1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _IKEDOOR_H 28 #define _IKEDOOR_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <limits.h> 37 #include <sys/sysmacros.h> 38 #include <net/pfkeyv2.h> 39 #include <door.h> 40 41 #define DOORNM "/var/run/ike_door" 42 43 44 typedef enum { 45 IKE_SVC_GET_DBG, 46 IKE_SVC_SET_DBG, 47 48 IKE_SVC_GET_PRIV, 49 IKE_SVC_SET_PRIV, 50 51 IKE_SVC_GET_STATS, 52 53 IKE_SVC_GET_P1, 54 IKE_SVC_DEL_P1, 55 IKE_SVC_DUMP_P1S, 56 IKE_SVC_FLUSH_P1S, 57 58 IKE_SVC_GET_RULE, 59 IKE_SVC_NEW_RULE, 60 IKE_SVC_DEL_RULE, 61 IKE_SVC_DUMP_RULES, 62 IKE_SVC_READ_RULES, 63 IKE_SVC_WRITE_RULES, 64 65 IKE_SVC_GET_PS, 66 IKE_SVC_NEW_PS, 67 IKE_SVC_DEL_PS, 68 IKE_SVC_DUMP_PS, 69 IKE_SVC_READ_PS, 70 IKE_SVC_WRITE_PS, 71 72 IKE_SVC_DBG_RBDUMP, 73 74 IKE_SVC_ERROR 75 } ike_svccmd_t; 76 77 #define IKE_SVC_MAX IKE_SVC_ERROR 78 79 80 /* 81 * Support structures/defines 82 */ 83 84 #define IKEDOORROUNDUP(i) P2ROUNDUP((i), sizeof (uint64_t)) 85 86 /* 87 * Debug categories. The debug level is a bitmask made up of 88 * flags indicating the desired categories; only 31 bits are 89 * available, as the highest-order bit designates an invalid 90 * setting. 91 */ 92 #define D_INVALID 0x80000000 93 94 #define D_CERT 0x00000001 /* certificate management */ 95 #define D_KEY 0x00000002 /* key management */ 96 #define D_OP 0x00000004 /* operational: config, init, mem */ 97 #define D_P1 0x00000008 /* phase 1 negotiation */ 98 #define D_P2 0x00000010 /* phase 2 negotiation */ 99 #define D_PFKEY 0x00000020 /* pf key interface */ 100 #define D_POL 0x00000040 /* policy management */ 101 #define D_PROP 0x00000080 /* proposal construction */ 102 #define D_DOOR 0x00000100 /* door server */ 103 #define D_CONFIG 0x00000200 /* config file processing */ 104 105 #define D_HIGHBIT 0x00000200 106 #define D_ALL 0x000003ff 107 108 /* 109 * Access privilege levels: define level of access to keying information. 110 * The privileges granted at each level is a superset of the privileges 111 * granted at all lower levels. 112 * 113 * The door operations which require special privileges are: 114 * 115 * - receiving keying material for SAs and preshared key entries 116 * IKE_PRIV_KEYMAT must be set for this. 117 * 118 * - get/dump/new/delete/read/write preshared keys 119 * IKE_PRIV_KEYMAT or IKE_PRIV_MODKEYS must be set to do this. 120 * If IKE_PRIV_MODKEYS is set, the information returned for a 121 * get/dump request will not include the actual key; in order 122 * to get the key itself, IKE_PRIV_KEYMAT must be set. 123 * 124 * - modifying the privilege level: the daemon's privilege level 125 * is set when the daemon is started; the level may only be 126 * lowered via the door interface. 127 * 128 * All other operations are allowed at any privilege level. 129 */ 130 #define IKE_PRIV_MINIMUM 0 131 #define IKE_PRIV_MODKEYS 1 132 #define IKE_PRIV_KEYMAT 2 133 #define IKE_PRIV_MAXIMUM 2 134 135 /* global ike stats formatting structure */ 136 typedef struct { 137 uint32_t st_init_p1_current; 138 uint32_t st_resp_p1_current; 139 uint32_t st_init_p1_total; 140 uint32_t st_resp_p1_total; 141 uint32_t st_init_p1_attempts; 142 uint32_t st_resp_p1_attempts; 143 uint32_t st_init_p1_noresp; /* failed; no response from peer */ 144 uint32_t st_init_p1_respfail; /* failed, but peer responded */ 145 uint32_t st_resp_p1_fail; 146 uint32_t st_reserved; 147 char st_pkcs11_libname[PATH_MAX]; 148 } ike_stats_t; 149 150 151 /* data formatting structures for P1 SA dumps */ 152 typedef struct { 153 struct sockaddr_storage loc_addr; 154 struct sockaddr_storage rem_addr; 155 #define beg_iprange loc_addr 156 #define end_iprange rem_addr 157 } ike_addr_pr_t; 158 159 typedef struct { 160 uint64_t cky_i; 161 uint64_t cky_r; 162 } ike_cky_pr_t; 163 164 typedef struct { 165 ike_cky_pr_t p1hdr_cookies; 166 uint8_t p1hdr_major; 167 uint8_t p1hdr_minor; 168 uint8_t p1hdr_xchg; 169 uint8_t p1hdr_isinit; 170 uint32_t p1hdr_state; 171 } ike_p1_hdr_t; 172 173 /* values for p1hdr_xchg (aligned with RFC2408, section 3.1) */ 174 #define IKE_XCHG_NONE 0 175 #define IKE_XCHG_BASE 1 176 #define IKE_XCHG_IDENTITY_PROTECT 2 177 #define IKE_XCHG_AUTH_ONLY 3 178 #define IKE_XCHG_AGGRESSIVE 4 179 /* following not from RFC; used only for preshared key definitions */ 180 #define IKE_XCHG_IP_AND_AGGR 240 181 /* also not from RFC; used as wildcard */ 182 #define IKE_XCHG_ANY 256 183 184 /* values for p1hdr_state */ 185 #define IKE_SA_STATE_INVALID 0 186 #define IKE_SA_STATE_INIT 1 187 #define IKE_SA_STATE_SENT_SA 2 188 #define IKE_SA_STATE_SENT_KE 3 189 #define IKE_SA_STATE_SENT_LAST 4 190 #define IKE_SA_STATE_DONE 5 191 #define IKE_SA_STATE_DELETED 6 192 193 typedef struct { 194 uint16_t p1xf_dh_group; 195 uint16_t p1xf_encr_alg; 196 uint16_t p1xf_auth_alg; 197 uint16_t p1xf_auth_meth; 198 uint16_t p1xf_prf; 199 uint16_t p1xf_pfs; 200 uint32_t p1xf_max_secs; 201 uint32_t p1xf_max_kbytes; 202 uint32_t p1xf_max_keyuses; 203 } ike_p1_xform_t; 204 205 /* values for p1xf_dh_group (aligned with RFC2409, Appendix A) */ 206 #define IKE_GRP_DESC_MODP_768 1 207 #define IKE_GRP_DESC_MODP_1024 2 208 #define IKE_GRP_DESC_EC2N_155 3 209 #define IKE_GRP_DESC_EC2N_185 4 210 #define IKE_GRP_DESC_MODP_1536 5 211 212 /* values for p1xf_auth_meth (aligned with RFC2409, Appendix A) */ 213 #define IKE_AUTH_METH_PRE_SHARED_KEY 1 214 #define IKE_AUTH_METH_DSS_SIG 2 215 #define IKE_AUTH_METH_RSA_SIG 3 216 #define IKE_AUTH_METH_RSA_ENCR 4 217 #define IKE_AUTH_METH_RSA_ENCR_REVISED 5 218 219 /* values for p1xf_prf */ 220 #define IKE_PRF_NONE 0 221 #define IKE_PRF_HMAC_MD5 1 222 #define IKE_PRF_HMAC_SHA1 2 223 224 typedef struct { 225 /* 226 * NOTE: the new and del counters count the actual number of SAs, 227 * not the number of "suites", as defined in the ike monitoring 228 * mib draft; we do this because we don't have a good way of 229 * tracking the deletion of entire suites (we're notified of 230 * deleted qm sas individually). 231 */ 232 uint32_t p1stat_new_qm_sas; 233 uint32_t p1stat_del_qm_sas; 234 uint64_t p1stat_start; 235 uint32_t p1stat_kbytes; 236 uint32_t p1stat_keyuses; 237 } ike_p1_stats_t; 238 239 typedef struct { 240 uint32_t p1err_decrypt; 241 uint32_t p1err_hash; 242 uint32_t p1err_otherrx; 243 uint32_t p1err_tx; 244 } ike_p1_errors_t; 245 246 typedef struct { 247 uint32_t p1key_type; 248 uint32_t p1key_len; 249 /* 250 * followed by (len - sizeof (ike_p1_key_t)) bytes of hex data, 251 * 64-bit aligned (pad bytes are added at the end, if necessary, 252 * and NOT INCLUDED in the len value, which reflects the actual 253 * key size). 254 */ 255 } ike_p1_key_t; 256 257 /* key info types for ike_p1_key_t struct */ 258 #define IKE_KEY_PRESHARED 1 259 #define IKE_KEY_SKEYID 2 260 #define IKE_KEY_SKEYID_D 3 261 #define IKE_KEY_SKEYID_A 4 262 #define IKE_KEY_SKEYID_E 5 263 #define IKE_KEY_ENCR 6 264 #define IKE_KEY_IV 7 265 266 typedef struct { 267 ike_p1_hdr_t p1sa_hdr; 268 ike_p1_xform_t p1sa_xform; 269 ike_addr_pr_t p1sa_ipaddrs; 270 uint16_t p1sa_stat_off; 271 uint16_t p1sa_stat_len; 272 uint16_t p1sa_error_off; 273 uint16_t p1sa_error_len; 274 uint16_t p1sa_localid_off; 275 uint16_t p1sa_localid_len; 276 uint16_t p1sa_remoteid_off; 277 uint16_t p1sa_remoteid_len; 278 uint16_t p1sa_key_off; 279 uint16_t p1sa_key_len; 280 uint32_t p1sa_reserved; 281 /* 282 * variable-length structures will be included here, as 283 * indicated by offset/length fields. 284 * stats and errors will be formatted as ike_p1_stats_t and 285 * ike_p1_errors_t, respectively. 286 * key info will be formatted as a series of p1_key_t structs. 287 * local/remote ids will be formatted as sadb_ident_t structs. 288 */ 289 } ike_p1_sa_t; 290 291 292 #define MAX_LABEL_LEN 256 293 294 295 /* data formatting structure for policy (rule) dumps */ 296 297 typedef struct { 298 char rule_label[MAX_LABEL_LEN]; 299 uint32_t rule_kmcookie; 300 uint16_t rule_ike_mode; 301 uint16_t rule_local_idtype; /* SADB_IDENTTYPE_* value */ 302 uint32_t rule_p1_nonce_len; 303 uint32_t rule_p2_nonce_len; 304 uint32_t rule_p2_pfs; 305 uint32_t rule_p2_lifetime; 306 uint16_t rule_xform_cnt; 307 uint16_t rule_xform_off; 308 uint16_t rule_locip_cnt; 309 uint16_t rule_locip_off; 310 uint16_t rule_remip_cnt; 311 uint16_t rule_remip_off; 312 uint16_t rule_locid_inclcnt; 313 uint16_t rule_locid_exclcnt; 314 uint16_t rule_locid_off; 315 uint16_t rule_remid_inclcnt; 316 uint16_t rule_remid_exclcnt; 317 uint16_t rule_remid_off; 318 /* 319 * Followed by several lists of variable-length structures, described 320 * by counts and offsets: 321 * transforms ike_p1_xform_t structs 322 * ranges of local ip addrs ike_addr_pr_t structs 323 * ranges of remote ip addrs ike_addr_pr_t structs 324 * local identification strings null-terminated ascii strings 325 * remote identification strings null-terminated ascii strings 326 */ 327 } ike_rule_t; 328 329 330 /* 331 * data formatting structure for preshared keys 332 * ps_ike_mode field uses the IKE_XCHG_* defs 333 */ 334 typedef struct { 335 ike_addr_pr_t ps_ipaddrs; 336 uint16_t ps_ike_mode; 337 uint16_t ps_localid_off; 338 uint16_t ps_localid_len; 339 uint16_t ps_remoteid_off; 340 uint16_t ps_remoteid_len; 341 uint16_t ps_key_off; 342 uint16_t ps_key_len; 343 uint16_t ps_key_bits; 344 /* 345 * followed by variable-length structures, as indicated by 346 * offset/length fields. 347 * key info will be formatted as an array of bytes. 348 * local/remote ids will be formatted as sadb_ident_t structs. 349 */ 350 } ike_ps_t; 351 352 353 /* identification types */ 354 #define IKE_ID_IDENT_PAIR 1 355 #define IKE_ID_ADDR_PAIR 2 356 #define IKE_ID_CKY_PAIR 3 357 #define IKE_ID_LABEL 4 358 359 360 /* locations for read/write requests */ 361 #define IKE_RW_LOC_DEFAULT 1 362 #define IKE_RW_LOC_USER_SPEC 2 363 364 365 /* door interface error codes */ 366 #define IKE_ERR_NO_OBJ 1 /* nothing found to match the request */ 367 #define IKE_ERR_NO_DESC 2 /* fd was required with this request */ 368 #define IKE_ERR_ID_INVALID 3 /* invalid id info was provided */ 369 #define IKE_ERR_LOC_INVALID 4 /* invalid location info was provided */ 370 #define IKE_ERR_CMD_INVALID 5 /* invalid command was provided */ 371 #define IKE_ERR_DATA_INVALID 6 /* invalid data was provided */ 372 #define IKE_ERR_CMD_NOTSUP 7 /* unsupported command */ 373 #define IKE_ERR_REQ_INVALID 8 /* badly formatted request */ 374 #define IKE_ERR_NO_PRIV 9 /* privilege level not high enough */ 375 #define IKE_ERR_SYS_ERR 10 /* syserr occurred while processing */ 376 #define IKE_ERR_DUP_IGNORED 11 /* attempt to add a duplicate entry */ 377 378 379 /* 380 * IKE_SVC_GET_DBG 381 * Used to request the current debug level. 382 * 383 * Upon request, dbg_level is 0 (don't care). 384 * 385 * Upon return, dbg_level contains the current value. 386 * 387 * 388 * IKE_SVC_SET_DBG 389 * Used to request modification of the debug level. 390 * 391 * Upon request, dbg_level contains desired level. If debug output is 392 * to be directed to a different file, the fd should be passed in the 393 * door_desc_t field of the door_arg_t param. NOTE: if the daemon is 394 * currently running in the background with no debug set, an output 395 * file MUST be given. 396 * 397 * Upon return, dbg_level contains the old debug level, and acknowledges 398 * successful completion of the request. If an error is encountered, 399 * ike_err_t is returned instead, with appropriate error value and cmd 400 * IKE_SVC_ERROR. 401 */ 402 typedef struct { 403 ike_svccmd_t cmd; 404 uint32_t dbg_level; 405 } ike_dbg_t; 406 407 /* 408 * IKE_SVC_GET_PRIV 409 * Used to request the current privilege level. 410 * 411 * Upon request, priv_level is 0 (don't care). 412 * 413 * Upon return, priv_level contains the current value. 414 * 415 * 416 * IKE_SVC_SET_PRIV 417 * Used to request modification of the privilege level. 418 * 419 * Upon request, priv_level contains the desired level. The level may 420 * only be lowered via the door interface; it cannot be raised. Thus, 421 * if in.iked is started at the lowest level, it cannot be changed. 422 * 423 * Upon return, priv_level contains the old privilege level, and 424 * acknowledges successful completion of the request. If an error is 425 * encountered, ike_err_t is returned instead, with appropriate error 426 * value and cmd IKE_SVC_ERROR. 427 */ 428 typedef struct { 429 ike_svccmd_t cmd; 430 uint32_t priv_level; 431 } ike_priv_t; 432 433 434 /* 435 * IKE_SVC_GET_STATS 436 * Used to request current statistics on Phase 1 SA creation and 437 * failures. The statistics represent all activity in in.iked. 438 * 439 * Upon request, cmd is set, and stat_len does not matter. 440 * 441 * Upon successful return, stat_len contains the total size of the 442 * returned buffer, which contains first the ike_statreq_t struct, 443 * followed by the stat data in the ike_stats_t structure. In case 444 * of an error in processing the request, ike_err_t is returned with 445 * IKE_SVC_ERROR command and appropriate error code. 446 */ 447 typedef struct { 448 ike_svccmd_t cmd; 449 uint32_t stat_len; 450 } ike_statreq_t; 451 452 453 /* 454 * IKE_SVC_DUMP_{P1S|RULES|PS} 455 * Used to request a table dump, and to return info for a single table 456 * item. The expectation is that all of the table data will be passed 457 * through the door, one entry at a time; an individual request must be 458 * sent for each entry, however (the door server can't send unrequested 459 * data). 460 * 461 * Upon request: cmd is set, and dump_next contains the item number 462 * requested (0 for first request). dump_len is 0; no data follows. 463 * 464 * Upon return: cmd is set, and dump_next contains the item number of 465 * the *next* item in the table (to be used in the subsequent request). 466 * dump_next = 0 indicates that this is the last item in the table. 467 * dump_len is the total length (data + struct) returned. Data is 468 * formatted as indicated by the cmd type: 469 * IKE_SVC_DUMP_P1S: ike_p1_sa_t 470 * IKE_SVC_DUMP_RULES: ike_rule_t 471 * IKE_SVC_DUMP_PS: ike_ps_t 472 */ 473 typedef struct { 474 ike_svccmd_t cmd; 475 uint32_t dump_len; 476 union { 477 struct { 478 uint32_t dump_unext; 479 uint32_t dump_ureserved; 480 } dump_actual; 481 uint64_t dump_alignment; 482 } dump_u; 483 #define dump_next dump_u.dump_actual.dump_unext 484 #define dump_reserved dump_u.dump_actual.dump_ureserved 485 /* dump_len - sizeof (ike_dump_t) bytes of data included here */ 486 } ike_dump_t; 487 488 489 /* 490 * IKE_SVC_GET_{P1|RULE|PS} 491 * Used to request and return individual table items. 492 * 493 * Upon request: get_len is the total msg length (struct + id data); 494 * get_idtype indicates the type of identification being used. 495 * IKE_SVC_GET_P1: ike_addr_pr_t or ike_cky_pr_t 496 * IKE_SVC_GET_RULE: char string (label) 497 * IKE_SVC_GET_PS: ike_addr_pr_t or pair of sadb_ident_t 498 * 499 * Upon return: get_len is the total size (struct + data), get_idtype 500 * is unused, and the data that follows is formatted according to cmd: 501 * IKE_SVC_GET_P1: ike_p1_sa_t 502 * IKE_SVC_GET_RULE: ike_rule_t 503 * IKE_SVC_GET_PS: ike_ps_t 504 */ 505 typedef struct { 506 ike_svccmd_t cmd; 507 uint32_t get_len; 508 union { 509 struct { 510 uint32_t getu_idtype; 511 uint32_t getu_reserved; 512 } get_actual; 513 uint64_t get_alignment; 514 } get_u; 515 #define get_idtype get_u.get_actual.getu_idtype 516 #define get_reserved get_u.get_actual.getu_reserved 517 /* get_len - sizeof (ike_get_t) bytes of data included here */ 518 } ike_get_t; 519 520 521 /* 522 * IKE_SVC_NEW_{RULE|PS} 523 * Used to request and acknowledge insertion of a table item. 524 * 525 * Upon request: new_len is the total (data + struct) size passed, or 0. 526 * new_len = 0 => a door_desc_t is also included with a file descriptor 527 * for a file containing the data to be added. The file should include 528 * a single item: a rule, or a pre-shared key. For new_len != 0, the 529 * data is formatted according to the cmd type: 530 * IKE_SVC_NEW_RULE: ike_rule_t 531 * IKE_SVC_NEW_PS: ike_ps_t 532 * 533 * Upon return: new_len is 0; simply acknowledges successful insertion 534 * of the requested item. If insertion is not successful, ike_err_t is 535 * returned instead with appropriate error value. 536 */ 537 typedef struct { 538 ike_svccmd_t cmd; 539 uint32_t new_len; 540 /* new_len - sizeof (ike_new_t) bytes included here */ 541 uint64_t new_align; /* Padding for 64-bit alignment. */ 542 } ike_new_t; 543 544 545 /* 546 * IKE_SVC_DEL_{P1|RULE|PS} 547 * Used to request and acknowledge the deletion of an individual table 548 * item. 549 * 550 * Upon request: del_len is the total msg length (struct + id data); 551 * del_idtype indicates the type of identification being used. 552 * IKE_SVC_DEL_P1: ike_addr_pr_t or ike_cky_pr_t 553 * IKE_SVC_DEL_RULE: char string (label) 554 * IKE_SVC_DEL_PS: ike_addr_pr_t or pair of sadb_ident_t 555 * 556 * Upon return: acknowledges deletion of the requested item; del_len and 557 * del_idtype are unspecified. If deletion is not successful, ike_err_t 558 * is returned instead with appropriate error value. 559 */ 560 typedef struct { 561 ike_svccmd_t cmd; 562 uint32_t del_len; 563 uint32_t del_idtype; 564 uint32_t del_reserved; 565 /* del_len - sizeof (ike_del_t) bytes of data included here. */ 566 } ike_del_t; 567 568 569 /* 570 * IKE_SVC_READ_{RULES|PS} 571 * Used to ask daemon to re-read particular configuration info. 572 * 573 * Upon request: rw_loc indicates where the info should be read from: 574 * either from a user-supplied file descriptor(s), or from the default 575 * location(s). If rw_loc indicates user-supplied location, the file 576 * descriptor(s) should be passed in the door_desc_t struct. For the 577 * IKE_SVC_READ_RULES cmd, two file descriptors should be specified: 578 * first, one for the config file which contains the data to be read, 579 * and second, one for the cookie file which will be written to as 580 * in.iked process the config file. 581 * 582 * Upon return: rw_loc is unspecified; the message simply acknowledges 583 * successful completion of the request. If an error occurred, 584 * ike_err_t is returned instead with appropriate error value. 585 * 586 * 587 * IKE_SVC_WRITE_{RULES|PS} 588 * Used to ask daemon to write its current config info to files. 589 * 590 * Request and return are handled the same as for the IKE_SVC_READ_* 591 * cmds; however, the rw_loc MUST be a user-supplied location. Also, 592 * for the IKE_SVC_WRITE_RULES cmd, the cookie file fd is not required; 593 * only a single fd, for the file to which the config info should be 594 * written, should be passed in. 595 */ 596 typedef struct { 597 ike_svccmd_t cmd; 598 uint32_t rw_loc; 599 } ike_rw_t; 600 601 602 /* 603 * IKE_SVC_FLUSH_P1S 604 * Used to request and acknowledge tear-down of all P1 SAs. 605 */ 606 typedef struct { 607 ike_svccmd_t cmd; 608 } ike_flush_t; 609 610 611 /* 612 * IKE_SVC_ERROR 613 * Used on return if server encountered an error while processing 614 * the request. An appropriate error code is included (as defined 615 * in this header file); in the case of IKE_ERR_SYS_ERR, a value 616 * from the UNIX errno space is included in the ike_err_unix field. 617 */ 618 typedef struct { 619 ike_svccmd_t cmd; 620 uint32_t ike_err; 621 uint32_t ike_err_unix; 622 uint32_t ike_err_reserved; 623 } ike_err_t; 624 625 626 /* 627 * Generic type for use when the request/reply type is unknown 628 */ 629 typedef struct { 630 ike_svccmd_t cmd; 631 } ike_cmd_t; 632 633 634 /* 635 * Union containing all possible request/retrun structures. 636 */ 637 typedef union { 638 ike_cmd_t svc_cmd; 639 ike_dbg_t svc_dbg; 640 ike_priv_t svc_priv; 641 ike_statreq_t svc_stats; 642 ike_dump_t svc_dump; 643 ike_get_t svc_get; 644 ike_new_t svc_new; 645 ike_del_t svc_del; 646 ike_rw_t svc_rw; 647 ike_flush_t svc_flush; 648 ike_err_t svc_err; 649 } ike_service_t; 650 651 #ifdef __cplusplus 652 } 653 #endif 654 655 #endif /* _IKEDOOR_H */ 656