alg {
187: u_int8_t sadb_alg_id;
188: u_int8_t sadb_alg_ivlen;
189: u_int16_t sadb_alg_minbits;
190: u_int16_t sadb_alg_maxbits;
191: u_int16_t sadb_alg_reserved;
192: };
193:
194: struct sadb_spirange {
195: u_int16_t sadb_spirange_len;
196: u_int16_t sadb_spirange_exttype;
197: u_int32_t sadb_spirange_min;
198: u_int32_t sadb_spirange_max;
199: u_int32_t sadb_spirange_reserved;
200: };
201:
202: struct sadb_x_kmprivate {
203: u_int16_t sadb_x_kmprivate_len;
204: u_int16_t sadb_x_kmprivate_exttype;
205: u_int32_t sadb_x_kmprivate_reserved;
206: };
207:
1.5 itojun 208: /*
209: * XXX Additional SA Extension.
210: * mode: tunnel or transport
211: * reqid: to make SA unique nevertheless the address pair of SA are same.
212: * Mainly it's for VPN.
213: */
214: struct sadb_x_sa2 {
215: u_int16_t sadb_x_sa2_len;
216: u_int16_t sadb_x_sa2_exttype;
217: u_int8_t sadb_x_sa2_mode;
218: u_int8_t sadb_x_sa2_reserved1;
219: u_int16_t sadb_x_sa2_reserved2;
1.12 itojun 220: u_int32_t sadb_x_sa2_sequence;
1.17 itojun 221: u_int32_t sadb_x_sa2_reqid; /* topmost 16bits are always 0 */
1.5 itojun 222: };
223:
1.4 itojun 224: /* XXX Policy Extension */
1.5 itojun 225: /* sizeof(struct sadb_x_policy) == 16 */
1.4 itojun 226: struct sadb_x_policy {
227: u_int16_t sadb_x_policy_len;
228: u_int16_t sadb_x_policy_exttype;
229: u_int16_t sadb_x_policy_type; /* See policy type of ipsec.h */
230: u_int8_t sadb_x_policy_dir; /* direction, see ipsec.h */
231: u_int8_t sadb_x_policy_reserved;
1.5 itojun 232: u_int32_t sadb_x_policy_id;
233: u_int32_t sadb_x_policy_reserved2;
1.4 itojun 234: };
235: /*
236: * When policy_type == IPSEC, it is followed by some of
237: * the ipsec policy request.
238: * [total length of ipsec policy requests]
239: * = (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy))
240: */
241:
242: /* XXX IPsec Policy Request Extension */
243: /*
244: * This structure is aligned 8 bytes.
245: */
246: struct sadb_x_ipsecrequest {
1.13 itojun 247: u_int16_t sadb_x_ipsecrequest_len; /* structure length in 64 bits. */
1.4 itojun 248: u_int16_t sadb_x_ipsecrequest_proto; /* See ipsec.h */
249: u_int8_t sadb_x_ipsecrequest_mode; /* See IPSEC_MODE_XX in ipsec.h. */
250: u_int8_t sadb_x_ipsecrequest_level; /* See IPSEC_LEVEL_XX in ipsec.h */
251: u_int16_t sadb_x_ipsecrequest_reqid; /* See ipsec.h */
252:
253: /*
254: * followed by source IP address of SA, and immediately followed by
255: * destination IP address of SA. These encoded into two of sockaddr
256: * structure without any padding. Must set each sa_len exactly.
257: * Each of length of the sockaddr structure are not aligned to 64bits,
258: * but sum of x_request and addresses is aligned to 64bits.
259: */
260: };
261:
1.19 manu 262: /* NAT traversal type, see draft-ietf-ipsec-udp-encaps-06 */
263: /* sizeof(struct sadb_x_nat_t_type) == 8 */
264: struct sadb_x_nat_t_type {
265: u_int16_t sadb_x_nat_t_type_len;
266: u_int16_t sadb_x_nat_t_type_exttype;
267: u_int8_t sadb_x_nat_t_type_type;
268: u_int8_t sadb_x_nat_t_type_reserved[3];
269: };
270:
271: /* NAT traversal source or destination port */
272: /* sizeof(struct sadb_x_nat_t_port) == 8 */
1.20 perry 273: struct sadb_x_nat_t_port {
1.19 manu 274: u_int16_t sadb_x_nat_t_port_len;
275: u_int16_t sadb_x_nat_t_port_exttype;
276: u_int16_t sadb_x_nat_t_port_port;
277: u_int16_t sadb_x_nat_t_port_reserved;
278: };
279:
280: /* ESP fragmentation size */
281: /* sizeof(struct sadb_x_nat_t_frag) == 8 */
282: struct sadb_x_nat_t_frag {
283: u_int16_t sadb_x_nat_t_frag_len;
284: u_int16_t sadb_x_nat_t_frag_exttype;
285: u_int16_t sadb_x_nat_t_frag_fraglen;
286: u_int16_t sadb_x_nat_t_frag_reserved;
287: };
288:
289:
1.4 itojun 290: #define SADB_EXT_RESERVED 0
291: #define SADB_EXT_SA 1
292: #define SADB_EXT_LIFETIME_CURRENT 2
293: #define SADB_EXT_LIFETIME_HARD 3
294: #define SADB_EXT_LIFETIME_SOFT 4
295: #define SADB_EXT_ADDRESS_SRC 5
296: #define SADB_EXT_ADDRESS_DST 6
297: #define SADB_EXT_ADDRESS_PROXY 7
298: #define SADB_EXT_KEY_AUTH 8
299: #define SADB_EXT_KEY_ENCRYPT 9
300: #define SADB_EXT_IDENTITY_SRC 10
301: #define SADB_EXT_IDENTITY_DST 11
302: #define SADB_EXT_SENSITIVITY 12
303: #define SADB_EXT_PROPOSAL 13
304: #define SADB_EXT_SUPPORTED_AUTH 14
305: #define SADB_EXT_SUPPORTED_ENCRYPT 15
306: #define SADB_EXT_SPIRANGE 16
307: #define SADB_X_EXT_KMPRIVATE 17
308: #define SADB_X_EXT_POLICY 18
1.5 itojun 309: #define SADB_X_EXT_SA2 19
1.19 manu 310: #define SADB_X_EXT_NAT_T_TYPE 20
311: #define SADB_X_EXT_NAT_T_SPORT 21
312: #define SADB_X_EXT_NAT_T_DPORT 22
313: #define SADB_X_EXT_NAT_T_OA 23
314: #define SADB_X_EXT_NAT_T_FRAG 24
1.22.4.1! yamt 315: #if 0
! 316: #define SADB_X_EXT_TAG 25 /* KAME */
! 317: #define SADB_X_EXT_SA3 26 /* KAME */
! 318: #define SADB_X_EXT_PACKET 27 /* KAME */
! 319: #endif
1.19 manu 320: #define SADB_EXT_MAX 24
1.4 itojun 321:
322: #define SADB_SATYPE_UNSPEC 0
323: #define SADB_SATYPE_AH 2
324: #define SADB_SATYPE_ESP 3
325: #define SADB_SATYPE_RSVP 5
326: #define SADB_SATYPE_OSPFV2 6
327: #define SADB_SATYPE_RIPV2 7
328: #define SADB_SATYPE_MIP 8
329: #define SADB_X_SATYPE_IPCOMP 9
1.12 itojun 330: /*#define SADB_X_SATYPE_POLICY 10 obsolete, do not reuse */
1.16 jonathan 331: #define SADB_X_SATYPE_TCPSIGNATURE 11
332: #define SADB_SATYPE_MAX 12
1.4 itojun 333:
334: #define SADB_SASTATE_LARVAL 0
335: #define SADB_SASTATE_MATURE 1
336: #define SADB_SASTATE_DYING 2
337: #define SADB_SASTATE_DEAD 3
338: #define SADB_SASTATE_MAX 3
339:
340: #define SADB_SAFLAGS_PFS 1
341:
1.7 itojun 342: /* RFC2367 numbers - meets RFC2407 */
343: #define SADB_AALG_NONE 0
344: #define SADB_AALG_MD5HMAC 2
345: #define SADB_AALG_SHA1HMAC 3
346: #define SADB_AALG_MAX 251
1.13 itojun 347: /* private allocations - based on RFC2407/IANA assignment */
348: #define SADB_X_AALG_SHA2_256 5
349: #define SADB_X_AALG_SHA2_384 6
350: #define SADB_X_AALG_SHA2_512 7
1.14 itojun 351: #define SADB_X_AALG_RIPEMD160HMAC 8
352: #define SADB_X_AALG_AES_XCBC_MAC 9 /* draft-ietf-ipsec-ciph-aes-xcbc-mac-04 */
1.7 itojun 353: /* private allocations should use 249-255 (RFC2407) */
354: #define SADB_X_AALG_MD5 249 /* Keyed MD5 */
355: #define SADB_X_AALG_SHA 250 /* Keyed SHA */
356: #define SADB_X_AALG_NULL 251 /* null authentication */
1.16 jonathan 357: #define SADB_X_AALG_TCP_MD5 252 /* Keyed TCP-MD5 (RFC2385) */
1.7 itojun 358:
359: /* RFC2367 numbers - meets RFC2407 */
360: #define SADB_EALG_NONE 0
361: #define SADB_EALG_DESCBC 2
362: #define SADB_EALG_3DESCBC 3
1.11 itojun 363: #define SADB_EALG_NULL 11
1.15 jonathan 364: #define SADB_EALG_MAX 250
1.9 itojun 365: /* private allocations - based on RFC2407/IANA assignment */
1.7 itojun 366: #define SADB_X_EALG_CAST128CBC 6
1.8 itojun 367: #define SADB_X_EALG_BLOWFISHCBC 7
1.9 itojun 368: #define SADB_X_EALG_RIJNDAELCBC 12
369: #define SADB_X_EALG_AES 12
1.18 itojun 370: #define SADB_X_EALG_AESCTR 13
1.7 itojun 371: /* private allocations should use 249-255 (RFC2407) */
1.15 jonathan 372: #define SADB_X_EALG_SKIPJACK 250
1.4 itojun 373:
1.13 itojun 374: /* private allocations - based on RFC2407/IANA assignment */
1.4 itojun 375: #define SADB_X_CALG_NONE 0
376: #define SADB_X_CALG_OUI 1
377: #define SADB_X_CALG_DEFLATE 2
378: #define SADB_X_CALG_LZS 3
379: #define SADB_X_CALG_MAX 4
380:
381: #define SADB_IDENTTYPE_RESERVED 0
382: #define SADB_IDENTTYPE_PREFIX 1
383: #define SADB_IDENTTYPE_FQDN 2
384: #define SADB_IDENTTYPE_USERFQDN 3
385: #define SADB_X_IDENTTYPE_ADDR 4
386: #define SADB_IDENTTYPE_MAX 4
387:
388: /* `flags' in sadb_sa structure holds followings */
389: #define SADB_X_EXT_NONE 0x0000 /* i.e. new format. */
390: #define SADB_X_EXT_OLD 0x0001 /* old format. */
391:
392: #define SADB_X_EXT_IV4B 0x0010 /* IV length of 4 bytes in use */
393: #define SADB_X_EXT_DERIV 0x0020 /* DES derived */
394: #define SADB_X_EXT_CYCSEQ 0x0040 /* allowing to cyclic sequence. */
395:
396: /* three of followings are exclusive flags each them */
397: #define SADB_X_EXT_PSEQ 0x0000 /* sequencial padding for ESP */
398: #define SADB_X_EXT_PRAND 0x0100 /* random padding for ESP */
399: #define SADB_X_EXT_PZERO 0x0200 /* zero padding for ESP */
400: #define SADB_X_EXT_PMASK 0x0300 /* mask for padding flag */
401:
402: #if 1
403: #define SADB_X_EXT_RAWCPI 0x0080 /* use well known CPI (IPComp) */
404: #endif
405:
406: #define SADB_KEY_FLAGS_MAX 0x0fff
407:
408: /* SPI size for PF_KEYv2 */
409: #define PFKEY_SPI_SIZE sizeof(u_int32_t)
410:
411: /* Identifier for menber of lifetime structure */
412: #define SADB_X_LIFETIME_ALLOCATIONS 0
413: #define SADB_X_LIFETIME_BYTES 1
414: #define SADB_X_LIFETIME_ADDTIME 2
415: #define SADB_X_LIFETIME_USETIME 3
416:
417: /* The rate for SOFT lifetime against HARD one. */
418: #define PFKEY_SOFT_LIFETIME_RATE 80
419:
420: /* Utilities */
421: #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
422: #define PFKEY_EXTLEN(msg) \
1.21 christos 423: PFKEY_UNUNIT64(((struct sadb_ext *)(void *)(msg))->sadb_ext_len)
1.4 itojun 424: #define PFKEY_ADDR_PREFIX(ext) \
1.21 christos 425: (((struct sadb_address *)(void *)(ext))->sadb_address_prefixlen)
1.4 itojun 426: #define PFKEY_ADDR_PROTO(ext) \
1.21 christos 427: (((struct sadb_address *)(void *)(ext))->sadb_address_proto)
1.4 itojun 428: #define PFKEY_ADDR_SADDR(ext) \
1.22 christos 429: ((struct sockaddr *)(void *)((char *)(void *)(ext) + \
430: sizeof(struct sadb_address)))
1.4 itojun 431:
432: /* in 64bits */
433: #define PFKEY_UNUNIT64(a) ((a) << 3)
434: #define PFKEY_UNIT64(a) ((a) >> 3)
435:
436: #endif /* __PFKEY_V2_H */
1.3 itojun 437:
438: #endif /* _NET_PFKEYV2_H_ */
CVSweb <webmaster@jp.NetBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to pfkeyv2.h CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net