17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 58810c16bSdanmcd * Common Development and Distribution License (the "License"). 68810c16bSdanmcd * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 220358d3a6Sdanmcd * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _NET_PFKEYV2_H 277c478bd9Sstevel@tonic-gate #define _NET_PFKEYV2_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate /* 307c478bd9Sstevel@tonic-gate * Definitions and structures for PF_KEY version 2. See RFC 2367 for 317c478bd9Sstevel@tonic-gate * more details. SA == Security Association, which is what PF_KEY provides 327c478bd9Sstevel@tonic-gate * an API for managing. 337c478bd9Sstevel@tonic-gate */ 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate #ifdef __cplusplus 367c478bd9Sstevel@tonic-gate extern "C" { 377c478bd9Sstevel@tonic-gate #endif 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate #define PF_KEY_V2 2 407c478bd9Sstevel@tonic-gate #define PFKEYV2_REVISION 200109L 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate /* 437c478bd9Sstevel@tonic-gate * Base PF_KEY message. 447c478bd9Sstevel@tonic-gate */ 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate typedef struct sadb_msg { 477c478bd9Sstevel@tonic-gate uint8_t sadb_msg_version; /* Version, currently PF_KEY_V2 */ 487c478bd9Sstevel@tonic-gate uint8_t sadb_msg_type; /* ADD, UPDATE, etc. */ 497c478bd9Sstevel@tonic-gate uint8_t sadb_msg_errno; /* Error number from UNIX errno space */ 507c478bd9Sstevel@tonic-gate uint8_t sadb_msg_satype; /* ESP, AH, etc. */ 517c478bd9Sstevel@tonic-gate uint16_t sadb_msg_len; /* Length in 64-bit words. */ 527c478bd9Sstevel@tonic-gate uint16_t sadb_msg_reserved; /* must be zero */ 537c478bd9Sstevel@tonic-gate /* 547c478bd9Sstevel@tonic-gate * Use the reserved field for extended diagnostic information on errno 557c478bd9Sstevel@tonic-gate * responses. 567c478bd9Sstevel@tonic-gate */ 577c478bd9Sstevel@tonic-gate #define sadb_x_msg_diagnostic sadb_msg_reserved 587c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 597c478bd9Sstevel@tonic-gate union { 607c478bd9Sstevel@tonic-gate struct { 617c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_useq; /* Set by originator */ 627c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_upid; /* Set by originator */ 637c478bd9Sstevel@tonic-gate } sadb_x_msg_actual; 647c478bd9Sstevel@tonic-gate uint64_t sadb_x_msg_alignment; 657c478bd9Sstevel@tonic-gate } sadb_x_msg_u; 667c478bd9Sstevel@tonic-gate #define sadb_msg_seq sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_useq 677c478bd9Sstevel@tonic-gate #define sadb_msg_pid sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_upid 687c478bd9Sstevel@tonic-gate } sadb_msg_t; 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate /* 717c478bd9Sstevel@tonic-gate * Generic extension header. 727c478bd9Sstevel@tonic-gate */ 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate typedef struct sadb_ext { 757c478bd9Sstevel@tonic-gate union { 767c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 777c478bd9Sstevel@tonic-gate struct { 787c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_ulen; /* In 64s, inclusive */ 797c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_utype; /* 0 is reserved */ 807c478bd9Sstevel@tonic-gate } sadb_x_ext_actual; 817c478bd9Sstevel@tonic-gate uint64_t sadb_x_ext_alignment; 827c478bd9Sstevel@tonic-gate } sadb_x_ext_u; 837c478bd9Sstevel@tonic-gate #define sadb_ext_len sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_ulen 847c478bd9Sstevel@tonic-gate #define sadb_ext_type sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_utype 857c478bd9Sstevel@tonic-gate } sadb_ext_t; 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate /* 887c478bd9Sstevel@tonic-gate * Security Association information extension. 897c478bd9Sstevel@tonic-gate */ 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate typedef struct sadb_sa { 927c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 937c478bd9Sstevel@tonic-gate union { 947c478bd9Sstevel@tonic-gate struct { 957c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_ulen; 967c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_uexttype; /* ASSOCIATION */ 977c478bd9Sstevel@tonic-gate uint32_t sadb_x_sa_uspi; /* Sec. Param. Index */ 987c478bd9Sstevel@tonic-gate } sadb_x_sa_uactual; 997c478bd9Sstevel@tonic-gate uint64_t sadb_x_sa_alignment; 1007c478bd9Sstevel@tonic-gate } sadb_x_sa_u; 1017c478bd9Sstevel@tonic-gate #define sadb_sa_len sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_ulen 1027c478bd9Sstevel@tonic-gate #define sadb_sa_exttype sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uexttype 1037c478bd9Sstevel@tonic-gate #define sadb_sa_spi sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uspi 1047c478bd9Sstevel@tonic-gate uint8_t sadb_sa_replay; /* Replay counter */ 1057c478bd9Sstevel@tonic-gate uint8_t sadb_sa_state; /* MATURE, DEAD, DYING, LARVAL */ 1067c478bd9Sstevel@tonic-gate uint8_t sadb_sa_auth; /* Authentication algorithm */ 1077c478bd9Sstevel@tonic-gate uint8_t sadb_sa_encrypt; /* Encryption algorithm */ 1087c478bd9Sstevel@tonic-gate uint32_t sadb_sa_flags; /* SA flags. */ 1097c478bd9Sstevel@tonic-gate } sadb_sa_t; 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate /* 1127c478bd9Sstevel@tonic-gate * SA Lifetime extension. Already 64-bit aligned thanks to uint64_t fields. 1137c478bd9Sstevel@tonic-gate */ 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate typedef struct sadb_lifetime { 1167c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_len; 1177c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_exttype; /* SOFT, HARD, CURRENT */ 1187c478bd9Sstevel@tonic-gate uint32_t sadb_lifetime_allocations; 1197c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_bytes; 1207c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_addtime; /* These fields are assumed to hold */ 1217c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_usetime; /* >= sizeof (time_t). */ 1227c478bd9Sstevel@tonic-gate } sadb_lifetime_t; 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate /* 1257c478bd9Sstevel@tonic-gate * SA address information. 1267c478bd9Sstevel@tonic-gate */ 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate typedef struct sadb_address { 1297c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1307c478bd9Sstevel@tonic-gate union { 1317c478bd9Sstevel@tonic-gate struct { 1327c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ulen; 1337c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_uexttype; /* SRC, DST, PROXY */ 1347c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uproto; /* Proto for ports... */ 1357c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uprefixlen; /* Prefix length. */ 1367c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ureserved; /* Padding */ 1377c478bd9Sstevel@tonic-gate } sadb_x_address_actual; 1387c478bd9Sstevel@tonic-gate uint64_t sadb_x_address_alignment; 1397c478bd9Sstevel@tonic-gate } sadb_x_address_u; 1407c478bd9Sstevel@tonic-gate #define sadb_address_len \ 1417c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ulen 1427c478bd9Sstevel@tonic-gate #define sadb_address_exttype \ 1437c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uexttype 1447c478bd9Sstevel@tonic-gate #define sadb_address_proto \ 1457c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uproto 1467c478bd9Sstevel@tonic-gate #define sadb_address_prefixlen \ 1477c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uprefixlen 1487c478bd9Sstevel@tonic-gate #define sadb_address_reserved \ 1497c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ureserved 1507c478bd9Sstevel@tonic-gate /* Followed by a sockaddr structure which may contain ports. */ 1517c478bd9Sstevel@tonic-gate } sadb_address_t; 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate /* 1547c478bd9Sstevel@tonic-gate * SA key information. 1557c478bd9Sstevel@tonic-gate */ 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate typedef struct sadb_key { 1587c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1597c478bd9Sstevel@tonic-gate union { 1607c478bd9Sstevel@tonic-gate struct { 1617c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ulen; 1627c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_uexttype; /* AUTH, ENCRYPT */ 1637c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ubits; /* Actual len (bits) */ 1647c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ureserved; 1657c478bd9Sstevel@tonic-gate } sadb_x_key_actual; 1667c478bd9Sstevel@tonic-gate uint64_t sadb_x_key_alignment; 1677c478bd9Sstevel@tonic-gate } sadb_x_key_u; 1687c478bd9Sstevel@tonic-gate #define sadb_key_len sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ulen 1697c478bd9Sstevel@tonic-gate #define sadb_key_exttype sadb_x_key_u.sadb_x_key_actual.sadb_x_key_uexttype 1707c478bd9Sstevel@tonic-gate #define sadb_key_bits sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ubits 1717c478bd9Sstevel@tonic-gate #define sadb_key_reserved sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ureserved 1727c478bd9Sstevel@tonic-gate /* Followed by actual key(s) in canonical (outbound proc.) order. */ 1737c478bd9Sstevel@tonic-gate } sadb_key_t; 1747c478bd9Sstevel@tonic-gate 1757c478bd9Sstevel@tonic-gate /* 1767c478bd9Sstevel@tonic-gate * SA Identity information. Already 64-bit aligned thanks to uint64_t fields. 1777c478bd9Sstevel@tonic-gate */ 1787c478bd9Sstevel@tonic-gate 1797c478bd9Sstevel@tonic-gate typedef struct sadb_ident { 1807c478bd9Sstevel@tonic-gate uint16_t sadb_ident_len; 1817c478bd9Sstevel@tonic-gate uint16_t sadb_ident_exttype; /* SRC, DST, PROXY */ 1827c478bd9Sstevel@tonic-gate uint16_t sadb_ident_type; /* FQDN, USER_FQDN, etc. */ 1837c478bd9Sstevel@tonic-gate uint16_t sadb_ident_reserved; /* Padding */ 1847c478bd9Sstevel@tonic-gate uint64_t sadb_ident_id; /* For userid, etc. */ 1857c478bd9Sstevel@tonic-gate /* Followed by an identity null-terminate C string if present. */ 1867c478bd9Sstevel@tonic-gate } sadb_ident_t; 1877c478bd9Sstevel@tonic-gate 1887c478bd9Sstevel@tonic-gate /* 1897c478bd9Sstevel@tonic-gate * SA sensitivity information. This is mostly useful on MLS systems. 1907c478bd9Sstevel@tonic-gate */ 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate typedef struct sadb_sens { 1937c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1947c478bd9Sstevel@tonic-gate union { 1957c478bd9Sstevel@tonic-gate struct { 1967c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_ulen; 1977c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_uexttype; /* SENSITIVITY */ 1987c478bd9Sstevel@tonic-gate uint32_t sadb_x_sens_udpd; /* Protection domain */ 1997c478bd9Sstevel@tonic-gate } sadb_x_sens_actual; 2007c478bd9Sstevel@tonic-gate uint64_t sadb_x_sens_alignment; 2017c478bd9Sstevel@tonic-gate } sadb_x_sens_u; 2027c478bd9Sstevel@tonic-gate #define sadb_sens_len sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_ulen 2037c478bd9Sstevel@tonic-gate #define sadb_sens_exttype sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_uexttype 2047c478bd9Sstevel@tonic-gate #define sadb_sens_dpd sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_udpd 2057c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_level; 2067c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_len; /* 64-bit words */ 2077c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_level; 2087c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_len; /* 64-bit words */ 2097c478bd9Sstevel@tonic-gate uint32_t sadb_sens_reserved; 2107c478bd9Sstevel@tonic-gate /* 2117c478bd9Sstevel@tonic-gate * followed by two uint64_t arrays 2127c478bd9Sstevel@tonic-gate * uint64_t sadb_sens_bitmap[sens_bitmap_len]; 2137c478bd9Sstevel@tonic-gate * uint64_t sadb_integ_bitmap[integ_bitmap_len]; 2147c478bd9Sstevel@tonic-gate */ 2157c478bd9Sstevel@tonic-gate } sadb_sens_t; 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate /* 2187c478bd9Sstevel@tonic-gate * A proposal extension. This is found in an ACQUIRE message, and it 2197c478bd9Sstevel@tonic-gate * proposes what sort of SA the kernel would like to ACQUIRE. 2207c478bd9Sstevel@tonic-gate */ 2217c478bd9Sstevel@tonic-gate 2227c478bd9Sstevel@tonic-gate /* First, a base structure... */ 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate typedef struct sadb_x_propbase { 2257c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_len; 2267c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_exttype; /* PROPOSAL, X_EPROP */ 2277c478bd9Sstevel@tonic-gate union { 2287c478bd9Sstevel@tonic-gate struct { 2297c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_replay; 2307c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_eres; 2317c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_lenres_numecombs; 2327c478bd9Sstevel@tonic-gate } sadb_x_propb_lenres; 2337c478bd9Sstevel@tonic-gate struct { 2347c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_replay; 2357c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_reserved[3]; 2367c478bd9Sstevel@tonic-gate } sadb_x_propb_oldres; 2377c478bd9Sstevel@tonic-gate } sadb_x_propb_u; 2387c478bd9Sstevel@tonic-gate #define sadb_x_propb_replay \ 2397c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_replay 2407c478bd9Sstevel@tonic-gate #define sadb_x_propb_reserved \ 2417c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_oldres.sadb_x_propb_oldres_reserved 2427c478bd9Sstevel@tonic-gate #define sadb_x_propb_ereserved \ 2437c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_eres 2447c478bd9Sstevel@tonic-gate #define sadb_x_propb_numecombs \ 2457c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_numecombs 2467c478bd9Sstevel@tonic-gate /* Followed by sadb_comb[] array or sadb_ecomb[] array. */ 2477c478bd9Sstevel@tonic-gate } sadb_x_propbase_t; 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate /* Now, the actual sadb_prop structure, which will have alignment in it! */ 2507c478bd9Sstevel@tonic-gate 2517c478bd9Sstevel@tonic-gate typedef struct sadb_prop { 2527c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 2537c478bd9Sstevel@tonic-gate union { 2547c478bd9Sstevel@tonic-gate sadb_x_propbase_t sadb_x_prop_actual; 2557c478bd9Sstevel@tonic-gate uint64_t sadb_x_prop_alignment; 2567c478bd9Sstevel@tonic-gate } sadb_x_prop_u; 2577c478bd9Sstevel@tonic-gate #define sadb_prop_len sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_len 2587c478bd9Sstevel@tonic-gate #define sadb_prop_exttype sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_exttype 2597c478bd9Sstevel@tonic-gate #define sadb_prop_replay sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_replay 2607c478bd9Sstevel@tonic-gate #define sadb_prop_reserved \ 2617c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_reserved 2627c478bd9Sstevel@tonic-gate #define sadb_x_prop_ereserved \ 2637c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_ereserved 2647c478bd9Sstevel@tonic-gate #define sadb_x_prop_numecombs \ 2657c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_numecombs 2667c478bd9Sstevel@tonic-gate } sadb_prop_t; 2677c478bd9Sstevel@tonic-gate 2687c478bd9Sstevel@tonic-gate /* 2697c478bd9Sstevel@tonic-gate * This is a proposed combination. Many of these can follow a proposal 2707c478bd9Sstevel@tonic-gate * extension. Already 64-bit aligned thanks to uint64_t fields. 2717c478bd9Sstevel@tonic-gate */ 2727c478bd9Sstevel@tonic-gate 2737c478bd9Sstevel@tonic-gate typedef struct sadb_comb { 2747c478bd9Sstevel@tonic-gate uint8_t sadb_comb_auth; /* Authentication algorithm */ 2757c478bd9Sstevel@tonic-gate uint8_t sadb_comb_encrypt; /* Encryption algorithm */ 2767c478bd9Sstevel@tonic-gate uint16_t sadb_comb_flags; /* Comb. flags (e.g. PFS) */ 2777c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_minbits; /* Bit strengths for auth */ 2787c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_maxbits; 2797c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_minbits; /* Bit strengths for encrypt */ 2807c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_maxbits; 2817c478bd9Sstevel@tonic-gate uint32_t sadb_comb_reserved; 2827c478bd9Sstevel@tonic-gate uint32_t sadb_comb_soft_allocations; /* Lifetime proposals for */ 2837c478bd9Sstevel@tonic-gate uint32_t sadb_comb_hard_allocations; /* this combination. */ 2847c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_bytes; 2857c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_bytes; 2867c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_addtime; 2877c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_addtime; 2887c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_usetime; 2897c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_usetime; 2907c478bd9Sstevel@tonic-gate } sadb_comb_t; 2917c478bd9Sstevel@tonic-gate 2927c478bd9Sstevel@tonic-gate /* 2937c478bd9Sstevel@tonic-gate * An extended combination that can comprise of many SA types. 2947c478bd9Sstevel@tonic-gate * A single combination has algorithms and SA types locked. 2957c478bd9Sstevel@tonic-gate * These are represented by algorithm descriptors, the second structure 2967c478bd9Sstevel@tonic-gate * in the list. For example, if the EACQUIRE requests AH(MD5) + ESP(DES/null) 2977c478bd9Sstevel@tonic-gate * _or_ ESP(DES/MD5), it would have two combinations: 2987c478bd9Sstevel@tonic-gate * 2997c478bd9Sstevel@tonic-gate * COMB: algdes(AH, AUTH, MD5), algdes(ESP, CRYPT, DES) 3007c478bd9Sstevel@tonic-gate * COMB: algdes(ESP, AUTH, MD5), algdes(ESP, CRYPT, DES) 3017c478bd9Sstevel@tonic-gate * 3027c478bd9Sstevel@tonic-gate * If an SA type supports an algorithm type, and there's no descriptor, 3037c478bd9Sstevel@tonic-gate * assume it requires NONE, just like it were explicitly stated. 3047c478bd9Sstevel@tonic-gate * (This includes ESP NULL encryption, BTW.) 3057c478bd9Sstevel@tonic-gate * 3067c478bd9Sstevel@tonic-gate * Already 64-bit aligned thanks to uint64_t fields. 3077c478bd9Sstevel@tonic-gate */ 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gate typedef struct sadb_x_ecomb { 3107c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_numalgs; 3117c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_reserved; 3127c478bd9Sstevel@tonic-gate uint16_t sadb_x_ecomb_flags; /* E.g. PFS? */ 3137c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_reserved2; 3147c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_soft_allocations; 3157c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_hard_allocations; 3167c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_bytes; 3177c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_bytes; 3187c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_addtime; 3197c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_addtime; 3207c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_usetime; 3217c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_usetime; 3227c478bd9Sstevel@tonic-gate } sadb_x_ecomb_t; 3237c478bd9Sstevel@tonic-gate 3247c478bd9Sstevel@tonic-gate typedef struct sadb_x_algdesc { 3257c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 3267c478bd9Sstevel@tonic-gate union { 3277c478bd9Sstevel@tonic-gate struct { 3287c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_usatype; /* ESP, AH, etc. */ 3297c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualgtype; /* AUTH, CRYPT, COMP */ 3307c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualg; /* 3DES, MD5, etc. */ 3317c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ureserved; 3327c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_uminbits; /* Bit strengths. */ 3337c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_umaxbits; 3347c478bd9Sstevel@tonic-gate } sadb_x_algdesc_actual; 3357c478bd9Sstevel@tonic-gate uint64_t sadb_x_algdesc_alignment; 3367c478bd9Sstevel@tonic-gate } sadb_x_algdesc_u; 3377c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_satype \ 3387c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_usatype 3397c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_algtype \ 3407c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualgtype 3417c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_alg \ 3427c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualg 3437c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_reserved \ 3447c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ureserved 3457c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_minbits \ 3467c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_uminbits 3477c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_maxbits \ 3487c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_umaxbits 3497c478bd9Sstevel@tonic-gate } sadb_x_algdesc_t; 3507c478bd9Sstevel@tonic-gate 3517c478bd9Sstevel@tonic-gate /* 3527c478bd9Sstevel@tonic-gate * When key mgmt. registers with the kernel, the kernel will tell key mgmt. 3537c478bd9Sstevel@tonic-gate * its supported algorithms. 3547c478bd9Sstevel@tonic-gate */ 3557c478bd9Sstevel@tonic-gate 3567c478bd9Sstevel@tonic-gate typedef struct sadb_supported { 3577c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 3587c478bd9Sstevel@tonic-gate union { 3597c478bd9Sstevel@tonic-gate struct { 3607c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_ulen; 3617c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_uexttype; 3627c478bd9Sstevel@tonic-gate uint32_t sadb_x_supported_ureserved; 3637c478bd9Sstevel@tonic-gate } sadb_x_supported_actual; 3647c478bd9Sstevel@tonic-gate uint64_t sadb_x_supported_alignment; 3657c478bd9Sstevel@tonic-gate } sadb_x_supported_u; 3667c478bd9Sstevel@tonic-gate #define sadb_supported_len \ 3677c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ulen 3687c478bd9Sstevel@tonic-gate #define sadb_supported_exttype \ 3697c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_uexttype 3707c478bd9Sstevel@tonic-gate #define sadb_supported_reserved \ 3717c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ureserved 3727c478bd9Sstevel@tonic-gate } sadb_supported_t; 3737c478bd9Sstevel@tonic-gate 3747c478bd9Sstevel@tonic-gate /* First, a base structure... */ 3757c478bd9Sstevel@tonic-gate typedef struct sadb_x_algb { 3767c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_id; /* Algorithm type. */ 3777c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_ivlen; /* IV len, in bits */ 3787c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_minbits; /* Min. key len (in bits) */ 3797c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_maxbits; /* Max. key length */ 3807c478bd9Sstevel@tonic-gate union { 3817c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_ureserved; 3827c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_udefaults[2]; 3837c478bd9Sstevel@tonic-gate } sadb_x_algb_union; 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate #define sadb_x_algb_reserved sadb_x_algb_union.sadb_x_algb_ureserved 3867c478bd9Sstevel@tonic-gate #define sadb_x_algb_increment sadb_x_algb_union.sadb_x_algb_udefaults[0] 3877c478bd9Sstevel@tonic-gate #define sadb_x_algb_defincr sadb_x_algb_union.sadb_x_algb_udefaults[1] 3887c478bd9Sstevel@tonic-gate /* 3897c478bd9Sstevel@tonic-gate * alg_increment: the number of bits from a key length to the next 3907c478bd9Sstevel@tonic-gate * alg_defincr: the number of increments from the smallest possible 3917c478bd9Sstevel@tonic-gate * key to the default key length 3927c478bd9Sstevel@tonic-gate */ 3937c478bd9Sstevel@tonic-gate } sadb_x_algb_t; 3947c478bd9Sstevel@tonic-gate /* useful macros for dealing with defincr */ 3957c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_LEN(min, incr, defincr) ((min) + ((defincr) * (incr))) 3967c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_INCR(min, incr, default) (((default) - (min)) / (incr)) 3977c478bd9Sstevel@tonic-gate 3987c478bd9Sstevel@tonic-gate /* Now, the actual sadb_alg structure, which will have alignment in it. */ 3997c478bd9Sstevel@tonic-gate typedef struct sadb_alg { 4007c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4017c478bd9Sstevel@tonic-gate union { 4027c478bd9Sstevel@tonic-gate sadb_x_algb_t sadb_x_alg_actual; 4037c478bd9Sstevel@tonic-gate uint64_t sadb_x_alg_alignment; 4047c478bd9Sstevel@tonic-gate } sadb_x_alg_u; 4057c478bd9Sstevel@tonic-gate #define sadb_alg_id sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_id 4067c478bd9Sstevel@tonic-gate #define sadb_alg_ivlen sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_ivlen 4077c478bd9Sstevel@tonic-gate #define sadb_alg_minbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_minbits 4087c478bd9Sstevel@tonic-gate #define sadb_alg_maxbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_maxbits 4097c478bd9Sstevel@tonic-gate #define sadb_alg_reserved sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_reserved 4107c478bd9Sstevel@tonic-gate #define sadb_x_alg_increment \ 4117c478bd9Sstevel@tonic-gate sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_increment 4127c478bd9Sstevel@tonic-gate #define sadb_x_alg_defincr sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_defincr 4137c478bd9Sstevel@tonic-gate } sadb_alg_t; 4147c478bd9Sstevel@tonic-gate 4157c478bd9Sstevel@tonic-gate /* 4167c478bd9Sstevel@tonic-gate * If key mgmt. needs an SPI in a range (including 0 to 0xFFFFFFFF), it 4177c478bd9Sstevel@tonic-gate * asks the kernel with this extension in the SADB_GETSPI message. 4187c478bd9Sstevel@tonic-gate */ 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate typedef struct sadb_spirange { 4217c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_len; 4227c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_exttype; /* SPI_RANGE */ 4237c478bd9Sstevel@tonic-gate uint32_t sadb_spirange_min; 4247c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4257c478bd9Sstevel@tonic-gate union { 4267c478bd9Sstevel@tonic-gate struct { 4277c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_umax; 4287c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_ureserved; 4297c478bd9Sstevel@tonic-gate } sadb_x_spirange_actual; 4307c478bd9Sstevel@tonic-gate uint64_t sadb_x_spirange_alignment; 4317c478bd9Sstevel@tonic-gate } sadb_x_spirange_u; 4327c478bd9Sstevel@tonic-gate #define sadb_spirange_max \ 4337c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_umax 4347c478bd9Sstevel@tonic-gate #define sadb_spirange_reserved \ 4357c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_ureserved 4367c478bd9Sstevel@tonic-gate } sadb_spirange_t; 4377c478bd9Sstevel@tonic-gate 4387c478bd9Sstevel@tonic-gate /* 4397c478bd9Sstevel@tonic-gate * For the "extended REGISTER" which'll tell the kernel to send me 4407c478bd9Sstevel@tonic-gate * "extended ACQUIREs". 4417c478bd9Sstevel@tonic-gate */ 4427c478bd9Sstevel@tonic-gate 4437c478bd9Sstevel@tonic-gate typedef struct sadb_x_ereg { 4447c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4457c478bd9Sstevel@tonic-gate union { 4467c478bd9Sstevel@tonic-gate struct { 4477c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_ulen; 4487c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_uexttype; /* X_EREG */ 4497c478bd9Sstevel@tonic-gate /* Array of SA types, 0-terminated. */ 4507c478bd9Sstevel@tonic-gate uint8_t sadb_x_ereg_usatypes[4]; 4517c478bd9Sstevel@tonic-gate } sadb_x_ereg_actual; 4527c478bd9Sstevel@tonic-gate uint64_t sadb_x_ereg_alignment; 4537c478bd9Sstevel@tonic-gate } sadb_x_ereg_u; 4547c478bd9Sstevel@tonic-gate #define sadb_x_ereg_len \ 4557c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_ulen 4567c478bd9Sstevel@tonic-gate #define sadb_x_ereg_exttype \ 4577c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_uexttype 4587c478bd9Sstevel@tonic-gate #define sadb_x_ereg_satypes \ 4597c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_usatypes 4607c478bd9Sstevel@tonic-gate } sadb_x_ereg_t; 4617c478bd9Sstevel@tonic-gate 4627c478bd9Sstevel@tonic-gate /* 4637c478bd9Sstevel@tonic-gate * For conveying a Key Management Cookie with SADB_GETSPI, SADB_ADD, 4647c478bd9Sstevel@tonic-gate * SADB_ACQUIRE, or SADB_X_INVERSE_ACQUIRE. 4657c478bd9Sstevel@tonic-gate */ 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate typedef struct sadb_x_kmc { 4687c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_len; 4697c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_exttype; /* X_KM_COOKIE */ 4707c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_proto; /* KM protocol */ 4717c478bd9Sstevel@tonic-gate union { 4727c478bd9Sstevel@tonic-gate struct { 4737c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ucookie; /* KMP-specific */ 4747c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ureserved; /* Must be zero */ 4757c478bd9Sstevel@tonic-gate } sadb_x_kmc_actual; 4767c478bd9Sstevel@tonic-gate uint64_t sadb_x_kmc_alignment; 4777c478bd9Sstevel@tonic-gate } sadb_x_kmc_u; 4787c478bd9Sstevel@tonic-gate #define sadb_x_kmc_cookie sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ucookie 4797c478bd9Sstevel@tonic-gate #define sadb_x_kmc_reserved sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ureserved 4807c478bd9Sstevel@tonic-gate } sadb_x_kmc_t; 4817c478bd9Sstevel@tonic-gate 48238d95a78Smarkfen typedef struct sadb_x_pair { 48338d95a78Smarkfen union { 48438d95a78Smarkfen /* Union is for guaranteeing 64-bit alignment. */ 48538d95a78Smarkfen struct { 48638d95a78Smarkfen uint16_t sadb_x_pair_ulen; 48738d95a78Smarkfen uint16_t sadb_x_pair_uexttype; 48838d95a78Smarkfen uint32_t sadb_x_pair_uspi; /* SPI of paired SA */ 48938d95a78Smarkfen } sadb_x_pair_actual; 49038d95a78Smarkfen uint64_t sadb_x_ext_alignment; 49138d95a78Smarkfen } sadb_x_pair_u; 49238d95a78Smarkfen #define sadb_x_pair_len sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_ulen 49338d95a78Smarkfen #define sadb_x_pair_exttype \ 49438d95a78Smarkfen sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uexttype 49538d95a78Smarkfen #define sadb_x_pair_spi sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uspi 49638d95a78Smarkfen } sadb_x_pair_t; 4977c478bd9Sstevel@tonic-gate 498*9c2c14abSThejaswini Singarajipura /* 499*9c2c14abSThejaswini Singarajipura * For the Sequence numbers to be used with SADB_DUMP, SADB_GET, SADB_UPDATE. 500*9c2c14abSThejaswini Singarajipura */ 501*9c2c14abSThejaswini Singarajipura 502*9c2c14abSThejaswini Singarajipura typedef struct sadb_x_replay_ctr { 503*9c2c14abSThejaswini Singarajipura uint16_t sadb_x_rc_len; 504*9c2c14abSThejaswini Singarajipura uint16_t sadb_x_rc_exttype; 505*9c2c14abSThejaswini Singarajipura uint32_t sadb_x_rc_replay32; /* For 240x SAs. */ 506*9c2c14abSThejaswini Singarajipura uint64_t sadb_x_rc_replay64; /* For 430x SAs. */ 507*9c2c14abSThejaswini Singarajipura } sadb_x_replay_ctr_t; 508*9c2c14abSThejaswini Singarajipura 509*9c2c14abSThejaswini Singarajipura /* 510*9c2c14abSThejaswini Singarajipura * For extended DUMP request. Dumps the SAs which were idle for 511*9c2c14abSThejaswini Singarajipura * longer than the timeout specified. 512*9c2c14abSThejaswini Singarajipura */ 513*9c2c14abSThejaswini Singarajipura 514*9c2c14abSThejaswini Singarajipura typedef struct sadb_x_edump { 515*9c2c14abSThejaswini Singarajipura uint16_t sadb_x_edump_len; 516*9c2c14abSThejaswini Singarajipura uint16_t sadb_x_edump_exttype; 517*9c2c14abSThejaswini Singarajipura uint32_t sadb_x_edump_reserved; 518*9c2c14abSThejaswini Singarajipura uint64_t sadb_x_edump_timeout; 519*9c2c14abSThejaswini Singarajipura } sadb_x_edump_t; 520*9c2c14abSThejaswini Singarajipura 5217c478bd9Sstevel@tonic-gate /* 5227c478bd9Sstevel@tonic-gate * Base message types. 5237c478bd9Sstevel@tonic-gate */ 5247c478bd9Sstevel@tonic-gate 5257c478bd9Sstevel@tonic-gate #define SADB_RESERVED 0 5267c478bd9Sstevel@tonic-gate #define SADB_GETSPI 1 5277c478bd9Sstevel@tonic-gate #define SADB_UPDATE 2 5287c478bd9Sstevel@tonic-gate #define SADB_ADD 3 5297c478bd9Sstevel@tonic-gate #define SADB_DELETE 4 5307c478bd9Sstevel@tonic-gate #define SADB_GET 5 5317c478bd9Sstevel@tonic-gate #define SADB_ACQUIRE 6 5327c478bd9Sstevel@tonic-gate #define SADB_REGISTER 7 5337c478bd9Sstevel@tonic-gate #define SADB_EXPIRE 8 5347c478bd9Sstevel@tonic-gate #define SADB_FLUSH 9 5357c478bd9Sstevel@tonic-gate #define SADB_DUMP 10 /* not used normally */ 5367c478bd9Sstevel@tonic-gate #define SADB_X_PROMISC 11 5377c478bd9Sstevel@tonic-gate #define SADB_X_INVERSE_ACQUIRE 12 53838d95a78Smarkfen #define SADB_X_UPDATEPAIR 13 539*9c2c14abSThejaswini Singarajipura #define SADB_X_DELPAIR 14 540*9c2c14abSThejaswini Singarajipura #define SADB_X_DELPAIR_STATE 15 541*9c2c14abSThejaswini Singarajipura #define SADB_MAX 15 5427c478bd9Sstevel@tonic-gate 5437c478bd9Sstevel@tonic-gate /* 5447c478bd9Sstevel@tonic-gate * SA flags 5457c478bd9Sstevel@tonic-gate */ 5467c478bd9Sstevel@tonic-gate 5477c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */ 5487c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */ 5497c478bd9Sstevel@tonic-gate 5507c478bd9Sstevel@tonic-gate /* Below flags are used by this implementation. Grow from left-to-right. */ 5517c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */ 5527c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */ 5537c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */ 5547c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */ 5557c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */ 5567c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */ 5577c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */ 5587c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */ 5597c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */ 5607c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */ 5618810c16bSdanmcd #define SADB_X_SAFLAGS_KRES1 0x200000 /* Reserved by the kernel */ 5627c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */ 5637c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */ 5648810c16bSdanmcd #define SADB_X_SAFLAGS_KRES2 0x40000 /* Reserved by the kernel */ 5658810c16bSdanmcd #define SADB_X_SAFLAGS_TUNNEL 0x20000 /* tunnel mode */ 56638d95a78Smarkfen #define SADB_X_SAFLAGS_PAIRED 0x10000 /* inbound/outbound pair */ 56738d95a78Smarkfen #define SADB_X_SAFLAGS_OUTBOUND 0x8000 /* SA direction bit */ 56838d95a78Smarkfen #define SADB_X_SAFLAGS_INBOUND 0x4000 /* SA direction bit */ 5694a179720Sdanmcd #define SADB_X_SAFLAGS_NATTED 0x1000 /* Local node is behind a NAT */ 5708810c16bSdanmcd 5718810c16bSdanmcd #define SADB_X_SAFLAGS_KRES \ 5728810c16bSdanmcd SADB_X_SAFLAGS_KRES1 | SADB_X_SAFLAGS_KRES2 5738810c16bSdanmcd 5747c478bd9Sstevel@tonic-gate /* 5757c478bd9Sstevel@tonic-gate * SA state. 5767c478bd9Sstevel@tonic-gate */ 5777c478bd9Sstevel@tonic-gate 578*9c2c14abSThejaswini Singarajipura #define SADB_SASTATE_LARVAL 0 579*9c2c14abSThejaswini Singarajipura #define SADB_SASTATE_MATURE 1 580*9c2c14abSThejaswini Singarajipura #define SADB_SASTATE_DYING 2 581*9c2c14abSThejaswini Singarajipura #define SADB_SASTATE_DEAD 3 582*9c2c14abSThejaswini Singarajipura #define SADB_X_SASTATE_ACTIVE_ELSEWHERE 4 583*9c2c14abSThejaswini Singarajipura #define SADB_X_SASTATE_IDLE 5 584*9c2c14abSThejaswini Singarajipura #define SADB_X_SASTATE_ACTIVE 6 5857c478bd9Sstevel@tonic-gate 586*9c2c14abSThejaswini Singarajipura #define SADB_SASTATE_MAX 6 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate /* 5897c478bd9Sstevel@tonic-gate * SA type. Gaps are present in the number space because (for the time being) 5907c478bd9Sstevel@tonic-gate * these types correspond to the SA types in the IPsec DOI document. 5917c478bd9Sstevel@tonic-gate */ 5927c478bd9Sstevel@tonic-gate 5937c478bd9Sstevel@tonic-gate #define SADB_SATYPE_UNSPEC 0 5947c478bd9Sstevel@tonic-gate #define SADB_SATYPE_AH 2 /* RFC-1826 */ 5957c478bd9Sstevel@tonic-gate #define SADB_SATYPE_ESP 3 /* RFC-1827 */ 5967c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */ 5977c478bd9Sstevel@tonic-gate #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */ 5987c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */ 5997c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */ 6007c478bd9Sstevel@tonic-gate 6017c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MAX 8 6027c478bd9Sstevel@tonic-gate 6037c478bd9Sstevel@tonic-gate /* 6047c478bd9Sstevel@tonic-gate * Algorithm types. Gaps are present because (for the time being) these types 6057c478bd9Sstevel@tonic-gate * correspond to the SA types in the IPsec DOI document. 6067c478bd9Sstevel@tonic-gate * 6077c478bd9Sstevel@tonic-gate * NOTE: These are numbered to play nice with the IPsec DOI. That's why 6087c478bd9Sstevel@tonic-gate * there are gaps. 6097c478bd9Sstevel@tonic-gate */ 6107c478bd9Sstevel@tonic-gate 6117c478bd9Sstevel@tonic-gate /* Authentication algorithms */ 6127c478bd9Sstevel@tonic-gate #define SADB_AALG_NONE 0 6137c478bd9Sstevel@tonic-gate #define SADB_AALG_MD5HMAC 2 6147c478bd9Sstevel@tonic-gate #define SADB_AALG_SHA1HMAC 3 6150358d3a6Sdanmcd #define SADB_AALG_SHA256HMAC 5 6160358d3a6Sdanmcd #define SADB_AALG_SHA384HMAC 6 6170358d3a6Sdanmcd #define SADB_AALG_SHA512HMAC 7 6187c478bd9Sstevel@tonic-gate 6190358d3a6Sdanmcd #define SADB_AALG_MAX 7 6207c478bd9Sstevel@tonic-gate 6217c478bd9Sstevel@tonic-gate /* Encryption algorithms */ 6227c478bd9Sstevel@tonic-gate #define SADB_EALG_NONE 0 6237c478bd9Sstevel@tonic-gate #define SADB_EALG_DESCBC 2 6247c478bd9Sstevel@tonic-gate #define SADB_EALG_3DESCBC 3 6257c478bd9Sstevel@tonic-gate #define SADB_EALG_BLOWFISH 7 6267c478bd9Sstevel@tonic-gate #define SADB_EALG_NULL 11 6277c478bd9Sstevel@tonic-gate #define SADB_EALG_AES 12 6287c478bd9Sstevel@tonic-gate #define SADB_EALG_MAX 12 6297c478bd9Sstevel@tonic-gate 6307c478bd9Sstevel@tonic-gate /* 6317c478bd9Sstevel@tonic-gate * Extension header values. 6327c478bd9Sstevel@tonic-gate */ 6337c478bd9Sstevel@tonic-gate 6347c478bd9Sstevel@tonic-gate #define SADB_EXT_RESERVED 0 6357c478bd9Sstevel@tonic-gate 6367c478bd9Sstevel@tonic-gate #define SADB_EXT_SA 1 6377c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_CURRENT 2 6387c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_HARD 3 6397c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_SOFT 4 6407c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_SRC 5 6417c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_DST 6 6428810c16bSdanmcd /* These two are synonyms. */ 6437c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_PROXY 7 6448810c16bSdanmcd #define SADB_X_EXT_ADDRESS_INNER_SRC SADB_EXT_ADDRESS_PROXY 6457c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_AUTH 8 6467c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_ENCRYPT 9 6477c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_SRC 10 6487c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_DST 11 6497c478bd9Sstevel@tonic-gate #define SADB_EXT_SENSITIVITY 12 6507c478bd9Sstevel@tonic-gate #define SADB_EXT_PROPOSAL 13 6517c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_AUTH 14 6527c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_ENCRYPT 15 6537c478bd9Sstevel@tonic-gate #define SADB_EXT_SPIRANGE 16 6547c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EREG 17 6557c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EPROP 18 6567c478bd9Sstevel@tonic-gate #define SADB_X_EXT_KM_COOKIE 19 6577c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_LOC 20 6587c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_REM 21 6598810c16bSdanmcd #define SADB_X_EXT_ADDRESS_INNER_DST 22 66038d95a78Smarkfen #define SADB_X_EXT_PAIR 23 661*9c2c14abSThejaswini Singarajipura #define SADB_X_EXT_REPLAY_VALUE 24 662*9c2c14abSThejaswini Singarajipura #define SADB_X_EXT_EDUMP 25 663*9c2c14abSThejaswini Singarajipura #define SADB_X_EXT_LIFETIME_IDLE 26 6647c478bd9Sstevel@tonic-gate 665*9c2c14abSThejaswini Singarajipura #define SADB_EXT_MAX 26 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate /* 6687c478bd9Sstevel@tonic-gate * Identity types. 6697c478bd9Sstevel@tonic-gate */ 6707c478bd9Sstevel@tonic-gate 6717c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_RESERVED 0 6727c478bd9Sstevel@tonic-gate 6737c478bd9Sstevel@tonic-gate /* 6747c478bd9Sstevel@tonic-gate * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC 6757c478bd9Sstevel@tonic-gate * if not present. 6767c478bd9Sstevel@tonic-gate */ 6777c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_PREFIX 1 6787c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */ 6797c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */ 6807c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */ 6817c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */ 6827c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_KEY_ID 6 /* Generic KEY ID. */ 6837c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_ADDR_RANGE 7 6847c478bd9Sstevel@tonic-gate 6857c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_MAX 7 6867c478bd9Sstevel@tonic-gate 6877c478bd9Sstevel@tonic-gate /* 6887c478bd9Sstevel@tonic-gate * Protection DOI values for the SENSITIVITY extension. There are no values 6897c478bd9Sstevel@tonic-gate * currently, so the MAX is the only non-zero value available. 6907c478bd9Sstevel@tonic-gate */ 6917c478bd9Sstevel@tonic-gate 6927c478bd9Sstevel@tonic-gate #define SADB_DPD_NONE 0 6937c478bd9Sstevel@tonic-gate 6947c478bd9Sstevel@tonic-gate #define SADB_DPD_MAX 1 6957c478bd9Sstevel@tonic-gate 6967c478bd9Sstevel@tonic-gate /* 6977c478bd9Sstevel@tonic-gate * Diagnostic codes. These supplement error messages. Be sure to 6987c478bd9Sstevel@tonic-gate * update libipsecutil's keysock_diag() if you change any of these. 6997c478bd9Sstevel@tonic-gate */ 7007c478bd9Sstevel@tonic-gate 7017c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PRESET -1 /* Internal value. */ 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NONE 0 7047c478bd9Sstevel@tonic-gate 7057c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_MSG 1 7067c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_EXT 2 7077c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EXTLEN 3 7087c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE 4 7097c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SATYPE_NEEDED 5 7107c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_SADBS 6 7117c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_EXT 7 7127c478bd9Sstevel@tonic-gate /* Bad address family value */ 7137c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC_AF 8 7147c478bd9Sstevel@tonic-gate /* in sockaddr->sa_family. */ 7157c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST_AF 9 7168810c16bSdanmcd /* These two are synonyms. */ 7177c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_PROXY_AF 10 7188810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_INNER_SRC_AF 10 7198810c16bSdanmcd 7207c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AF_MISMATCH 11 7217c478bd9Sstevel@tonic-gate 7227c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC 12 7237c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST 13 7247c478bd9Sstevel@tonic-gate 7257c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ALLOC_HSERR 14 7267c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BYTES_HSERR 15 7277c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ADDTIME_HSERR 16 7287c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_USETIME_HSERR 17 7297c478bd9Sstevel@tonic-gate 7307c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SRC 18 7317c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_DST 19 7327c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SA 20 7337c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_EKEY 21 7347c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_AKEY 22 7357c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_RANGE 23 7367c478bd9Sstevel@tonic-gate 7377c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SRC 24 7387c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_DST 25 7397c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SA 26 7407c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_EKEY 27 7417c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_AKEY 28 7427c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_RANGE 29 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SRC 30 7457c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_DST 31 7467c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SA 32 7477c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_EKEY 33 7487c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_AKEY 34 7497c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_RANGE 35 7507c478bd9Sstevel@tonic-gate 7517c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AKEY_PRESENT 36 7527c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_EKEY_PRESENT 37 7537c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PROP_PRESENT 38 7547c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SUPP_PRESENT 39 7557c478bd9Sstevel@tonic-gate 7567c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AALG 40 7577c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EALG 41 7587c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SAFLAGS 42 7597c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SASTATE 43 7607c478bd9Sstevel@tonic-gate 7617c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AKEYBITS 44 7627c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EKEYBITS 45 7637c478bd9Sstevel@tonic-gate 7647c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ENCR_NOTSUPP 46 7657c478bd9Sstevel@tonic-gate 7667c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_EKEY 47 7677c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_AKEY 48 7687c478bd9Sstevel@tonic-gate 7697c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMP 49 7707c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMC 50 7717c478bd9Sstevel@tonic-gate 7727c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_LOC 51 7737c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_REM 52 7747c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_LOC 53 7757c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_REM 54 7767c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC 55 7777c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM 56 7787c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_PORTS 57 7798810c16bSdanmcd 7808810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MISSING_INNER_SRC 58 7818810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MISSING_INNER_DST 59 7828810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC 60 7838810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST 61 7848810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC 62 7858810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST 63 7868810c16bSdanmcd 7878810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PREFIX_INNER_SRC 64 7888810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PREFIX_INNER_DST 65 7898810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_INNER_DST_AF 66 7908810c16bSdanmcd #define SADB_X_DIAGNOSTIC_INNER_AF_MISMATCH 67 7918810c16bSdanmcd 7928810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_NATT_REM_AF 68 7938810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_NATT_LOC_AF 69 7948810c16bSdanmcd 7958810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PROTO_MISMATCH 70 7968810c16bSdanmcd #define SADB_X_DIAGNOSTIC_INNER_PROTO_MISMATCH 71 7978810c16bSdanmcd 7988810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUAL_PORT_SETS 72 7998810c16bSdanmcd 80038d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_INAPPROPRIATE 73 80138d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_ADD_MISMATCH 74 80238d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_ALREADY 75 80338d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_SA_NOTFOUND 76 80438d95a78Smarkfen #define SADB_X_DIAGNOSTIC_BAD_SA_DIRECTION 77 80538d95a78Smarkfen 80638d95a78Smarkfen #define SADB_X_DIAGNOSTIC_SA_NOTFOUND 78 80738d95a78Smarkfen #define SADB_X_DIAGNOSTIC_SA_EXPIRED 79 80838d95a78Smarkfen #define SADB_X_DIAGNOSTIC_MAX 79 8097c478bd9Sstevel@tonic-gate 8107c478bd9Sstevel@tonic-gate /* Algorithm type for sadb_x_algdesc above... */ 8117c478bd9Sstevel@tonic-gate 8127c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_NONE 0 8137c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_AUTH 1 8147c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_CRYPT 2 8157c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_COMPRESS 3 8167c478bd9Sstevel@tonic-gate 8177c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_MAX 3 8187c478bd9Sstevel@tonic-gate 8197c478bd9Sstevel@tonic-gate /* Key management protocol for sadb_x_kmc above... */ 8207c478bd9Sstevel@tonic-gate 8217c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MANUAL 0 8227c478bd9Sstevel@tonic-gate #define SADB_X_KMP_IKE 1 8237c478bd9Sstevel@tonic-gate #define SADB_X_KMP_KINK 2 8247c478bd9Sstevel@tonic-gate 8257c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MAX 2 8267c478bd9Sstevel@tonic-gate 8277c478bd9Sstevel@tonic-gate /* 8287c478bd9Sstevel@tonic-gate * Handy conversion macros. Not part of the PF_KEY spec... 8297c478bd9Sstevel@tonic-gate */ 8307c478bd9Sstevel@tonic-gate 8317c478bd9Sstevel@tonic-gate #define SADB_64TO8(x) ((x) << 3) 8327c478bd9Sstevel@tonic-gate #define SADB_8TO64(x) ((x) >> 3) 8337c478bd9Sstevel@tonic-gate #define SADB_8TO1(x) ((x) << 3) 8347c478bd9Sstevel@tonic-gate #define SADB_1TO8(x) ((x) >> 3) 8357c478bd9Sstevel@tonic-gate 8367c478bd9Sstevel@tonic-gate #ifdef __cplusplus 8377c478bd9Sstevel@tonic-gate } 8387c478bd9Sstevel@tonic-gate #endif 8397c478bd9Sstevel@tonic-gate 8407c478bd9Sstevel@tonic-gate #endif /* _NET_PFKEYV2_H */ 841