FreeBSD/Linux Kernel Cross Reference
sys/net/pfkeyv2.h
1 /* $OpenBSD: pfkeyv2.h,v 1.93 2022/08/27 20:28:01 mvs Exp $ */
2 /*
3 * @(#)COPYRIGHT 1.1 (NRL) January 1998
4 *
5 * NRL grants permission for redistribution and use in source and binary
6 * forms, with or without modification, of the software and documentation
7 * created at NRL provided that the following conditions are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgements:
16 * This product includes software developed by the University of
17 * California, Berkeley and its contributors.
18 * This product includes software developed at the Information
19 * Technology Division, US Naval Research Laboratory.
20 * 4. Neither the name of the NRL nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
25 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
26 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
27 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
28 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
29 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
30 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
31 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 *
36 * The views and conclusions contained in the software and documentation
37 * are those of the authors and should not be interpreted as representing
38 * official policies, either expressed or implied, of the US Naval
39 * Research Laboratory (NRL).
40 */
41
42 #ifndef _NET_PFKEY_V2_H_
43 #define _NET_PFKEY_V2_H_
44
45 #define PF_KEY_V2 2
46 #define PFKEYV2_REVISION 199806L
47
48 /* This should be updated whenever the API is altered. */
49 #define _OPENBSD_IPSEC_API_VERSION 2
50
51 #define SADB_RESERVED 0
52 #define SADB_GETSPI 1
53 #define SADB_UPDATE 2
54 #define SADB_ADD 3
55 #define SADB_DELETE 4
56 #define SADB_GET 5
57 #define SADB_ACQUIRE 6
58 #define SADB_REGISTER 7
59 #define SADB_EXPIRE 8
60 #define SADB_FLUSH 9
61 #define SADB_DUMP 10
62 #define SADB_X_PROMISC 11
63 #define SADB_X_ADDFLOW 12
64 #define SADB_X_DELFLOW 13
65 #define SADB_X_GRPSPIS 14
66 #define SADB_X_ASKPOLICY 15
67 #define SADB_X_SPDDUMP 16
68 #define SADB_MAX 16
69
70 struct sadb_msg {
71 uint8_t sadb_msg_version;
72 uint8_t sadb_msg_type;
73 uint8_t sadb_msg_errno;
74 uint8_t sadb_msg_satype;
75 uint16_t sadb_msg_len;
76 uint16_t sadb_msg_reserved;
77 uint32_t sadb_msg_seq;
78 uint32_t sadb_msg_pid;
79 };
80
81 struct sadb_ext {
82 uint16_t sadb_ext_len;
83 uint16_t sadb_ext_type;
84 };
85
86 struct sadb_sa {
87 uint16_t sadb_sa_len;
88 uint16_t sadb_sa_exttype;
89 uint32_t sadb_sa_spi;
90 uint8_t sadb_sa_replay;
91 uint8_t sadb_sa_state;
92 uint8_t sadb_sa_auth;
93 uint8_t sadb_sa_encrypt;
94 uint32_t sadb_sa_flags;
95 };
96
97 struct sadb_lifetime {
98 uint16_t sadb_lifetime_len;
99 uint16_t sadb_lifetime_exttype;
100 uint32_t sadb_lifetime_allocations;
101 uint64_t sadb_lifetime_bytes;
102 uint64_t sadb_lifetime_addtime;
103 uint64_t sadb_lifetime_usetime;
104 };
105
106 struct sadb_address {
107 uint16_t sadb_address_len;
108 uint16_t sadb_address_exttype;
109 uint32_t sadb_address_reserved;
110 };
111
112 struct sadb_key {
113 uint16_t sadb_key_len;
114 uint16_t sadb_key_exttype;
115 uint16_t sadb_key_bits;
116 uint16_t sadb_key_reserved;
117 };
118
119 struct sadb_ident {
120 uint16_t sadb_ident_len;
121 uint16_t sadb_ident_exttype;
122 uint16_t sadb_ident_type;
123 uint16_t sadb_ident_reserved;
124 uint64_t sadb_ident_id;
125 };
126
127 struct sadb_sens {
128 uint16_t sadb_sens_len;
129 uint16_t sadb_sens_exttype;
130 uint32_t sadb_sens_dpd;
131 uint8_t sadb_sens_sens_level;
132 uint8_t sadb_sens_sens_len;
133 uint8_t sadb_sens_integ_level;
134 uint8_t sadb_sens_integ_len;
135 uint32_t sadb_sens_reserved;
136 };
137
138 struct sadb_prop {
139 uint16_t sadb_prop_len;
140 uint16_t sadb_prop_exttype;
141 uint8_t sadb_prop_num;
142 uint8_t sadb_prop_replay;
143 uint16_t sadb_prop_reserved;
144 };
145
146 struct sadb_comb {
147 uint8_t sadb_comb_auth;
148 uint8_t sadb_comb_encrypt;
149 uint16_t sadb_comb_flags;
150 uint16_t sadb_comb_auth_minbits;
151 uint16_t sadb_comb_auth_maxbits;
152 uint16_t sadb_comb_encrypt_minbits;
153 uint16_t sadb_comb_encrypt_maxbits;
154 uint32_t sadb_comb_reserved;
155 uint32_t sadb_comb_soft_allocations;
156 uint32_t sadb_comb_hard_allocations;
157 uint64_t sadb_comb_soft_bytes;
158 uint64_t sadb_comb_hard_bytes;
159 uint64_t sadb_comb_soft_addtime;
160 uint64_t sadb_comb_hard_addtime;
161 uint64_t sadb_comb_soft_usetime;
162 uint64_t sadb_comb_hard_usetime;
163 };
164
165 struct sadb_supported {
166 uint16_t sadb_supported_len;
167 uint16_t sadb_supported_exttype;
168 uint32_t sadb_supported_reserved;
169 };
170
171 struct sadb_alg {
172 uint8_t sadb_alg_id;
173 uint8_t sadb_alg_ivlen;
174 uint16_t sadb_alg_minbits;
175 uint16_t sadb_alg_maxbits;
176 uint16_t sadb_alg_reserved;
177 };
178
179 struct sadb_spirange {
180 uint16_t sadb_spirange_len;
181 uint16_t sadb_spirange_exttype;
182 uint32_t sadb_spirange_min;
183 uint32_t sadb_spirange_max;
184 uint32_t sadb_spirange_reserved;
185 };
186
187 struct sadb_protocol {
188 uint16_t sadb_protocol_len;
189 uint16_t sadb_protocol_exttype;
190 uint8_t sadb_protocol_proto;
191 uint8_t sadb_protocol_direction;
192 uint8_t sadb_protocol_flags;
193 uint8_t sadb_protocol_reserved2;
194 };
195
196 struct sadb_x_policy {
197 uint16_t sadb_x_policy_len;
198 uint16_t sadb_x_policy_exttype;
199 uint32_t sadb_x_policy_seq;
200 };
201
202 struct sadb_x_udpencap {
203 uint16_t sadb_x_udpencap_len;
204 uint16_t sadb_x_udpencap_exttype;
205 uint16_t sadb_x_udpencap_port;
206 uint16_t sadb_x_udpencap_reserved;
207 };
208
209 struct sadb_x_tag {
210 uint16_t sadb_x_tag_len;
211 uint16_t sadb_x_tag_exttype;
212 uint32_t sadb_x_tag_taglen;
213 };
214
215 struct sadb_x_replay {
216 uint16_t sadb_x_replay_len;
217 uint16_t sadb_x_replay_exttype;
218 uint32_t sadb_x_replay_reserved;
219 uint64_t sadb_x_replay_count;
220 };
221
222 struct sadb_x_rdomain {
223 uint16_t sadb_x_rdomain_len;
224 uint16_t sadb_x_rdomain_exttype;
225 uint16_t sadb_x_rdomain_dom1;
226 uint16_t sadb_x_rdomain_dom2;
227 };
228
229 struct sadb_x_tap {
230 uint16_t sadb_x_tap_len;
231 uint16_t sadb_x_tap_exttype;
232 uint32_t sadb_x_tap_unit;
233 };
234
235 struct sadb_x_counter {
236 uint16_t sadb_x_counter_len;
237 uint16_t sadb_x_counter_exttype;
238 uint32_t sadb_x_counter_pad;
239 uint64_t sadb_x_counter_ipackets; /* Input IPsec packets */
240 uint64_t sadb_x_counter_opackets; /* Output IPsec packets */
241 uint64_t sadb_x_counter_ibytes; /* Input bytes */
242 uint64_t sadb_x_counter_obytes; /* Output bytes */
243 uint64_t sadb_x_counter_idrops; /* Dropped on input */
244 uint64_t sadb_x_counter_odrops; /* Dropped on output */
245 uint64_t sadb_x_counter_idecompbytes; /* Input bytes, decompressed */
246 uint64_t sadb_x_counter_ouncompbytes; /* Output bytes, uncompressed */
247 };
248
249 struct sadb_x_mtu {
250 uint16_t sadb_x_mtu_len;
251 uint16_t sadb_x_mtu_exttype;
252 uint32_t sadb_x_mtu_mtu;
253 };
254
255 #ifdef _KERNEL
256 #define SADB_X_GETSPROTO(x) \
257 ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
258 (x) == SADB_SATYPE_ESP ? IPPROTO_ESP :\
259 (x) == SADB_X_SATYPE_TCPSIGNATURE ? IPPROTO_TCP :\
260 (x) == SADB_X_SATYPE_IPCOMP ? IPPROTO_IPCOMP: IPPROTO_IPIP )
261 #endif
262
263 #define SADB_EXT_RESERVED 0
264 #define SADB_EXT_SA 1
265 #define SADB_EXT_LIFETIME_CURRENT 2
266 #define SADB_EXT_LIFETIME_HARD 3
267 #define SADB_EXT_LIFETIME_SOFT 4
268 #define SADB_EXT_ADDRESS_SRC 5
269 #define SADB_EXT_ADDRESS_DST 6
270 #define SADB_EXT_ADDRESS_PROXY 7
271 #define SADB_EXT_KEY_AUTH 8
272 #define SADB_EXT_KEY_ENCRYPT 9
273 #define SADB_EXT_IDENTITY_SRC 10
274 #define SADB_EXT_IDENTITY_DST 11
275 #define SADB_EXT_SENSITIVITY 12
276 #define SADB_EXT_PROPOSAL 13
277 #define SADB_EXT_SUPPORTED_AUTH 14
278 #define SADB_EXT_SUPPORTED_ENCRYPT 15
279 #define SADB_EXT_SPIRANGE 16
280 #define SADB_X_EXT_SRC_MASK 17
281 #define SADB_X_EXT_DST_MASK 18
282 #define SADB_X_EXT_PROTOCOL 19
283 #define SADB_X_EXT_FLOW_TYPE 20
284 #define SADB_X_EXT_SRC_FLOW 21
285 #define SADB_X_EXT_DST_FLOW 22
286 #define SADB_X_EXT_SA2 23
287 #define SADB_X_EXT_DST2 24
288 #define SADB_X_EXT_POLICY 25
289 #define SADB_X_EXT_LOCAL_CREDENTIALS 26
290 #define SADB_X_EXT_REMOTE_CREDENTIALS 27
291 #define SADB_X_EXT_LOCAL_AUTH 28
292 #define SADB_X_EXT_REMOTE_AUTH 29
293 #define SADB_X_EXT_SUPPORTED_COMP 30
294 #define SADB_X_EXT_UDPENCAP 31
295 #define SADB_X_EXT_LIFETIME_LASTUSE 32
296 #define SADB_X_EXT_TAG 33
297 #define SADB_X_EXT_TAP 34
298 #define SADB_X_EXT_SATYPE2 35
299 #define SADB_X_EXT_COUNTER 36
300 #define SADB_X_EXT_RDOMAIN 37
301 #define SADB_X_EXT_MTU 38
302 #define SADB_X_EXT_REPLAY 39
303 #define SADB_EXT_MAX 39
304
305 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
306 #define SADB_SATYPE_UNSPEC 0
307 #define SADB_SATYPE_AH 1
308 #define SADB_SATYPE_ESP 2
309 #define SADB_SATYPE_RSVP 3
310 #define SADB_SATYPE_OSPFV2 4
311 #define SADB_SATYPE_RIPV2 5
312 #define SADB_SATYPE_MIP 6
313 #define SADB_X_SATYPE_IPIP 7
314 #define SADB_X_SATYPE_TCPSIGNATURE 8
315 #define SADB_X_SATYPE_IPCOMP 9
316 #define SADB_SATYPE_MAX 9
317
318 #define SADB_SASTATE_LARVAL 0
319 #define SADB_SASTATE_MATURE 1
320 #define SADB_SASTATE_DYING 2
321 #define SADB_SASTATE_DEAD 3
322 #define SADB_SASTATE_MAX 3
323
324 #define SADB_AALG_NONE 0
325 #define SADB_AALG_MD5HMAC 2
326 #define SADB_AALG_SHA1HMAC 3
327 #define SADB_X_AALG_SHA2_256 5
328 #define SADB_X_AALG_SHA2_384 6
329 #define SADB_X_AALG_SHA2_512 7
330 #define SADB_X_AALG_RIPEMD160HMAC 8
331 #define SADB_X_AALG_AES128GMAC 9
332 #define SADB_X_AALG_AES192GMAC 10
333 #define SADB_X_AALG_AES256GMAC 11
334 #define SADB_X_AALG_CHACHA20POLY1305 12
335 #define SADB_AALG_MAX 12
336
337 #define SADB_EALG_NONE 0
338 #define SADB_EALG_3DESCBC 3
339 #define SADB_X_EALG_CAST 6
340 #define SADB_X_EALG_BLF 7
341 #define SADB_EALG_NULL 11
342 #define SADB_X_EALG_AES 12
343 #define SADB_X_EALG_AESCTR 13
344 #define SADB_X_EALG_AESGCM8 18
345 #define SADB_X_EALG_AESGCM12 19
346 #define SADB_X_EALG_AESGCM16 20
347 #define SADB_X_EALG_AESGMAC 21
348 #define SADB_X_EALG_CHACHA20POLY1305 22
349 #define SADB_EALG_MAX 22
350
351 #define SADB_X_CALG_NONE 0
352 #define SADB_X_CALG_OUI 1
353 #define SADB_X_CALG_DEFLATE 2
354 #define SADB_X_CALG_MAX 2
355
356 #define SADB_SAFLAGS_PFS 0x001 /* perfect forward secrecy */
357 #define SADB_X_SAFLAGS_TUNNEL 0x004 /* Force tunneling */
358 #define SADB_X_SAFLAGS_CHAINDEL 0x008 /* Delete whole SA chain */
359 #define SADB_X_SAFLAGS_UDPENCAP 0x200 /* ESP in UDP */
360 #define SADB_X_SAFLAGS_ESN 0x400 /* Extended Sequence Number */
361
362 #define SADB_X_POLICYFLAGS_POLICY 0x0001 /* This is a static policy */
363
364 #define SADB_IDENTTYPE_RESERVED 0
365 #define SADB_IDENTTYPE_PREFIX 1
366 #define SADB_IDENTTYPE_FQDN 2
367 #define SADB_IDENTTYPE_USERFQDN 3
368 #define SADB_IDENTTYPE_ASN1_DN 4
369 #define SADB_IDENTTYPE_MAX 4
370
371 #define SADB_KEY_FLAGS_MAX 0
372
373 #ifdef _KERNEL
374 #define PFKEYV2_LIFETIME_HARD 0
375 #define PFKEYV2_LIFETIME_SOFT 1
376 #define PFKEYV2_LIFETIME_CURRENT 2
377 #define PFKEYV2_LIFETIME_LASTUSE 3
378
379 #define PFKEYV2_IDENTITY_SRC 0
380 #define PFKEYV2_IDENTITY_DST 1
381
382 #define PFKEYV2_ENCRYPTION_KEY 0
383 #define PFKEYV2_AUTHENTICATION_KEY 1
384
385 #define PFKEYV2_SOCKETFLAGS_REGISTERED 1
386 #define PFKEYV2_SOCKETFLAGS_PROMISC 2
387
388 #define PFKEYV2_SENDMESSAGE_UNICAST 1
389 #define PFKEYV2_SENDMESSAGE_REGISTERED 2
390 #define PFKEYV2_SENDMESSAGE_BROADCAST 3
391 #endif /* _KERNEL */
392
393 #define SADB_X_FLOW_TYPE_USE 1
394 #define SADB_X_FLOW_TYPE_ACQUIRE 2
395 #define SADB_X_FLOW_TYPE_REQUIRE 3
396 #define SADB_X_FLOW_TYPE_BYPASS 4
397 #define SADB_X_FLOW_TYPE_DENY 5
398 #define SADB_X_FLOW_TYPE_DONTACQ 6
399
400 #ifdef _KERNEL
401 struct tdb;
402 struct socket;
403 struct mbuf;
404
405 #define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t))
406 #define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1))
407
408 int pfkeyv2_parsemessage(void *, int, void **);
409 int pfkeyv2_expire(struct tdb *, u_int16_t);
410 int pfkeyv2_acquire(struct ipsec_policy *, union sockaddr_union *,
411 union sockaddr_union *, u_int32_t *, struct sockaddr_encap *);
412
413 int pfkeyv2_get(struct tdb *, void **, void **, int *, int *);
414 int pfkeyv2_policy(struct ipsec_acquire *, void **, void **, int *);
415 int pfkeyv2_dosend(struct socket *, void *, int);
416 int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int, u_int);
417 int pfkeyv2_dump_policy(struct ipsec_policy *, void **, void **, int *);
418 int pfkeyv2_dump_walker(struct tdb *, void *, int);
419 int pfkeyv2_get_proto_alg(u_int8_t, u_int8_t *, int *);
420 int pfkeyv2_sysctl(int *, u_int, void *, size_t *, void *, size_t);
421 int pfkeyv2_sysctl_walker(struct tdb *, void *, int);
422 int pfkeyv2_sysctl_dump(void *);
423
424 int pfdatatopacket(void *, int, struct mbuf **);
425
426 void export_address(void **, struct sockaddr *);
427 void export_identities(void **, struct ipsec_ids *, int, void **);
428 void export_lifetime(void **, struct tdb *, int);
429 void export_sa(void **, struct tdb *);
430 void export_flow(void **, u_int8_t, struct sockaddr_encap *,
431 struct sockaddr_encap *, void **);
432 void export_key(void **, struct tdb *, int);
433 void export_udpencap(void **, struct tdb *);
434 void export_tag(void **, struct tdb *);
435 void export_replay(void **, struct tdb *);
436 void export_rdomain(void **, struct tdb *);
437 void export_mtu(void **, struct tdb *);
438 void export_tap(void **, struct tdb *);
439 void export_satype(void **, struct tdb *);
440 void export_counter(void **, struct tdb *);
441
442 void import_address(struct sockaddr *, struct sadb_address *);
443 void import_identities(struct ipsec_ids **, int, struct sadb_ident *,
444 struct sadb_ident *);
445 void import_key(struct ipsecinit *, struct sadb_key *, int);
446 void import_lifetime(struct tdb *, struct sadb_lifetime *, int);
447 void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);
448 int import_flow(struct sockaddr_encap *, struct sockaddr_encap *,
449 struct sadb_address *, struct sadb_address *, struct sadb_address *,
450 struct sadb_address *, struct sadb_protocol *, struct sadb_protocol *);
451 void import_udpencap(struct tdb *, struct sadb_x_udpencap *);
452 void import_tag(struct tdb *, struct sadb_x_tag *);
453 void import_rdomain(struct tdb *, struct sadb_x_rdomain *);
454 void import_tap(struct tdb *, struct sadb_x_tap *);
455
456 extern const uint64_t sadb_exts_allowed_out[SADB_MAX+1];
457 extern const uint64_t sadb_exts_required_out[SADB_MAX+1];
458
459 extern struct pool ipsec_policy_pool;
460 extern struct pool ipsec_acquire_pool;
461 #endif /* _KERNEL */
462
463 #endif /* _NET_PFKEY_V2_H_ */
Cache object: 3f0617313880f6c7a6b3b7bd1fe6db64
|