17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 58810c16bSdanmcd * Common Development and Distribution License (the "License"). 68810c16bSdanmcd * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*0358d3a6Sdanmcd * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _NET_PFKEYV2_H 277c478bd9Sstevel@tonic-gate #define _NET_PFKEYV2_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate /* 327c478bd9Sstevel@tonic-gate * Definitions and structures for PF_KEY version 2. See RFC 2367 for 337c478bd9Sstevel@tonic-gate * more details. SA == Security Association, which is what PF_KEY provides 347c478bd9Sstevel@tonic-gate * an API for managing. 357c478bd9Sstevel@tonic-gate */ 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate #ifdef __cplusplus 387c478bd9Sstevel@tonic-gate extern "C" { 397c478bd9Sstevel@tonic-gate #endif 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate #define PF_KEY_V2 2 427c478bd9Sstevel@tonic-gate #define PFKEYV2_REVISION 200109L 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate /* 457c478bd9Sstevel@tonic-gate * Base PF_KEY message. 467c478bd9Sstevel@tonic-gate */ 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate typedef struct sadb_msg { 497c478bd9Sstevel@tonic-gate uint8_t sadb_msg_version; /* Version, currently PF_KEY_V2 */ 507c478bd9Sstevel@tonic-gate uint8_t sadb_msg_type; /* ADD, UPDATE, etc. */ 517c478bd9Sstevel@tonic-gate uint8_t sadb_msg_errno; /* Error number from UNIX errno space */ 527c478bd9Sstevel@tonic-gate uint8_t sadb_msg_satype; /* ESP, AH, etc. */ 537c478bd9Sstevel@tonic-gate uint16_t sadb_msg_len; /* Length in 64-bit words. */ 547c478bd9Sstevel@tonic-gate uint16_t sadb_msg_reserved; /* must be zero */ 557c478bd9Sstevel@tonic-gate /* 567c478bd9Sstevel@tonic-gate * Use the reserved field for extended diagnostic information on errno 577c478bd9Sstevel@tonic-gate * responses. 587c478bd9Sstevel@tonic-gate */ 597c478bd9Sstevel@tonic-gate #define sadb_x_msg_diagnostic sadb_msg_reserved 607c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 617c478bd9Sstevel@tonic-gate union { 627c478bd9Sstevel@tonic-gate struct { 637c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_useq; /* Set by originator */ 647c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_upid; /* Set by originator */ 657c478bd9Sstevel@tonic-gate } sadb_x_msg_actual; 667c478bd9Sstevel@tonic-gate uint64_t sadb_x_msg_alignment; 677c478bd9Sstevel@tonic-gate } sadb_x_msg_u; 687c478bd9Sstevel@tonic-gate #define sadb_msg_seq sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_useq 697c478bd9Sstevel@tonic-gate #define sadb_msg_pid sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_upid 707c478bd9Sstevel@tonic-gate } sadb_msg_t; 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate /* 737c478bd9Sstevel@tonic-gate * Generic extension header. 747c478bd9Sstevel@tonic-gate */ 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate typedef struct sadb_ext { 777c478bd9Sstevel@tonic-gate union { 787c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 797c478bd9Sstevel@tonic-gate struct { 807c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_ulen; /* In 64s, inclusive */ 817c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_utype; /* 0 is reserved */ 827c478bd9Sstevel@tonic-gate } sadb_x_ext_actual; 837c478bd9Sstevel@tonic-gate uint64_t sadb_x_ext_alignment; 847c478bd9Sstevel@tonic-gate } sadb_x_ext_u; 857c478bd9Sstevel@tonic-gate #define sadb_ext_len sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_ulen 867c478bd9Sstevel@tonic-gate #define sadb_ext_type sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_utype 877c478bd9Sstevel@tonic-gate } sadb_ext_t; 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate /* 907c478bd9Sstevel@tonic-gate * Security Association information extension. 917c478bd9Sstevel@tonic-gate */ 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate typedef struct sadb_sa { 947c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 957c478bd9Sstevel@tonic-gate union { 967c478bd9Sstevel@tonic-gate struct { 977c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_ulen; 987c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_uexttype; /* ASSOCIATION */ 997c478bd9Sstevel@tonic-gate uint32_t sadb_x_sa_uspi; /* Sec. Param. Index */ 1007c478bd9Sstevel@tonic-gate } sadb_x_sa_uactual; 1017c478bd9Sstevel@tonic-gate uint64_t sadb_x_sa_alignment; 1027c478bd9Sstevel@tonic-gate } sadb_x_sa_u; 1037c478bd9Sstevel@tonic-gate #define sadb_sa_len sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_ulen 1047c478bd9Sstevel@tonic-gate #define sadb_sa_exttype sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uexttype 1057c478bd9Sstevel@tonic-gate #define sadb_sa_spi sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uspi 1067c478bd9Sstevel@tonic-gate uint8_t sadb_sa_replay; /* Replay counter */ 1077c478bd9Sstevel@tonic-gate uint8_t sadb_sa_state; /* MATURE, DEAD, DYING, LARVAL */ 1087c478bd9Sstevel@tonic-gate uint8_t sadb_sa_auth; /* Authentication algorithm */ 1097c478bd9Sstevel@tonic-gate uint8_t sadb_sa_encrypt; /* Encryption algorithm */ 1107c478bd9Sstevel@tonic-gate uint32_t sadb_sa_flags; /* SA flags. */ 1117c478bd9Sstevel@tonic-gate } sadb_sa_t; 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate /* 1147c478bd9Sstevel@tonic-gate * SA Lifetime extension. Already 64-bit aligned thanks to uint64_t fields. 1157c478bd9Sstevel@tonic-gate */ 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate typedef struct sadb_lifetime { 1187c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_len; 1197c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_exttype; /* SOFT, HARD, CURRENT */ 1207c478bd9Sstevel@tonic-gate uint32_t sadb_lifetime_allocations; 1217c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_bytes; 1227c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_addtime; /* These fields are assumed to hold */ 1237c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_usetime; /* >= sizeof (time_t). */ 1247c478bd9Sstevel@tonic-gate } sadb_lifetime_t; 1257c478bd9Sstevel@tonic-gate 1267c478bd9Sstevel@tonic-gate /* 1277c478bd9Sstevel@tonic-gate * SA address information. 1287c478bd9Sstevel@tonic-gate */ 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate typedef struct sadb_address { 1317c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1327c478bd9Sstevel@tonic-gate union { 1337c478bd9Sstevel@tonic-gate struct { 1347c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ulen; 1357c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_uexttype; /* SRC, DST, PROXY */ 1367c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uproto; /* Proto for ports... */ 1377c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uprefixlen; /* Prefix length. */ 1387c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ureserved; /* Padding */ 1397c478bd9Sstevel@tonic-gate } sadb_x_address_actual; 1407c478bd9Sstevel@tonic-gate uint64_t sadb_x_address_alignment; 1417c478bd9Sstevel@tonic-gate } sadb_x_address_u; 1427c478bd9Sstevel@tonic-gate #define sadb_address_len \ 1437c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ulen 1447c478bd9Sstevel@tonic-gate #define sadb_address_exttype \ 1457c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uexttype 1467c478bd9Sstevel@tonic-gate #define sadb_address_proto \ 1477c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uproto 1487c478bd9Sstevel@tonic-gate #define sadb_address_prefixlen \ 1497c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uprefixlen 1507c478bd9Sstevel@tonic-gate #define sadb_address_reserved \ 1517c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ureserved 1527c478bd9Sstevel@tonic-gate /* Followed by a sockaddr structure which may contain ports. */ 1537c478bd9Sstevel@tonic-gate } sadb_address_t; 1547c478bd9Sstevel@tonic-gate 1557c478bd9Sstevel@tonic-gate /* 1567c478bd9Sstevel@tonic-gate * SA key information. 1577c478bd9Sstevel@tonic-gate */ 1587c478bd9Sstevel@tonic-gate 1597c478bd9Sstevel@tonic-gate typedef struct sadb_key { 1607c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1617c478bd9Sstevel@tonic-gate union { 1627c478bd9Sstevel@tonic-gate struct { 1637c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ulen; 1647c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_uexttype; /* AUTH, ENCRYPT */ 1657c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ubits; /* Actual len (bits) */ 1667c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ureserved; 1677c478bd9Sstevel@tonic-gate } sadb_x_key_actual; 1687c478bd9Sstevel@tonic-gate uint64_t sadb_x_key_alignment; 1697c478bd9Sstevel@tonic-gate } sadb_x_key_u; 1707c478bd9Sstevel@tonic-gate #define sadb_key_len sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ulen 1717c478bd9Sstevel@tonic-gate #define sadb_key_exttype sadb_x_key_u.sadb_x_key_actual.sadb_x_key_uexttype 1727c478bd9Sstevel@tonic-gate #define sadb_key_bits sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ubits 1737c478bd9Sstevel@tonic-gate #define sadb_key_reserved sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ureserved 1747c478bd9Sstevel@tonic-gate /* Followed by actual key(s) in canonical (outbound proc.) order. */ 1757c478bd9Sstevel@tonic-gate } sadb_key_t; 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate /* 1787c478bd9Sstevel@tonic-gate * SA Identity information. Already 64-bit aligned thanks to uint64_t fields. 1797c478bd9Sstevel@tonic-gate */ 1807c478bd9Sstevel@tonic-gate 1817c478bd9Sstevel@tonic-gate typedef struct sadb_ident { 1827c478bd9Sstevel@tonic-gate uint16_t sadb_ident_len; 1837c478bd9Sstevel@tonic-gate uint16_t sadb_ident_exttype; /* SRC, DST, PROXY */ 1847c478bd9Sstevel@tonic-gate uint16_t sadb_ident_type; /* FQDN, USER_FQDN, etc. */ 1857c478bd9Sstevel@tonic-gate uint16_t sadb_ident_reserved; /* Padding */ 1867c478bd9Sstevel@tonic-gate uint64_t sadb_ident_id; /* For userid, etc. */ 1877c478bd9Sstevel@tonic-gate /* Followed by an identity null-terminate C string if present. */ 1887c478bd9Sstevel@tonic-gate } sadb_ident_t; 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate /* 1917c478bd9Sstevel@tonic-gate * SA sensitivity information. This is mostly useful on MLS systems. 1927c478bd9Sstevel@tonic-gate */ 1937c478bd9Sstevel@tonic-gate 1947c478bd9Sstevel@tonic-gate typedef struct sadb_sens { 1957c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1967c478bd9Sstevel@tonic-gate union { 1977c478bd9Sstevel@tonic-gate struct { 1987c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_ulen; 1997c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_uexttype; /* SENSITIVITY */ 2007c478bd9Sstevel@tonic-gate uint32_t sadb_x_sens_udpd; /* Protection domain */ 2017c478bd9Sstevel@tonic-gate } sadb_x_sens_actual; 2027c478bd9Sstevel@tonic-gate uint64_t sadb_x_sens_alignment; 2037c478bd9Sstevel@tonic-gate } sadb_x_sens_u; 2047c478bd9Sstevel@tonic-gate #define sadb_sens_len sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_ulen 2057c478bd9Sstevel@tonic-gate #define sadb_sens_exttype sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_uexttype 2067c478bd9Sstevel@tonic-gate #define sadb_sens_dpd sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_udpd 2077c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_level; 2087c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_len; /* 64-bit words */ 2097c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_level; 2107c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_len; /* 64-bit words */ 2117c478bd9Sstevel@tonic-gate uint32_t sadb_sens_reserved; 2127c478bd9Sstevel@tonic-gate /* 2137c478bd9Sstevel@tonic-gate * followed by two uint64_t arrays 2147c478bd9Sstevel@tonic-gate * uint64_t sadb_sens_bitmap[sens_bitmap_len]; 2157c478bd9Sstevel@tonic-gate * uint64_t sadb_integ_bitmap[integ_bitmap_len]; 2167c478bd9Sstevel@tonic-gate */ 2177c478bd9Sstevel@tonic-gate } sadb_sens_t; 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate /* 2207c478bd9Sstevel@tonic-gate * A proposal extension. This is found in an ACQUIRE message, and it 2217c478bd9Sstevel@tonic-gate * proposes what sort of SA the kernel would like to ACQUIRE. 2227c478bd9Sstevel@tonic-gate */ 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate /* First, a base structure... */ 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate typedef struct sadb_x_propbase { 2277c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_len; 2287c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_exttype; /* PROPOSAL, X_EPROP */ 2297c478bd9Sstevel@tonic-gate union { 2307c478bd9Sstevel@tonic-gate struct { 2317c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_replay; 2327c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_eres; 2337c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_lenres_numecombs; 2347c478bd9Sstevel@tonic-gate } sadb_x_propb_lenres; 2357c478bd9Sstevel@tonic-gate struct { 2367c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_replay; 2377c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_reserved[3]; 2387c478bd9Sstevel@tonic-gate } sadb_x_propb_oldres; 2397c478bd9Sstevel@tonic-gate } sadb_x_propb_u; 2407c478bd9Sstevel@tonic-gate #define sadb_x_propb_replay \ 2417c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_replay 2427c478bd9Sstevel@tonic-gate #define sadb_x_propb_reserved \ 2437c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_oldres.sadb_x_propb_oldres_reserved 2447c478bd9Sstevel@tonic-gate #define sadb_x_propb_ereserved \ 2457c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_eres 2467c478bd9Sstevel@tonic-gate #define sadb_x_propb_numecombs \ 2477c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_numecombs 2487c478bd9Sstevel@tonic-gate /* Followed by sadb_comb[] array or sadb_ecomb[] array. */ 2497c478bd9Sstevel@tonic-gate } sadb_x_propbase_t; 2507c478bd9Sstevel@tonic-gate 2517c478bd9Sstevel@tonic-gate /* Now, the actual sadb_prop structure, which will have alignment in it! */ 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate typedef struct sadb_prop { 2547c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 2557c478bd9Sstevel@tonic-gate union { 2567c478bd9Sstevel@tonic-gate sadb_x_propbase_t sadb_x_prop_actual; 2577c478bd9Sstevel@tonic-gate uint64_t sadb_x_prop_alignment; 2587c478bd9Sstevel@tonic-gate } sadb_x_prop_u; 2597c478bd9Sstevel@tonic-gate #define sadb_prop_len sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_len 2607c478bd9Sstevel@tonic-gate #define sadb_prop_exttype sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_exttype 2617c478bd9Sstevel@tonic-gate #define sadb_prop_replay sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_replay 2627c478bd9Sstevel@tonic-gate #define sadb_prop_reserved \ 2637c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_reserved 2647c478bd9Sstevel@tonic-gate #define sadb_x_prop_ereserved \ 2657c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_ereserved 2667c478bd9Sstevel@tonic-gate #define sadb_x_prop_numecombs \ 2677c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_numecombs 2687c478bd9Sstevel@tonic-gate } sadb_prop_t; 2697c478bd9Sstevel@tonic-gate 2707c478bd9Sstevel@tonic-gate /* 2717c478bd9Sstevel@tonic-gate * This is a proposed combination. Many of these can follow a proposal 2727c478bd9Sstevel@tonic-gate * extension. Already 64-bit aligned thanks to uint64_t fields. 2737c478bd9Sstevel@tonic-gate */ 2747c478bd9Sstevel@tonic-gate 2757c478bd9Sstevel@tonic-gate typedef struct sadb_comb { 2767c478bd9Sstevel@tonic-gate uint8_t sadb_comb_auth; /* Authentication algorithm */ 2777c478bd9Sstevel@tonic-gate uint8_t sadb_comb_encrypt; /* Encryption algorithm */ 2787c478bd9Sstevel@tonic-gate uint16_t sadb_comb_flags; /* Comb. flags (e.g. PFS) */ 2797c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_minbits; /* Bit strengths for auth */ 2807c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_maxbits; 2817c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_minbits; /* Bit strengths for encrypt */ 2827c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_maxbits; 2837c478bd9Sstevel@tonic-gate uint32_t sadb_comb_reserved; 2847c478bd9Sstevel@tonic-gate uint32_t sadb_comb_soft_allocations; /* Lifetime proposals for */ 2857c478bd9Sstevel@tonic-gate uint32_t sadb_comb_hard_allocations; /* this combination. */ 2867c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_bytes; 2877c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_bytes; 2887c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_addtime; 2897c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_addtime; 2907c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_usetime; 2917c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_usetime; 2927c478bd9Sstevel@tonic-gate } sadb_comb_t; 2937c478bd9Sstevel@tonic-gate 2947c478bd9Sstevel@tonic-gate /* 2957c478bd9Sstevel@tonic-gate * An extended combination that can comprise of many SA types. 2967c478bd9Sstevel@tonic-gate * A single combination has algorithms and SA types locked. 2977c478bd9Sstevel@tonic-gate * These are represented by algorithm descriptors, the second structure 2987c478bd9Sstevel@tonic-gate * in the list. For example, if the EACQUIRE requests AH(MD5) + ESP(DES/null) 2997c478bd9Sstevel@tonic-gate * _or_ ESP(DES/MD5), it would have two combinations: 3007c478bd9Sstevel@tonic-gate * 3017c478bd9Sstevel@tonic-gate * COMB: algdes(AH, AUTH, MD5), algdes(ESP, CRYPT, DES) 3027c478bd9Sstevel@tonic-gate * COMB: algdes(ESP, AUTH, MD5), algdes(ESP, CRYPT, DES) 3037c478bd9Sstevel@tonic-gate * 3047c478bd9Sstevel@tonic-gate * If an SA type supports an algorithm type, and there's no descriptor, 3057c478bd9Sstevel@tonic-gate * assume it requires NONE, just like it were explicitly stated. 3067c478bd9Sstevel@tonic-gate * (This includes ESP NULL encryption, BTW.) 3077c478bd9Sstevel@tonic-gate * 3087c478bd9Sstevel@tonic-gate * Already 64-bit aligned thanks to uint64_t fields. 3097c478bd9Sstevel@tonic-gate */ 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate typedef struct sadb_x_ecomb { 3127c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_numalgs; 3137c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_reserved; 3147c478bd9Sstevel@tonic-gate uint16_t sadb_x_ecomb_flags; /* E.g. PFS? */ 3157c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_reserved2; 3167c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_soft_allocations; 3177c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_hard_allocations; 3187c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_bytes; 3197c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_bytes; 3207c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_addtime; 3217c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_addtime; 3227c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_usetime; 3237c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_usetime; 3247c478bd9Sstevel@tonic-gate } sadb_x_ecomb_t; 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gate typedef struct sadb_x_algdesc { 3277c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 3287c478bd9Sstevel@tonic-gate union { 3297c478bd9Sstevel@tonic-gate struct { 3307c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_usatype; /* ESP, AH, etc. */ 3317c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualgtype; /* AUTH, CRYPT, COMP */ 3327c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualg; /* 3DES, MD5, etc. */ 3337c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ureserved; 3347c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_uminbits; /* Bit strengths. */ 3357c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_umaxbits; 3367c478bd9Sstevel@tonic-gate } sadb_x_algdesc_actual; 3377c478bd9Sstevel@tonic-gate uint64_t sadb_x_algdesc_alignment; 3387c478bd9Sstevel@tonic-gate } sadb_x_algdesc_u; 3397c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_satype \ 3407c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_usatype 3417c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_algtype \ 3427c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualgtype 3437c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_alg \ 3447c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualg 3457c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_reserved \ 3467c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ureserved 3477c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_minbits \ 3487c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_uminbits 3497c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_maxbits \ 3507c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_umaxbits 3517c478bd9Sstevel@tonic-gate } sadb_x_algdesc_t; 3527c478bd9Sstevel@tonic-gate 3537c478bd9Sstevel@tonic-gate /* 3547c478bd9Sstevel@tonic-gate * When key mgmt. registers with the kernel, the kernel will tell key mgmt. 3557c478bd9Sstevel@tonic-gate * its supported algorithms. 3567c478bd9Sstevel@tonic-gate */ 3577c478bd9Sstevel@tonic-gate 3587c478bd9Sstevel@tonic-gate typedef struct sadb_supported { 3597c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 3607c478bd9Sstevel@tonic-gate union { 3617c478bd9Sstevel@tonic-gate struct { 3627c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_ulen; 3637c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_uexttype; 3647c478bd9Sstevel@tonic-gate uint32_t sadb_x_supported_ureserved; 3657c478bd9Sstevel@tonic-gate } sadb_x_supported_actual; 3667c478bd9Sstevel@tonic-gate uint64_t sadb_x_supported_alignment; 3677c478bd9Sstevel@tonic-gate } sadb_x_supported_u; 3687c478bd9Sstevel@tonic-gate #define sadb_supported_len \ 3697c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ulen 3707c478bd9Sstevel@tonic-gate #define sadb_supported_exttype \ 3717c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_uexttype 3727c478bd9Sstevel@tonic-gate #define sadb_supported_reserved \ 3737c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ureserved 3747c478bd9Sstevel@tonic-gate } sadb_supported_t; 3757c478bd9Sstevel@tonic-gate 3767c478bd9Sstevel@tonic-gate /* First, a base structure... */ 3777c478bd9Sstevel@tonic-gate typedef struct sadb_x_algb { 3787c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_id; /* Algorithm type. */ 3797c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_ivlen; /* IV len, in bits */ 3807c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_minbits; /* Min. key len (in bits) */ 3817c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_maxbits; /* Max. key length */ 3827c478bd9Sstevel@tonic-gate union { 3837c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_ureserved; 3847c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_udefaults[2]; 3857c478bd9Sstevel@tonic-gate } sadb_x_algb_union; 3867c478bd9Sstevel@tonic-gate 3877c478bd9Sstevel@tonic-gate #define sadb_x_algb_reserved sadb_x_algb_union.sadb_x_algb_ureserved 3887c478bd9Sstevel@tonic-gate #define sadb_x_algb_increment sadb_x_algb_union.sadb_x_algb_udefaults[0] 3897c478bd9Sstevel@tonic-gate #define sadb_x_algb_defincr sadb_x_algb_union.sadb_x_algb_udefaults[1] 3907c478bd9Sstevel@tonic-gate /* 3917c478bd9Sstevel@tonic-gate * alg_increment: the number of bits from a key length to the next 3927c478bd9Sstevel@tonic-gate * alg_defincr: the number of increments from the smallest possible 3937c478bd9Sstevel@tonic-gate * key to the default key length 3947c478bd9Sstevel@tonic-gate */ 3957c478bd9Sstevel@tonic-gate } sadb_x_algb_t; 3967c478bd9Sstevel@tonic-gate /* useful macros for dealing with defincr */ 3977c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_LEN(min, incr, defincr) ((min) + ((defincr) * (incr))) 3987c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_INCR(min, incr, default) (((default) - (min)) / (incr)) 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate /* Now, the actual sadb_alg structure, which will have alignment in it. */ 4017c478bd9Sstevel@tonic-gate typedef struct sadb_alg { 4027c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4037c478bd9Sstevel@tonic-gate union { 4047c478bd9Sstevel@tonic-gate sadb_x_algb_t sadb_x_alg_actual; 4057c478bd9Sstevel@tonic-gate uint64_t sadb_x_alg_alignment; 4067c478bd9Sstevel@tonic-gate } sadb_x_alg_u; 4077c478bd9Sstevel@tonic-gate #define sadb_alg_id sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_id 4087c478bd9Sstevel@tonic-gate #define sadb_alg_ivlen sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_ivlen 4097c478bd9Sstevel@tonic-gate #define sadb_alg_minbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_minbits 4107c478bd9Sstevel@tonic-gate #define sadb_alg_maxbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_maxbits 4117c478bd9Sstevel@tonic-gate #define sadb_alg_reserved sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_reserved 4127c478bd9Sstevel@tonic-gate #define sadb_x_alg_increment \ 4137c478bd9Sstevel@tonic-gate sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_increment 4147c478bd9Sstevel@tonic-gate #define sadb_x_alg_defincr sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_defincr 4157c478bd9Sstevel@tonic-gate } sadb_alg_t; 4167c478bd9Sstevel@tonic-gate 4177c478bd9Sstevel@tonic-gate /* 4187c478bd9Sstevel@tonic-gate * If key mgmt. needs an SPI in a range (including 0 to 0xFFFFFFFF), it 4197c478bd9Sstevel@tonic-gate * asks the kernel with this extension in the SADB_GETSPI message. 4207c478bd9Sstevel@tonic-gate */ 4217c478bd9Sstevel@tonic-gate 4227c478bd9Sstevel@tonic-gate typedef struct sadb_spirange { 4237c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_len; 4247c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_exttype; /* SPI_RANGE */ 4257c478bd9Sstevel@tonic-gate uint32_t sadb_spirange_min; 4267c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4277c478bd9Sstevel@tonic-gate union { 4287c478bd9Sstevel@tonic-gate struct { 4297c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_umax; 4307c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_ureserved; 4317c478bd9Sstevel@tonic-gate } sadb_x_spirange_actual; 4327c478bd9Sstevel@tonic-gate uint64_t sadb_x_spirange_alignment; 4337c478bd9Sstevel@tonic-gate } sadb_x_spirange_u; 4347c478bd9Sstevel@tonic-gate #define sadb_spirange_max \ 4357c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_umax 4367c478bd9Sstevel@tonic-gate #define sadb_spirange_reserved \ 4377c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_ureserved 4387c478bd9Sstevel@tonic-gate } sadb_spirange_t; 4397c478bd9Sstevel@tonic-gate 4407c478bd9Sstevel@tonic-gate /* 4417c478bd9Sstevel@tonic-gate * For the "extended REGISTER" which'll tell the kernel to send me 4427c478bd9Sstevel@tonic-gate * "extended ACQUIREs". 4437c478bd9Sstevel@tonic-gate */ 4447c478bd9Sstevel@tonic-gate 4457c478bd9Sstevel@tonic-gate typedef struct sadb_x_ereg { 4467c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4477c478bd9Sstevel@tonic-gate union { 4487c478bd9Sstevel@tonic-gate struct { 4497c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_ulen; 4507c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_uexttype; /* X_EREG */ 4517c478bd9Sstevel@tonic-gate /* Array of SA types, 0-terminated. */ 4527c478bd9Sstevel@tonic-gate uint8_t sadb_x_ereg_usatypes[4]; 4537c478bd9Sstevel@tonic-gate } sadb_x_ereg_actual; 4547c478bd9Sstevel@tonic-gate uint64_t sadb_x_ereg_alignment; 4557c478bd9Sstevel@tonic-gate } sadb_x_ereg_u; 4567c478bd9Sstevel@tonic-gate #define sadb_x_ereg_len \ 4577c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_ulen 4587c478bd9Sstevel@tonic-gate #define sadb_x_ereg_exttype \ 4597c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_uexttype 4607c478bd9Sstevel@tonic-gate #define sadb_x_ereg_satypes \ 4617c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_usatypes 4627c478bd9Sstevel@tonic-gate } sadb_x_ereg_t; 4637c478bd9Sstevel@tonic-gate 4647c478bd9Sstevel@tonic-gate /* 4657c478bd9Sstevel@tonic-gate * For conveying a Key Management Cookie with SADB_GETSPI, SADB_ADD, 4667c478bd9Sstevel@tonic-gate * SADB_ACQUIRE, or SADB_X_INVERSE_ACQUIRE. 4677c478bd9Sstevel@tonic-gate */ 4687c478bd9Sstevel@tonic-gate 4697c478bd9Sstevel@tonic-gate typedef struct sadb_x_kmc { 4707c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_len; 4717c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_exttype; /* X_KM_COOKIE */ 4727c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_proto; /* KM protocol */ 4737c478bd9Sstevel@tonic-gate union { 4747c478bd9Sstevel@tonic-gate struct { 4757c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ucookie; /* KMP-specific */ 4767c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ureserved; /* Must be zero */ 4777c478bd9Sstevel@tonic-gate } sadb_x_kmc_actual; 4787c478bd9Sstevel@tonic-gate uint64_t sadb_x_kmc_alignment; 4797c478bd9Sstevel@tonic-gate } sadb_x_kmc_u; 4807c478bd9Sstevel@tonic-gate #define sadb_x_kmc_cookie sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ucookie 4817c478bd9Sstevel@tonic-gate #define sadb_x_kmc_reserved sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ureserved 4827c478bd9Sstevel@tonic-gate } sadb_x_kmc_t; 4837c478bd9Sstevel@tonic-gate 4847c478bd9Sstevel@tonic-gate 4857c478bd9Sstevel@tonic-gate 4867c478bd9Sstevel@tonic-gate /* 4877c478bd9Sstevel@tonic-gate * Base message types. 4887c478bd9Sstevel@tonic-gate */ 4897c478bd9Sstevel@tonic-gate 4907c478bd9Sstevel@tonic-gate #define SADB_RESERVED 0 4917c478bd9Sstevel@tonic-gate #define SADB_GETSPI 1 4927c478bd9Sstevel@tonic-gate #define SADB_UPDATE 2 4937c478bd9Sstevel@tonic-gate #define SADB_ADD 3 4947c478bd9Sstevel@tonic-gate #define SADB_DELETE 4 4957c478bd9Sstevel@tonic-gate #define SADB_GET 5 4967c478bd9Sstevel@tonic-gate #define SADB_ACQUIRE 6 4977c478bd9Sstevel@tonic-gate #define SADB_REGISTER 7 4987c478bd9Sstevel@tonic-gate #define SADB_EXPIRE 8 4997c478bd9Sstevel@tonic-gate #define SADB_FLUSH 9 5007c478bd9Sstevel@tonic-gate #define SADB_DUMP 10 /* not used normally */ 5017c478bd9Sstevel@tonic-gate #define SADB_X_PROMISC 11 5027c478bd9Sstevel@tonic-gate #define SADB_X_INVERSE_ACQUIRE 12 5037c478bd9Sstevel@tonic-gate #define SADB_MAX 12 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate /* 5067c478bd9Sstevel@tonic-gate * SA flags 5077c478bd9Sstevel@tonic-gate */ 5087c478bd9Sstevel@tonic-gate 5097c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */ 5107c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */ 5117c478bd9Sstevel@tonic-gate 5127c478bd9Sstevel@tonic-gate /* Below flags are used by this implementation. Grow from left-to-right. */ 5137c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */ 5147c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */ 5157c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */ 5167c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */ 5177c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */ 5187c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */ 5197c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */ 5207c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */ 5217c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */ 5227c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */ 5238810c16bSdanmcd #define SADB_X_SAFLAGS_KRES1 0x200000 /* Reserved by the kernel */ 5247c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */ 5257c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */ 5268810c16bSdanmcd #define SADB_X_SAFLAGS_KRES2 0x40000 /* Reserved by the kernel */ 5278810c16bSdanmcd #define SADB_X_SAFLAGS_TUNNEL 0x20000 /* tunnel mode */ 5288810c16bSdanmcd 5298810c16bSdanmcd #define SADB_X_SAFLAGS_KRES \ 5308810c16bSdanmcd SADB_X_SAFLAGS_KRES1 | SADB_X_SAFLAGS_KRES2 5318810c16bSdanmcd 5327c478bd9Sstevel@tonic-gate /* 5337c478bd9Sstevel@tonic-gate * SA state. 5347c478bd9Sstevel@tonic-gate */ 5357c478bd9Sstevel@tonic-gate 5367c478bd9Sstevel@tonic-gate #define SADB_SASTATE_LARVAL 0 5377c478bd9Sstevel@tonic-gate #define SADB_SASTATE_MATURE 1 5387c478bd9Sstevel@tonic-gate #define SADB_SASTATE_DYING 2 5397c478bd9Sstevel@tonic-gate #define SADB_SASTATE_DEAD 3 5407c478bd9Sstevel@tonic-gate 5417c478bd9Sstevel@tonic-gate #define SADB_SASTATE_MAX 3 5427c478bd9Sstevel@tonic-gate 5437c478bd9Sstevel@tonic-gate /* 5447c478bd9Sstevel@tonic-gate * SA type. Gaps are present in the number space because (for the time being) 5457c478bd9Sstevel@tonic-gate * these types correspond to the SA types in the IPsec DOI document. 5467c478bd9Sstevel@tonic-gate */ 5477c478bd9Sstevel@tonic-gate 5487c478bd9Sstevel@tonic-gate #define SADB_SATYPE_UNSPEC 0 5497c478bd9Sstevel@tonic-gate #define SADB_SATYPE_AH 2 /* RFC-1826 */ 5507c478bd9Sstevel@tonic-gate #define SADB_SATYPE_ESP 3 /* RFC-1827 */ 5517c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */ 5527c478bd9Sstevel@tonic-gate #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */ 5537c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */ 5547c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */ 5557c478bd9Sstevel@tonic-gate 5567c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MAX 8 5577c478bd9Sstevel@tonic-gate 5587c478bd9Sstevel@tonic-gate /* 5597c478bd9Sstevel@tonic-gate * Algorithm types. Gaps are present because (for the time being) these types 5607c478bd9Sstevel@tonic-gate * correspond to the SA types in the IPsec DOI document. 5617c478bd9Sstevel@tonic-gate * 5627c478bd9Sstevel@tonic-gate * NOTE: These are numbered to play nice with the IPsec DOI. That's why 5637c478bd9Sstevel@tonic-gate * there are gaps. 5647c478bd9Sstevel@tonic-gate */ 5657c478bd9Sstevel@tonic-gate 5667c478bd9Sstevel@tonic-gate /* Authentication algorithms */ 5677c478bd9Sstevel@tonic-gate #define SADB_AALG_NONE 0 5687c478bd9Sstevel@tonic-gate #define SADB_AALG_MD5HMAC 2 5697c478bd9Sstevel@tonic-gate #define SADB_AALG_SHA1HMAC 3 570*0358d3a6Sdanmcd #define SADB_AALG_SHA256HMAC 5 571*0358d3a6Sdanmcd #define SADB_AALG_SHA384HMAC 6 572*0358d3a6Sdanmcd #define SADB_AALG_SHA512HMAC 7 5737c478bd9Sstevel@tonic-gate 574*0358d3a6Sdanmcd #define SADB_AALG_MAX 7 5757c478bd9Sstevel@tonic-gate 5767c478bd9Sstevel@tonic-gate /* Encryption algorithms */ 5777c478bd9Sstevel@tonic-gate #define SADB_EALG_NONE 0 5787c478bd9Sstevel@tonic-gate #define SADB_EALG_DESCBC 2 5797c478bd9Sstevel@tonic-gate #define SADB_EALG_3DESCBC 3 5807c478bd9Sstevel@tonic-gate #define SADB_EALG_BLOWFISH 7 5817c478bd9Sstevel@tonic-gate #define SADB_EALG_NULL 11 5827c478bd9Sstevel@tonic-gate #define SADB_EALG_AES 12 5837c478bd9Sstevel@tonic-gate #define SADB_EALG_MAX 12 5847c478bd9Sstevel@tonic-gate 5857c478bd9Sstevel@tonic-gate /* 5867c478bd9Sstevel@tonic-gate * Extension header values. 5877c478bd9Sstevel@tonic-gate */ 5887c478bd9Sstevel@tonic-gate 5897c478bd9Sstevel@tonic-gate #define SADB_EXT_RESERVED 0 5907c478bd9Sstevel@tonic-gate 5917c478bd9Sstevel@tonic-gate #define SADB_EXT_SA 1 5927c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_CURRENT 2 5937c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_HARD 3 5947c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_SOFT 4 5957c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_SRC 5 5967c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_DST 6 5978810c16bSdanmcd /* These two are synonyms. */ 5987c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_PROXY 7 5998810c16bSdanmcd #define SADB_X_EXT_ADDRESS_INNER_SRC SADB_EXT_ADDRESS_PROXY 6007c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_AUTH 8 6017c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_ENCRYPT 9 6027c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_SRC 10 6037c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_DST 11 6047c478bd9Sstevel@tonic-gate #define SADB_EXT_SENSITIVITY 12 6057c478bd9Sstevel@tonic-gate #define SADB_EXT_PROPOSAL 13 6067c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_AUTH 14 6077c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_ENCRYPT 15 6087c478bd9Sstevel@tonic-gate #define SADB_EXT_SPIRANGE 16 6097c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EREG 17 6107c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EPROP 18 6117c478bd9Sstevel@tonic-gate #define SADB_X_EXT_KM_COOKIE 19 6127c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_LOC 20 6137c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_REM 21 6148810c16bSdanmcd #define SADB_X_EXT_ADDRESS_INNER_DST 22 6157c478bd9Sstevel@tonic-gate 6168810c16bSdanmcd #define SADB_EXT_MAX 22 6177c478bd9Sstevel@tonic-gate 6187c478bd9Sstevel@tonic-gate /* 6197c478bd9Sstevel@tonic-gate * Identity types. 6207c478bd9Sstevel@tonic-gate */ 6217c478bd9Sstevel@tonic-gate 6227c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_RESERVED 0 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate /* 6257c478bd9Sstevel@tonic-gate * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC 6267c478bd9Sstevel@tonic-gate * if not present. 6277c478bd9Sstevel@tonic-gate */ 6287c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_PREFIX 1 6297c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */ 6307c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */ 6317c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */ 6327c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */ 6337c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_KEY_ID 6 /* Generic KEY ID. */ 6347c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_ADDR_RANGE 7 6357c478bd9Sstevel@tonic-gate 6367c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_MAX 7 6377c478bd9Sstevel@tonic-gate 6387c478bd9Sstevel@tonic-gate /* 6397c478bd9Sstevel@tonic-gate * Protection DOI values for the SENSITIVITY extension. There are no values 6407c478bd9Sstevel@tonic-gate * currently, so the MAX is the only non-zero value available. 6417c478bd9Sstevel@tonic-gate */ 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate #define SADB_DPD_NONE 0 6447c478bd9Sstevel@tonic-gate 6457c478bd9Sstevel@tonic-gate #define SADB_DPD_MAX 1 6467c478bd9Sstevel@tonic-gate 6477c478bd9Sstevel@tonic-gate /* 6487c478bd9Sstevel@tonic-gate * Diagnostic codes. These supplement error messages. Be sure to 6497c478bd9Sstevel@tonic-gate * update libipsecutil's keysock_diag() if you change any of these. 6507c478bd9Sstevel@tonic-gate */ 6517c478bd9Sstevel@tonic-gate 6527c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PRESET -1 /* Internal value. */ 6537c478bd9Sstevel@tonic-gate 6547c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NONE 0 6557c478bd9Sstevel@tonic-gate 6567c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_MSG 1 6577c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_EXT 2 6587c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EXTLEN 3 6597c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE 4 6607c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SATYPE_NEEDED 5 6617c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_SADBS 6 6627c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_EXT 7 6637c478bd9Sstevel@tonic-gate /* Bad address family value */ 6647c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC_AF 8 6657c478bd9Sstevel@tonic-gate /* in sockaddr->sa_family. */ 6667c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST_AF 9 6678810c16bSdanmcd /* These two are synonyms. */ 6687c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_PROXY_AF 10 6698810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_INNER_SRC_AF 10 6708810c16bSdanmcd 6717c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AF_MISMATCH 11 6727c478bd9Sstevel@tonic-gate 6737c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC 12 6747c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST 13 6757c478bd9Sstevel@tonic-gate 6767c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ALLOC_HSERR 14 6777c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BYTES_HSERR 15 6787c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ADDTIME_HSERR 16 6797c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_USETIME_HSERR 17 6807c478bd9Sstevel@tonic-gate 6817c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SRC 18 6827c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_DST 19 6837c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SA 20 6847c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_EKEY 21 6857c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_AKEY 22 6867c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_RANGE 23 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SRC 24 6897c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_DST 25 6907c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SA 26 6917c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_EKEY 27 6927c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_AKEY 28 6937c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_RANGE 29 6947c478bd9Sstevel@tonic-gate 6957c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SRC 30 6967c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_DST 31 6977c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SA 32 6987c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_EKEY 33 6997c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_AKEY 34 7007c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_RANGE 35 7017c478bd9Sstevel@tonic-gate 7027c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AKEY_PRESENT 36 7037c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_EKEY_PRESENT 37 7047c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PROP_PRESENT 38 7057c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SUPP_PRESENT 39 7067c478bd9Sstevel@tonic-gate 7077c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AALG 40 7087c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EALG 41 7097c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SAFLAGS 42 7107c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SASTATE 43 7117c478bd9Sstevel@tonic-gate 7127c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AKEYBITS 44 7137c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EKEYBITS 45 7147c478bd9Sstevel@tonic-gate 7157c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ENCR_NOTSUPP 46 7167c478bd9Sstevel@tonic-gate 7177c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_EKEY 47 7187c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_AKEY 48 7197c478bd9Sstevel@tonic-gate 7207c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMP 49 7217c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMC 50 7227c478bd9Sstevel@tonic-gate 7237c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_LOC 51 7247c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_REM 52 7257c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_LOC 53 7267c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_REM 54 7277c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC 55 7287c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM 56 7297c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_PORTS 57 7308810c16bSdanmcd 7318810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MISSING_INNER_SRC 58 7328810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MISSING_INNER_DST 59 7338810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC 60 7348810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST 61 7358810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC 62 7368810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST 63 7378810c16bSdanmcd 7388810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PREFIX_INNER_SRC 64 7398810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PREFIX_INNER_DST 65 7408810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_INNER_DST_AF 66 7418810c16bSdanmcd #define SADB_X_DIAGNOSTIC_INNER_AF_MISMATCH 67 7428810c16bSdanmcd 7438810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_NATT_REM_AF 68 7448810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_NATT_LOC_AF 69 7458810c16bSdanmcd 7468810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PROTO_MISMATCH 70 7478810c16bSdanmcd #define SADB_X_DIAGNOSTIC_INNER_PROTO_MISMATCH 71 7488810c16bSdanmcd 7498810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUAL_PORT_SETS 72 7508810c16bSdanmcd 7518810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MAX 72 7527c478bd9Sstevel@tonic-gate 7537c478bd9Sstevel@tonic-gate /* Algorithm type for sadb_x_algdesc above... */ 7547c478bd9Sstevel@tonic-gate 7557c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_NONE 0 7567c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_AUTH 1 7577c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_CRYPT 2 7587c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_COMPRESS 3 7597c478bd9Sstevel@tonic-gate 7607c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_MAX 3 7617c478bd9Sstevel@tonic-gate 7627c478bd9Sstevel@tonic-gate /* Key management protocol for sadb_x_kmc above... */ 7637c478bd9Sstevel@tonic-gate 7647c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MANUAL 0 7657c478bd9Sstevel@tonic-gate #define SADB_X_KMP_IKE 1 7667c478bd9Sstevel@tonic-gate #define SADB_X_KMP_KINK 2 7677c478bd9Sstevel@tonic-gate 7687c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MAX 2 7697c478bd9Sstevel@tonic-gate 7707c478bd9Sstevel@tonic-gate /* 7717c478bd9Sstevel@tonic-gate * Handy conversion macros. Not part of the PF_KEY spec... 7727c478bd9Sstevel@tonic-gate */ 7737c478bd9Sstevel@tonic-gate 7747c478bd9Sstevel@tonic-gate #define SADB_64TO8(x) ((x) << 3) 7757c478bd9Sstevel@tonic-gate #define SADB_8TO64(x) ((x) >> 3) 7767c478bd9Sstevel@tonic-gate #define SADB_8TO1(x) ((x) << 3) 7777c478bd9Sstevel@tonic-gate #define SADB_1TO8(x) ((x) >> 3) 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate #ifdef __cplusplus 7807c478bd9Sstevel@tonic-gate } 7817c478bd9Sstevel@tonic-gate #endif 7827c478bd9Sstevel@tonic-gate 7837c478bd9Sstevel@tonic-gate #endif /* _NET_PFKEYV2_H */ 784