1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2000-2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _IKEDOOR_H 28 #define _IKEDOOR_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <limits.h> 37 #include <sys/sysmacros.h> 38 #include <net/pfkeyv2.h> 39 #include <door.h> 40 41 #define DOORNM "/var/run/ike_door" 42 43 44 typedef enum { 45 IKE_SVC_GET_DBG, 46 IKE_SVC_SET_DBG, 47 48 IKE_SVC_GET_PRIV, 49 IKE_SVC_SET_PRIV, 50 51 IKE_SVC_GET_STATS, 52 53 IKE_SVC_GET_P1, 54 IKE_SVC_DEL_P1, 55 IKE_SVC_DUMP_P1S, 56 IKE_SVC_FLUSH_P1S, 57 58 IKE_SVC_GET_RULE, 59 IKE_SVC_NEW_RULE, 60 IKE_SVC_DEL_RULE, 61 IKE_SVC_DUMP_RULES, 62 IKE_SVC_READ_RULES, 63 IKE_SVC_WRITE_RULES, 64 65 IKE_SVC_GET_PS, 66 IKE_SVC_NEW_PS, 67 IKE_SVC_DEL_PS, 68 IKE_SVC_DUMP_PS, 69 IKE_SVC_READ_PS, 70 IKE_SVC_WRITE_PS, 71 72 IKE_SVC_DBG_RBDUMP, 73 74 IKE_SVC_ERROR 75 } ike_svccmd_t; 76 77 #define IKE_SVC_MAX IKE_SVC_ERROR 78 79 80 /* 81 * Support structures/defines 82 */ 83 84 #define IKEDOORROUNDUP(i) P2ROUNDUP((i), sizeof (uint64_t)) 85 86 /* 87 * Debug categories. The debug level is a bitmask made up of 88 * flags indicating the desired categories; only 31 bits are 89 * available, as the highest-order bit designates an invalid 90 * setting. 91 */ 92 #define D_INVALID 0x80000000 93 94 #define D_CERT 0x00000001 /* certificate management */ 95 #define D_KEY 0x00000002 /* key management */ 96 #define D_OP 0x00000004 /* operational: config, init, mem */ 97 #define D_P1 0x00000008 /* phase 1 negotiation */ 98 #define D_P2 0x00000010 /* phase 2 negotiation */ 99 #define D_PFKEY 0x00000020 /* pf key interface */ 100 #define D_POL 0x00000040 /* policy management */ 101 #define D_PROP 0x00000080 /* proposal construction */ 102 #define D_DOOR 0x00000100 /* door server */ 103 #define D_CONFIG 0x00000200 /* config file processing */ 104 105 #define D_HIGHBIT 0x00000200 106 #define D_ALL 0x000003ff 107 108 /* 109 * Access privilege levels: define level of access to keying information. 110 * The privileges granted at each level is a superset of the privileges 111 * granted at all lower levels. 112 * 113 * The door operations which require special privileges are: 114 * 115 * - receiving keying material for SAs and preshared key entries 116 * IKE_PRIV_KEYMAT must be set for this. 117 * 118 * - get/dump/new/delete/read/write preshared keys 119 * IKE_PRIV_KEYMAT or IKE_PRIV_MODKEYS must be set to do this. 120 * If IKE_PRIV_MODKEYS is set, the information returned for a 121 * get/dump request will not include the actual key; in order 122 * to get the key itself, IKE_PRIV_KEYMAT must be set. 123 * 124 * - modifying the privilege level: the daemon's privilege level 125 * is set when the daemon is started; the level may only be 126 * lowered via the door interface. 127 * 128 * All other operations are allowed at any privilege level. 129 */ 130 #define IKE_PRIV_MINIMUM 0 131 #define IKE_PRIV_MODKEYS 1 132 #define IKE_PRIV_KEYMAT 2 133 #define IKE_PRIV_MAXIMUM 2 134 135 /* global ike stats formatting structure */ 136 typedef struct { 137 uint32_t st_init_p1_current; 138 uint32_t st_resp_p1_current; 139 uint32_t st_init_p1_total; 140 uint32_t st_resp_p1_total; 141 uint32_t st_init_p1_attempts; 142 uint32_t st_resp_p1_attempts; 143 uint32_t st_init_p1_noresp; /* failed; no response from peer */ 144 uint32_t st_init_p1_respfail; /* failed, but peer responded */ 145 uint32_t st_resp_p1_fail; 146 uint32_t st_reserved; 147 char st_pkcs11_libname[PATH_MAX]; 148 } ike_stats_t; 149 150 151 /* data formatting structures for P1 SA dumps */ 152 typedef struct { 153 struct sockaddr_storage loc_addr; 154 struct sockaddr_storage rem_addr; 155 #define beg_iprange loc_addr 156 #define end_iprange rem_addr 157 } ike_addr_pr_t; 158 159 typedef struct { 160 uint64_t cky_i; 161 uint64_t cky_r; 162 } ike_cky_pr_t; 163 164 typedef struct { 165 ike_cky_pr_t p1hdr_cookies; 166 uint8_t p1hdr_major; 167 uint8_t p1hdr_minor; 168 uint8_t p1hdr_xchg; 169 uint8_t p1hdr_isinit; 170 uint32_t p1hdr_state; 171 } ike_p1_hdr_t; 172 173 /* values for p1hdr_xchg (aligned with RFC2408, section 3.1) */ 174 #define IKE_XCHG_NONE 0 175 #define IKE_XCHG_BASE 1 176 #define IKE_XCHG_IDENTITY_PROTECT 2 177 #define IKE_XCHG_AUTH_ONLY 3 178 #define IKE_XCHG_AGGRESSIVE 4 179 /* following not from RFC; used only for preshared key definitions */ 180 #define IKE_XCHG_IP_AND_AGGR 240 181 /* also not from RFC; used as wildcard */ 182 #define IKE_XCHG_ANY 256 183 184 /* values for p1hdr_state */ 185 #define IKE_SA_STATE_INVALID 0 186 #define IKE_SA_STATE_INIT 1 187 #define IKE_SA_STATE_SENT_SA 2 188 #define IKE_SA_STATE_SENT_KE 3 189 #define IKE_SA_STATE_SENT_LAST 4 190 #define IKE_SA_STATE_DONE 5 191 #define IKE_SA_STATE_DELETED 6 192 193 typedef struct { 194 uint16_t p1xf_dh_group; 195 uint16_t p1xf_encr_alg; 196 uint16_t p1xf_auth_alg; 197 uint16_t p1xf_auth_meth; 198 uint16_t p1xf_prf; 199 uint16_t p1xf_pfs; 200 uint32_t p1xf_max_secs; 201 uint32_t p1xf_max_kbytes; 202 uint32_t p1xf_max_keyuses; 203 } ike_p1_xform_t; 204 205 /* values for p1xf_dh_group (aligned with RFC2409, Appendix A) */ 206 #define IKE_GRP_DESC_MODP_768 1 207 #define IKE_GRP_DESC_MODP_1024 2 208 #define IKE_GRP_DESC_EC2N_155 3 209 #define IKE_GRP_DESC_EC2N_185 4 210 #define IKE_GRP_DESC_MODP_1536 5 211 212 /* values for p1xf_auth_meth (aligned with RFC2409, Appendix A) */ 213 #define IKE_AUTH_METH_PRE_SHARED_KEY 1 214 #define IKE_AUTH_METH_DSS_SIG 2 215 #define IKE_AUTH_METH_RSA_SIG 3 216 #define IKE_AUTH_METH_RSA_ENCR 4 217 #define IKE_AUTH_METH_RSA_ENCR_REVISED 5 218 219 /* values for p1xf_prf */ 220 #define IKE_PRF_NONE 0 221 #define IKE_PRF_HMAC_MD5 1 222 #define IKE_PRF_HMAC_SHA1 2 223 224 typedef struct { 225 /* 226 * NOTE: the new and del counters count the actual number of SAs, 227 * not the number of "suites", as defined in the ike monitoring 228 * mib draft; we do this because we don't have a good way of 229 * tracking the deletion of entire suites (we're notified of 230 * deleted qm sas individually). 231 */ 232 uint32_t p1stat_new_qm_sas; 233 uint32_t p1stat_del_qm_sas; 234 uint64_t p1stat_start; 235 uint32_t p1stat_kbytes; 236 uint32_t p1stat_keyuses; 237 } ike_p1_stats_t; 238 239 typedef struct { 240 uint32_t p1err_decrypt; 241 uint32_t p1err_hash; 242 uint32_t p1err_otherrx; 243 uint32_t p1err_tx; 244 } ike_p1_errors_t; 245 246 typedef struct { 247 uint32_t p1key_type; 248 uint32_t p1key_len; 249 /* 250 * followed by (len - sizeof (ike_p1_key_t)) bytes of hex data, 251 * 64-bit aligned (pad bytes are added at the end, if necessary, 252 * and NOT INCLUDED in the len value, which reflects the actual 253 * key size). 254 */ 255 } ike_p1_key_t; 256 257 /* key info types for ike_p1_key_t struct */ 258 #define IKE_KEY_PRESHARED 1 259 #define IKE_KEY_SKEYID 2 260 #define IKE_KEY_SKEYID_D 3 261 #define IKE_KEY_SKEYID_A 4 262 #define IKE_KEY_SKEYID_E 5 263 #define IKE_KEY_ENCR 6 264 #define IKE_KEY_IV 7 265 266 typedef struct { 267 ike_p1_hdr_t p1sa_hdr; 268 ike_p1_xform_t p1sa_xform; 269 ike_addr_pr_t p1sa_ipaddrs; 270 uint16_t p1sa_stat_off; 271 uint16_t p1sa_stat_len; 272 uint16_t p1sa_error_off; 273 uint16_t p1sa_error_len; 274 uint16_t p1sa_localid_off; 275 uint16_t p1sa_localid_len; 276 uint16_t p1sa_remoteid_off; 277 uint16_t p1sa_remoteid_len; 278 uint16_t p1sa_key_off; 279 uint16_t p1sa_key_len; 280 uint32_t p1sa_reserved; 281 /* 282 * variable-length structures will be included here, as 283 * indicated by offset/length fields. 284 * stats and errors will be formatted as ike_p1_stats_t and 285 * ike_p1_errors_t, respectively. 286 * key info will be formatted as a series of p1_key_t structs. 287 * local/remote ids will be formatted as sadb_ident_t structs. 288 */ 289 } ike_p1_sa_t; 290 291 292 #define MAX_LABEL_LEN 256 293 294 295 /* data formatting structure for policy (rule) dumps */ 296 297 typedef struct { 298 char rule_label[MAX_LABEL_LEN]; 299 uint32_t rule_kmcookie; 300 uint16_t rule_ike_mode; 301 uint16_t rule_local_idtype; /* SADB_IDENTTYPE_* value */ 302 uint32_t rule_p1_nonce_len; 303 uint32_t rule_p2_nonce_len; 304 uint32_t rule_p2_pfs; 305 uint32_t rule_p2_lifetime; 306 uint16_t rule_xform_cnt; 307 uint16_t rule_xform_off; 308 uint16_t rule_locip_cnt; 309 uint16_t rule_locip_off; 310 uint16_t rule_remip_cnt; 311 uint16_t rule_remip_off; 312 uint16_t rule_locid_inclcnt; 313 uint16_t rule_locid_exclcnt; 314 uint16_t rule_locid_off; 315 uint16_t rule_remid_inclcnt; 316 uint16_t rule_remid_exclcnt; 317 uint16_t rule_remid_off; 318 /* 319 * Followed by several lists of variable-length structures, described 320 * by counts and offsets: 321 * transforms ike_p1_xform_t structs 322 * ranges of local ip addrs ike_addr_pr_t structs 323 * ranges of remote ip addrs ike_addr_pr_t structs 324 * local identification strings null-terminated ascii strings 325 * remote identification strings null-terminated ascii strings 326 */ 327 } ike_rule_t; 328 329 330 /* 331 * data formatting structure for preshared keys 332 * ps_ike_mode field uses the IKE_XCHG_* defs 333 */ 334 typedef struct { 335 ike_addr_pr_t ps_ipaddrs; 336 uint16_t ps_ike_mode; 337 uint16_t ps_localid_off; 338 uint16_t ps_localid_len; 339 uint16_t ps_remoteid_off; 340 uint16_t ps_remoteid_len; 341 uint16_t ps_key_off; 342 uint16_t ps_key_len; 343 uint16_t ps_key_bits; 344 /* 345 * followed by variable-length structures, as indicated by 346 * offset/length fields. 347 * key info will be formatted as an array of bytes. 348 * local/remote ids will be formatted as sadb_ident_t structs. 349 */ 350 } ike_ps_t; 351 352 353 /* identification types */ 354 #define IKE_ID_IDENT_PAIR 1 355 #define IKE_ID_ADDR_PAIR 2 356 #define IKE_ID_CKY_PAIR 3 357 #define IKE_ID_LABEL 4 358 359 360 /* locations for read/write requests */ 361 #define IKE_RW_LOC_DEFAULT 1 362 #define IKE_RW_LOC_USER_SPEC 2 363 364 365 /* door interface error codes */ 366 #define IKE_ERR_NO_OBJ 1 /* nothing found to match the request */ 367 #define IKE_ERR_NO_DESC 2 /* fd was required with this request */ 368 #define IKE_ERR_ID_INVALID 3 /* invalid id info was provided */ 369 #define IKE_ERR_LOC_INVALID 4 /* invalid location info was provided */ 370 #define IKE_ERR_CMD_INVALID 5 /* invalid command was provided */ 371 #define IKE_ERR_DATA_INVALID 6 /* invalid data was provided */ 372 #define IKE_ERR_CMD_NOTSUP 7 /* unsupported command */ 373 #define IKE_ERR_REQ_INVALID 8 /* badly formatted request */ 374 #define IKE_ERR_NO_PRIV 9 /* privilege level not high enough */ 375 #define IKE_ERR_SYS_ERR 10 /* syserr occurred while processing */ 376 377 378 /* 379 * IKE_SVC_GET_DBG 380 * Used to request the current debug level. 381 * 382 * Upon request, dbg_level is 0 (don't care). 383 * 384 * Upon return, dbg_level contains the current value. 385 * 386 * 387 * IKE_SVC_SET_DBG 388 * Used to request modification of the debug level. 389 * 390 * Upon request, dbg_level contains desired level. If debug output is 391 * to be directed to a different file, the fd should be passed in the 392 * door_desc_t field of the door_arg_t param. NOTE: if the daemon is 393 * currently running in the background with no debug set, an output 394 * file MUST be given. 395 * 396 * Upon return, dbg_level contains the old debug level, and acknowledges 397 * successful completion of the request. If an error is encountered, 398 * ike_err_t is returned instead, with appropriate error value and cmd 399 * IKE_SVC_ERROR. 400 */ 401 typedef struct { 402 ike_svccmd_t cmd; 403 uint32_t dbg_level; 404 } ike_dbg_t; 405 406 /* 407 * IKE_SVC_GET_PRIV 408 * Used to request the current privilege level. 409 * 410 * Upon request, priv_level is 0 (don't care). 411 * 412 * Upon return, priv_level contains the current value. 413 * 414 * 415 * IKE_SVC_SET_PRIV 416 * Used to request modification of the privilege level. 417 * 418 * Upon request, priv_level contains the desired level. The level may 419 * only be lowered via the door interface; it cannot be raised. Thus, 420 * if in.iked is started at the lowest level, it cannot be changed. 421 * 422 * Upon return, priv_level contains the old privilege level, and 423 * acknowledges successful completion of the request. If an error is 424 * encountered, ike_err_t is returned instead, with appropriate error 425 * value and cmd IKE_SVC_ERROR. 426 */ 427 typedef struct { 428 ike_svccmd_t cmd; 429 uint32_t priv_level; 430 } ike_priv_t; 431 432 433 /* 434 * IKE_SVC_GET_STATS 435 * Used to request current statistics on Phase 1 SA creation and 436 * failures. The statistics represent all activity in in.iked. 437 * 438 * Upon request, cmd is set, and stat_len does not matter. 439 * 440 * Upon successful return, stat_len contains the total size of the 441 * returned buffer, which contains first the ike_statreq_t struct, 442 * followed by the stat data in the ike_stats_t structure. In case 443 * of an error in processing the request, ike_err_t is returned with 444 * IKE_SVC_ERROR command and appropriate error code. 445 */ 446 typedef struct { 447 ike_svccmd_t cmd; 448 uint32_t stat_len; 449 } ike_statreq_t; 450 451 452 /* 453 * IKE_SVC_DUMP_{P1S|RULES|PS} 454 * Used to request a table dump, and to return info for a single table 455 * item. The expectation is that all of the table data will be passed 456 * through the door, one entry at a time; an individual request must be 457 * sent for each entry, however (the door server can't send unrequested 458 * data). 459 * 460 * Upon request: cmd is set, and dump_next contains the item number 461 * requested (0 for first request). dump_len is 0; no data follows. 462 * 463 * Upon return: cmd is set, and dump_next contains the item number of 464 * the *next* item in the table (to be used in the subsequent request). 465 * dump_next = 0 indicates that this is the last item in the table. 466 * dump_len is the total length (data + struct) returned. Data is 467 * formatted as indicated by the cmd type: 468 * IKE_SVC_DUMP_P1S: ike_p1_sa_t 469 * IKE_SVC_DUMP_RULES: ike_rule_t 470 * IKE_SVC_DUMP_PS: ike_ps_t 471 */ 472 typedef struct { 473 ike_svccmd_t cmd; 474 uint32_t dump_len; 475 union { 476 struct { 477 uint32_t dump_unext; 478 uint32_t dump_ureserved; 479 } dump_actual; 480 uint64_t dump_alignment; 481 } dump_u; 482 #define dump_next dump_u.dump_actual.dump_unext 483 #define dump_reserved dump_u.dump_actual.dump_ureserved 484 /* dump_len - sizeof (ike_dump_t) bytes of data included here */ 485 } ike_dump_t; 486 487 488 /* 489 * IKE_SVC_GET_{P1|RULE|PS} 490 * Used to request and return individual table items. 491 * 492 * Upon request: get_len is the total msg length (struct + id data); 493 * get_idtype indicates the type of identification being used. 494 * IKE_SVC_GET_P1: ike_addr_pr_t or ike_cky_pr_t 495 * IKE_SVC_GET_RULE: char string (label) 496 * IKE_SVC_GET_PS: ike_addr_pr_t or pair of sadb_ident_t 497 * 498 * Upon return: get_len is the total size (struct + data), get_idtype 499 * is unused, and the data that follows is formatted according to cmd: 500 * IKE_SVC_GET_P1: ike_p1_sa_t 501 * IKE_SVC_GET_RULE: ike_rule_t 502 * IKE_SVC_GET_PS: ike_ps_t 503 */ 504 typedef struct { 505 ike_svccmd_t cmd; 506 uint32_t get_len; 507 union { 508 struct { 509 uint32_t getu_idtype; 510 uint32_t getu_reserved; 511 } get_actual; 512 uint64_t get_alignment; 513 } get_u; 514 #define get_idtype get_u.get_actual.getu_idtype 515 #define get_reserved get_u.get_actual.getu_reserved 516 /* get_len - sizeof (ike_get_t) bytes of data included here */ 517 } ike_get_t; 518 519 520 /* 521 * IKE_SVC_NEW_{RULE|PS} 522 * Used to request and acknowledge insertion of a table item. 523 * 524 * Upon request: new_len is the total (data + struct) size passed, or 0. 525 * new_len = 0 => a door_desc_t is also included with a file descriptor 526 * for a file containing the data to be added. The file should include 527 * a single item: a rule, or a pre-shared key. For new_len != 0, the 528 * data is formatted according to the cmd type: 529 * IKE_SVC_NEW_RULE: ike_rule_t 530 * IKE_SVC_NEW_PS: ike_ps_t 531 * 532 * Upon return: new_len is 0; simply acknowledges successful insertion 533 * of the requested item. If insertion is not successful, ike_err_t is 534 * returned instead with appropriate error value. 535 */ 536 typedef struct { 537 ike_svccmd_t cmd; 538 uint32_t new_len; 539 /* new_len - sizeof (ike_new_t) bytes included here */ 540 uint64_t new_align; /* Padding for 64-bit alignment. */ 541 } ike_new_t; 542 543 544 /* 545 * IKE_SVC_DEL_{P1|RULE|PS} 546 * Used to request and acknowledge the deletion of an individual table 547 * item. 548 * 549 * Upon request: del_len is the total msg length (struct + id data); 550 * del_idtype indicates the type of identification being used. 551 * IKE_SVC_DEL_P1: ike_addr_pr_t or ike_cky_pr_t 552 * IKE_SVC_DEL_RULE: char string (label) 553 * IKE_SVC_DEL_PS: ike_addr_pr_t or pair of sadb_ident_t 554 * 555 * Upon return: acknowledges deletion of the requested item; del_len and 556 * del_idtype are unspecified. If deletion is not successful, ike_err_t 557 * is returned instead with appropriate error value. 558 */ 559 typedef struct { 560 ike_svccmd_t cmd; 561 uint32_t del_len; 562 uint32_t del_idtype; 563 uint32_t del_reserved; 564 /* del_len - sizeof (ike_del_t) bytes of data included here. */ 565 } ike_del_t; 566 567 568 /* 569 * IKE_SVC_READ_{RULES|PS} 570 * Used to ask daemon to re-read particular configuration info. 571 * 572 * Upon request: rw_loc indicates where the info should be read from: 573 * either from a user-supplied file descriptor(s), or from the default 574 * location(s). If rw_loc indicates user-supplied location, the file 575 * descriptor(s) should be passed in the door_desc_t struct. For the 576 * IKE_SVC_READ_RULES cmd, two file descriptors should be specified: 577 * first, one for the config file which contains the data to be read, 578 * and second, one for the cookie file which will be written to as 579 * in.iked process the config file. 580 * 581 * Upon return: rw_loc is unspecified; the message simply acknowledges 582 * successful completion of the request. If an error occurred, 583 * ike_err_t is returned instead with appropriate error value. 584 * 585 * 586 * IKE_SVC_WRITE_{RULES|PS} 587 * Used to ask daemon to write its current config info to files. 588 * 589 * Request and return are handled the same as for the IKE_SVC_READ_* 590 * cmds; however, the rw_loc MUST be a user-supplied location. Also, 591 * for the IKE_SVC_WRITE_RULES cmd, the cookie file fd is not required; 592 * only a single fd, for the file to which the config info should be 593 * written, should be passed in. 594 */ 595 typedef struct { 596 ike_svccmd_t cmd; 597 uint32_t rw_loc; 598 } ike_rw_t; 599 600 601 /* 602 * IKE_SVC_FLUSH_P1S 603 * Used to request and acknowledge tear-down of all P1 SAs. 604 */ 605 typedef struct { 606 ike_svccmd_t cmd; 607 } ike_flush_t; 608 609 610 /* 611 * IKE_SVC_ERROR 612 * Used on return if server encountered an error while processing 613 * the request. An appropriate error code is included (as defined 614 * in this header file); in the case of IKE_ERR_SYS_ERR, a value 615 * from the UNIX errno space is included in the ike_err_unix field. 616 */ 617 typedef struct { 618 ike_svccmd_t cmd; 619 uint32_t ike_err; 620 uint32_t ike_err_unix; 621 uint32_t ike_err_reserved; 622 } ike_err_t; 623 624 625 /* 626 * Generic type for use when the request/reply type is unknown 627 */ 628 typedef struct { 629 ike_svccmd_t cmd; 630 } ike_cmd_t; 631 632 633 /* 634 * Union containing all possible request/retrun structures. 635 */ 636 typedef union { 637 ike_cmd_t svc_cmd; 638 ike_dbg_t svc_dbg; 639 ike_priv_t svc_priv; 640 ike_statreq_t svc_stats; 641 ike_dump_t svc_dump; 642 ike_get_t svc_get; 643 ike_new_t svc_new; 644 ike_del_t svc_del; 645 ike_rw_t svc_rw; 646 ike_flush_t svc_flush; 647 ike_err_t svc_err; 648 } ike_service_t; 649 650 #ifdef __cplusplus 651 } 652 #endif 653 654 #endif /* _IKEDOOR_H */ 655