17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 58810c16bSdanmcd * Common Development and Distribution License (the "License"). 68810c16bSdanmcd * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 220358d3a6Sdanmcd * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _NET_PFKEYV2_H 277c478bd9Sstevel@tonic-gate #define _NET_PFKEYV2_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate /* 327c478bd9Sstevel@tonic-gate * Definitions and structures for PF_KEY version 2. See RFC 2367 for 337c478bd9Sstevel@tonic-gate * more details. SA == Security Association, which is what PF_KEY provides 347c478bd9Sstevel@tonic-gate * an API for managing. 357c478bd9Sstevel@tonic-gate */ 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate #ifdef __cplusplus 387c478bd9Sstevel@tonic-gate extern "C" { 397c478bd9Sstevel@tonic-gate #endif 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate #define PF_KEY_V2 2 427c478bd9Sstevel@tonic-gate #define PFKEYV2_REVISION 200109L 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate /* 457c478bd9Sstevel@tonic-gate * Base PF_KEY message. 467c478bd9Sstevel@tonic-gate */ 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate typedef struct sadb_msg { 497c478bd9Sstevel@tonic-gate uint8_t sadb_msg_version; /* Version, currently PF_KEY_V2 */ 507c478bd9Sstevel@tonic-gate uint8_t sadb_msg_type; /* ADD, UPDATE, etc. */ 517c478bd9Sstevel@tonic-gate uint8_t sadb_msg_errno; /* Error number from UNIX errno space */ 527c478bd9Sstevel@tonic-gate uint8_t sadb_msg_satype; /* ESP, AH, etc. */ 537c478bd9Sstevel@tonic-gate uint16_t sadb_msg_len; /* Length in 64-bit words. */ 547c478bd9Sstevel@tonic-gate uint16_t sadb_msg_reserved; /* must be zero */ 557c478bd9Sstevel@tonic-gate /* 567c478bd9Sstevel@tonic-gate * Use the reserved field for extended diagnostic information on errno 577c478bd9Sstevel@tonic-gate * responses. 587c478bd9Sstevel@tonic-gate */ 597c478bd9Sstevel@tonic-gate #define sadb_x_msg_diagnostic sadb_msg_reserved 607c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 617c478bd9Sstevel@tonic-gate union { 627c478bd9Sstevel@tonic-gate struct { 637c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_useq; /* Set by originator */ 647c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_upid; /* Set by originator */ 657c478bd9Sstevel@tonic-gate } sadb_x_msg_actual; 667c478bd9Sstevel@tonic-gate uint64_t sadb_x_msg_alignment; 677c478bd9Sstevel@tonic-gate } sadb_x_msg_u; 687c478bd9Sstevel@tonic-gate #define sadb_msg_seq sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_useq 697c478bd9Sstevel@tonic-gate #define sadb_msg_pid sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_upid 707c478bd9Sstevel@tonic-gate } sadb_msg_t; 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate /* 737c478bd9Sstevel@tonic-gate * Generic extension header. 747c478bd9Sstevel@tonic-gate */ 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate typedef struct sadb_ext { 777c478bd9Sstevel@tonic-gate union { 787c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 797c478bd9Sstevel@tonic-gate struct { 807c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_ulen; /* In 64s, inclusive */ 817c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_utype; /* 0 is reserved */ 827c478bd9Sstevel@tonic-gate } sadb_x_ext_actual; 837c478bd9Sstevel@tonic-gate uint64_t sadb_x_ext_alignment; 847c478bd9Sstevel@tonic-gate } sadb_x_ext_u; 857c478bd9Sstevel@tonic-gate #define sadb_ext_len sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_ulen 867c478bd9Sstevel@tonic-gate #define sadb_ext_type sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_utype 877c478bd9Sstevel@tonic-gate } sadb_ext_t; 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate /* 907c478bd9Sstevel@tonic-gate * Security Association information extension. 917c478bd9Sstevel@tonic-gate */ 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate typedef struct sadb_sa { 947c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 957c478bd9Sstevel@tonic-gate union { 967c478bd9Sstevel@tonic-gate struct { 977c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_ulen; 987c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_uexttype; /* ASSOCIATION */ 997c478bd9Sstevel@tonic-gate uint32_t sadb_x_sa_uspi; /* Sec. Param. Index */ 1007c478bd9Sstevel@tonic-gate } sadb_x_sa_uactual; 1017c478bd9Sstevel@tonic-gate uint64_t sadb_x_sa_alignment; 1027c478bd9Sstevel@tonic-gate } sadb_x_sa_u; 1037c478bd9Sstevel@tonic-gate #define sadb_sa_len sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_ulen 1047c478bd9Sstevel@tonic-gate #define sadb_sa_exttype sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uexttype 1057c478bd9Sstevel@tonic-gate #define sadb_sa_spi sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uspi 1067c478bd9Sstevel@tonic-gate uint8_t sadb_sa_replay; /* Replay counter */ 1077c478bd9Sstevel@tonic-gate uint8_t sadb_sa_state; /* MATURE, DEAD, DYING, LARVAL */ 1087c478bd9Sstevel@tonic-gate uint8_t sadb_sa_auth; /* Authentication algorithm */ 1097c478bd9Sstevel@tonic-gate uint8_t sadb_sa_encrypt; /* Encryption algorithm */ 1107c478bd9Sstevel@tonic-gate uint32_t sadb_sa_flags; /* SA flags. */ 1117c478bd9Sstevel@tonic-gate } sadb_sa_t; 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate /* 1147c478bd9Sstevel@tonic-gate * SA Lifetime extension. Already 64-bit aligned thanks to uint64_t fields. 1157c478bd9Sstevel@tonic-gate */ 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate typedef struct sadb_lifetime { 1187c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_len; 1197c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_exttype; /* SOFT, HARD, CURRENT */ 1207c478bd9Sstevel@tonic-gate uint32_t sadb_lifetime_allocations; 1217c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_bytes; 1227c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_addtime; /* These fields are assumed to hold */ 1237c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_usetime; /* >= sizeof (time_t). */ 1247c478bd9Sstevel@tonic-gate } sadb_lifetime_t; 1257c478bd9Sstevel@tonic-gate 1267c478bd9Sstevel@tonic-gate /* 1277c478bd9Sstevel@tonic-gate * SA address information. 1287c478bd9Sstevel@tonic-gate */ 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate typedef struct sadb_address { 1317c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1327c478bd9Sstevel@tonic-gate union { 1337c478bd9Sstevel@tonic-gate struct { 1347c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ulen; 1357c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_uexttype; /* SRC, DST, PROXY */ 1367c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uproto; /* Proto for ports... */ 1377c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uprefixlen; /* Prefix length. */ 1387c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ureserved; /* Padding */ 1397c478bd9Sstevel@tonic-gate } sadb_x_address_actual; 1407c478bd9Sstevel@tonic-gate uint64_t sadb_x_address_alignment; 1417c478bd9Sstevel@tonic-gate } sadb_x_address_u; 1427c478bd9Sstevel@tonic-gate #define sadb_address_len \ 1437c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ulen 1447c478bd9Sstevel@tonic-gate #define sadb_address_exttype \ 1457c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uexttype 1467c478bd9Sstevel@tonic-gate #define sadb_address_proto \ 1477c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uproto 1487c478bd9Sstevel@tonic-gate #define sadb_address_prefixlen \ 1497c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uprefixlen 1507c478bd9Sstevel@tonic-gate #define sadb_address_reserved \ 1517c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ureserved 1527c478bd9Sstevel@tonic-gate /* Followed by a sockaddr structure which may contain ports. */ 1537c478bd9Sstevel@tonic-gate } sadb_address_t; 1547c478bd9Sstevel@tonic-gate 1557c478bd9Sstevel@tonic-gate /* 1567c478bd9Sstevel@tonic-gate * SA key information. 1577c478bd9Sstevel@tonic-gate */ 1587c478bd9Sstevel@tonic-gate 1597c478bd9Sstevel@tonic-gate typedef struct sadb_key { 1607c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1617c478bd9Sstevel@tonic-gate union { 1627c478bd9Sstevel@tonic-gate struct { 1637c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ulen; 1647c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_uexttype; /* AUTH, ENCRYPT */ 1657c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ubits; /* Actual len (bits) */ 1667c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ureserved; 1677c478bd9Sstevel@tonic-gate } sadb_x_key_actual; 1687c478bd9Sstevel@tonic-gate uint64_t sadb_x_key_alignment; 1697c478bd9Sstevel@tonic-gate } sadb_x_key_u; 1707c478bd9Sstevel@tonic-gate #define sadb_key_len sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ulen 1717c478bd9Sstevel@tonic-gate #define sadb_key_exttype sadb_x_key_u.sadb_x_key_actual.sadb_x_key_uexttype 1727c478bd9Sstevel@tonic-gate #define sadb_key_bits sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ubits 1737c478bd9Sstevel@tonic-gate #define sadb_key_reserved sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ureserved 1747c478bd9Sstevel@tonic-gate /* Followed by actual key(s) in canonical (outbound proc.) order. */ 1757c478bd9Sstevel@tonic-gate } sadb_key_t; 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate /* 1787c478bd9Sstevel@tonic-gate * SA Identity information. Already 64-bit aligned thanks to uint64_t fields. 1797c478bd9Sstevel@tonic-gate */ 1807c478bd9Sstevel@tonic-gate 1817c478bd9Sstevel@tonic-gate typedef struct sadb_ident { 1827c478bd9Sstevel@tonic-gate uint16_t sadb_ident_len; 1837c478bd9Sstevel@tonic-gate uint16_t sadb_ident_exttype; /* SRC, DST, PROXY */ 1847c478bd9Sstevel@tonic-gate uint16_t sadb_ident_type; /* FQDN, USER_FQDN, etc. */ 1857c478bd9Sstevel@tonic-gate uint16_t sadb_ident_reserved; /* Padding */ 1867c478bd9Sstevel@tonic-gate uint64_t sadb_ident_id; /* For userid, etc. */ 1877c478bd9Sstevel@tonic-gate /* Followed by an identity null-terminate C string if present. */ 1887c478bd9Sstevel@tonic-gate } sadb_ident_t; 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate /* 1917c478bd9Sstevel@tonic-gate * SA sensitivity information. This is mostly useful on MLS systems. 1927c478bd9Sstevel@tonic-gate */ 1937c478bd9Sstevel@tonic-gate 1947c478bd9Sstevel@tonic-gate typedef struct sadb_sens { 1957c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 1967c478bd9Sstevel@tonic-gate union { 1977c478bd9Sstevel@tonic-gate struct { 1987c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_ulen; 1997c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_uexttype; /* SENSITIVITY */ 2007c478bd9Sstevel@tonic-gate uint32_t sadb_x_sens_udpd; /* Protection domain */ 2017c478bd9Sstevel@tonic-gate } sadb_x_sens_actual; 2027c478bd9Sstevel@tonic-gate uint64_t sadb_x_sens_alignment; 2037c478bd9Sstevel@tonic-gate } sadb_x_sens_u; 2047c478bd9Sstevel@tonic-gate #define sadb_sens_len sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_ulen 2057c478bd9Sstevel@tonic-gate #define sadb_sens_exttype sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_uexttype 2067c478bd9Sstevel@tonic-gate #define sadb_sens_dpd sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_udpd 2077c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_level; 2087c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_len; /* 64-bit words */ 2097c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_level; 2107c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_len; /* 64-bit words */ 2117c478bd9Sstevel@tonic-gate uint32_t sadb_sens_reserved; 2127c478bd9Sstevel@tonic-gate /* 2137c478bd9Sstevel@tonic-gate * followed by two uint64_t arrays 2147c478bd9Sstevel@tonic-gate * uint64_t sadb_sens_bitmap[sens_bitmap_len]; 2157c478bd9Sstevel@tonic-gate * uint64_t sadb_integ_bitmap[integ_bitmap_len]; 2167c478bd9Sstevel@tonic-gate */ 2177c478bd9Sstevel@tonic-gate } sadb_sens_t; 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate /* 2207c478bd9Sstevel@tonic-gate * A proposal extension. This is found in an ACQUIRE message, and it 2217c478bd9Sstevel@tonic-gate * proposes what sort of SA the kernel would like to ACQUIRE. 2227c478bd9Sstevel@tonic-gate */ 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate /* First, a base structure... */ 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate typedef struct sadb_x_propbase { 2277c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_len; 2287c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_exttype; /* PROPOSAL, X_EPROP */ 2297c478bd9Sstevel@tonic-gate union { 2307c478bd9Sstevel@tonic-gate struct { 2317c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_replay; 2327c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_eres; 2337c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_lenres_numecombs; 2347c478bd9Sstevel@tonic-gate } sadb_x_propb_lenres; 2357c478bd9Sstevel@tonic-gate struct { 2367c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_replay; 2377c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_reserved[3]; 2387c478bd9Sstevel@tonic-gate } sadb_x_propb_oldres; 2397c478bd9Sstevel@tonic-gate } sadb_x_propb_u; 2407c478bd9Sstevel@tonic-gate #define sadb_x_propb_replay \ 2417c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_replay 2427c478bd9Sstevel@tonic-gate #define sadb_x_propb_reserved \ 2437c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_oldres.sadb_x_propb_oldres_reserved 2447c478bd9Sstevel@tonic-gate #define sadb_x_propb_ereserved \ 2457c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_eres 2467c478bd9Sstevel@tonic-gate #define sadb_x_propb_numecombs \ 2477c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_numecombs 2487c478bd9Sstevel@tonic-gate /* Followed by sadb_comb[] array or sadb_ecomb[] array. */ 2497c478bd9Sstevel@tonic-gate } sadb_x_propbase_t; 2507c478bd9Sstevel@tonic-gate 2517c478bd9Sstevel@tonic-gate /* Now, the actual sadb_prop structure, which will have alignment in it! */ 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate typedef struct sadb_prop { 2547c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 2557c478bd9Sstevel@tonic-gate union { 2567c478bd9Sstevel@tonic-gate sadb_x_propbase_t sadb_x_prop_actual; 2577c478bd9Sstevel@tonic-gate uint64_t sadb_x_prop_alignment; 2587c478bd9Sstevel@tonic-gate } sadb_x_prop_u; 2597c478bd9Sstevel@tonic-gate #define sadb_prop_len sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_len 2607c478bd9Sstevel@tonic-gate #define sadb_prop_exttype sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_exttype 2617c478bd9Sstevel@tonic-gate #define sadb_prop_replay sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_replay 2627c478bd9Sstevel@tonic-gate #define sadb_prop_reserved \ 2637c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_reserved 2647c478bd9Sstevel@tonic-gate #define sadb_x_prop_ereserved \ 2657c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_ereserved 2667c478bd9Sstevel@tonic-gate #define sadb_x_prop_numecombs \ 2677c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_numecombs 2687c478bd9Sstevel@tonic-gate } sadb_prop_t; 2697c478bd9Sstevel@tonic-gate 2707c478bd9Sstevel@tonic-gate /* 2717c478bd9Sstevel@tonic-gate * This is a proposed combination. Many of these can follow a proposal 2727c478bd9Sstevel@tonic-gate * extension. Already 64-bit aligned thanks to uint64_t fields. 2737c478bd9Sstevel@tonic-gate */ 2747c478bd9Sstevel@tonic-gate 2757c478bd9Sstevel@tonic-gate typedef struct sadb_comb { 2767c478bd9Sstevel@tonic-gate uint8_t sadb_comb_auth; /* Authentication algorithm */ 2777c478bd9Sstevel@tonic-gate uint8_t sadb_comb_encrypt; /* Encryption algorithm */ 2787c478bd9Sstevel@tonic-gate uint16_t sadb_comb_flags; /* Comb. flags (e.g. PFS) */ 2797c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_minbits; /* Bit strengths for auth */ 2807c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_maxbits; 2817c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_minbits; /* Bit strengths for encrypt */ 2827c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_maxbits; 2837c478bd9Sstevel@tonic-gate uint32_t sadb_comb_reserved; 2847c478bd9Sstevel@tonic-gate uint32_t sadb_comb_soft_allocations; /* Lifetime proposals for */ 2857c478bd9Sstevel@tonic-gate uint32_t sadb_comb_hard_allocations; /* this combination. */ 2867c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_bytes; 2877c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_bytes; 2887c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_addtime; 2897c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_addtime; 2907c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_usetime; 2917c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_usetime; 2927c478bd9Sstevel@tonic-gate } sadb_comb_t; 2937c478bd9Sstevel@tonic-gate 2947c478bd9Sstevel@tonic-gate /* 2957c478bd9Sstevel@tonic-gate * An extended combination that can comprise of many SA types. 2967c478bd9Sstevel@tonic-gate * A single combination has algorithms and SA types locked. 2977c478bd9Sstevel@tonic-gate * These are represented by algorithm descriptors, the second structure 2987c478bd9Sstevel@tonic-gate * in the list. For example, if the EACQUIRE requests AH(MD5) + ESP(DES/null) 2997c478bd9Sstevel@tonic-gate * _or_ ESP(DES/MD5), it would have two combinations: 3007c478bd9Sstevel@tonic-gate * 3017c478bd9Sstevel@tonic-gate * COMB: algdes(AH, AUTH, MD5), algdes(ESP, CRYPT, DES) 3027c478bd9Sstevel@tonic-gate * COMB: algdes(ESP, AUTH, MD5), algdes(ESP, CRYPT, DES) 3037c478bd9Sstevel@tonic-gate * 3047c478bd9Sstevel@tonic-gate * If an SA type supports an algorithm type, and there's no descriptor, 3057c478bd9Sstevel@tonic-gate * assume it requires NONE, just like it were explicitly stated. 3067c478bd9Sstevel@tonic-gate * (This includes ESP NULL encryption, BTW.) 3077c478bd9Sstevel@tonic-gate * 3087c478bd9Sstevel@tonic-gate * Already 64-bit aligned thanks to uint64_t fields. 3097c478bd9Sstevel@tonic-gate */ 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate typedef struct sadb_x_ecomb { 3127c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_numalgs; 3137c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_reserved; 3147c478bd9Sstevel@tonic-gate uint16_t sadb_x_ecomb_flags; /* E.g. PFS? */ 3157c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_reserved2; 3167c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_soft_allocations; 3177c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_hard_allocations; 3187c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_bytes; 3197c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_bytes; 3207c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_addtime; 3217c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_addtime; 3227c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_usetime; 3237c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_usetime; 3247c478bd9Sstevel@tonic-gate } sadb_x_ecomb_t; 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gate typedef struct sadb_x_algdesc { 3277c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 3287c478bd9Sstevel@tonic-gate union { 3297c478bd9Sstevel@tonic-gate struct { 3307c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_usatype; /* ESP, AH, etc. */ 3317c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualgtype; /* AUTH, CRYPT, COMP */ 3327c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualg; /* 3DES, MD5, etc. */ 3337c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ureserved; 3347c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_uminbits; /* Bit strengths. */ 3357c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_umaxbits; 3367c478bd9Sstevel@tonic-gate } sadb_x_algdesc_actual; 3377c478bd9Sstevel@tonic-gate uint64_t sadb_x_algdesc_alignment; 3387c478bd9Sstevel@tonic-gate } sadb_x_algdesc_u; 3397c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_satype \ 3407c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_usatype 3417c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_algtype \ 3427c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualgtype 3437c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_alg \ 3447c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualg 3457c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_reserved \ 3467c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ureserved 3477c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_minbits \ 3487c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_uminbits 3497c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_maxbits \ 3507c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_umaxbits 3517c478bd9Sstevel@tonic-gate } sadb_x_algdesc_t; 3527c478bd9Sstevel@tonic-gate 3537c478bd9Sstevel@tonic-gate /* 3547c478bd9Sstevel@tonic-gate * When key mgmt. registers with the kernel, the kernel will tell key mgmt. 3557c478bd9Sstevel@tonic-gate * its supported algorithms. 3567c478bd9Sstevel@tonic-gate */ 3577c478bd9Sstevel@tonic-gate 3587c478bd9Sstevel@tonic-gate typedef struct sadb_supported { 3597c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 3607c478bd9Sstevel@tonic-gate union { 3617c478bd9Sstevel@tonic-gate struct { 3627c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_ulen; 3637c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_uexttype; 3647c478bd9Sstevel@tonic-gate uint32_t sadb_x_supported_ureserved; 3657c478bd9Sstevel@tonic-gate } sadb_x_supported_actual; 3667c478bd9Sstevel@tonic-gate uint64_t sadb_x_supported_alignment; 3677c478bd9Sstevel@tonic-gate } sadb_x_supported_u; 3687c478bd9Sstevel@tonic-gate #define sadb_supported_len \ 3697c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ulen 3707c478bd9Sstevel@tonic-gate #define sadb_supported_exttype \ 3717c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_uexttype 3727c478bd9Sstevel@tonic-gate #define sadb_supported_reserved \ 3737c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ureserved 3747c478bd9Sstevel@tonic-gate } sadb_supported_t; 3757c478bd9Sstevel@tonic-gate 3767c478bd9Sstevel@tonic-gate /* First, a base structure... */ 3777c478bd9Sstevel@tonic-gate typedef struct sadb_x_algb { 3787c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_id; /* Algorithm type. */ 3797c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_ivlen; /* IV len, in bits */ 3807c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_minbits; /* Min. key len (in bits) */ 3817c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_maxbits; /* Max. key length */ 3827c478bd9Sstevel@tonic-gate union { 3837c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_ureserved; 3847c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_udefaults[2]; 3857c478bd9Sstevel@tonic-gate } sadb_x_algb_union; 3867c478bd9Sstevel@tonic-gate 3877c478bd9Sstevel@tonic-gate #define sadb_x_algb_reserved sadb_x_algb_union.sadb_x_algb_ureserved 3887c478bd9Sstevel@tonic-gate #define sadb_x_algb_increment sadb_x_algb_union.sadb_x_algb_udefaults[0] 3897c478bd9Sstevel@tonic-gate #define sadb_x_algb_defincr sadb_x_algb_union.sadb_x_algb_udefaults[1] 3907c478bd9Sstevel@tonic-gate /* 3917c478bd9Sstevel@tonic-gate * alg_increment: the number of bits from a key length to the next 3927c478bd9Sstevel@tonic-gate * alg_defincr: the number of increments from the smallest possible 3937c478bd9Sstevel@tonic-gate * key to the default key length 3947c478bd9Sstevel@tonic-gate */ 3957c478bd9Sstevel@tonic-gate } sadb_x_algb_t; 3967c478bd9Sstevel@tonic-gate /* useful macros for dealing with defincr */ 3977c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_LEN(min, incr, defincr) ((min) + ((defincr) * (incr))) 3987c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_INCR(min, incr, default) (((default) - (min)) / (incr)) 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate /* Now, the actual sadb_alg structure, which will have alignment in it. */ 4017c478bd9Sstevel@tonic-gate typedef struct sadb_alg { 4027c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4037c478bd9Sstevel@tonic-gate union { 4047c478bd9Sstevel@tonic-gate sadb_x_algb_t sadb_x_alg_actual; 4057c478bd9Sstevel@tonic-gate uint64_t sadb_x_alg_alignment; 4067c478bd9Sstevel@tonic-gate } sadb_x_alg_u; 4077c478bd9Sstevel@tonic-gate #define sadb_alg_id sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_id 4087c478bd9Sstevel@tonic-gate #define sadb_alg_ivlen sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_ivlen 4097c478bd9Sstevel@tonic-gate #define sadb_alg_minbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_minbits 4107c478bd9Sstevel@tonic-gate #define sadb_alg_maxbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_maxbits 4117c478bd9Sstevel@tonic-gate #define sadb_alg_reserved sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_reserved 4127c478bd9Sstevel@tonic-gate #define sadb_x_alg_increment \ 4137c478bd9Sstevel@tonic-gate sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_increment 4147c478bd9Sstevel@tonic-gate #define sadb_x_alg_defincr sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_defincr 4157c478bd9Sstevel@tonic-gate } sadb_alg_t; 4167c478bd9Sstevel@tonic-gate 4177c478bd9Sstevel@tonic-gate /* 4187c478bd9Sstevel@tonic-gate * If key mgmt. needs an SPI in a range (including 0 to 0xFFFFFFFF), it 4197c478bd9Sstevel@tonic-gate * asks the kernel with this extension in the SADB_GETSPI message. 4207c478bd9Sstevel@tonic-gate */ 4217c478bd9Sstevel@tonic-gate 4227c478bd9Sstevel@tonic-gate typedef struct sadb_spirange { 4237c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_len; 4247c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_exttype; /* SPI_RANGE */ 4257c478bd9Sstevel@tonic-gate uint32_t sadb_spirange_min; 4267c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4277c478bd9Sstevel@tonic-gate union { 4287c478bd9Sstevel@tonic-gate struct { 4297c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_umax; 4307c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_ureserved; 4317c478bd9Sstevel@tonic-gate } sadb_x_spirange_actual; 4327c478bd9Sstevel@tonic-gate uint64_t sadb_x_spirange_alignment; 4337c478bd9Sstevel@tonic-gate } sadb_x_spirange_u; 4347c478bd9Sstevel@tonic-gate #define sadb_spirange_max \ 4357c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_umax 4367c478bd9Sstevel@tonic-gate #define sadb_spirange_reserved \ 4377c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_ureserved 4387c478bd9Sstevel@tonic-gate } sadb_spirange_t; 4397c478bd9Sstevel@tonic-gate 4407c478bd9Sstevel@tonic-gate /* 4417c478bd9Sstevel@tonic-gate * For the "extended REGISTER" which'll tell the kernel to send me 4427c478bd9Sstevel@tonic-gate * "extended ACQUIREs". 4437c478bd9Sstevel@tonic-gate */ 4447c478bd9Sstevel@tonic-gate 4457c478bd9Sstevel@tonic-gate typedef struct sadb_x_ereg { 4467c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 4477c478bd9Sstevel@tonic-gate union { 4487c478bd9Sstevel@tonic-gate struct { 4497c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_ulen; 4507c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_uexttype; /* X_EREG */ 4517c478bd9Sstevel@tonic-gate /* Array of SA types, 0-terminated. */ 4527c478bd9Sstevel@tonic-gate uint8_t sadb_x_ereg_usatypes[4]; 4537c478bd9Sstevel@tonic-gate } sadb_x_ereg_actual; 4547c478bd9Sstevel@tonic-gate uint64_t sadb_x_ereg_alignment; 4557c478bd9Sstevel@tonic-gate } sadb_x_ereg_u; 4567c478bd9Sstevel@tonic-gate #define sadb_x_ereg_len \ 4577c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_ulen 4587c478bd9Sstevel@tonic-gate #define sadb_x_ereg_exttype \ 4597c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_uexttype 4607c478bd9Sstevel@tonic-gate #define sadb_x_ereg_satypes \ 4617c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_usatypes 4627c478bd9Sstevel@tonic-gate } sadb_x_ereg_t; 4637c478bd9Sstevel@tonic-gate 4647c478bd9Sstevel@tonic-gate /* 4657c478bd9Sstevel@tonic-gate * For conveying a Key Management Cookie with SADB_GETSPI, SADB_ADD, 4667c478bd9Sstevel@tonic-gate * SADB_ACQUIRE, or SADB_X_INVERSE_ACQUIRE. 4677c478bd9Sstevel@tonic-gate */ 4687c478bd9Sstevel@tonic-gate 4697c478bd9Sstevel@tonic-gate typedef struct sadb_x_kmc { 4707c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_len; 4717c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_exttype; /* X_KM_COOKIE */ 4727c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_proto; /* KM protocol */ 4737c478bd9Sstevel@tonic-gate union { 4747c478bd9Sstevel@tonic-gate struct { 4757c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ucookie; /* KMP-specific */ 4767c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ureserved; /* Must be zero */ 4777c478bd9Sstevel@tonic-gate } sadb_x_kmc_actual; 4787c478bd9Sstevel@tonic-gate uint64_t sadb_x_kmc_alignment; 4797c478bd9Sstevel@tonic-gate } sadb_x_kmc_u; 4807c478bd9Sstevel@tonic-gate #define sadb_x_kmc_cookie sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ucookie 4817c478bd9Sstevel@tonic-gate #define sadb_x_kmc_reserved sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ureserved 4827c478bd9Sstevel@tonic-gate } sadb_x_kmc_t; 4837c478bd9Sstevel@tonic-gate 48438d95a78Smarkfen typedef struct sadb_x_pair { 48538d95a78Smarkfen union { 48638d95a78Smarkfen /* Union is for guaranteeing 64-bit alignment. */ 48738d95a78Smarkfen struct { 48838d95a78Smarkfen uint16_t sadb_x_pair_ulen; 48938d95a78Smarkfen uint16_t sadb_x_pair_uexttype; 49038d95a78Smarkfen uint32_t sadb_x_pair_uspi; /* SPI of paired SA */ 49138d95a78Smarkfen } sadb_x_pair_actual; 49238d95a78Smarkfen uint64_t sadb_x_ext_alignment; 49338d95a78Smarkfen } sadb_x_pair_u; 49438d95a78Smarkfen #define sadb_x_pair_len sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_ulen 49538d95a78Smarkfen #define sadb_x_pair_exttype \ 49638d95a78Smarkfen sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uexttype 49738d95a78Smarkfen #define sadb_x_pair_spi sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uspi 49838d95a78Smarkfen } sadb_x_pair_t; 4997c478bd9Sstevel@tonic-gate 5007c478bd9Sstevel@tonic-gate /* 5017c478bd9Sstevel@tonic-gate * Base message types. 5027c478bd9Sstevel@tonic-gate */ 5037c478bd9Sstevel@tonic-gate 5047c478bd9Sstevel@tonic-gate #define SADB_RESERVED 0 5057c478bd9Sstevel@tonic-gate #define SADB_GETSPI 1 5067c478bd9Sstevel@tonic-gate #define SADB_UPDATE 2 5077c478bd9Sstevel@tonic-gate #define SADB_ADD 3 5087c478bd9Sstevel@tonic-gate #define SADB_DELETE 4 5097c478bd9Sstevel@tonic-gate #define SADB_GET 5 5107c478bd9Sstevel@tonic-gate #define SADB_ACQUIRE 6 5117c478bd9Sstevel@tonic-gate #define SADB_REGISTER 7 5127c478bd9Sstevel@tonic-gate #define SADB_EXPIRE 8 5137c478bd9Sstevel@tonic-gate #define SADB_FLUSH 9 5147c478bd9Sstevel@tonic-gate #define SADB_DUMP 10 /* not used normally */ 5157c478bd9Sstevel@tonic-gate #define SADB_X_PROMISC 11 5167c478bd9Sstevel@tonic-gate #define SADB_X_INVERSE_ACQUIRE 12 51738d95a78Smarkfen #define SADB_X_UPDATEPAIR 13 51838d95a78Smarkfen #define SADB_X_DELPAIR 14 51938d95a78Smarkfen #define SADB_MAX 14 5207c478bd9Sstevel@tonic-gate 5217c478bd9Sstevel@tonic-gate /* 5227c478bd9Sstevel@tonic-gate * SA flags 5237c478bd9Sstevel@tonic-gate */ 5247c478bd9Sstevel@tonic-gate 5257c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */ 5267c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */ 5277c478bd9Sstevel@tonic-gate 5287c478bd9Sstevel@tonic-gate /* Below flags are used by this implementation. Grow from left-to-right. */ 5297c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */ 5307c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */ 5317c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */ 5327c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */ 5337c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */ 5347c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */ 5357c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */ 5367c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */ 5377c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */ 5387c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */ 5398810c16bSdanmcd #define SADB_X_SAFLAGS_KRES1 0x200000 /* Reserved by the kernel */ 5407c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */ 5417c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */ 5428810c16bSdanmcd #define SADB_X_SAFLAGS_KRES2 0x40000 /* Reserved by the kernel */ 5438810c16bSdanmcd #define SADB_X_SAFLAGS_TUNNEL 0x20000 /* tunnel mode */ 54438d95a78Smarkfen #define SADB_X_SAFLAGS_PAIRED 0x10000 /* inbound/outbound pair */ 54538d95a78Smarkfen #define SADB_X_SAFLAGS_OUTBOUND 0x8000 /* SA direction bit */ 54638d95a78Smarkfen #define SADB_X_SAFLAGS_INBOUND 0x4000 /* SA direction bit */ 547*4a179720Sdanmcd #define SADB_X_SAFLAGS_NATTED 0x1000 /* Local node is behind a NAT */ 5488810c16bSdanmcd 5498810c16bSdanmcd #define SADB_X_SAFLAGS_KRES \ 5508810c16bSdanmcd SADB_X_SAFLAGS_KRES1 | SADB_X_SAFLAGS_KRES2 5518810c16bSdanmcd 5527c478bd9Sstevel@tonic-gate /* 5537c478bd9Sstevel@tonic-gate * SA state. 5547c478bd9Sstevel@tonic-gate */ 5557c478bd9Sstevel@tonic-gate 5567c478bd9Sstevel@tonic-gate #define SADB_SASTATE_LARVAL 0 5577c478bd9Sstevel@tonic-gate #define SADB_SASTATE_MATURE 1 5587c478bd9Sstevel@tonic-gate #define SADB_SASTATE_DYING 2 5597c478bd9Sstevel@tonic-gate #define SADB_SASTATE_DEAD 3 5607c478bd9Sstevel@tonic-gate 5617c478bd9Sstevel@tonic-gate #define SADB_SASTATE_MAX 3 5627c478bd9Sstevel@tonic-gate 5637c478bd9Sstevel@tonic-gate /* 5647c478bd9Sstevel@tonic-gate * SA type. Gaps are present in the number space because (for the time being) 5657c478bd9Sstevel@tonic-gate * these types correspond to the SA types in the IPsec DOI document. 5667c478bd9Sstevel@tonic-gate */ 5677c478bd9Sstevel@tonic-gate 5687c478bd9Sstevel@tonic-gate #define SADB_SATYPE_UNSPEC 0 5697c478bd9Sstevel@tonic-gate #define SADB_SATYPE_AH 2 /* RFC-1826 */ 5707c478bd9Sstevel@tonic-gate #define SADB_SATYPE_ESP 3 /* RFC-1827 */ 5717c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */ 5727c478bd9Sstevel@tonic-gate #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */ 5737c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */ 5747c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */ 5757c478bd9Sstevel@tonic-gate 5767c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MAX 8 5777c478bd9Sstevel@tonic-gate 5787c478bd9Sstevel@tonic-gate /* 5797c478bd9Sstevel@tonic-gate * Algorithm types. Gaps are present because (for the time being) these types 5807c478bd9Sstevel@tonic-gate * correspond to the SA types in the IPsec DOI document. 5817c478bd9Sstevel@tonic-gate * 5827c478bd9Sstevel@tonic-gate * NOTE: These are numbered to play nice with the IPsec DOI. That's why 5837c478bd9Sstevel@tonic-gate * there are gaps. 5847c478bd9Sstevel@tonic-gate */ 5857c478bd9Sstevel@tonic-gate 5867c478bd9Sstevel@tonic-gate /* Authentication algorithms */ 5877c478bd9Sstevel@tonic-gate #define SADB_AALG_NONE 0 5887c478bd9Sstevel@tonic-gate #define SADB_AALG_MD5HMAC 2 5897c478bd9Sstevel@tonic-gate #define SADB_AALG_SHA1HMAC 3 5900358d3a6Sdanmcd #define SADB_AALG_SHA256HMAC 5 5910358d3a6Sdanmcd #define SADB_AALG_SHA384HMAC 6 5920358d3a6Sdanmcd #define SADB_AALG_SHA512HMAC 7 5937c478bd9Sstevel@tonic-gate 5940358d3a6Sdanmcd #define SADB_AALG_MAX 7 5957c478bd9Sstevel@tonic-gate 5967c478bd9Sstevel@tonic-gate /* Encryption algorithms */ 5977c478bd9Sstevel@tonic-gate #define SADB_EALG_NONE 0 5987c478bd9Sstevel@tonic-gate #define SADB_EALG_DESCBC 2 5997c478bd9Sstevel@tonic-gate #define SADB_EALG_3DESCBC 3 6007c478bd9Sstevel@tonic-gate #define SADB_EALG_BLOWFISH 7 6017c478bd9Sstevel@tonic-gate #define SADB_EALG_NULL 11 6027c478bd9Sstevel@tonic-gate #define SADB_EALG_AES 12 6037c478bd9Sstevel@tonic-gate #define SADB_EALG_MAX 12 6047c478bd9Sstevel@tonic-gate 6057c478bd9Sstevel@tonic-gate /* 6067c478bd9Sstevel@tonic-gate * Extension header values. 6077c478bd9Sstevel@tonic-gate */ 6087c478bd9Sstevel@tonic-gate 6097c478bd9Sstevel@tonic-gate #define SADB_EXT_RESERVED 0 6107c478bd9Sstevel@tonic-gate 6117c478bd9Sstevel@tonic-gate #define SADB_EXT_SA 1 6127c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_CURRENT 2 6137c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_HARD 3 6147c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_SOFT 4 6157c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_SRC 5 6167c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_DST 6 6178810c16bSdanmcd /* These two are synonyms. */ 6187c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_PROXY 7 6198810c16bSdanmcd #define SADB_X_EXT_ADDRESS_INNER_SRC SADB_EXT_ADDRESS_PROXY 6207c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_AUTH 8 6217c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_ENCRYPT 9 6227c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_SRC 10 6237c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_DST 11 6247c478bd9Sstevel@tonic-gate #define SADB_EXT_SENSITIVITY 12 6257c478bd9Sstevel@tonic-gate #define SADB_EXT_PROPOSAL 13 6267c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_AUTH 14 6277c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_ENCRYPT 15 6287c478bd9Sstevel@tonic-gate #define SADB_EXT_SPIRANGE 16 6297c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EREG 17 6307c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EPROP 18 6317c478bd9Sstevel@tonic-gate #define SADB_X_EXT_KM_COOKIE 19 6327c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_LOC 20 6337c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_REM 21 6348810c16bSdanmcd #define SADB_X_EXT_ADDRESS_INNER_DST 22 63538d95a78Smarkfen #define SADB_X_EXT_PAIR 23 6367c478bd9Sstevel@tonic-gate 63738d95a78Smarkfen #define SADB_EXT_MAX 23 6387c478bd9Sstevel@tonic-gate 6397c478bd9Sstevel@tonic-gate /* 6407c478bd9Sstevel@tonic-gate * Identity types. 6417c478bd9Sstevel@tonic-gate */ 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_RESERVED 0 6447c478bd9Sstevel@tonic-gate 6457c478bd9Sstevel@tonic-gate /* 6467c478bd9Sstevel@tonic-gate * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC 6477c478bd9Sstevel@tonic-gate * if not present. 6487c478bd9Sstevel@tonic-gate */ 6497c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_PREFIX 1 6507c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */ 6517c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */ 6527c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */ 6537c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */ 6547c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_KEY_ID 6 /* Generic KEY ID. */ 6557c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_ADDR_RANGE 7 6567c478bd9Sstevel@tonic-gate 6577c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_MAX 7 6587c478bd9Sstevel@tonic-gate 6597c478bd9Sstevel@tonic-gate /* 6607c478bd9Sstevel@tonic-gate * Protection DOI values for the SENSITIVITY extension. There are no values 6617c478bd9Sstevel@tonic-gate * currently, so the MAX is the only non-zero value available. 6627c478bd9Sstevel@tonic-gate */ 6637c478bd9Sstevel@tonic-gate 6647c478bd9Sstevel@tonic-gate #define SADB_DPD_NONE 0 6657c478bd9Sstevel@tonic-gate 6667c478bd9Sstevel@tonic-gate #define SADB_DPD_MAX 1 6677c478bd9Sstevel@tonic-gate 6687c478bd9Sstevel@tonic-gate /* 6697c478bd9Sstevel@tonic-gate * Diagnostic codes. These supplement error messages. Be sure to 6707c478bd9Sstevel@tonic-gate * update libipsecutil's keysock_diag() if you change any of these. 6717c478bd9Sstevel@tonic-gate */ 6727c478bd9Sstevel@tonic-gate 6737c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PRESET -1 /* Internal value. */ 6747c478bd9Sstevel@tonic-gate 6757c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NONE 0 6767c478bd9Sstevel@tonic-gate 6777c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_MSG 1 6787c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_EXT 2 6797c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EXTLEN 3 6807c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE 4 6817c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SATYPE_NEEDED 5 6827c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_SADBS 6 6837c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_EXT 7 6847c478bd9Sstevel@tonic-gate /* Bad address family value */ 6857c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC_AF 8 6867c478bd9Sstevel@tonic-gate /* in sockaddr->sa_family. */ 6877c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST_AF 9 6888810c16bSdanmcd /* These two are synonyms. */ 6897c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_PROXY_AF 10 6908810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_INNER_SRC_AF 10 6918810c16bSdanmcd 6927c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AF_MISMATCH 11 6937c478bd9Sstevel@tonic-gate 6947c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC 12 6957c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST 13 6967c478bd9Sstevel@tonic-gate 6977c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ALLOC_HSERR 14 6987c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BYTES_HSERR 15 6997c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ADDTIME_HSERR 16 7007c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_USETIME_HSERR 17 7017c478bd9Sstevel@tonic-gate 7027c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SRC 18 7037c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_DST 19 7047c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SA 20 7057c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_EKEY 21 7067c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_AKEY 22 7077c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_RANGE 23 7087c478bd9Sstevel@tonic-gate 7097c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SRC 24 7107c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_DST 25 7117c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SA 26 7127c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_EKEY 27 7137c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_AKEY 28 7147c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_RANGE 29 7157c478bd9Sstevel@tonic-gate 7167c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SRC 30 7177c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_DST 31 7187c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SA 32 7197c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_EKEY 33 7207c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_AKEY 34 7217c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_RANGE 35 7227c478bd9Sstevel@tonic-gate 7237c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AKEY_PRESENT 36 7247c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_EKEY_PRESENT 37 7257c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PROP_PRESENT 38 7267c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SUPP_PRESENT 39 7277c478bd9Sstevel@tonic-gate 7287c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AALG 40 7297c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EALG 41 7307c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SAFLAGS 42 7317c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SASTATE 43 7327c478bd9Sstevel@tonic-gate 7337c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AKEYBITS 44 7347c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EKEYBITS 45 7357c478bd9Sstevel@tonic-gate 7367c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ENCR_NOTSUPP 46 7377c478bd9Sstevel@tonic-gate 7387c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_EKEY 47 7397c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_AKEY 48 7407c478bd9Sstevel@tonic-gate 7417c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMP 49 7427c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMC 50 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_LOC 51 7457c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_REM 52 7467c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_LOC 53 7477c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_REM 54 7487c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC 55 7497c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM 56 7507c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_PORTS 57 7518810c16bSdanmcd 7528810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MISSING_INNER_SRC 58 7538810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MISSING_INNER_DST 59 7548810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC 60 7558810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST 61 7568810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC 62 7578810c16bSdanmcd #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST 63 7588810c16bSdanmcd 7598810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PREFIX_INNER_SRC 64 7608810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PREFIX_INNER_DST 65 7618810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_INNER_DST_AF 66 7628810c16bSdanmcd #define SADB_X_DIAGNOSTIC_INNER_AF_MISMATCH 67 7638810c16bSdanmcd 7648810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_NATT_REM_AF 68 7658810c16bSdanmcd #define SADB_X_DIAGNOSTIC_BAD_NATT_LOC_AF 69 7668810c16bSdanmcd 7678810c16bSdanmcd #define SADB_X_DIAGNOSTIC_PROTO_MISMATCH 70 7688810c16bSdanmcd #define SADB_X_DIAGNOSTIC_INNER_PROTO_MISMATCH 71 7698810c16bSdanmcd 7708810c16bSdanmcd #define SADB_X_DIAGNOSTIC_DUAL_PORT_SETS 72 7718810c16bSdanmcd 77238d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_INAPPROPRIATE 73 77338d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_ADD_MISMATCH 74 77438d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_ALREADY 75 77538d95a78Smarkfen #define SADB_X_DIAGNOSTIC_PAIR_SA_NOTFOUND 76 77638d95a78Smarkfen #define SADB_X_DIAGNOSTIC_BAD_SA_DIRECTION 77 77738d95a78Smarkfen 77838d95a78Smarkfen #define SADB_X_DIAGNOSTIC_SA_NOTFOUND 78 77938d95a78Smarkfen #define SADB_X_DIAGNOSTIC_SA_EXPIRED 79 78038d95a78Smarkfen #define SADB_X_DIAGNOSTIC_MAX 79 7817c478bd9Sstevel@tonic-gate 7827c478bd9Sstevel@tonic-gate /* Algorithm type for sadb_x_algdesc above... */ 7837c478bd9Sstevel@tonic-gate 7847c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_NONE 0 7857c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_AUTH 1 7867c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_CRYPT 2 7877c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_COMPRESS 3 7887c478bd9Sstevel@tonic-gate 7897c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_MAX 3 7907c478bd9Sstevel@tonic-gate 7917c478bd9Sstevel@tonic-gate /* Key management protocol for sadb_x_kmc above... */ 7927c478bd9Sstevel@tonic-gate 7937c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MANUAL 0 7947c478bd9Sstevel@tonic-gate #define SADB_X_KMP_IKE 1 7957c478bd9Sstevel@tonic-gate #define SADB_X_KMP_KINK 2 7967c478bd9Sstevel@tonic-gate 7977c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MAX 2 7987c478bd9Sstevel@tonic-gate 7997c478bd9Sstevel@tonic-gate /* 8007c478bd9Sstevel@tonic-gate * Handy conversion macros. Not part of the PF_KEY spec... 8017c478bd9Sstevel@tonic-gate */ 8027c478bd9Sstevel@tonic-gate 8037c478bd9Sstevel@tonic-gate #define SADB_64TO8(x) ((x) << 3) 8047c478bd9Sstevel@tonic-gate #define SADB_8TO64(x) ((x) >> 3) 8057c478bd9Sstevel@tonic-gate #define SADB_8TO1(x) ((x) << 3) 8067c478bd9Sstevel@tonic-gate #define SADB_1TO8(x) ((x) >> 3) 8077c478bd9Sstevel@tonic-gate 8087c478bd9Sstevel@tonic-gate #ifdef __cplusplus 8097c478bd9Sstevel@tonic-gate } 8107c478bd9Sstevel@tonic-gate #endif 8117c478bd9Sstevel@tonic-gate 8127c478bd9Sstevel@tonic-gate #endif /* _NET_PFKEYV2_H */ 813