1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _NET_PFKEYV2_H 27 #define _NET_PFKEYV2_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 /* 32 * Definitions and structures for PF_KEY version 2. See RFC 2367 for 33 * more details. SA == Security Association, which is what PF_KEY provides 34 * an API for managing. 35 */ 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 #define PF_KEY_V2 2 42 #define PFKEYV2_REVISION 200109L 43 44 /* 45 * Base PF_KEY message. 46 */ 47 48 typedef struct sadb_msg { 49 uint8_t sadb_msg_version; /* Version, currently PF_KEY_V2 */ 50 uint8_t sadb_msg_type; /* ADD, UPDATE, etc. */ 51 uint8_t sadb_msg_errno; /* Error number from UNIX errno space */ 52 uint8_t sadb_msg_satype; /* ESP, AH, etc. */ 53 uint16_t sadb_msg_len; /* Length in 64-bit words. */ 54 uint16_t sadb_msg_reserved; /* must be zero */ 55 /* 56 * Use the reserved field for extended diagnostic information on errno 57 * responses. 58 */ 59 #define sadb_x_msg_diagnostic sadb_msg_reserved 60 /* Union is for guaranteeing 64-bit alignment. */ 61 union { 62 struct { 63 uint32_t sadb_x_msg_useq; /* Set by originator */ 64 uint32_t sadb_x_msg_upid; /* Set by originator */ 65 } sadb_x_msg_actual; 66 uint64_t sadb_x_msg_alignment; 67 } sadb_x_msg_u; 68 #define sadb_msg_seq sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_useq 69 #define sadb_msg_pid sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_upid 70 } sadb_msg_t; 71 72 /* 73 * Generic extension header. 74 */ 75 76 typedef struct sadb_ext { 77 union { 78 /* Union is for guaranteeing 64-bit alignment. */ 79 struct { 80 uint16_t sadb_x_ext_ulen; /* In 64s, inclusive */ 81 uint16_t sadb_x_ext_utype; /* 0 is reserved */ 82 } sadb_x_ext_actual; 83 uint64_t sadb_x_ext_alignment; 84 } sadb_x_ext_u; 85 #define sadb_ext_len sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_ulen 86 #define sadb_ext_type sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_utype 87 } sadb_ext_t; 88 89 /* 90 * Security Association information extension. 91 */ 92 93 typedef struct sadb_sa { 94 /* Union is for guaranteeing 64-bit alignment. */ 95 union { 96 struct { 97 uint16_t sadb_x_sa_ulen; 98 uint16_t sadb_x_sa_uexttype; /* ASSOCIATION */ 99 uint32_t sadb_x_sa_uspi; /* Sec. Param. Index */ 100 } sadb_x_sa_uactual; 101 uint64_t sadb_x_sa_alignment; 102 } sadb_x_sa_u; 103 #define sadb_sa_len sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_ulen 104 #define sadb_sa_exttype sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uexttype 105 #define sadb_sa_spi sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uspi 106 uint8_t sadb_sa_replay; /* Replay counter */ 107 uint8_t sadb_sa_state; /* MATURE, DEAD, DYING, LARVAL */ 108 uint8_t sadb_sa_auth; /* Authentication algorithm */ 109 uint8_t sadb_sa_encrypt; /* Encryption algorithm */ 110 uint32_t sadb_sa_flags; /* SA flags. */ 111 } sadb_sa_t; 112 113 /* 114 * SA Lifetime extension. Already 64-bit aligned thanks to uint64_t fields. 115 */ 116 117 typedef struct sadb_lifetime { 118 uint16_t sadb_lifetime_len; 119 uint16_t sadb_lifetime_exttype; /* SOFT, HARD, CURRENT */ 120 uint32_t sadb_lifetime_allocations; 121 uint64_t sadb_lifetime_bytes; 122 uint64_t sadb_lifetime_addtime; /* These fields are assumed to hold */ 123 uint64_t sadb_lifetime_usetime; /* >= sizeof (time_t). */ 124 } sadb_lifetime_t; 125 126 /* 127 * SA address information. 128 */ 129 130 typedef struct sadb_address { 131 /* Union is for guaranteeing 64-bit alignment. */ 132 union { 133 struct { 134 uint16_t sadb_x_address_ulen; 135 uint16_t sadb_x_address_uexttype; /* SRC, DST, PROXY */ 136 uint8_t sadb_x_address_uproto; /* Proto for ports... */ 137 uint8_t sadb_x_address_uprefixlen; /* Prefix length. */ 138 uint16_t sadb_x_address_ureserved; /* Padding */ 139 } sadb_x_address_actual; 140 uint64_t sadb_x_address_alignment; 141 } sadb_x_address_u; 142 #define sadb_address_len \ 143 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ulen 144 #define sadb_address_exttype \ 145 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uexttype 146 #define sadb_address_proto \ 147 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uproto 148 #define sadb_address_prefixlen \ 149 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uprefixlen 150 #define sadb_address_reserved \ 151 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ureserved 152 /* Followed by a sockaddr structure which may contain ports. */ 153 } sadb_address_t; 154 155 /* 156 * SA key information. 157 */ 158 159 typedef struct sadb_key { 160 /* Union is for guaranteeing 64-bit alignment. */ 161 union { 162 struct { 163 uint16_t sadb_x_key_ulen; 164 uint16_t sadb_x_key_uexttype; /* AUTH, ENCRYPT */ 165 uint16_t sadb_x_key_ubits; /* Actual len (bits) */ 166 uint16_t sadb_x_key_ureserved; 167 } sadb_x_key_actual; 168 uint64_t sadb_x_key_alignment; 169 } sadb_x_key_u; 170 #define sadb_key_len sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ulen 171 #define sadb_key_exttype sadb_x_key_u.sadb_x_key_actual.sadb_x_key_uexttype 172 #define sadb_key_bits sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ubits 173 #define sadb_key_reserved sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ureserved 174 /* Followed by actual key(s) in canonical (outbound proc.) order. */ 175 } sadb_key_t; 176 177 /* 178 * SA Identity information. Already 64-bit aligned thanks to uint64_t fields. 179 */ 180 181 typedef struct sadb_ident { 182 uint16_t sadb_ident_len; 183 uint16_t sadb_ident_exttype; /* SRC, DST, PROXY */ 184 uint16_t sadb_ident_type; /* FQDN, USER_FQDN, etc. */ 185 uint16_t sadb_ident_reserved; /* Padding */ 186 uint64_t sadb_ident_id; /* For userid, etc. */ 187 /* Followed by an identity null-terminate C string if present. */ 188 } sadb_ident_t; 189 190 /* 191 * SA sensitivity information. This is mostly useful on MLS systems. 192 */ 193 194 typedef struct sadb_sens { 195 /* Union is for guaranteeing 64-bit alignment. */ 196 union { 197 struct { 198 uint16_t sadb_x_sens_ulen; 199 uint16_t sadb_x_sens_uexttype; /* SENSITIVITY */ 200 uint32_t sadb_x_sens_udpd; /* Protection domain */ 201 } sadb_x_sens_actual; 202 uint64_t sadb_x_sens_alignment; 203 } sadb_x_sens_u; 204 #define sadb_sens_len sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_ulen 205 #define sadb_sens_exttype sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_uexttype 206 #define sadb_sens_dpd sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_udpd 207 uint8_t sadb_sens_sens_level; 208 uint8_t sadb_sens_sens_len; /* 64-bit words */ 209 uint8_t sadb_sens_integ_level; 210 uint8_t sadb_sens_integ_len; /* 64-bit words */ 211 uint32_t sadb_sens_reserved; 212 /* 213 * followed by two uint64_t arrays 214 * uint64_t sadb_sens_bitmap[sens_bitmap_len]; 215 * uint64_t sadb_integ_bitmap[integ_bitmap_len]; 216 */ 217 } sadb_sens_t; 218 219 /* 220 * A proposal extension. This is found in an ACQUIRE message, and it 221 * proposes what sort of SA the kernel would like to ACQUIRE. 222 */ 223 224 /* First, a base structure... */ 225 226 typedef struct sadb_x_propbase { 227 uint16_t sadb_x_propb_len; 228 uint16_t sadb_x_propb_exttype; /* PROPOSAL, X_EPROP */ 229 union { 230 struct { 231 uint8_t sadb_x_propb_lenres_replay; 232 uint8_t sadb_x_propb_lenres_eres; 233 uint16_t sadb_x_propb_lenres_numecombs; 234 } sadb_x_propb_lenres; 235 struct { 236 uint8_t sadb_x_propb_oldres_replay; 237 uint8_t sadb_x_propb_oldres_reserved[3]; 238 } sadb_x_propb_oldres; 239 } sadb_x_propb_u; 240 #define sadb_x_propb_replay \ 241 sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_replay 242 #define sadb_x_propb_reserved \ 243 sadb_x_propb_u.sadb_x_propb_oldres.sadb_x_propb_oldres_reserved 244 #define sadb_x_propb_ereserved \ 245 sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_eres 246 #define sadb_x_propb_numecombs \ 247 sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_numecombs 248 /* Followed by sadb_comb[] array or sadb_ecomb[] array. */ 249 } sadb_x_propbase_t; 250 251 /* Now, the actual sadb_prop structure, which will have alignment in it! */ 252 253 typedef struct sadb_prop { 254 /* Union is for guaranteeing 64-bit alignment. */ 255 union { 256 sadb_x_propbase_t sadb_x_prop_actual; 257 uint64_t sadb_x_prop_alignment; 258 } sadb_x_prop_u; 259 #define sadb_prop_len sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_len 260 #define sadb_prop_exttype sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_exttype 261 #define sadb_prop_replay sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_replay 262 #define sadb_prop_reserved \ 263 sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_reserved 264 #define sadb_x_prop_ereserved \ 265 sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_ereserved 266 #define sadb_x_prop_numecombs \ 267 sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_numecombs 268 } sadb_prop_t; 269 270 /* 271 * This is a proposed combination. Many of these can follow a proposal 272 * extension. Already 64-bit aligned thanks to uint64_t fields. 273 */ 274 275 typedef struct sadb_comb { 276 uint8_t sadb_comb_auth; /* Authentication algorithm */ 277 uint8_t sadb_comb_encrypt; /* Encryption algorithm */ 278 uint16_t sadb_comb_flags; /* Comb. flags (e.g. PFS) */ 279 uint16_t sadb_comb_auth_minbits; /* Bit strengths for auth */ 280 uint16_t sadb_comb_auth_maxbits; 281 uint16_t sadb_comb_encrypt_minbits; /* Bit strengths for encrypt */ 282 uint16_t sadb_comb_encrypt_maxbits; 283 uint32_t sadb_comb_reserved; 284 uint32_t sadb_comb_soft_allocations; /* Lifetime proposals for */ 285 uint32_t sadb_comb_hard_allocations; /* this combination. */ 286 uint64_t sadb_comb_soft_bytes; 287 uint64_t sadb_comb_hard_bytes; 288 uint64_t sadb_comb_soft_addtime; 289 uint64_t sadb_comb_hard_addtime; 290 uint64_t sadb_comb_soft_usetime; 291 uint64_t sadb_comb_hard_usetime; 292 } sadb_comb_t; 293 294 /* 295 * An extended combination that can comprise of many SA types. 296 * A single combination has algorithms and SA types locked. 297 * These are represented by algorithm descriptors, the second structure 298 * in the list. For example, if the EACQUIRE requests AH(MD5) + ESP(DES/null) 299 * _or_ ESP(DES/MD5), it would have two combinations: 300 * 301 * COMB: algdes(AH, AUTH, MD5), algdes(ESP, CRYPT, DES) 302 * COMB: algdes(ESP, AUTH, MD5), algdes(ESP, CRYPT, DES) 303 * 304 * If an SA type supports an algorithm type, and there's no descriptor, 305 * assume it requires NONE, just like it were explicitly stated. 306 * (This includes ESP NULL encryption, BTW.) 307 * 308 * Already 64-bit aligned thanks to uint64_t fields. 309 */ 310 311 typedef struct sadb_x_ecomb { 312 uint8_t sadb_x_ecomb_numalgs; 313 uint8_t sadb_x_ecomb_reserved; 314 uint16_t sadb_x_ecomb_flags; /* E.g. PFS? */ 315 uint32_t sadb_x_ecomb_reserved2; 316 uint32_t sadb_x_ecomb_soft_allocations; 317 uint32_t sadb_x_ecomb_hard_allocations; 318 uint64_t sadb_x_ecomb_soft_bytes; 319 uint64_t sadb_x_ecomb_hard_bytes; 320 uint64_t sadb_x_ecomb_soft_addtime; 321 uint64_t sadb_x_ecomb_hard_addtime; 322 uint64_t sadb_x_ecomb_soft_usetime; 323 uint64_t sadb_x_ecomb_hard_usetime; 324 } sadb_x_ecomb_t; 325 326 typedef struct sadb_x_algdesc { 327 /* Union is for guaranteeing 64-bit alignment. */ 328 union { 329 struct { 330 uint8_t sadb_x_algdesc_usatype; /* ESP, AH, etc. */ 331 uint8_t sadb_x_algdesc_ualgtype; /* AUTH, CRYPT, COMP */ 332 uint8_t sadb_x_algdesc_ualg; /* 3DES, MD5, etc. */ 333 uint8_t sadb_x_algdesc_ureserved; 334 uint16_t sadb_x_algdesc_uminbits; /* Bit strengths. */ 335 uint16_t sadb_x_algdesc_umaxbits; 336 } sadb_x_algdesc_actual; 337 uint64_t sadb_x_algdesc_alignment; 338 } sadb_x_algdesc_u; 339 #define sadb_x_algdesc_satype \ 340 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_usatype 341 #define sadb_x_algdesc_algtype \ 342 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualgtype 343 #define sadb_x_algdesc_alg \ 344 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualg 345 #define sadb_x_algdesc_reserved \ 346 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ureserved 347 #define sadb_x_algdesc_minbits \ 348 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_uminbits 349 #define sadb_x_algdesc_maxbits \ 350 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_umaxbits 351 } sadb_x_algdesc_t; 352 353 /* 354 * When key mgmt. registers with the kernel, the kernel will tell key mgmt. 355 * its supported algorithms. 356 */ 357 358 typedef struct sadb_supported { 359 /* Union is for guaranteeing 64-bit alignment. */ 360 union { 361 struct { 362 uint16_t sadb_x_supported_ulen; 363 uint16_t sadb_x_supported_uexttype; 364 uint32_t sadb_x_supported_ureserved; 365 } sadb_x_supported_actual; 366 uint64_t sadb_x_supported_alignment; 367 } sadb_x_supported_u; 368 #define sadb_supported_len \ 369 sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ulen 370 #define sadb_supported_exttype \ 371 sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_uexttype 372 #define sadb_supported_reserved \ 373 sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ureserved 374 } sadb_supported_t; 375 376 /* First, a base structure... */ 377 typedef struct sadb_x_algb { 378 uint8_t sadb_x_algb_id; /* Algorithm type. */ 379 uint8_t sadb_x_algb_ivlen; /* IV len, in bits */ 380 uint16_t sadb_x_algb_minbits; /* Min. key len (in bits) */ 381 uint16_t sadb_x_algb_maxbits; /* Max. key length */ 382 union { 383 uint16_t sadb_x_algb_ureserved; 384 uint8_t sadb_x_algb_udefaults[2]; 385 } sadb_x_algb_union; 386 387 #define sadb_x_algb_reserved sadb_x_algb_union.sadb_x_algb_ureserved 388 #define sadb_x_algb_increment sadb_x_algb_union.sadb_x_algb_udefaults[0] 389 #define sadb_x_algb_defincr sadb_x_algb_union.sadb_x_algb_udefaults[1] 390 /* 391 * alg_increment: the number of bits from a key length to the next 392 * alg_defincr: the number of increments from the smallest possible 393 * key to the default key length 394 */ 395 } sadb_x_algb_t; 396 /* useful macros for dealing with defincr */ 397 #define SADB_ALG_DEFAULT_LEN(min, incr, defincr) ((min) + ((defincr) * (incr))) 398 #define SADB_ALG_DEFAULT_INCR(min, incr, default) (((default) - (min)) / (incr)) 399 400 /* Now, the actual sadb_alg structure, which will have alignment in it. */ 401 typedef struct sadb_alg { 402 /* Union is for guaranteeing 64-bit alignment. */ 403 union { 404 sadb_x_algb_t sadb_x_alg_actual; 405 uint64_t sadb_x_alg_alignment; 406 } sadb_x_alg_u; 407 #define sadb_alg_id sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_id 408 #define sadb_alg_ivlen sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_ivlen 409 #define sadb_alg_minbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_minbits 410 #define sadb_alg_maxbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_maxbits 411 #define sadb_alg_reserved sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_reserved 412 #define sadb_x_alg_increment \ 413 sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_increment 414 #define sadb_x_alg_defincr sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_defincr 415 } sadb_alg_t; 416 417 /* 418 * If key mgmt. needs an SPI in a range (including 0 to 0xFFFFFFFF), it 419 * asks the kernel with this extension in the SADB_GETSPI message. 420 */ 421 422 typedef struct sadb_spirange { 423 uint16_t sadb_spirange_len; 424 uint16_t sadb_spirange_exttype; /* SPI_RANGE */ 425 uint32_t sadb_spirange_min; 426 /* Union is for guaranteeing 64-bit alignment. */ 427 union { 428 struct { 429 uint32_t sadb_x_spirange_umax; 430 uint32_t sadb_x_spirange_ureserved; 431 } sadb_x_spirange_actual; 432 uint64_t sadb_x_spirange_alignment; 433 } sadb_x_spirange_u; 434 #define sadb_spirange_max \ 435 sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_umax 436 #define sadb_spirange_reserved \ 437 sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_ureserved 438 } sadb_spirange_t; 439 440 /* 441 * For the "extended REGISTER" which'll tell the kernel to send me 442 * "extended ACQUIREs". 443 */ 444 445 typedef struct sadb_x_ereg { 446 /* Union is for guaranteeing 64-bit alignment. */ 447 union { 448 struct { 449 uint16_t sadb_x_ereg_ulen; 450 uint16_t sadb_x_ereg_uexttype; /* X_EREG */ 451 /* Array of SA types, 0-terminated. */ 452 uint8_t sadb_x_ereg_usatypes[4]; 453 } sadb_x_ereg_actual; 454 uint64_t sadb_x_ereg_alignment; 455 } sadb_x_ereg_u; 456 #define sadb_x_ereg_len \ 457 sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_ulen 458 #define sadb_x_ereg_exttype \ 459 sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_uexttype 460 #define sadb_x_ereg_satypes \ 461 sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_usatypes 462 } sadb_x_ereg_t; 463 464 /* 465 * For conveying a Key Management Cookie with SADB_GETSPI, SADB_ADD, 466 * SADB_ACQUIRE, or SADB_X_INVERSE_ACQUIRE. 467 */ 468 469 typedef struct sadb_x_kmc { 470 uint16_t sadb_x_kmc_len; 471 uint16_t sadb_x_kmc_exttype; /* X_KM_COOKIE */ 472 uint32_t sadb_x_kmc_proto; /* KM protocol */ 473 union { 474 struct { 475 uint32_t sadb_x_kmc_ucookie; /* KMP-specific */ 476 uint32_t sadb_x_kmc_ureserved; /* Must be zero */ 477 } sadb_x_kmc_actual; 478 uint64_t sadb_x_kmc_alignment; 479 } sadb_x_kmc_u; 480 #define sadb_x_kmc_cookie sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ucookie 481 #define sadb_x_kmc_reserved sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ureserved 482 } sadb_x_kmc_t; 483 484 485 486 /* 487 * Base message types. 488 */ 489 490 #define SADB_RESERVED 0 491 #define SADB_GETSPI 1 492 #define SADB_UPDATE 2 493 #define SADB_ADD 3 494 #define SADB_DELETE 4 495 #define SADB_GET 5 496 #define SADB_ACQUIRE 6 497 #define SADB_REGISTER 7 498 #define SADB_EXPIRE 8 499 #define SADB_FLUSH 9 500 #define SADB_DUMP 10 /* not used normally */ 501 #define SADB_X_PROMISC 11 502 #define SADB_X_INVERSE_ACQUIRE 12 503 #define SADB_MAX 12 504 505 /* 506 * SA flags 507 */ 508 509 #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */ 510 #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */ 511 512 /* Below flags are used by this implementation. Grow from left-to-right. */ 513 #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */ 514 #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */ 515 #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */ 516 #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */ 517 #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */ 518 #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */ 519 #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */ 520 #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */ 521 #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */ 522 #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */ 523 #define SADB_X_SAFLAGS_KRES1 0x200000 /* Reserved by the kernel */ 524 #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */ 525 #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */ 526 #define SADB_X_SAFLAGS_KRES2 0x40000 /* Reserved by the kernel */ 527 #define SADB_X_SAFLAGS_TUNNEL 0x20000 /* tunnel mode */ 528 529 #define SADB_X_SAFLAGS_KRES \ 530 SADB_X_SAFLAGS_KRES1 | SADB_X_SAFLAGS_KRES2 531 532 /* 533 * SA state. 534 */ 535 536 #define SADB_SASTATE_LARVAL 0 537 #define SADB_SASTATE_MATURE 1 538 #define SADB_SASTATE_DYING 2 539 #define SADB_SASTATE_DEAD 3 540 541 #define SADB_SASTATE_MAX 3 542 543 /* 544 * SA type. Gaps are present in the number space because (for the time being) 545 * these types correspond to the SA types in the IPsec DOI document. 546 */ 547 548 #define SADB_SATYPE_UNSPEC 0 549 #define SADB_SATYPE_AH 2 /* RFC-1826 */ 550 #define SADB_SATYPE_ESP 3 /* RFC-1827 */ 551 #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */ 552 #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */ 553 #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */ 554 #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */ 555 556 #define SADB_SATYPE_MAX 8 557 558 /* 559 * Algorithm types. Gaps are present because (for the time being) these types 560 * correspond to the SA types in the IPsec DOI document. 561 * 562 * NOTE: These are numbered to play nice with the IPsec DOI. That's why 563 * there are gaps. 564 */ 565 566 /* Authentication algorithms */ 567 #define SADB_AALG_NONE 0 568 #define SADB_AALG_MD5HMAC 2 569 #define SADB_AALG_SHA1HMAC 3 570 571 #define SADB_AALG_MAX 3 572 573 /* Encryption algorithms */ 574 #define SADB_EALG_NONE 0 575 #define SADB_EALG_DESCBC 2 576 #define SADB_EALG_3DESCBC 3 577 #define SADB_EALG_BLOWFISH 7 578 #define SADB_EALG_NULL 11 579 #define SADB_EALG_AES 12 580 #define SADB_EALG_MAX 12 581 582 /* 583 * Extension header values. 584 */ 585 586 #define SADB_EXT_RESERVED 0 587 588 #define SADB_EXT_SA 1 589 #define SADB_EXT_LIFETIME_CURRENT 2 590 #define SADB_EXT_LIFETIME_HARD 3 591 #define SADB_EXT_LIFETIME_SOFT 4 592 #define SADB_EXT_ADDRESS_SRC 5 593 #define SADB_EXT_ADDRESS_DST 6 594 /* These two are synonyms. */ 595 #define SADB_EXT_ADDRESS_PROXY 7 596 #define SADB_X_EXT_ADDRESS_INNER_SRC SADB_EXT_ADDRESS_PROXY 597 #define SADB_EXT_KEY_AUTH 8 598 #define SADB_EXT_KEY_ENCRYPT 9 599 #define SADB_EXT_IDENTITY_SRC 10 600 #define SADB_EXT_IDENTITY_DST 11 601 #define SADB_EXT_SENSITIVITY 12 602 #define SADB_EXT_PROPOSAL 13 603 #define SADB_EXT_SUPPORTED_AUTH 14 604 #define SADB_EXT_SUPPORTED_ENCRYPT 15 605 #define SADB_EXT_SPIRANGE 16 606 #define SADB_X_EXT_EREG 17 607 #define SADB_X_EXT_EPROP 18 608 #define SADB_X_EXT_KM_COOKIE 19 609 #define SADB_X_EXT_ADDRESS_NATT_LOC 20 610 #define SADB_X_EXT_ADDRESS_NATT_REM 21 611 #define SADB_X_EXT_ADDRESS_INNER_DST 22 612 613 #define SADB_EXT_MAX 22 614 615 /* 616 * Identity types. 617 */ 618 619 #define SADB_IDENTTYPE_RESERVED 0 620 621 /* 622 * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC 623 * if not present. 624 */ 625 #define SADB_IDENTTYPE_PREFIX 1 626 #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */ 627 #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */ 628 #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */ 629 #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */ 630 #define SADB_X_IDENTTYPE_KEY_ID 6 /* Generic KEY ID. */ 631 #define SADB_X_IDENTTYPE_ADDR_RANGE 7 632 633 #define SADB_IDENTTYPE_MAX 7 634 635 /* 636 * Protection DOI values for the SENSITIVITY extension. There are no values 637 * currently, so the MAX is the only non-zero value available. 638 */ 639 640 #define SADB_DPD_NONE 0 641 642 #define SADB_DPD_MAX 1 643 644 /* 645 * Diagnostic codes. These supplement error messages. Be sure to 646 * update libipsecutil's keysock_diag() if you change any of these. 647 */ 648 649 #define SADB_X_DIAGNOSTIC_PRESET -1 /* Internal value. */ 650 651 #define SADB_X_DIAGNOSTIC_NONE 0 652 653 #define SADB_X_DIAGNOSTIC_UNKNOWN_MSG 1 654 #define SADB_X_DIAGNOSTIC_UNKNOWN_EXT 2 655 #define SADB_X_DIAGNOSTIC_BAD_EXTLEN 3 656 #define SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE 4 657 #define SADB_X_DIAGNOSTIC_SATYPE_NEEDED 5 658 #define SADB_X_DIAGNOSTIC_NO_SADBS 6 659 #define SADB_X_DIAGNOSTIC_NO_EXT 7 660 /* Bad address family value */ 661 #define SADB_X_DIAGNOSTIC_BAD_SRC_AF 8 662 /* in sockaddr->sa_family. */ 663 #define SADB_X_DIAGNOSTIC_BAD_DST_AF 9 664 /* These two are synonyms. */ 665 #define SADB_X_DIAGNOSTIC_BAD_PROXY_AF 10 666 #define SADB_X_DIAGNOSTIC_BAD_INNER_SRC_AF 10 667 668 #define SADB_X_DIAGNOSTIC_AF_MISMATCH 11 669 670 #define SADB_X_DIAGNOSTIC_BAD_SRC 12 671 #define SADB_X_DIAGNOSTIC_BAD_DST 13 672 673 #define SADB_X_DIAGNOSTIC_ALLOC_HSERR 14 674 #define SADB_X_DIAGNOSTIC_BYTES_HSERR 15 675 #define SADB_X_DIAGNOSTIC_ADDTIME_HSERR 16 676 #define SADB_X_DIAGNOSTIC_USETIME_HSERR 17 677 678 #define SADB_X_DIAGNOSTIC_MISSING_SRC 18 679 #define SADB_X_DIAGNOSTIC_MISSING_DST 19 680 #define SADB_X_DIAGNOSTIC_MISSING_SA 20 681 #define SADB_X_DIAGNOSTIC_MISSING_EKEY 21 682 #define SADB_X_DIAGNOSTIC_MISSING_AKEY 22 683 #define SADB_X_DIAGNOSTIC_MISSING_RANGE 23 684 685 #define SADB_X_DIAGNOSTIC_DUPLICATE_SRC 24 686 #define SADB_X_DIAGNOSTIC_DUPLICATE_DST 25 687 #define SADB_X_DIAGNOSTIC_DUPLICATE_SA 26 688 #define SADB_X_DIAGNOSTIC_DUPLICATE_EKEY 27 689 #define SADB_X_DIAGNOSTIC_DUPLICATE_AKEY 28 690 #define SADB_X_DIAGNOSTIC_DUPLICATE_RANGE 29 691 692 #define SADB_X_DIAGNOSTIC_MALFORMED_SRC 30 693 #define SADB_X_DIAGNOSTIC_MALFORMED_DST 31 694 #define SADB_X_DIAGNOSTIC_MALFORMED_SA 32 695 #define SADB_X_DIAGNOSTIC_MALFORMED_EKEY 33 696 #define SADB_X_DIAGNOSTIC_MALFORMED_AKEY 34 697 #define SADB_X_DIAGNOSTIC_MALFORMED_RANGE 35 698 699 #define SADB_X_DIAGNOSTIC_AKEY_PRESENT 36 700 #define SADB_X_DIAGNOSTIC_EKEY_PRESENT 37 701 #define SADB_X_DIAGNOSTIC_PROP_PRESENT 38 702 #define SADB_X_DIAGNOSTIC_SUPP_PRESENT 39 703 704 #define SADB_X_DIAGNOSTIC_BAD_AALG 40 705 #define SADB_X_DIAGNOSTIC_BAD_EALG 41 706 #define SADB_X_DIAGNOSTIC_BAD_SAFLAGS 42 707 #define SADB_X_DIAGNOSTIC_BAD_SASTATE 43 708 709 #define SADB_X_DIAGNOSTIC_BAD_AKEYBITS 44 710 #define SADB_X_DIAGNOSTIC_BAD_EKEYBITS 45 711 712 #define SADB_X_DIAGNOSTIC_ENCR_NOTSUPP 46 713 714 #define SADB_X_DIAGNOSTIC_WEAK_EKEY 47 715 #define SADB_X_DIAGNOSTIC_WEAK_AKEY 48 716 717 #define SADB_X_DIAGNOSTIC_DUPLICATE_KMP 49 718 #define SADB_X_DIAGNOSTIC_DUPLICATE_KMC 50 719 720 #define SADB_X_DIAGNOSTIC_MISSING_NATT_LOC 51 721 #define SADB_X_DIAGNOSTIC_MISSING_NATT_REM 52 722 #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_LOC 53 723 #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_REM 54 724 #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC 55 725 #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM 56 726 #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_PORTS 57 727 728 #define SADB_X_DIAGNOSTIC_MISSING_INNER_SRC 58 729 #define SADB_X_DIAGNOSTIC_MISSING_INNER_DST 59 730 #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC 60 731 #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST 61 732 #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC 62 733 #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST 63 734 735 #define SADB_X_DIAGNOSTIC_PREFIX_INNER_SRC 64 736 #define SADB_X_DIAGNOSTIC_PREFIX_INNER_DST 65 737 #define SADB_X_DIAGNOSTIC_BAD_INNER_DST_AF 66 738 #define SADB_X_DIAGNOSTIC_INNER_AF_MISMATCH 67 739 740 #define SADB_X_DIAGNOSTIC_BAD_NATT_REM_AF 68 741 #define SADB_X_DIAGNOSTIC_BAD_NATT_LOC_AF 69 742 743 #define SADB_X_DIAGNOSTIC_PROTO_MISMATCH 70 744 #define SADB_X_DIAGNOSTIC_INNER_PROTO_MISMATCH 71 745 746 #define SADB_X_DIAGNOSTIC_DUAL_PORT_SETS 72 747 748 #define SADB_X_DIAGNOSTIC_MAX 72 749 750 /* Algorithm type for sadb_x_algdesc above... */ 751 752 #define SADB_X_ALGTYPE_NONE 0 753 #define SADB_X_ALGTYPE_AUTH 1 754 #define SADB_X_ALGTYPE_CRYPT 2 755 #define SADB_X_ALGTYPE_COMPRESS 3 756 757 #define SADB_X_ALGTYPE_MAX 3 758 759 /* Key management protocol for sadb_x_kmc above... */ 760 761 #define SADB_X_KMP_MANUAL 0 762 #define SADB_X_KMP_IKE 1 763 #define SADB_X_KMP_KINK 2 764 765 #define SADB_X_KMP_MAX 2 766 767 /* 768 * Handy conversion macros. Not part of the PF_KEY spec... 769 */ 770 771 #define SADB_64TO8(x) ((x) << 3) 772 #define SADB_8TO64(x) ((x) >> 3) 773 #define SADB_8TO1(x) ((x) << 3) 774 #define SADB_1TO8(x) ((x) >> 3) 775 776 #ifdef __cplusplus 777 } 778 #endif 779 780 #endif /* _NET_PFKEYV2_H */ 781