1979ed0d5SHajimu UMEMOTO /* $KAME: pfkeyv2.h,v 1.37 2003/09/06 05:15:43 itojun Exp $ */ 2686cdd19SJun-ichiro itojun Hagino 3c398230bSWarner Losh /*- 451369649SPedro F. Giffuni * SPDX-License-Identifier: BSD-3-Clause 551369649SPedro F. Giffuni * 682cd038dSYoshinobu Inoue * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 782cd038dSYoshinobu Inoue * All rights reserved. 882cd038dSYoshinobu Inoue * 982cd038dSYoshinobu Inoue * Redistribution and use in source and binary forms, with or without 1082cd038dSYoshinobu Inoue * modification, are permitted provided that the following conditions 1182cd038dSYoshinobu Inoue * are met: 1282cd038dSYoshinobu Inoue * 1. Redistributions of source code must retain the above copyright 1382cd038dSYoshinobu Inoue * notice, this list of conditions and the following disclaimer. 1482cd038dSYoshinobu Inoue * 2. Redistributions in binary form must reproduce the above copyright 1582cd038dSYoshinobu Inoue * notice, this list of conditions and the following disclaimer in the 1682cd038dSYoshinobu Inoue * documentation and/or other materials provided with the distribution. 1782cd038dSYoshinobu Inoue * 3. Neither the name of the project nor the names of its contributors 1882cd038dSYoshinobu Inoue * may be used to endorse or promote products derived from this software 1982cd038dSYoshinobu Inoue * without specific prior written permission. 2082cd038dSYoshinobu Inoue * 2182cd038dSYoshinobu Inoue * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2282cd038dSYoshinobu Inoue * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2382cd038dSYoshinobu Inoue * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2482cd038dSYoshinobu Inoue * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2582cd038dSYoshinobu Inoue * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2682cd038dSYoshinobu Inoue * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2782cd038dSYoshinobu Inoue * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2882cd038dSYoshinobu Inoue * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2982cd038dSYoshinobu Inoue * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3082cd038dSYoshinobu Inoue * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3182cd038dSYoshinobu Inoue * SUCH DAMAGE. 3282cd038dSYoshinobu Inoue */ 3382cd038dSYoshinobu Inoue 3482cd038dSYoshinobu Inoue /* 3582cd038dSYoshinobu Inoue * This file has been derived rfc 2367, 3682cd038dSYoshinobu Inoue * And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_. 3782cd038dSYoshinobu Inoue * sakane@ydc.co.jp 3882cd038dSYoshinobu Inoue */ 3982cd038dSYoshinobu Inoue 4082cd038dSYoshinobu Inoue #ifndef _NET_PFKEYV2_H_ 4182cd038dSYoshinobu Inoue #define _NET_PFKEYV2_H_ 4282cd038dSYoshinobu Inoue 4382cd038dSYoshinobu Inoue /* 4482cd038dSYoshinobu Inoue This file defines structures and symbols for the PF_KEY Version 2 4582cd038dSYoshinobu Inoue key management interface. It was written at the U.S. Naval Research 4682cd038dSYoshinobu Inoue Laboratory. This file is in the public domain. The authors ask that 4782cd038dSYoshinobu Inoue you leave this credit intact on any copies of this file. 4882cd038dSYoshinobu Inoue */ 4982cd038dSYoshinobu Inoue #ifndef __PFKEY_V2_H 5082cd038dSYoshinobu Inoue #define __PFKEY_V2_H 1 5182cd038dSYoshinobu Inoue 5282cd038dSYoshinobu Inoue #define PF_KEY_V2 2 5382cd038dSYoshinobu Inoue #define PFKEYV2_REVISION 199806L 5482cd038dSYoshinobu Inoue 5582cd038dSYoshinobu Inoue #define SADB_RESERVED 0 5682cd038dSYoshinobu Inoue #define SADB_GETSPI 1 5782cd038dSYoshinobu Inoue #define SADB_UPDATE 2 5882cd038dSYoshinobu Inoue #define SADB_ADD 3 5982cd038dSYoshinobu Inoue #define SADB_DELETE 4 6082cd038dSYoshinobu Inoue #define SADB_GET 5 6182cd038dSYoshinobu Inoue #define SADB_ACQUIRE 6 6282cd038dSYoshinobu Inoue #define SADB_REGISTER 7 6382cd038dSYoshinobu Inoue #define SADB_EXPIRE 8 6482cd038dSYoshinobu Inoue #define SADB_FLUSH 9 6582cd038dSYoshinobu Inoue #define SADB_DUMP 10 6682cd038dSYoshinobu Inoue #define SADB_X_PROMISC 11 6782cd038dSYoshinobu Inoue #define SADB_X_PCHANGE 12 6882cd038dSYoshinobu Inoue 69686cdd19SJun-ichiro itojun Hagino #define SADB_X_SPDUPDATE 13 7082cd038dSYoshinobu Inoue #define SADB_X_SPDADD 14 71686cdd19SJun-ichiro itojun Hagino #define SADB_X_SPDDELETE 15 /* by policy index */ 72686cdd19SJun-ichiro itojun Hagino #define SADB_X_SPDGET 16 73686cdd19SJun-ichiro itojun Hagino #define SADB_X_SPDACQUIRE 17 7482cd038dSYoshinobu Inoue #define SADB_X_SPDDUMP 18 7582cd038dSYoshinobu Inoue #define SADB_X_SPDFLUSH 19 76686cdd19SJun-ichiro itojun Hagino #define SADB_X_SPDSETIDX 20 7733841545SHajimu UMEMOTO #define SADB_X_SPDEXPIRE 21 78686cdd19SJun-ichiro itojun Hagino #define SADB_X_SPDDELETE2 22 /* by policy id */ 79686cdd19SJun-ichiro itojun Hagino #define SADB_MAX 22 8082cd038dSYoshinobu Inoue 8182cd038dSYoshinobu Inoue struct sadb_msg { 8282cd038dSYoshinobu Inoue u_int8_t sadb_msg_version; 8382cd038dSYoshinobu Inoue u_int8_t sadb_msg_type; 8482cd038dSYoshinobu Inoue u_int8_t sadb_msg_errno; 8582cd038dSYoshinobu Inoue u_int8_t sadb_msg_satype; 8682cd038dSYoshinobu Inoue u_int16_t sadb_msg_len; 87686cdd19SJun-ichiro itojun Hagino u_int16_t sadb_msg_reserved; 8882cd038dSYoshinobu Inoue u_int32_t sadb_msg_seq; 8982cd038dSYoshinobu Inoue u_int32_t sadb_msg_pid; 9082cd038dSYoshinobu Inoue }; 9182cd038dSYoshinobu Inoue 9282cd038dSYoshinobu Inoue struct sadb_ext { 9382cd038dSYoshinobu Inoue u_int16_t sadb_ext_len; 9482cd038dSYoshinobu Inoue u_int16_t sadb_ext_type; 9582cd038dSYoshinobu Inoue }; 9682cd038dSYoshinobu Inoue 9782cd038dSYoshinobu Inoue struct sadb_sa { 9882cd038dSYoshinobu Inoue u_int16_t sadb_sa_len; 9982cd038dSYoshinobu Inoue u_int16_t sadb_sa_exttype; 10082cd038dSYoshinobu Inoue u_int32_t sadb_sa_spi; 10182cd038dSYoshinobu Inoue u_int8_t sadb_sa_replay; 10282cd038dSYoshinobu Inoue u_int8_t sadb_sa_state; 10382cd038dSYoshinobu Inoue u_int8_t sadb_sa_auth; 10482cd038dSYoshinobu Inoue u_int8_t sadb_sa_encrypt; 10582cd038dSYoshinobu Inoue u_int32_t sadb_sa_flags; 10682cd038dSYoshinobu Inoue }; 10782cd038dSYoshinobu Inoue 10882cd038dSYoshinobu Inoue struct sadb_lifetime { 10982cd038dSYoshinobu Inoue u_int16_t sadb_lifetime_len; 11082cd038dSYoshinobu Inoue u_int16_t sadb_lifetime_exttype; 11182cd038dSYoshinobu Inoue u_int32_t sadb_lifetime_allocations; 11282cd038dSYoshinobu Inoue u_int64_t sadb_lifetime_bytes; 11382cd038dSYoshinobu Inoue u_int64_t sadb_lifetime_addtime; 11482cd038dSYoshinobu Inoue u_int64_t sadb_lifetime_usetime; 11582cd038dSYoshinobu Inoue }; 11682cd038dSYoshinobu Inoue 11782cd038dSYoshinobu Inoue struct sadb_address { 11882cd038dSYoshinobu Inoue u_int16_t sadb_address_len; 11982cd038dSYoshinobu Inoue u_int16_t sadb_address_exttype; 12082cd038dSYoshinobu Inoue u_int8_t sadb_address_proto; 12182cd038dSYoshinobu Inoue u_int8_t sadb_address_prefixlen; 12282cd038dSYoshinobu Inoue u_int16_t sadb_address_reserved; 12382cd038dSYoshinobu Inoue }; 12482cd038dSYoshinobu Inoue 12582cd038dSYoshinobu Inoue struct sadb_key { 12682cd038dSYoshinobu Inoue u_int16_t sadb_key_len; 12782cd038dSYoshinobu Inoue u_int16_t sadb_key_exttype; 12882cd038dSYoshinobu Inoue u_int16_t sadb_key_bits; 12982cd038dSYoshinobu Inoue u_int16_t sadb_key_reserved; 13082cd038dSYoshinobu Inoue }; 13182cd038dSYoshinobu Inoue 13282cd038dSYoshinobu Inoue struct sadb_ident { 13382cd038dSYoshinobu Inoue u_int16_t sadb_ident_len; 13482cd038dSYoshinobu Inoue u_int16_t sadb_ident_exttype; 13582cd038dSYoshinobu Inoue u_int16_t sadb_ident_type; 13682cd038dSYoshinobu Inoue u_int16_t sadb_ident_reserved; 13782cd038dSYoshinobu Inoue u_int64_t sadb_ident_id; 13882cd038dSYoshinobu Inoue }; 13982cd038dSYoshinobu Inoue 14082cd038dSYoshinobu Inoue struct sadb_sens { 14182cd038dSYoshinobu Inoue u_int16_t sadb_sens_len; 14282cd038dSYoshinobu Inoue u_int16_t sadb_sens_exttype; 14382cd038dSYoshinobu Inoue u_int32_t sadb_sens_dpd; 14482cd038dSYoshinobu Inoue u_int8_t sadb_sens_sens_level; 14582cd038dSYoshinobu Inoue u_int8_t sadb_sens_sens_len; 14682cd038dSYoshinobu Inoue u_int8_t sadb_sens_integ_level; 14782cd038dSYoshinobu Inoue u_int8_t sadb_sens_integ_len; 14882cd038dSYoshinobu Inoue u_int32_t sadb_sens_reserved; 14982cd038dSYoshinobu Inoue }; 15082cd038dSYoshinobu Inoue 15182cd038dSYoshinobu Inoue struct sadb_prop { 15282cd038dSYoshinobu Inoue u_int16_t sadb_prop_len; 15382cd038dSYoshinobu Inoue u_int16_t sadb_prop_exttype; 15482cd038dSYoshinobu Inoue u_int8_t sadb_prop_replay; 15582cd038dSYoshinobu Inoue u_int8_t sadb_prop_reserved[3]; 15682cd038dSYoshinobu Inoue }; 15782cd038dSYoshinobu Inoue 15882cd038dSYoshinobu Inoue struct sadb_comb { 15982cd038dSYoshinobu Inoue u_int8_t sadb_comb_auth; 16082cd038dSYoshinobu Inoue u_int8_t sadb_comb_encrypt; 16182cd038dSYoshinobu Inoue u_int16_t sadb_comb_flags; 16282cd038dSYoshinobu Inoue u_int16_t sadb_comb_auth_minbits; 16382cd038dSYoshinobu Inoue u_int16_t sadb_comb_auth_maxbits; 16482cd038dSYoshinobu Inoue u_int16_t sadb_comb_encrypt_minbits; 16582cd038dSYoshinobu Inoue u_int16_t sadb_comb_encrypt_maxbits; 16682cd038dSYoshinobu Inoue u_int32_t sadb_comb_reserved; 16782cd038dSYoshinobu Inoue u_int32_t sadb_comb_soft_allocations; 16882cd038dSYoshinobu Inoue u_int32_t sadb_comb_hard_allocations; 16982cd038dSYoshinobu Inoue u_int64_t sadb_comb_soft_bytes; 17082cd038dSYoshinobu Inoue u_int64_t sadb_comb_hard_bytes; 17182cd038dSYoshinobu Inoue u_int64_t sadb_comb_soft_addtime; 17282cd038dSYoshinobu Inoue u_int64_t sadb_comb_hard_addtime; 17382cd038dSYoshinobu Inoue u_int64_t sadb_comb_soft_usetime; 17482cd038dSYoshinobu Inoue u_int64_t sadb_comb_hard_usetime; 17582cd038dSYoshinobu Inoue }; 17682cd038dSYoshinobu Inoue 17782cd038dSYoshinobu Inoue struct sadb_supported { 17882cd038dSYoshinobu Inoue u_int16_t sadb_supported_len; 17982cd038dSYoshinobu Inoue u_int16_t sadb_supported_exttype; 18082cd038dSYoshinobu Inoue u_int32_t sadb_supported_reserved; 18182cd038dSYoshinobu Inoue }; 18282cd038dSYoshinobu Inoue 18382cd038dSYoshinobu Inoue struct sadb_alg { 18482cd038dSYoshinobu Inoue u_int8_t sadb_alg_id; 18582cd038dSYoshinobu Inoue u_int8_t sadb_alg_ivlen; 18682cd038dSYoshinobu Inoue u_int16_t sadb_alg_minbits; 18782cd038dSYoshinobu Inoue u_int16_t sadb_alg_maxbits; 18882cd038dSYoshinobu Inoue u_int16_t sadb_alg_reserved; 18982cd038dSYoshinobu Inoue }; 19082cd038dSYoshinobu Inoue 19182cd038dSYoshinobu Inoue struct sadb_spirange { 19282cd038dSYoshinobu Inoue u_int16_t sadb_spirange_len; 19382cd038dSYoshinobu Inoue u_int16_t sadb_spirange_exttype; 19482cd038dSYoshinobu Inoue u_int32_t sadb_spirange_min; 19582cd038dSYoshinobu Inoue u_int32_t sadb_spirange_max; 19682cd038dSYoshinobu Inoue u_int32_t sadb_spirange_reserved; 19782cd038dSYoshinobu Inoue }; 19882cd038dSYoshinobu Inoue 19982cd038dSYoshinobu Inoue struct sadb_x_kmprivate { 20082cd038dSYoshinobu Inoue u_int16_t sadb_x_kmprivate_len; 20182cd038dSYoshinobu Inoue u_int16_t sadb_x_kmprivate_exttype; 20282cd038dSYoshinobu Inoue u_int32_t sadb_x_kmprivate_reserved; 20382cd038dSYoshinobu Inoue }; 20482cd038dSYoshinobu Inoue 205686cdd19SJun-ichiro itojun Hagino /* 206686cdd19SJun-ichiro itojun Hagino * XXX Additional SA Extension. 207686cdd19SJun-ichiro itojun Hagino * mode: tunnel or transport 208686cdd19SJun-ichiro itojun Hagino * reqid: to make SA unique nevertheless the address pair of SA are same. 209686cdd19SJun-ichiro itojun Hagino * Mainly it's for VPN. 210686cdd19SJun-ichiro itojun Hagino */ 211686cdd19SJun-ichiro itojun Hagino struct sadb_x_sa2 { 212686cdd19SJun-ichiro itojun Hagino u_int16_t sadb_x_sa2_len; 213686cdd19SJun-ichiro itojun Hagino u_int16_t sadb_x_sa2_exttype; 214686cdd19SJun-ichiro itojun Hagino u_int8_t sadb_x_sa2_mode; 215686cdd19SJun-ichiro itojun Hagino u_int8_t sadb_x_sa2_reserved1; 216686cdd19SJun-ichiro itojun Hagino u_int16_t sadb_x_sa2_reserved2; 217979ed0d5SHajimu UMEMOTO u_int32_t sadb_x_sa2_sequence; /* lowermost 32bit of sequence number */ 218686cdd19SJun-ichiro itojun Hagino u_int32_t sadb_x_sa2_reqid; 219686cdd19SJun-ichiro itojun Hagino }; 220686cdd19SJun-ichiro itojun Hagino 22182cd038dSYoshinobu Inoue /* XXX Policy Extension */ 22282cd038dSYoshinobu Inoue struct sadb_x_policy { 22382cd038dSYoshinobu Inoue u_int16_t sadb_x_policy_len; 22482cd038dSYoshinobu Inoue u_int16_t sadb_x_policy_exttype; 225686cdd19SJun-ichiro itojun Hagino u_int16_t sadb_x_policy_type; /* See policy type of ipsec.h */ 22682cd038dSYoshinobu Inoue u_int8_t sadb_x_policy_dir; /* direction, see ipsec.h */ 22722986c67SAndrey V. Elsukov u_int8_t sadb_x_policy_scope; /* scope, see ipsec.h */ 228686cdd19SJun-ichiro itojun Hagino u_int32_t sadb_x_policy_id; 229d6d3f248SFabien Thomas u_int32_t sadb_x_policy_priority; 23022986c67SAndrey V. Elsukov #define sadb_x_policy_reserved sadb_x_policy_scope 23122986c67SAndrey V. Elsukov /* Policy with ifnet scope uses priority field to store ifindex */ 23222986c67SAndrey V. Elsukov #define sadb_x_policy_ifindex sadb_x_policy_priority 23382cd038dSYoshinobu Inoue }; 23470e47040SJohn-Mark Gurney _Static_assert(sizeof(struct sadb_x_policy) == 16, "struct size mismatch"); 235817c7ed9SJohn-Mark Gurney 23682cd038dSYoshinobu Inoue /* 23782cd038dSYoshinobu Inoue * When policy_type == IPSEC, it is followed by some of 23882cd038dSYoshinobu Inoue * the ipsec policy request. 23982cd038dSYoshinobu Inoue * [total length of ipsec policy requests] 24082cd038dSYoshinobu Inoue * = (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy)) 24182cd038dSYoshinobu Inoue */ 24282cd038dSYoshinobu Inoue 24382cd038dSYoshinobu Inoue /* XXX IPsec Policy Request Extension */ 24482cd038dSYoshinobu Inoue /* 24582cd038dSYoshinobu Inoue * This structure is aligned 8 bytes. 24682cd038dSYoshinobu Inoue */ 24782cd038dSYoshinobu Inoue struct sadb_x_ipsecrequest { 248979ed0d5SHajimu UMEMOTO u_int16_t sadb_x_ipsecrequest_len; /* structure length in 64 bits. */ 24982cd038dSYoshinobu Inoue u_int16_t sadb_x_ipsecrequest_proto; /* See ipsec.h */ 250686cdd19SJun-ichiro itojun Hagino u_int8_t sadb_x_ipsecrequest_mode; /* See IPSEC_MODE_XX in ipsec.h. */ 251686cdd19SJun-ichiro itojun Hagino u_int8_t sadb_x_ipsecrequest_level; /* See IPSEC_LEVEL_XX in ipsec.h */ 252686cdd19SJun-ichiro itojun Hagino u_int16_t sadb_x_ipsecrequest_reqid; /* See ipsec.h */ 25382cd038dSYoshinobu Inoue 25482cd038dSYoshinobu Inoue /* 25582cd038dSYoshinobu Inoue * followed by source IP address of SA, and immediately followed by 25682cd038dSYoshinobu Inoue * destination IP address of SA. These encoded into two of sockaddr 25782cd038dSYoshinobu Inoue * structure without any padding. Must set each sa_len exactly. 25882cd038dSYoshinobu Inoue * Each of length of the sockaddr structure are not aligned to 64bits, 25982cd038dSYoshinobu Inoue * but sum of x_request and addresses is aligned to 64bits. 26082cd038dSYoshinobu Inoue */ 26182cd038dSYoshinobu Inoue }; 26282cd038dSYoshinobu Inoue 2637b495c44SVANHULLEBUS Yvan /* NAT-Traversal type, see RFC 3948 (and drafts). */ 2647b495c44SVANHULLEBUS Yvan struct sadb_x_nat_t_type { 2657b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_type_len; 2667b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_type_exttype; 2677b495c44SVANHULLEBUS Yvan u_int8_t sadb_x_nat_t_type_type; 2687b495c44SVANHULLEBUS Yvan u_int8_t sadb_x_nat_t_type_reserved[3]; 2697b495c44SVANHULLEBUS Yvan }; 27070e47040SJohn-Mark Gurney _Static_assert(sizeof(struct sadb_x_nat_t_type) == 8, "struct size mismatch"); 2717b495c44SVANHULLEBUS Yvan 2727b495c44SVANHULLEBUS Yvan /* NAT-Traversal source or destination port. */ 2737b495c44SVANHULLEBUS Yvan struct sadb_x_nat_t_port { 2747b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_port_len; 2757b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_port_exttype; 2767b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_port_port; 2777b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_port_reserved; 2787b495c44SVANHULLEBUS Yvan }; 27970e47040SJohn-Mark Gurney _Static_assert(sizeof(struct sadb_x_nat_t_port) == 8, "struct size mismatch"); 2807b495c44SVANHULLEBUS Yvan 2817b495c44SVANHULLEBUS Yvan /* ESP fragmentation size. */ 2827b495c44SVANHULLEBUS Yvan struct sadb_x_nat_t_frag { 2837b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_frag_len; 2847b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_frag_exttype; 2857b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_frag_fraglen; 2867b495c44SVANHULLEBUS Yvan u_int16_t sadb_x_nat_t_frag_reserved; 2877b495c44SVANHULLEBUS Yvan }; 28870e47040SJohn-Mark Gurney _Static_assert(sizeof(struct sadb_x_nat_t_frag) == 8, "struct size mismatch"); 2897b495c44SVANHULLEBUS Yvan 290bf435626SFabien Thomas /* Additional large replay window support 291bf435626SFabien Thomas */ 292bf435626SFabien Thomas struct sadb_x_sa_replay { 293bf435626SFabien Thomas u_int16_t sadb_x_sa_replay_len; 294bf435626SFabien Thomas u_int16_t sadb_x_sa_replay_exttype; 295bf435626SFabien Thomas u_int32_t sadb_x_sa_replay_replay; /* in packets */ 296bf435626SFabien Thomas }; 297bf435626SFabien Thomas _Static_assert(sizeof(struct sadb_x_sa_replay) == 8, "struct size mismatch"); 2987b495c44SVANHULLEBUS Yvan 299*b256ff93SKonstantin Belousov struct sadb_x_if_hw_offl { 300*b256ff93SKonstantin Belousov u_int16_t sadb_x_if_hw_offl_len; 301*b256ff93SKonstantin Belousov u_int16_t sadb_x_if_hw_offl_exttype; 302*b256ff93SKonstantin Belousov u_int32_t sadb_x_if_hw_offl_flags; 303*b256ff93SKonstantin Belousov u_int8_t sadb_x_if_hw_offl_if[32]; /* IF_NAMESIZE is 16, keep room */ 304*b256ff93SKonstantin Belousov }; 305*b256ff93SKonstantin Belousov 30682cd038dSYoshinobu Inoue #define SADB_EXT_RESERVED 0 30782cd038dSYoshinobu Inoue #define SADB_EXT_SA 1 30882cd038dSYoshinobu Inoue #define SADB_EXT_LIFETIME_CURRENT 2 30982cd038dSYoshinobu Inoue #define SADB_EXT_LIFETIME_HARD 3 31082cd038dSYoshinobu Inoue #define SADB_EXT_LIFETIME_SOFT 4 31182cd038dSYoshinobu Inoue #define SADB_EXT_ADDRESS_SRC 5 31282cd038dSYoshinobu Inoue #define SADB_EXT_ADDRESS_DST 6 31382cd038dSYoshinobu Inoue #define SADB_EXT_ADDRESS_PROXY 7 31482cd038dSYoshinobu Inoue #define SADB_EXT_KEY_AUTH 8 31582cd038dSYoshinobu Inoue #define SADB_EXT_KEY_ENCRYPT 9 31682cd038dSYoshinobu Inoue #define SADB_EXT_IDENTITY_SRC 10 31782cd038dSYoshinobu Inoue #define SADB_EXT_IDENTITY_DST 11 31882cd038dSYoshinobu Inoue #define SADB_EXT_SENSITIVITY 12 31982cd038dSYoshinobu Inoue #define SADB_EXT_PROPOSAL 13 32082cd038dSYoshinobu Inoue #define SADB_EXT_SUPPORTED_AUTH 14 32182cd038dSYoshinobu Inoue #define SADB_EXT_SUPPORTED_ENCRYPT 15 32282cd038dSYoshinobu Inoue #define SADB_EXT_SPIRANGE 16 32382cd038dSYoshinobu Inoue #define SADB_X_EXT_KMPRIVATE 17 32482cd038dSYoshinobu Inoue #define SADB_X_EXT_POLICY 18 325686cdd19SJun-ichiro itojun Hagino #define SADB_X_EXT_SA2 19 3267b495c44SVANHULLEBUS Yvan #define SADB_X_EXT_NAT_T_TYPE 20 3277b495c44SVANHULLEBUS Yvan #define SADB_X_EXT_NAT_T_SPORT 21 3287b495c44SVANHULLEBUS Yvan #define SADB_X_EXT_NAT_T_DPORT 22 3297b495c44SVANHULLEBUS Yvan #define SADB_X_EXT_NAT_T_OA 23 /* Deprecated. */ 3307b495c44SVANHULLEBUS Yvan #define SADB_X_EXT_NAT_T_OAI 23 /* Peer's NAT_OA for src of SA. */ 3317b495c44SVANHULLEBUS Yvan #define SADB_X_EXT_NAT_T_OAR 24 /* Peer's NAT_OA for dst of SA. */ 3327b495c44SVANHULLEBUS Yvan #define SADB_X_EXT_NAT_T_FRAG 25 /* Manual MTU override. */ 333bf435626SFabien Thomas #define SADB_X_EXT_SA_REPLAY 26 /* Replay window override. */ 334fcf59617SAndrey V. Elsukov #define SADB_X_EXT_NEW_ADDRESS_SRC 27 335fcf59617SAndrey V. Elsukov #define SADB_X_EXT_NEW_ADDRESS_DST 28 336*b256ff93SKonstantin Belousov #define SADB_X_EXT_LFT_CUR_SW_OFFL 29 337*b256ff93SKonstantin Belousov #define SADB_X_EXT_LFT_CUR_HW_OFFL 30 338*b256ff93SKonstantin Belousov #define SADB_X_EXT_IF_HW_OFFL 31 339*b256ff93SKonstantin Belousov #define SADB_EXT_MAX 31 34082cd038dSYoshinobu Inoue 34182cd038dSYoshinobu Inoue #define SADB_SATYPE_UNSPEC 0 34282cd038dSYoshinobu Inoue #define SADB_SATYPE_AH 2 34382cd038dSYoshinobu Inoue #define SADB_SATYPE_ESP 3 34482cd038dSYoshinobu Inoue #define SADB_SATYPE_RSVP 5 34582cd038dSYoshinobu Inoue #define SADB_SATYPE_OSPFV2 6 34682cd038dSYoshinobu Inoue #define SADB_SATYPE_RIPV2 7 34782cd038dSYoshinobu Inoue #define SADB_SATYPE_MIP 8 34882cd038dSYoshinobu Inoue #define SADB_X_SATYPE_IPCOMP 9 3493a3b49aaSHajimu UMEMOTO /*#define SADB_X_SATYPE_POLICY 10 obsolete, do not reuse */ 3501cfd4b53SBruce M Simpson #define SADB_X_SATYPE_TCPSIGNATURE 11 3511cfd4b53SBruce M Simpson #define SADB_SATYPE_MAX 12 35282cd038dSYoshinobu Inoue 35382cd038dSYoshinobu Inoue #define SADB_SASTATE_LARVAL 0 35482cd038dSYoshinobu Inoue #define SADB_SASTATE_MATURE 1 35582cd038dSYoshinobu Inoue #define SADB_SASTATE_DYING 2 35682cd038dSYoshinobu Inoue #define SADB_SASTATE_DEAD 3 35782cd038dSYoshinobu Inoue #define SADB_SASTATE_MAX 3 358686cdd19SJun-ichiro itojun Hagino 35982cd038dSYoshinobu Inoue #define SADB_SAFLAGS_PFS 1 3601148702eSMarcin Wojtas /* SADB_X_SAFLAGS_ESN was defined in sys/net/pfkeyv2.h in OpenBSD sources */ 3611148702eSMarcin Wojtas #define SADB_X_SAFLAGS_ESN 0x400 36282cd038dSYoshinobu Inoue 363817c7ed9SJohn-Mark Gurney /* 364817c7ed9SJohn-Mark Gurney * Though some of these numbers (both _AALG and _EALG) appear to be 365817c7ed9SJohn-Mark Gurney * IKEv2 numbers and others original IKE numbers, they have no meaning. 366817c7ed9SJohn-Mark Gurney * These are constants that the various IKE daemons use to tell the kernel 367817c7ed9SJohn-Mark Gurney * what cipher to use. 368817c7ed9SJohn-Mark Gurney * 369817c7ed9SJohn-Mark Gurney * Do not use these constants directly to decide which Transformation ID 370817c7ed9SJohn-Mark Gurney * to send. You are responsible for mapping them yourself. 371817c7ed9SJohn-Mark Gurney */ 37282cd038dSYoshinobu Inoue #define SADB_AALG_NONE 0 3733a3b49aaSHajimu UMEMOTO #define SADB_AALG_MD5HMAC 2 3743a3b49aaSHajimu UMEMOTO #define SADB_AALG_SHA1HMAC 3 3751cfd4b53SBruce M Simpson #define SADB_AALG_MAX 252 3763a3b49aaSHajimu UMEMOTO #define SADB_X_AALG_SHA2_256 5 3773a3b49aaSHajimu UMEMOTO #define SADB_X_AALG_SHA2_384 6 3783a3b49aaSHajimu UMEMOTO #define SADB_X_AALG_SHA2_512 7 379c65ee7c7SHajimu UMEMOTO #define SADB_X_AALG_RIPEMD160HMAC 8 380817c7ed9SJohn-Mark Gurney #define SADB_X_AALG_AES_XCBC_MAC 9 /* RFC3566 */ 381987de844SGeorge V. Neville-Neil #define SADB_X_AALG_AES128GMAC 11 /* RFC4543 + Errata1821 */ 382987de844SGeorge V. Neville-Neil #define SADB_X_AALG_AES192GMAC 12 383987de844SGeorge V. Neville-Neil #define SADB_X_AALG_AES256GMAC 13 3849f8f3a8eSKristof Provost #define SADB_X_AALG_CHACHA20POLY1305 14 3853a3b49aaSHajimu UMEMOTO #define SADB_X_AALG_MD5 249 /* Keyed MD5 */ 3863a3b49aaSHajimu UMEMOTO #define SADB_X_AALG_SHA 250 /* Keyed SHA */ 3873a3b49aaSHajimu UMEMOTO #define SADB_X_AALG_NULL 251 /* null authentication */ 3881cfd4b53SBruce M Simpson #define SADB_X_AALG_TCP_MD5 252 /* Keyed TCP-MD5 (RFC2385) */ 38982cd038dSYoshinobu Inoue 39082cd038dSYoshinobu Inoue #define SADB_EALG_NONE 0 3913a3b49aaSHajimu UMEMOTO #define SADB_EALG_DESCBC 2 3923a3b49aaSHajimu UMEMOTO #define SADB_EALG_3DESCBC 3 3933a3b49aaSHajimu UMEMOTO #define SADB_X_EALG_CAST128CBC 6 3943a3b49aaSHajimu UMEMOTO #define SADB_X_EALG_BLOWFISHCBC 7 395817c7ed9SJohn-Mark Gurney #define SADB_EALG_NULL 11 39633841545SHajimu UMEMOTO #define SADB_X_EALG_RIJNDAELCBC 12 39733841545SHajimu UMEMOTO #define SADB_X_EALG_AES 12 39800a4311aSJohn Baldwin #define SADB_X_EALG_AESCBC 12 399817c7ed9SJohn-Mark Gurney #define SADB_X_EALG_AESCTR 13 4009f8f3a8eSKristof Provost #define SADB_X_EALG_CHACHA20POLY1305 15 401987de844SGeorge V. Neville-Neil #define SADB_X_EALG_AESGCM8 18 /* RFC4106 */ 402987de844SGeorge V. Neville-Neil #define SADB_X_EALG_AESGCM12 19 403987de844SGeorge V. Neville-Neil #define SADB_X_EALG_AESGCM16 20 404559d3390SGeorge V. Neville-Neil #define SADB_X_EALG_CAMELLIACBC 22 405987de844SGeorge V. Neville-Neil #define SADB_X_EALG_AESGMAC 23 /* RFC4543 + Errata1821 */ 406817c7ed9SJohn-Mark Gurney #define SADB_EALG_MAX 23 /* !!! keep updated !!! */ 40782cd038dSYoshinobu Inoue 408b42ac57fSHajimu UMEMOTO /* private allocations - based on RFC2407/IANA assignment */ 40982cd038dSYoshinobu Inoue #define SADB_X_CALG_NONE 0 41082cd038dSYoshinobu Inoue #define SADB_X_CALG_OUI 1 41182cd038dSYoshinobu Inoue #define SADB_X_CALG_DEFLATE 2 41282cd038dSYoshinobu Inoue #define SADB_X_CALG_LZS 3 413686cdd19SJun-ichiro itojun Hagino #define SADB_X_CALG_MAX 4 41482cd038dSYoshinobu Inoue 41582cd038dSYoshinobu Inoue #define SADB_IDENTTYPE_RESERVED 0 41682cd038dSYoshinobu Inoue #define SADB_IDENTTYPE_PREFIX 1 41782cd038dSYoshinobu Inoue #define SADB_IDENTTYPE_FQDN 2 41882cd038dSYoshinobu Inoue #define SADB_IDENTTYPE_USERFQDN 3 41982cd038dSYoshinobu Inoue #define SADB_X_IDENTTYPE_ADDR 4 42082cd038dSYoshinobu Inoue #define SADB_IDENTTYPE_MAX 4 42182cd038dSYoshinobu Inoue 42282cd038dSYoshinobu Inoue /* `flags' in sadb_sa structure holds followings */ 42382cd038dSYoshinobu Inoue #define SADB_X_EXT_NONE 0x0000 /* i.e. new format. */ 42482cd038dSYoshinobu Inoue #define SADB_X_EXT_OLD 0x0001 /* old format. */ 42582cd038dSYoshinobu Inoue 42682cd038dSYoshinobu Inoue #define SADB_X_EXT_IV4B 0x0010 /* IV length of 4 bytes in use */ 42782cd038dSYoshinobu Inoue #define SADB_X_EXT_DERIV 0x0020 /* DES derived */ 42882cd038dSYoshinobu Inoue #define SADB_X_EXT_CYCSEQ 0x0040 /* allowing to cyclic sequence. */ 42982cd038dSYoshinobu Inoue 43082cd038dSYoshinobu Inoue /* three of followings are exclusive flags each them */ 43182cd038dSYoshinobu Inoue #define SADB_X_EXT_PSEQ 0x0000 /* sequencial padding for ESP */ 43282cd038dSYoshinobu Inoue #define SADB_X_EXT_PRAND 0x0100 /* random padding for ESP */ 43382cd038dSYoshinobu Inoue #define SADB_X_EXT_PZERO 0x0200 /* zero padding for ESP */ 43482cd038dSYoshinobu Inoue #define SADB_X_EXT_PMASK 0x0300 /* mask for padding flag */ 43582cd038dSYoshinobu Inoue 436686cdd19SJun-ichiro itojun Hagino #if 1 43782cd038dSYoshinobu Inoue #define SADB_X_EXT_RAWCPI 0x0080 /* use well known CPI (IPComp) */ 438686cdd19SJun-ichiro itojun Hagino #endif 43982cd038dSYoshinobu Inoue 44082cd038dSYoshinobu Inoue #define SADB_KEY_FLAGS_MAX 0x0fff 44182cd038dSYoshinobu Inoue 44282cd038dSYoshinobu Inoue /* SPI size for PF_KEYv2 */ 44382cd038dSYoshinobu Inoue #define PFKEY_SPI_SIZE sizeof(u_int32_t) 44482cd038dSYoshinobu Inoue 445b6d3a964SKonstantin Belousov /* Identifier for member of lifetime structure */ 44682cd038dSYoshinobu Inoue #define SADB_X_LIFETIME_ALLOCATIONS 0 44782cd038dSYoshinobu Inoue #define SADB_X_LIFETIME_BYTES 1 44882cd038dSYoshinobu Inoue #define SADB_X_LIFETIME_ADDTIME 2 44982cd038dSYoshinobu Inoue #define SADB_X_LIFETIME_USETIME 3 45082cd038dSYoshinobu Inoue 45182cd038dSYoshinobu Inoue /* The rate for SOFT lifetime against HARD one. */ 45282cd038dSYoshinobu Inoue #define PFKEY_SOFT_LIFETIME_RATE 80 45382cd038dSYoshinobu Inoue 45482cd038dSYoshinobu Inoue /* Utilities */ 45582cd038dSYoshinobu Inoue #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) 45682cd038dSYoshinobu Inoue #define PFKEY_EXTLEN(msg) \ 45750ecbc51SLexi Winter PFKEY_UNUNIT64(((const struct sadb_ext *)(msg))->sadb_ext_len) 45882cd038dSYoshinobu Inoue #define PFKEY_ADDR_PREFIX(ext) \ 45950ecbc51SLexi Winter (((const struct sadb_address *)(ext))->sadb_address_prefixlen) 46082cd038dSYoshinobu Inoue #define PFKEY_ADDR_PROTO(ext) \ 46150ecbc51SLexi Winter (((const struct sadb_address *)(ext))->sadb_address_proto) 46282cd038dSYoshinobu Inoue #define PFKEY_ADDR_SADDR(ext) \ 46350ecbc51SLexi Winter ((const struct sockaddr *)((c_caddr_t)(ext) + sizeof(struct sadb_address))) 46482cd038dSYoshinobu Inoue 46582cd038dSYoshinobu Inoue /* in 64bits */ 46682cd038dSYoshinobu Inoue #define PFKEY_UNUNIT64(a) ((a) << 3) 46782cd038dSYoshinobu Inoue #define PFKEY_UNIT64(a) ((a) >> 3) 46882cd038dSYoshinobu Inoue 469686cdd19SJun-ichiro itojun Hagino #endif /* __PFKEY_V2_H */ 470b5402037SYoshinobu Inoue 471686cdd19SJun-ichiro itojun Hagino #endif /* _NET_PFKEYV2_H_ */ 472