1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2000-2003 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #ifndef _IKEDOOR_H 28*7c478bd9Sstevel@tonic-gate #define _IKEDOOR_H 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 33*7c478bd9Sstevel@tonic-gate extern "C" { 34*7c478bd9Sstevel@tonic-gate #endif 35*7c478bd9Sstevel@tonic-gate 36*7c478bd9Sstevel@tonic-gate #include <limits.h> 37*7c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 38*7c478bd9Sstevel@tonic-gate #include <net/pfkeyv2.h> 39*7c478bd9Sstevel@tonic-gate #include <door.h> 40*7c478bd9Sstevel@tonic-gate 41*7c478bd9Sstevel@tonic-gate #define DOORNM "/var/run/ike_door" 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate 44*7c478bd9Sstevel@tonic-gate typedef enum { 45*7c478bd9Sstevel@tonic-gate IKE_SVC_GET_DBG, 46*7c478bd9Sstevel@tonic-gate IKE_SVC_SET_DBG, 47*7c478bd9Sstevel@tonic-gate 48*7c478bd9Sstevel@tonic-gate IKE_SVC_GET_PRIV, 49*7c478bd9Sstevel@tonic-gate IKE_SVC_SET_PRIV, 50*7c478bd9Sstevel@tonic-gate 51*7c478bd9Sstevel@tonic-gate IKE_SVC_GET_STATS, 52*7c478bd9Sstevel@tonic-gate 53*7c478bd9Sstevel@tonic-gate IKE_SVC_GET_P1, 54*7c478bd9Sstevel@tonic-gate IKE_SVC_DEL_P1, 55*7c478bd9Sstevel@tonic-gate IKE_SVC_DUMP_P1S, 56*7c478bd9Sstevel@tonic-gate IKE_SVC_FLUSH_P1S, 57*7c478bd9Sstevel@tonic-gate 58*7c478bd9Sstevel@tonic-gate IKE_SVC_GET_RULE, 59*7c478bd9Sstevel@tonic-gate IKE_SVC_NEW_RULE, 60*7c478bd9Sstevel@tonic-gate IKE_SVC_DEL_RULE, 61*7c478bd9Sstevel@tonic-gate IKE_SVC_DUMP_RULES, 62*7c478bd9Sstevel@tonic-gate IKE_SVC_READ_RULES, 63*7c478bd9Sstevel@tonic-gate IKE_SVC_WRITE_RULES, 64*7c478bd9Sstevel@tonic-gate 65*7c478bd9Sstevel@tonic-gate IKE_SVC_GET_PS, 66*7c478bd9Sstevel@tonic-gate IKE_SVC_NEW_PS, 67*7c478bd9Sstevel@tonic-gate IKE_SVC_DEL_PS, 68*7c478bd9Sstevel@tonic-gate IKE_SVC_DUMP_PS, 69*7c478bd9Sstevel@tonic-gate IKE_SVC_READ_PS, 70*7c478bd9Sstevel@tonic-gate IKE_SVC_WRITE_PS, 71*7c478bd9Sstevel@tonic-gate 72*7c478bd9Sstevel@tonic-gate IKE_SVC_DBG_RBDUMP, 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate IKE_SVC_ERROR 75*7c478bd9Sstevel@tonic-gate } ike_svccmd_t; 76*7c478bd9Sstevel@tonic-gate 77*7c478bd9Sstevel@tonic-gate #define IKE_SVC_MAX IKE_SVC_ERROR 78*7c478bd9Sstevel@tonic-gate 79*7c478bd9Sstevel@tonic-gate 80*7c478bd9Sstevel@tonic-gate /* 81*7c478bd9Sstevel@tonic-gate * Support structures/defines 82*7c478bd9Sstevel@tonic-gate */ 83*7c478bd9Sstevel@tonic-gate 84*7c478bd9Sstevel@tonic-gate #define IKEDOORROUNDUP(i) P2ROUNDUP((i), sizeof (uint64_t)) 85*7c478bd9Sstevel@tonic-gate 86*7c478bd9Sstevel@tonic-gate /* 87*7c478bd9Sstevel@tonic-gate * Debug categories. The debug level is a bitmask made up of 88*7c478bd9Sstevel@tonic-gate * flags indicating the desired categories; only 31 bits are 89*7c478bd9Sstevel@tonic-gate * available, as the highest-order bit designates an invalid 90*7c478bd9Sstevel@tonic-gate * setting. 91*7c478bd9Sstevel@tonic-gate */ 92*7c478bd9Sstevel@tonic-gate #define D_INVALID 0x80000000 93*7c478bd9Sstevel@tonic-gate 94*7c478bd9Sstevel@tonic-gate #define D_CERT 0x00000001 /* certificate management */ 95*7c478bd9Sstevel@tonic-gate #define D_KEY 0x00000002 /* key management */ 96*7c478bd9Sstevel@tonic-gate #define D_OP 0x00000004 /* operational: config, init, mem */ 97*7c478bd9Sstevel@tonic-gate #define D_P1 0x00000008 /* phase 1 negotiation */ 98*7c478bd9Sstevel@tonic-gate #define D_P2 0x00000010 /* phase 2 negotiation */ 99*7c478bd9Sstevel@tonic-gate #define D_PFKEY 0x00000020 /* pf key interface */ 100*7c478bd9Sstevel@tonic-gate #define D_POL 0x00000040 /* policy management */ 101*7c478bd9Sstevel@tonic-gate #define D_PROP 0x00000080 /* proposal construction */ 102*7c478bd9Sstevel@tonic-gate #define D_DOOR 0x00000100 /* door server */ 103*7c478bd9Sstevel@tonic-gate #define D_CONFIG 0x00000200 /* config file processing */ 104*7c478bd9Sstevel@tonic-gate 105*7c478bd9Sstevel@tonic-gate #define D_HIGHBIT 0x00000200 106*7c478bd9Sstevel@tonic-gate #define D_ALL 0x000003ff 107*7c478bd9Sstevel@tonic-gate 108*7c478bd9Sstevel@tonic-gate /* 109*7c478bd9Sstevel@tonic-gate * Access privilege levels: define level of access to keying information. 110*7c478bd9Sstevel@tonic-gate * The privileges granted at each level is a superset of the privileges 111*7c478bd9Sstevel@tonic-gate * granted at all lower levels. 112*7c478bd9Sstevel@tonic-gate * 113*7c478bd9Sstevel@tonic-gate * The door operations which require special privileges are: 114*7c478bd9Sstevel@tonic-gate * 115*7c478bd9Sstevel@tonic-gate * - receiving keying material for SAs and preshared key entries 116*7c478bd9Sstevel@tonic-gate * IKE_PRIV_KEYMAT must be set for this. 117*7c478bd9Sstevel@tonic-gate * 118*7c478bd9Sstevel@tonic-gate * - get/dump/new/delete/read/write preshared keys 119*7c478bd9Sstevel@tonic-gate * IKE_PRIV_KEYMAT or IKE_PRIV_MODKEYS must be set to do this. 120*7c478bd9Sstevel@tonic-gate * If IKE_PRIV_MODKEYS is set, the information returned for a 121*7c478bd9Sstevel@tonic-gate * get/dump request will not include the actual key; in order 122*7c478bd9Sstevel@tonic-gate * to get the key itself, IKE_PRIV_KEYMAT must be set. 123*7c478bd9Sstevel@tonic-gate * 124*7c478bd9Sstevel@tonic-gate * - modifying the privilege level: the daemon's privilege level 125*7c478bd9Sstevel@tonic-gate * is set when the daemon is started; the level may only be 126*7c478bd9Sstevel@tonic-gate * lowered via the door interface. 127*7c478bd9Sstevel@tonic-gate * 128*7c478bd9Sstevel@tonic-gate * All other operations are allowed at any privilege level. 129*7c478bd9Sstevel@tonic-gate */ 130*7c478bd9Sstevel@tonic-gate #define IKE_PRIV_MINIMUM 0 131*7c478bd9Sstevel@tonic-gate #define IKE_PRIV_MODKEYS 1 132*7c478bd9Sstevel@tonic-gate #define IKE_PRIV_KEYMAT 2 133*7c478bd9Sstevel@tonic-gate #define IKE_PRIV_MAXIMUM 2 134*7c478bd9Sstevel@tonic-gate 135*7c478bd9Sstevel@tonic-gate /* global ike stats formatting structure */ 136*7c478bd9Sstevel@tonic-gate typedef struct { 137*7c478bd9Sstevel@tonic-gate uint32_t st_init_p1_current; 138*7c478bd9Sstevel@tonic-gate uint32_t st_resp_p1_current; 139*7c478bd9Sstevel@tonic-gate uint32_t st_init_p1_total; 140*7c478bd9Sstevel@tonic-gate uint32_t st_resp_p1_total; 141*7c478bd9Sstevel@tonic-gate uint32_t st_init_p1_attempts; 142*7c478bd9Sstevel@tonic-gate uint32_t st_resp_p1_attempts; 143*7c478bd9Sstevel@tonic-gate uint32_t st_init_p1_noresp; /* failed; no response from peer */ 144*7c478bd9Sstevel@tonic-gate uint32_t st_init_p1_respfail; /* failed, but peer responded */ 145*7c478bd9Sstevel@tonic-gate uint32_t st_resp_p1_fail; 146*7c478bd9Sstevel@tonic-gate uint32_t st_reserved; 147*7c478bd9Sstevel@tonic-gate char st_pkcs11_libname[PATH_MAX]; 148*7c478bd9Sstevel@tonic-gate } ike_stats_t; 149*7c478bd9Sstevel@tonic-gate 150*7c478bd9Sstevel@tonic-gate 151*7c478bd9Sstevel@tonic-gate /* data formatting structures for P1 SA dumps */ 152*7c478bd9Sstevel@tonic-gate typedef struct { 153*7c478bd9Sstevel@tonic-gate struct sockaddr_storage loc_addr; 154*7c478bd9Sstevel@tonic-gate struct sockaddr_storage rem_addr; 155*7c478bd9Sstevel@tonic-gate #define beg_iprange loc_addr 156*7c478bd9Sstevel@tonic-gate #define end_iprange rem_addr 157*7c478bd9Sstevel@tonic-gate } ike_addr_pr_t; 158*7c478bd9Sstevel@tonic-gate 159*7c478bd9Sstevel@tonic-gate typedef struct { 160*7c478bd9Sstevel@tonic-gate uint64_t cky_i; 161*7c478bd9Sstevel@tonic-gate uint64_t cky_r; 162*7c478bd9Sstevel@tonic-gate } ike_cky_pr_t; 163*7c478bd9Sstevel@tonic-gate 164*7c478bd9Sstevel@tonic-gate typedef struct { 165*7c478bd9Sstevel@tonic-gate ike_cky_pr_t p1hdr_cookies; 166*7c478bd9Sstevel@tonic-gate uint8_t p1hdr_major; 167*7c478bd9Sstevel@tonic-gate uint8_t p1hdr_minor; 168*7c478bd9Sstevel@tonic-gate uint8_t p1hdr_xchg; 169*7c478bd9Sstevel@tonic-gate uint8_t p1hdr_isinit; 170*7c478bd9Sstevel@tonic-gate uint32_t p1hdr_state; 171*7c478bd9Sstevel@tonic-gate } ike_p1_hdr_t; 172*7c478bd9Sstevel@tonic-gate 173*7c478bd9Sstevel@tonic-gate /* values for p1hdr_xchg (aligned with RFC2408, section 3.1) */ 174*7c478bd9Sstevel@tonic-gate #define IKE_XCHG_NONE 0 175*7c478bd9Sstevel@tonic-gate #define IKE_XCHG_BASE 1 176*7c478bd9Sstevel@tonic-gate #define IKE_XCHG_IDENTITY_PROTECT 2 177*7c478bd9Sstevel@tonic-gate #define IKE_XCHG_AUTH_ONLY 3 178*7c478bd9Sstevel@tonic-gate #define IKE_XCHG_AGGRESSIVE 4 179*7c478bd9Sstevel@tonic-gate /* following not from RFC; used only for preshared key definitions */ 180*7c478bd9Sstevel@tonic-gate #define IKE_XCHG_IP_AND_AGGR 240 181*7c478bd9Sstevel@tonic-gate /* also not from RFC; used as wildcard */ 182*7c478bd9Sstevel@tonic-gate #define IKE_XCHG_ANY 256 183*7c478bd9Sstevel@tonic-gate 184*7c478bd9Sstevel@tonic-gate /* values for p1hdr_state */ 185*7c478bd9Sstevel@tonic-gate #define IKE_SA_STATE_INVALID 0 186*7c478bd9Sstevel@tonic-gate #define IKE_SA_STATE_INIT 1 187*7c478bd9Sstevel@tonic-gate #define IKE_SA_STATE_SENT_SA 2 188*7c478bd9Sstevel@tonic-gate #define IKE_SA_STATE_SENT_KE 3 189*7c478bd9Sstevel@tonic-gate #define IKE_SA_STATE_SENT_LAST 4 190*7c478bd9Sstevel@tonic-gate #define IKE_SA_STATE_DONE 5 191*7c478bd9Sstevel@tonic-gate #define IKE_SA_STATE_DELETED 6 192*7c478bd9Sstevel@tonic-gate 193*7c478bd9Sstevel@tonic-gate typedef struct { 194*7c478bd9Sstevel@tonic-gate uint16_t p1xf_dh_group; 195*7c478bd9Sstevel@tonic-gate uint16_t p1xf_encr_alg; 196*7c478bd9Sstevel@tonic-gate uint16_t p1xf_auth_alg; 197*7c478bd9Sstevel@tonic-gate uint16_t p1xf_auth_meth; 198*7c478bd9Sstevel@tonic-gate uint16_t p1xf_prf; 199*7c478bd9Sstevel@tonic-gate uint16_t p1xf_pfs; 200*7c478bd9Sstevel@tonic-gate uint32_t p1xf_max_secs; 201*7c478bd9Sstevel@tonic-gate uint32_t p1xf_max_kbytes; 202*7c478bd9Sstevel@tonic-gate uint32_t p1xf_max_keyuses; 203*7c478bd9Sstevel@tonic-gate } ike_p1_xform_t; 204*7c478bd9Sstevel@tonic-gate 205*7c478bd9Sstevel@tonic-gate /* values for p1xf_dh_group (aligned with RFC2409, Appendix A) */ 206*7c478bd9Sstevel@tonic-gate #define IKE_GRP_DESC_MODP_768 1 207*7c478bd9Sstevel@tonic-gate #define IKE_GRP_DESC_MODP_1024 2 208*7c478bd9Sstevel@tonic-gate #define IKE_GRP_DESC_EC2N_155 3 209*7c478bd9Sstevel@tonic-gate #define IKE_GRP_DESC_EC2N_185 4 210*7c478bd9Sstevel@tonic-gate #define IKE_GRP_DESC_MODP_1536 5 211*7c478bd9Sstevel@tonic-gate 212*7c478bd9Sstevel@tonic-gate /* values for p1xf_auth_meth (aligned with RFC2409, Appendix A) */ 213*7c478bd9Sstevel@tonic-gate #define IKE_AUTH_METH_PRE_SHARED_KEY 1 214*7c478bd9Sstevel@tonic-gate #define IKE_AUTH_METH_DSS_SIG 2 215*7c478bd9Sstevel@tonic-gate #define IKE_AUTH_METH_RSA_SIG 3 216*7c478bd9Sstevel@tonic-gate #define IKE_AUTH_METH_RSA_ENCR 4 217*7c478bd9Sstevel@tonic-gate #define IKE_AUTH_METH_RSA_ENCR_REVISED 5 218*7c478bd9Sstevel@tonic-gate 219*7c478bd9Sstevel@tonic-gate /* values for p1xf_prf */ 220*7c478bd9Sstevel@tonic-gate #define IKE_PRF_NONE 0 221*7c478bd9Sstevel@tonic-gate #define IKE_PRF_HMAC_MD5 1 222*7c478bd9Sstevel@tonic-gate #define IKE_PRF_HMAC_SHA1 2 223*7c478bd9Sstevel@tonic-gate 224*7c478bd9Sstevel@tonic-gate typedef struct { 225*7c478bd9Sstevel@tonic-gate /* 226*7c478bd9Sstevel@tonic-gate * NOTE: the new and del counters count the actual number of SAs, 227*7c478bd9Sstevel@tonic-gate * not the number of "suites", as defined in the ike monitoring 228*7c478bd9Sstevel@tonic-gate * mib draft; we do this because we don't have a good way of 229*7c478bd9Sstevel@tonic-gate * tracking the deletion of entire suites (we're notified of 230*7c478bd9Sstevel@tonic-gate * deleted qm sas individually). 231*7c478bd9Sstevel@tonic-gate */ 232*7c478bd9Sstevel@tonic-gate uint32_t p1stat_new_qm_sas; 233*7c478bd9Sstevel@tonic-gate uint32_t p1stat_del_qm_sas; 234*7c478bd9Sstevel@tonic-gate uint64_t p1stat_start; 235*7c478bd9Sstevel@tonic-gate uint32_t p1stat_kbytes; 236*7c478bd9Sstevel@tonic-gate uint32_t p1stat_keyuses; 237*7c478bd9Sstevel@tonic-gate } ike_p1_stats_t; 238*7c478bd9Sstevel@tonic-gate 239*7c478bd9Sstevel@tonic-gate typedef struct { 240*7c478bd9Sstevel@tonic-gate uint32_t p1err_decrypt; 241*7c478bd9Sstevel@tonic-gate uint32_t p1err_hash; 242*7c478bd9Sstevel@tonic-gate uint32_t p1err_otherrx; 243*7c478bd9Sstevel@tonic-gate uint32_t p1err_tx; 244*7c478bd9Sstevel@tonic-gate } ike_p1_errors_t; 245*7c478bd9Sstevel@tonic-gate 246*7c478bd9Sstevel@tonic-gate typedef struct { 247*7c478bd9Sstevel@tonic-gate uint32_t p1key_type; 248*7c478bd9Sstevel@tonic-gate uint32_t p1key_len; 249*7c478bd9Sstevel@tonic-gate /* 250*7c478bd9Sstevel@tonic-gate * followed by (len - sizeof (ike_p1_key_t)) bytes of hex data, 251*7c478bd9Sstevel@tonic-gate * 64-bit aligned (pad bytes are added at the end, if necessary, 252*7c478bd9Sstevel@tonic-gate * and NOT INCLUDED in the len value, which reflects the actual 253*7c478bd9Sstevel@tonic-gate * key size). 254*7c478bd9Sstevel@tonic-gate */ 255*7c478bd9Sstevel@tonic-gate } ike_p1_key_t; 256*7c478bd9Sstevel@tonic-gate 257*7c478bd9Sstevel@tonic-gate /* key info types for ike_p1_key_t struct */ 258*7c478bd9Sstevel@tonic-gate #define IKE_KEY_PRESHARED 1 259*7c478bd9Sstevel@tonic-gate #define IKE_KEY_SKEYID 2 260*7c478bd9Sstevel@tonic-gate #define IKE_KEY_SKEYID_D 3 261*7c478bd9Sstevel@tonic-gate #define IKE_KEY_SKEYID_A 4 262*7c478bd9Sstevel@tonic-gate #define IKE_KEY_SKEYID_E 5 263*7c478bd9Sstevel@tonic-gate #define IKE_KEY_ENCR 6 264*7c478bd9Sstevel@tonic-gate #define IKE_KEY_IV 7 265*7c478bd9Sstevel@tonic-gate 266*7c478bd9Sstevel@tonic-gate typedef struct { 267*7c478bd9Sstevel@tonic-gate ike_p1_hdr_t p1sa_hdr; 268*7c478bd9Sstevel@tonic-gate ike_p1_xform_t p1sa_xform; 269*7c478bd9Sstevel@tonic-gate ike_addr_pr_t p1sa_ipaddrs; 270*7c478bd9Sstevel@tonic-gate uint16_t p1sa_stat_off; 271*7c478bd9Sstevel@tonic-gate uint16_t p1sa_stat_len; 272*7c478bd9Sstevel@tonic-gate uint16_t p1sa_error_off; 273*7c478bd9Sstevel@tonic-gate uint16_t p1sa_error_len; 274*7c478bd9Sstevel@tonic-gate uint16_t p1sa_localid_off; 275*7c478bd9Sstevel@tonic-gate uint16_t p1sa_localid_len; 276*7c478bd9Sstevel@tonic-gate uint16_t p1sa_remoteid_off; 277*7c478bd9Sstevel@tonic-gate uint16_t p1sa_remoteid_len; 278*7c478bd9Sstevel@tonic-gate uint16_t p1sa_key_off; 279*7c478bd9Sstevel@tonic-gate uint16_t p1sa_key_len; 280*7c478bd9Sstevel@tonic-gate uint32_t p1sa_reserved; 281*7c478bd9Sstevel@tonic-gate /* 282*7c478bd9Sstevel@tonic-gate * variable-length structures will be included here, as 283*7c478bd9Sstevel@tonic-gate * indicated by offset/length fields. 284*7c478bd9Sstevel@tonic-gate * stats and errors will be formatted as ike_p1_stats_t and 285*7c478bd9Sstevel@tonic-gate * ike_p1_errors_t, respectively. 286*7c478bd9Sstevel@tonic-gate * key info will be formatted as a series of p1_key_t structs. 287*7c478bd9Sstevel@tonic-gate * local/remote ids will be formatted as sadb_ident_t structs. 288*7c478bd9Sstevel@tonic-gate */ 289*7c478bd9Sstevel@tonic-gate } ike_p1_sa_t; 290*7c478bd9Sstevel@tonic-gate 291*7c478bd9Sstevel@tonic-gate 292*7c478bd9Sstevel@tonic-gate #define MAX_LABEL_LEN 256 293*7c478bd9Sstevel@tonic-gate 294*7c478bd9Sstevel@tonic-gate 295*7c478bd9Sstevel@tonic-gate /* data formatting structure for policy (rule) dumps */ 296*7c478bd9Sstevel@tonic-gate 297*7c478bd9Sstevel@tonic-gate typedef struct { 298*7c478bd9Sstevel@tonic-gate char rule_label[MAX_LABEL_LEN]; 299*7c478bd9Sstevel@tonic-gate uint32_t rule_kmcookie; 300*7c478bd9Sstevel@tonic-gate uint16_t rule_ike_mode; 301*7c478bd9Sstevel@tonic-gate uint16_t rule_local_idtype; /* SADB_IDENTTYPE_* value */ 302*7c478bd9Sstevel@tonic-gate uint32_t rule_p1_nonce_len; 303*7c478bd9Sstevel@tonic-gate uint32_t rule_p2_nonce_len; 304*7c478bd9Sstevel@tonic-gate uint32_t rule_p2_pfs; 305*7c478bd9Sstevel@tonic-gate uint32_t rule_p2_lifetime; 306*7c478bd9Sstevel@tonic-gate uint16_t rule_xform_cnt; 307*7c478bd9Sstevel@tonic-gate uint16_t rule_xform_off; 308*7c478bd9Sstevel@tonic-gate uint16_t rule_locip_cnt; 309*7c478bd9Sstevel@tonic-gate uint16_t rule_locip_off; 310*7c478bd9Sstevel@tonic-gate uint16_t rule_remip_cnt; 311*7c478bd9Sstevel@tonic-gate uint16_t rule_remip_off; 312*7c478bd9Sstevel@tonic-gate uint16_t rule_locid_inclcnt; 313*7c478bd9Sstevel@tonic-gate uint16_t rule_locid_exclcnt; 314*7c478bd9Sstevel@tonic-gate uint16_t rule_locid_off; 315*7c478bd9Sstevel@tonic-gate uint16_t rule_remid_inclcnt; 316*7c478bd9Sstevel@tonic-gate uint16_t rule_remid_exclcnt; 317*7c478bd9Sstevel@tonic-gate uint16_t rule_remid_off; 318*7c478bd9Sstevel@tonic-gate /* 319*7c478bd9Sstevel@tonic-gate * Followed by several lists of variable-length structures, described 320*7c478bd9Sstevel@tonic-gate * by counts and offsets: 321*7c478bd9Sstevel@tonic-gate * transforms ike_p1_xform_t structs 322*7c478bd9Sstevel@tonic-gate * ranges of local ip addrs ike_addr_pr_t structs 323*7c478bd9Sstevel@tonic-gate * ranges of remote ip addrs ike_addr_pr_t structs 324*7c478bd9Sstevel@tonic-gate * local identification strings null-terminated ascii strings 325*7c478bd9Sstevel@tonic-gate * remote identification strings null-terminated ascii strings 326*7c478bd9Sstevel@tonic-gate */ 327*7c478bd9Sstevel@tonic-gate } ike_rule_t; 328*7c478bd9Sstevel@tonic-gate 329*7c478bd9Sstevel@tonic-gate 330*7c478bd9Sstevel@tonic-gate /* 331*7c478bd9Sstevel@tonic-gate * data formatting structure for preshared keys 332*7c478bd9Sstevel@tonic-gate * ps_ike_mode field uses the IKE_XCHG_* defs 333*7c478bd9Sstevel@tonic-gate */ 334*7c478bd9Sstevel@tonic-gate typedef struct { 335*7c478bd9Sstevel@tonic-gate ike_addr_pr_t ps_ipaddrs; 336*7c478bd9Sstevel@tonic-gate uint16_t ps_ike_mode; 337*7c478bd9Sstevel@tonic-gate uint16_t ps_localid_off; 338*7c478bd9Sstevel@tonic-gate uint16_t ps_localid_len; 339*7c478bd9Sstevel@tonic-gate uint16_t ps_remoteid_off; 340*7c478bd9Sstevel@tonic-gate uint16_t ps_remoteid_len; 341*7c478bd9Sstevel@tonic-gate uint16_t ps_key_off; 342*7c478bd9Sstevel@tonic-gate uint16_t ps_key_len; 343*7c478bd9Sstevel@tonic-gate uint16_t ps_key_bits; 344*7c478bd9Sstevel@tonic-gate /* 345*7c478bd9Sstevel@tonic-gate * followed by variable-length structures, as indicated by 346*7c478bd9Sstevel@tonic-gate * offset/length fields. 347*7c478bd9Sstevel@tonic-gate * key info will be formatted as an array of bytes. 348*7c478bd9Sstevel@tonic-gate * local/remote ids will be formatted as sadb_ident_t structs. 349*7c478bd9Sstevel@tonic-gate */ 350*7c478bd9Sstevel@tonic-gate } ike_ps_t; 351*7c478bd9Sstevel@tonic-gate 352*7c478bd9Sstevel@tonic-gate 353*7c478bd9Sstevel@tonic-gate /* identification types */ 354*7c478bd9Sstevel@tonic-gate #define IKE_ID_IDENT_PAIR 1 355*7c478bd9Sstevel@tonic-gate #define IKE_ID_ADDR_PAIR 2 356*7c478bd9Sstevel@tonic-gate #define IKE_ID_CKY_PAIR 3 357*7c478bd9Sstevel@tonic-gate #define IKE_ID_LABEL 4 358*7c478bd9Sstevel@tonic-gate 359*7c478bd9Sstevel@tonic-gate 360*7c478bd9Sstevel@tonic-gate /* locations for read/write requests */ 361*7c478bd9Sstevel@tonic-gate #define IKE_RW_LOC_DEFAULT 1 362*7c478bd9Sstevel@tonic-gate #define IKE_RW_LOC_USER_SPEC 2 363*7c478bd9Sstevel@tonic-gate 364*7c478bd9Sstevel@tonic-gate 365*7c478bd9Sstevel@tonic-gate /* door interface error codes */ 366*7c478bd9Sstevel@tonic-gate #define IKE_ERR_NO_OBJ 1 /* nothing found to match the request */ 367*7c478bd9Sstevel@tonic-gate #define IKE_ERR_NO_DESC 2 /* fd was required with this request */ 368*7c478bd9Sstevel@tonic-gate #define IKE_ERR_ID_INVALID 3 /* invalid id info was provided */ 369*7c478bd9Sstevel@tonic-gate #define IKE_ERR_LOC_INVALID 4 /* invalid location info was provided */ 370*7c478bd9Sstevel@tonic-gate #define IKE_ERR_CMD_INVALID 5 /* invalid command was provided */ 371*7c478bd9Sstevel@tonic-gate #define IKE_ERR_DATA_INVALID 6 /* invalid data was provided */ 372*7c478bd9Sstevel@tonic-gate #define IKE_ERR_CMD_NOTSUP 7 /* unsupported command */ 373*7c478bd9Sstevel@tonic-gate #define IKE_ERR_REQ_INVALID 8 /* badly formatted request */ 374*7c478bd9Sstevel@tonic-gate #define IKE_ERR_NO_PRIV 9 /* privilege level not high enough */ 375*7c478bd9Sstevel@tonic-gate #define IKE_ERR_SYS_ERR 10 /* syserr occurred while processing */ 376*7c478bd9Sstevel@tonic-gate 377*7c478bd9Sstevel@tonic-gate 378*7c478bd9Sstevel@tonic-gate /* 379*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_DBG 380*7c478bd9Sstevel@tonic-gate * Used to request the current debug level. 381*7c478bd9Sstevel@tonic-gate * 382*7c478bd9Sstevel@tonic-gate * Upon request, dbg_level is 0 (don't care). 383*7c478bd9Sstevel@tonic-gate * 384*7c478bd9Sstevel@tonic-gate * Upon return, dbg_level contains the current value. 385*7c478bd9Sstevel@tonic-gate * 386*7c478bd9Sstevel@tonic-gate * 387*7c478bd9Sstevel@tonic-gate * IKE_SVC_SET_DBG 388*7c478bd9Sstevel@tonic-gate * Used to request modification of the debug level. 389*7c478bd9Sstevel@tonic-gate * 390*7c478bd9Sstevel@tonic-gate * Upon request, dbg_level contains desired level. If debug output is 391*7c478bd9Sstevel@tonic-gate * to be directed to a different file, the fd should be passed in the 392*7c478bd9Sstevel@tonic-gate * door_desc_t field of the door_arg_t param. NOTE: if the daemon is 393*7c478bd9Sstevel@tonic-gate * currently running in the background with no debug set, an output 394*7c478bd9Sstevel@tonic-gate * file MUST be given. 395*7c478bd9Sstevel@tonic-gate * 396*7c478bd9Sstevel@tonic-gate * Upon return, dbg_level contains the old debug level, and acknowledges 397*7c478bd9Sstevel@tonic-gate * successful completion of the request. If an error is encountered, 398*7c478bd9Sstevel@tonic-gate * ike_err_t is returned instead, with appropriate error value and cmd 399*7c478bd9Sstevel@tonic-gate * IKE_SVC_ERROR. 400*7c478bd9Sstevel@tonic-gate */ 401*7c478bd9Sstevel@tonic-gate typedef struct { 402*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 403*7c478bd9Sstevel@tonic-gate uint32_t dbg_level; 404*7c478bd9Sstevel@tonic-gate } ike_dbg_t; 405*7c478bd9Sstevel@tonic-gate 406*7c478bd9Sstevel@tonic-gate /* 407*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_PRIV 408*7c478bd9Sstevel@tonic-gate * Used to request the current privilege level. 409*7c478bd9Sstevel@tonic-gate * 410*7c478bd9Sstevel@tonic-gate * Upon request, priv_level is 0 (don't care). 411*7c478bd9Sstevel@tonic-gate * 412*7c478bd9Sstevel@tonic-gate * Upon return, priv_level contains the current value. 413*7c478bd9Sstevel@tonic-gate * 414*7c478bd9Sstevel@tonic-gate * 415*7c478bd9Sstevel@tonic-gate * IKE_SVC_SET_PRIV 416*7c478bd9Sstevel@tonic-gate * Used to request modification of the privilege level. 417*7c478bd9Sstevel@tonic-gate * 418*7c478bd9Sstevel@tonic-gate * Upon request, priv_level contains the desired level. The level may 419*7c478bd9Sstevel@tonic-gate * only be lowered via the door interface; it cannot be raised. Thus, 420*7c478bd9Sstevel@tonic-gate * if in.iked is started at the lowest level, it cannot be changed. 421*7c478bd9Sstevel@tonic-gate * 422*7c478bd9Sstevel@tonic-gate * Upon return, priv_level contains the old privilege level, and 423*7c478bd9Sstevel@tonic-gate * acknowledges successful completion of the request. If an error is 424*7c478bd9Sstevel@tonic-gate * encountered, ike_err_t is returned instead, with appropriate error 425*7c478bd9Sstevel@tonic-gate * value and cmd IKE_SVC_ERROR. 426*7c478bd9Sstevel@tonic-gate */ 427*7c478bd9Sstevel@tonic-gate typedef struct { 428*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 429*7c478bd9Sstevel@tonic-gate uint32_t priv_level; 430*7c478bd9Sstevel@tonic-gate } ike_priv_t; 431*7c478bd9Sstevel@tonic-gate 432*7c478bd9Sstevel@tonic-gate 433*7c478bd9Sstevel@tonic-gate /* 434*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_STATS 435*7c478bd9Sstevel@tonic-gate * Used to request current statistics on Phase 1 SA creation and 436*7c478bd9Sstevel@tonic-gate * failures. The statistics represent all activity in in.iked. 437*7c478bd9Sstevel@tonic-gate * 438*7c478bd9Sstevel@tonic-gate * Upon request, cmd is set, and stat_len does not matter. 439*7c478bd9Sstevel@tonic-gate * 440*7c478bd9Sstevel@tonic-gate * Upon successful return, stat_len contains the total size of the 441*7c478bd9Sstevel@tonic-gate * returned buffer, which contains first the ike_statreq_t struct, 442*7c478bd9Sstevel@tonic-gate * followed by the stat data in the ike_stats_t structure. In case 443*7c478bd9Sstevel@tonic-gate * of an error in processing the request, ike_err_t is returned with 444*7c478bd9Sstevel@tonic-gate * IKE_SVC_ERROR command and appropriate error code. 445*7c478bd9Sstevel@tonic-gate */ 446*7c478bd9Sstevel@tonic-gate typedef struct { 447*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 448*7c478bd9Sstevel@tonic-gate uint32_t stat_len; 449*7c478bd9Sstevel@tonic-gate } ike_statreq_t; 450*7c478bd9Sstevel@tonic-gate 451*7c478bd9Sstevel@tonic-gate 452*7c478bd9Sstevel@tonic-gate /* 453*7c478bd9Sstevel@tonic-gate * IKE_SVC_DUMP_{P1S|RULES|PS} 454*7c478bd9Sstevel@tonic-gate * Used to request a table dump, and to return info for a single table 455*7c478bd9Sstevel@tonic-gate * item. The expectation is that all of the table data will be passed 456*7c478bd9Sstevel@tonic-gate * through the door, one entry at a time; an individual request must be 457*7c478bd9Sstevel@tonic-gate * sent for each entry, however (the door server can't send unrequested 458*7c478bd9Sstevel@tonic-gate * data). 459*7c478bd9Sstevel@tonic-gate * 460*7c478bd9Sstevel@tonic-gate * Upon request: cmd is set, and dump_next contains the item number 461*7c478bd9Sstevel@tonic-gate * requested (0 for first request). dump_len is 0; no data follows. 462*7c478bd9Sstevel@tonic-gate * 463*7c478bd9Sstevel@tonic-gate * Upon return: cmd is set, and dump_next contains the item number of 464*7c478bd9Sstevel@tonic-gate * the *next* item in the table (to be used in the subsequent request). 465*7c478bd9Sstevel@tonic-gate * dump_next = 0 indicates that this is the last item in the table. 466*7c478bd9Sstevel@tonic-gate * dump_len is the total length (data + struct) returned. Data is 467*7c478bd9Sstevel@tonic-gate * formatted as indicated by the cmd type: 468*7c478bd9Sstevel@tonic-gate * IKE_SVC_DUMP_P1S: ike_p1_sa_t 469*7c478bd9Sstevel@tonic-gate * IKE_SVC_DUMP_RULES: ike_rule_t 470*7c478bd9Sstevel@tonic-gate * IKE_SVC_DUMP_PS: ike_ps_t 471*7c478bd9Sstevel@tonic-gate */ 472*7c478bd9Sstevel@tonic-gate typedef struct { 473*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 474*7c478bd9Sstevel@tonic-gate uint32_t dump_len; 475*7c478bd9Sstevel@tonic-gate union { 476*7c478bd9Sstevel@tonic-gate struct { 477*7c478bd9Sstevel@tonic-gate uint32_t dump_unext; 478*7c478bd9Sstevel@tonic-gate uint32_t dump_ureserved; 479*7c478bd9Sstevel@tonic-gate } dump_actual; 480*7c478bd9Sstevel@tonic-gate uint64_t dump_alignment; 481*7c478bd9Sstevel@tonic-gate } dump_u; 482*7c478bd9Sstevel@tonic-gate #define dump_next dump_u.dump_actual.dump_unext 483*7c478bd9Sstevel@tonic-gate #define dump_reserved dump_u.dump_actual.dump_ureserved 484*7c478bd9Sstevel@tonic-gate /* dump_len - sizeof (ike_dump_t) bytes of data included here */ 485*7c478bd9Sstevel@tonic-gate } ike_dump_t; 486*7c478bd9Sstevel@tonic-gate 487*7c478bd9Sstevel@tonic-gate 488*7c478bd9Sstevel@tonic-gate /* 489*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_{P1|RULE|PS} 490*7c478bd9Sstevel@tonic-gate * Used to request and return individual table items. 491*7c478bd9Sstevel@tonic-gate * 492*7c478bd9Sstevel@tonic-gate * Upon request: get_len is the total msg length (struct + id data); 493*7c478bd9Sstevel@tonic-gate * get_idtype indicates the type of identification being used. 494*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_P1: ike_addr_pr_t or ike_cky_pr_t 495*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_RULE: char string (label) 496*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_PS: ike_addr_pr_t or pair of sadb_ident_t 497*7c478bd9Sstevel@tonic-gate * 498*7c478bd9Sstevel@tonic-gate * Upon return: get_len is the total size (struct + data), get_idtype 499*7c478bd9Sstevel@tonic-gate * is unused, and the data that follows is formatted according to cmd: 500*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_P1: ike_p1_sa_t 501*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_RULE: ike_rule_t 502*7c478bd9Sstevel@tonic-gate * IKE_SVC_GET_PS: ike_ps_t 503*7c478bd9Sstevel@tonic-gate */ 504*7c478bd9Sstevel@tonic-gate typedef struct { 505*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 506*7c478bd9Sstevel@tonic-gate uint32_t get_len; 507*7c478bd9Sstevel@tonic-gate union { 508*7c478bd9Sstevel@tonic-gate struct { 509*7c478bd9Sstevel@tonic-gate uint32_t getu_idtype; 510*7c478bd9Sstevel@tonic-gate uint32_t getu_reserved; 511*7c478bd9Sstevel@tonic-gate } get_actual; 512*7c478bd9Sstevel@tonic-gate uint64_t get_alignment; 513*7c478bd9Sstevel@tonic-gate } get_u; 514*7c478bd9Sstevel@tonic-gate #define get_idtype get_u.get_actual.getu_idtype 515*7c478bd9Sstevel@tonic-gate #define get_reserved get_u.get_actual.getu_reserved 516*7c478bd9Sstevel@tonic-gate /* get_len - sizeof (ike_get_t) bytes of data included here */ 517*7c478bd9Sstevel@tonic-gate } ike_get_t; 518*7c478bd9Sstevel@tonic-gate 519*7c478bd9Sstevel@tonic-gate 520*7c478bd9Sstevel@tonic-gate /* 521*7c478bd9Sstevel@tonic-gate * IKE_SVC_NEW_{RULE|PS} 522*7c478bd9Sstevel@tonic-gate * Used to request and acknowledge insertion of a table item. 523*7c478bd9Sstevel@tonic-gate * 524*7c478bd9Sstevel@tonic-gate * Upon request: new_len is the total (data + struct) size passed, or 0. 525*7c478bd9Sstevel@tonic-gate * new_len = 0 => a door_desc_t is also included with a file descriptor 526*7c478bd9Sstevel@tonic-gate * for a file containing the data to be added. The file should include 527*7c478bd9Sstevel@tonic-gate * a single item: a rule, or a pre-shared key. For new_len != 0, the 528*7c478bd9Sstevel@tonic-gate * data is formatted according to the cmd type: 529*7c478bd9Sstevel@tonic-gate * IKE_SVC_NEW_RULE: ike_rule_t 530*7c478bd9Sstevel@tonic-gate * IKE_SVC_NEW_PS: ike_ps_t 531*7c478bd9Sstevel@tonic-gate * 532*7c478bd9Sstevel@tonic-gate * Upon return: new_len is 0; simply acknowledges successful insertion 533*7c478bd9Sstevel@tonic-gate * of the requested item. If insertion is not successful, ike_err_t is 534*7c478bd9Sstevel@tonic-gate * returned instead with appropriate error value. 535*7c478bd9Sstevel@tonic-gate */ 536*7c478bd9Sstevel@tonic-gate typedef struct { 537*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 538*7c478bd9Sstevel@tonic-gate uint32_t new_len; 539*7c478bd9Sstevel@tonic-gate /* new_len - sizeof (ike_new_t) bytes included here */ 540*7c478bd9Sstevel@tonic-gate uint64_t new_align; /* Padding for 64-bit alignment. */ 541*7c478bd9Sstevel@tonic-gate } ike_new_t; 542*7c478bd9Sstevel@tonic-gate 543*7c478bd9Sstevel@tonic-gate 544*7c478bd9Sstevel@tonic-gate /* 545*7c478bd9Sstevel@tonic-gate * IKE_SVC_DEL_{P1|RULE|PS} 546*7c478bd9Sstevel@tonic-gate * Used to request and acknowledge the deletion of an individual table 547*7c478bd9Sstevel@tonic-gate * item. 548*7c478bd9Sstevel@tonic-gate * 549*7c478bd9Sstevel@tonic-gate * Upon request: del_len is the total msg length (struct + id data); 550*7c478bd9Sstevel@tonic-gate * del_idtype indicates the type of identification being used. 551*7c478bd9Sstevel@tonic-gate * IKE_SVC_DEL_P1: ike_addr_pr_t or ike_cky_pr_t 552*7c478bd9Sstevel@tonic-gate * IKE_SVC_DEL_RULE: char string (label) 553*7c478bd9Sstevel@tonic-gate * IKE_SVC_DEL_PS: ike_addr_pr_t or pair of sadb_ident_t 554*7c478bd9Sstevel@tonic-gate * 555*7c478bd9Sstevel@tonic-gate * Upon return: acknowledges deletion of the requested item; del_len and 556*7c478bd9Sstevel@tonic-gate * del_idtype are unspecified. If deletion is not successful, ike_err_t 557*7c478bd9Sstevel@tonic-gate * is returned instead with appropriate error value. 558*7c478bd9Sstevel@tonic-gate */ 559*7c478bd9Sstevel@tonic-gate typedef struct { 560*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 561*7c478bd9Sstevel@tonic-gate uint32_t del_len; 562*7c478bd9Sstevel@tonic-gate uint32_t del_idtype; 563*7c478bd9Sstevel@tonic-gate uint32_t del_reserved; 564*7c478bd9Sstevel@tonic-gate /* del_len - sizeof (ike_del_t) bytes of data included here. */ 565*7c478bd9Sstevel@tonic-gate } ike_del_t; 566*7c478bd9Sstevel@tonic-gate 567*7c478bd9Sstevel@tonic-gate 568*7c478bd9Sstevel@tonic-gate /* 569*7c478bd9Sstevel@tonic-gate * IKE_SVC_READ_{RULES|PS} 570*7c478bd9Sstevel@tonic-gate * Used to ask daemon to re-read particular configuration info. 571*7c478bd9Sstevel@tonic-gate * 572*7c478bd9Sstevel@tonic-gate * Upon request: rw_loc indicates where the info should be read from: 573*7c478bd9Sstevel@tonic-gate * either from a user-supplied file descriptor(s), or from the default 574*7c478bd9Sstevel@tonic-gate * location(s). If rw_loc indicates user-supplied location, the file 575*7c478bd9Sstevel@tonic-gate * descriptor(s) should be passed in the door_desc_t struct. For the 576*7c478bd9Sstevel@tonic-gate * IKE_SVC_READ_RULES cmd, two file descriptors should be specified: 577*7c478bd9Sstevel@tonic-gate * first, one for the config file which contains the data to be read, 578*7c478bd9Sstevel@tonic-gate * and second, one for the cookie file which will be written to as 579*7c478bd9Sstevel@tonic-gate * in.iked process the config file. 580*7c478bd9Sstevel@tonic-gate * 581*7c478bd9Sstevel@tonic-gate * Upon return: rw_loc is unspecified; the message simply acknowledges 582*7c478bd9Sstevel@tonic-gate * successful completion of the request. If an error occurred, 583*7c478bd9Sstevel@tonic-gate * ike_err_t is returned instead with appropriate error value. 584*7c478bd9Sstevel@tonic-gate * 585*7c478bd9Sstevel@tonic-gate * 586*7c478bd9Sstevel@tonic-gate * IKE_SVC_WRITE_{RULES|PS} 587*7c478bd9Sstevel@tonic-gate * Used to ask daemon to write its current config info to files. 588*7c478bd9Sstevel@tonic-gate * 589*7c478bd9Sstevel@tonic-gate * Request and return are handled the same as for the IKE_SVC_READ_* 590*7c478bd9Sstevel@tonic-gate * cmds; however, the rw_loc MUST be a user-supplied location. Also, 591*7c478bd9Sstevel@tonic-gate * for the IKE_SVC_WRITE_RULES cmd, the cookie file fd is not required; 592*7c478bd9Sstevel@tonic-gate * only a single fd, for the file to which the config info should be 593*7c478bd9Sstevel@tonic-gate * written, should be passed in. 594*7c478bd9Sstevel@tonic-gate */ 595*7c478bd9Sstevel@tonic-gate typedef struct { 596*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 597*7c478bd9Sstevel@tonic-gate uint32_t rw_loc; 598*7c478bd9Sstevel@tonic-gate } ike_rw_t; 599*7c478bd9Sstevel@tonic-gate 600*7c478bd9Sstevel@tonic-gate 601*7c478bd9Sstevel@tonic-gate /* 602*7c478bd9Sstevel@tonic-gate * IKE_SVC_FLUSH_P1S 603*7c478bd9Sstevel@tonic-gate * Used to request and acknowledge tear-down of all P1 SAs. 604*7c478bd9Sstevel@tonic-gate */ 605*7c478bd9Sstevel@tonic-gate typedef struct { 606*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 607*7c478bd9Sstevel@tonic-gate } ike_flush_t; 608*7c478bd9Sstevel@tonic-gate 609*7c478bd9Sstevel@tonic-gate 610*7c478bd9Sstevel@tonic-gate /* 611*7c478bd9Sstevel@tonic-gate * IKE_SVC_ERROR 612*7c478bd9Sstevel@tonic-gate * Used on return if server encountered an error while processing 613*7c478bd9Sstevel@tonic-gate * the request. An appropriate error code is included (as defined 614*7c478bd9Sstevel@tonic-gate * in this header file); in the case of IKE_ERR_SYS_ERR, a value 615*7c478bd9Sstevel@tonic-gate * from the UNIX errno space is included in the ike_err_unix field. 616*7c478bd9Sstevel@tonic-gate */ 617*7c478bd9Sstevel@tonic-gate typedef struct { 618*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 619*7c478bd9Sstevel@tonic-gate uint32_t ike_err; 620*7c478bd9Sstevel@tonic-gate uint32_t ike_err_unix; 621*7c478bd9Sstevel@tonic-gate uint32_t ike_err_reserved; 622*7c478bd9Sstevel@tonic-gate } ike_err_t; 623*7c478bd9Sstevel@tonic-gate 624*7c478bd9Sstevel@tonic-gate 625*7c478bd9Sstevel@tonic-gate /* 626*7c478bd9Sstevel@tonic-gate * Generic type for use when the request/reply type is unknown 627*7c478bd9Sstevel@tonic-gate */ 628*7c478bd9Sstevel@tonic-gate typedef struct { 629*7c478bd9Sstevel@tonic-gate ike_svccmd_t cmd; 630*7c478bd9Sstevel@tonic-gate } ike_cmd_t; 631*7c478bd9Sstevel@tonic-gate 632*7c478bd9Sstevel@tonic-gate 633*7c478bd9Sstevel@tonic-gate /* 634*7c478bd9Sstevel@tonic-gate * Union containing all possible request/retrun structures. 635*7c478bd9Sstevel@tonic-gate */ 636*7c478bd9Sstevel@tonic-gate typedef union { 637*7c478bd9Sstevel@tonic-gate ike_cmd_t svc_cmd; 638*7c478bd9Sstevel@tonic-gate ike_dbg_t svc_dbg; 639*7c478bd9Sstevel@tonic-gate ike_priv_t svc_priv; 640*7c478bd9Sstevel@tonic-gate ike_statreq_t svc_stats; 641*7c478bd9Sstevel@tonic-gate ike_dump_t svc_dump; 642*7c478bd9Sstevel@tonic-gate ike_get_t svc_get; 643*7c478bd9Sstevel@tonic-gate ike_new_t svc_new; 644*7c478bd9Sstevel@tonic-gate ike_del_t svc_del; 645*7c478bd9Sstevel@tonic-gate ike_rw_t svc_rw; 646*7c478bd9Sstevel@tonic-gate ike_flush_t svc_flush; 647*7c478bd9Sstevel@tonic-gate ike_err_t svc_err; 648*7c478bd9Sstevel@tonic-gate } ike_service_t; 649*7c478bd9Sstevel@tonic-gate 650*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 651*7c478bd9Sstevel@tonic-gate } 652*7c478bd9Sstevel@tonic-gate #endif 653*7c478bd9Sstevel@tonic-gate 654*7c478bd9Sstevel@tonic-gate #endif /* _IKEDOOR_H */ 655