1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #ifndef _NET_PFKEYV2_H 28*7c478bd9Sstevel@tonic-gate #define _NET_PFKEYV2_H 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate /* 33*7c478bd9Sstevel@tonic-gate * Definitions and structures for PF_KEY version 2. See RFC 2367 for 34*7c478bd9Sstevel@tonic-gate * more details. SA == Security Association, which is what PF_KEY provides 35*7c478bd9Sstevel@tonic-gate * an API for managing. 36*7c478bd9Sstevel@tonic-gate */ 37*7c478bd9Sstevel@tonic-gate 38*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 39*7c478bd9Sstevel@tonic-gate extern "C" { 40*7c478bd9Sstevel@tonic-gate #endif 41*7c478bd9Sstevel@tonic-gate 42*7c478bd9Sstevel@tonic-gate #define PF_KEY_V2 2 43*7c478bd9Sstevel@tonic-gate #define PFKEYV2_REVISION 200109L 44*7c478bd9Sstevel@tonic-gate 45*7c478bd9Sstevel@tonic-gate /* 46*7c478bd9Sstevel@tonic-gate * Base PF_KEY message. 47*7c478bd9Sstevel@tonic-gate */ 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gate typedef struct sadb_msg { 50*7c478bd9Sstevel@tonic-gate uint8_t sadb_msg_version; /* Version, currently PF_KEY_V2 */ 51*7c478bd9Sstevel@tonic-gate uint8_t sadb_msg_type; /* ADD, UPDATE, etc. */ 52*7c478bd9Sstevel@tonic-gate uint8_t sadb_msg_errno; /* Error number from UNIX errno space */ 53*7c478bd9Sstevel@tonic-gate uint8_t sadb_msg_satype; /* ESP, AH, etc. */ 54*7c478bd9Sstevel@tonic-gate uint16_t sadb_msg_len; /* Length in 64-bit words. */ 55*7c478bd9Sstevel@tonic-gate uint16_t sadb_msg_reserved; /* must be zero */ 56*7c478bd9Sstevel@tonic-gate /* 57*7c478bd9Sstevel@tonic-gate * Use the reserved field for extended diagnostic information on errno 58*7c478bd9Sstevel@tonic-gate * responses. 59*7c478bd9Sstevel@tonic-gate */ 60*7c478bd9Sstevel@tonic-gate #define sadb_x_msg_diagnostic sadb_msg_reserved 61*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 62*7c478bd9Sstevel@tonic-gate union { 63*7c478bd9Sstevel@tonic-gate struct { 64*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_useq; /* Set by originator */ 65*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_msg_upid; /* Set by originator */ 66*7c478bd9Sstevel@tonic-gate } sadb_x_msg_actual; 67*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_msg_alignment; 68*7c478bd9Sstevel@tonic-gate } sadb_x_msg_u; 69*7c478bd9Sstevel@tonic-gate #define sadb_msg_seq sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_useq 70*7c478bd9Sstevel@tonic-gate #define sadb_msg_pid sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_upid 71*7c478bd9Sstevel@tonic-gate } sadb_msg_t; 72*7c478bd9Sstevel@tonic-gate 73*7c478bd9Sstevel@tonic-gate /* 74*7c478bd9Sstevel@tonic-gate * Generic extension header. 75*7c478bd9Sstevel@tonic-gate */ 76*7c478bd9Sstevel@tonic-gate 77*7c478bd9Sstevel@tonic-gate typedef struct sadb_ext { 78*7c478bd9Sstevel@tonic-gate union { 79*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 80*7c478bd9Sstevel@tonic-gate struct { 81*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_ulen; /* In 64s, inclusive */ 82*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_ext_utype; /* 0 is reserved */ 83*7c478bd9Sstevel@tonic-gate } sadb_x_ext_actual; 84*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ext_alignment; 85*7c478bd9Sstevel@tonic-gate } sadb_x_ext_u; 86*7c478bd9Sstevel@tonic-gate #define sadb_ext_len sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_ulen 87*7c478bd9Sstevel@tonic-gate #define sadb_ext_type sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_utype 88*7c478bd9Sstevel@tonic-gate } sadb_ext_t; 89*7c478bd9Sstevel@tonic-gate 90*7c478bd9Sstevel@tonic-gate /* 91*7c478bd9Sstevel@tonic-gate * Security Association information extension. 92*7c478bd9Sstevel@tonic-gate */ 93*7c478bd9Sstevel@tonic-gate 94*7c478bd9Sstevel@tonic-gate typedef struct sadb_sa { 95*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 96*7c478bd9Sstevel@tonic-gate union { 97*7c478bd9Sstevel@tonic-gate struct { 98*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_ulen; 99*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_sa_uexttype; /* ASSOCIATION */ 100*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_sa_uspi; /* Sec. Param. Index */ 101*7c478bd9Sstevel@tonic-gate } sadb_x_sa_uactual; 102*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_sa_alignment; 103*7c478bd9Sstevel@tonic-gate } sadb_x_sa_u; 104*7c478bd9Sstevel@tonic-gate #define sadb_sa_len sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_ulen 105*7c478bd9Sstevel@tonic-gate #define sadb_sa_exttype sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uexttype 106*7c478bd9Sstevel@tonic-gate #define sadb_sa_spi sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uspi 107*7c478bd9Sstevel@tonic-gate uint8_t sadb_sa_replay; /* Replay counter */ 108*7c478bd9Sstevel@tonic-gate uint8_t sadb_sa_state; /* MATURE, DEAD, DYING, LARVAL */ 109*7c478bd9Sstevel@tonic-gate uint8_t sadb_sa_auth; /* Authentication algorithm */ 110*7c478bd9Sstevel@tonic-gate uint8_t sadb_sa_encrypt; /* Encryption algorithm */ 111*7c478bd9Sstevel@tonic-gate uint32_t sadb_sa_flags; /* SA flags. */ 112*7c478bd9Sstevel@tonic-gate } sadb_sa_t; 113*7c478bd9Sstevel@tonic-gate 114*7c478bd9Sstevel@tonic-gate /* 115*7c478bd9Sstevel@tonic-gate * SA Lifetime extension. Already 64-bit aligned thanks to uint64_t fields. 116*7c478bd9Sstevel@tonic-gate */ 117*7c478bd9Sstevel@tonic-gate 118*7c478bd9Sstevel@tonic-gate typedef struct sadb_lifetime { 119*7c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_len; 120*7c478bd9Sstevel@tonic-gate uint16_t sadb_lifetime_exttype; /* SOFT, HARD, CURRENT */ 121*7c478bd9Sstevel@tonic-gate uint32_t sadb_lifetime_allocations; 122*7c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_bytes; 123*7c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_addtime; /* These fields are assumed to hold */ 124*7c478bd9Sstevel@tonic-gate uint64_t sadb_lifetime_usetime; /* >= sizeof (time_t). */ 125*7c478bd9Sstevel@tonic-gate } sadb_lifetime_t; 126*7c478bd9Sstevel@tonic-gate 127*7c478bd9Sstevel@tonic-gate /* 128*7c478bd9Sstevel@tonic-gate * SA address information. 129*7c478bd9Sstevel@tonic-gate */ 130*7c478bd9Sstevel@tonic-gate 131*7c478bd9Sstevel@tonic-gate typedef struct sadb_address { 132*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 133*7c478bd9Sstevel@tonic-gate union { 134*7c478bd9Sstevel@tonic-gate struct { 135*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ulen; 136*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_uexttype; /* SRC, DST, PROXY */ 137*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uproto; /* Proto for ports... */ 138*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_address_uprefixlen; /* Prefix length. */ 139*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_address_ureserved; /* Padding */ 140*7c478bd9Sstevel@tonic-gate } sadb_x_address_actual; 141*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_address_alignment; 142*7c478bd9Sstevel@tonic-gate } sadb_x_address_u; 143*7c478bd9Sstevel@tonic-gate #define sadb_address_len \ 144*7c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ulen 145*7c478bd9Sstevel@tonic-gate #define sadb_address_exttype \ 146*7c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uexttype 147*7c478bd9Sstevel@tonic-gate #define sadb_address_proto \ 148*7c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uproto 149*7c478bd9Sstevel@tonic-gate #define sadb_address_prefixlen \ 150*7c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uprefixlen 151*7c478bd9Sstevel@tonic-gate #define sadb_address_reserved \ 152*7c478bd9Sstevel@tonic-gate sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ureserved 153*7c478bd9Sstevel@tonic-gate /* Followed by a sockaddr structure which may contain ports. */ 154*7c478bd9Sstevel@tonic-gate } sadb_address_t; 155*7c478bd9Sstevel@tonic-gate 156*7c478bd9Sstevel@tonic-gate /* 157*7c478bd9Sstevel@tonic-gate * SA key information. 158*7c478bd9Sstevel@tonic-gate */ 159*7c478bd9Sstevel@tonic-gate 160*7c478bd9Sstevel@tonic-gate typedef struct sadb_key { 161*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 162*7c478bd9Sstevel@tonic-gate union { 163*7c478bd9Sstevel@tonic-gate struct { 164*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ulen; 165*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_uexttype; /* AUTH, ENCRYPT */ 166*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ubits; /* Actual len (bits) */ 167*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_key_ureserved; 168*7c478bd9Sstevel@tonic-gate } sadb_x_key_actual; 169*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_key_alignment; 170*7c478bd9Sstevel@tonic-gate } sadb_x_key_u; 171*7c478bd9Sstevel@tonic-gate #define sadb_key_len sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ulen 172*7c478bd9Sstevel@tonic-gate #define sadb_key_exttype sadb_x_key_u.sadb_x_key_actual.sadb_x_key_uexttype 173*7c478bd9Sstevel@tonic-gate #define sadb_key_bits sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ubits 174*7c478bd9Sstevel@tonic-gate #define sadb_key_reserved sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ureserved 175*7c478bd9Sstevel@tonic-gate /* Followed by actual key(s) in canonical (outbound proc.) order. */ 176*7c478bd9Sstevel@tonic-gate } sadb_key_t; 177*7c478bd9Sstevel@tonic-gate 178*7c478bd9Sstevel@tonic-gate /* 179*7c478bd9Sstevel@tonic-gate * SA Identity information. Already 64-bit aligned thanks to uint64_t fields. 180*7c478bd9Sstevel@tonic-gate */ 181*7c478bd9Sstevel@tonic-gate 182*7c478bd9Sstevel@tonic-gate typedef struct sadb_ident { 183*7c478bd9Sstevel@tonic-gate uint16_t sadb_ident_len; 184*7c478bd9Sstevel@tonic-gate uint16_t sadb_ident_exttype; /* SRC, DST, PROXY */ 185*7c478bd9Sstevel@tonic-gate uint16_t sadb_ident_type; /* FQDN, USER_FQDN, etc. */ 186*7c478bd9Sstevel@tonic-gate uint16_t sadb_ident_reserved; /* Padding */ 187*7c478bd9Sstevel@tonic-gate uint64_t sadb_ident_id; /* For userid, etc. */ 188*7c478bd9Sstevel@tonic-gate /* Followed by an identity null-terminate C string if present. */ 189*7c478bd9Sstevel@tonic-gate } sadb_ident_t; 190*7c478bd9Sstevel@tonic-gate 191*7c478bd9Sstevel@tonic-gate /* 192*7c478bd9Sstevel@tonic-gate * SA sensitivity information. This is mostly useful on MLS systems. 193*7c478bd9Sstevel@tonic-gate */ 194*7c478bd9Sstevel@tonic-gate 195*7c478bd9Sstevel@tonic-gate typedef struct sadb_sens { 196*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 197*7c478bd9Sstevel@tonic-gate union { 198*7c478bd9Sstevel@tonic-gate struct { 199*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_ulen; 200*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_sens_uexttype; /* SENSITIVITY */ 201*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_sens_udpd; /* Protection domain */ 202*7c478bd9Sstevel@tonic-gate } sadb_x_sens_actual; 203*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_sens_alignment; 204*7c478bd9Sstevel@tonic-gate } sadb_x_sens_u; 205*7c478bd9Sstevel@tonic-gate #define sadb_sens_len sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_ulen 206*7c478bd9Sstevel@tonic-gate #define sadb_sens_exttype sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_uexttype 207*7c478bd9Sstevel@tonic-gate #define sadb_sens_dpd sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_udpd 208*7c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_level; 209*7c478bd9Sstevel@tonic-gate uint8_t sadb_sens_sens_len; /* 64-bit words */ 210*7c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_level; 211*7c478bd9Sstevel@tonic-gate uint8_t sadb_sens_integ_len; /* 64-bit words */ 212*7c478bd9Sstevel@tonic-gate uint32_t sadb_sens_reserved; 213*7c478bd9Sstevel@tonic-gate /* 214*7c478bd9Sstevel@tonic-gate * followed by two uint64_t arrays 215*7c478bd9Sstevel@tonic-gate * uint64_t sadb_sens_bitmap[sens_bitmap_len]; 216*7c478bd9Sstevel@tonic-gate * uint64_t sadb_integ_bitmap[integ_bitmap_len]; 217*7c478bd9Sstevel@tonic-gate */ 218*7c478bd9Sstevel@tonic-gate } sadb_sens_t; 219*7c478bd9Sstevel@tonic-gate 220*7c478bd9Sstevel@tonic-gate /* 221*7c478bd9Sstevel@tonic-gate * A proposal extension. This is found in an ACQUIRE message, and it 222*7c478bd9Sstevel@tonic-gate * proposes what sort of SA the kernel would like to ACQUIRE. 223*7c478bd9Sstevel@tonic-gate */ 224*7c478bd9Sstevel@tonic-gate 225*7c478bd9Sstevel@tonic-gate /* First, a base structure... */ 226*7c478bd9Sstevel@tonic-gate 227*7c478bd9Sstevel@tonic-gate typedef struct sadb_x_propbase { 228*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_len; 229*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_exttype; /* PROPOSAL, X_EPROP */ 230*7c478bd9Sstevel@tonic-gate union { 231*7c478bd9Sstevel@tonic-gate struct { 232*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_replay; 233*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_lenres_eres; 234*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_propb_lenres_numecombs; 235*7c478bd9Sstevel@tonic-gate } sadb_x_propb_lenres; 236*7c478bd9Sstevel@tonic-gate struct { 237*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_replay; 238*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_propb_oldres_reserved[3]; 239*7c478bd9Sstevel@tonic-gate } sadb_x_propb_oldres; 240*7c478bd9Sstevel@tonic-gate } sadb_x_propb_u; 241*7c478bd9Sstevel@tonic-gate #define sadb_x_propb_replay \ 242*7c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_replay 243*7c478bd9Sstevel@tonic-gate #define sadb_x_propb_reserved \ 244*7c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_oldres.sadb_x_propb_oldres_reserved 245*7c478bd9Sstevel@tonic-gate #define sadb_x_propb_ereserved \ 246*7c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_eres 247*7c478bd9Sstevel@tonic-gate #define sadb_x_propb_numecombs \ 248*7c478bd9Sstevel@tonic-gate sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_numecombs 249*7c478bd9Sstevel@tonic-gate /* Followed by sadb_comb[] array or sadb_ecomb[] array. */ 250*7c478bd9Sstevel@tonic-gate } sadb_x_propbase_t; 251*7c478bd9Sstevel@tonic-gate 252*7c478bd9Sstevel@tonic-gate /* Now, the actual sadb_prop structure, which will have alignment in it! */ 253*7c478bd9Sstevel@tonic-gate 254*7c478bd9Sstevel@tonic-gate typedef struct sadb_prop { 255*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 256*7c478bd9Sstevel@tonic-gate union { 257*7c478bd9Sstevel@tonic-gate sadb_x_propbase_t sadb_x_prop_actual; 258*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_prop_alignment; 259*7c478bd9Sstevel@tonic-gate } sadb_x_prop_u; 260*7c478bd9Sstevel@tonic-gate #define sadb_prop_len sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_len 261*7c478bd9Sstevel@tonic-gate #define sadb_prop_exttype sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_exttype 262*7c478bd9Sstevel@tonic-gate #define sadb_prop_replay sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_replay 263*7c478bd9Sstevel@tonic-gate #define sadb_prop_reserved \ 264*7c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_reserved 265*7c478bd9Sstevel@tonic-gate #define sadb_x_prop_ereserved \ 266*7c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_ereserved 267*7c478bd9Sstevel@tonic-gate #define sadb_x_prop_numecombs \ 268*7c478bd9Sstevel@tonic-gate sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_numecombs 269*7c478bd9Sstevel@tonic-gate } sadb_prop_t; 270*7c478bd9Sstevel@tonic-gate 271*7c478bd9Sstevel@tonic-gate /* 272*7c478bd9Sstevel@tonic-gate * This is a proposed combination. Many of these can follow a proposal 273*7c478bd9Sstevel@tonic-gate * extension. Already 64-bit aligned thanks to uint64_t fields. 274*7c478bd9Sstevel@tonic-gate */ 275*7c478bd9Sstevel@tonic-gate 276*7c478bd9Sstevel@tonic-gate typedef struct sadb_comb { 277*7c478bd9Sstevel@tonic-gate uint8_t sadb_comb_auth; /* Authentication algorithm */ 278*7c478bd9Sstevel@tonic-gate uint8_t sadb_comb_encrypt; /* Encryption algorithm */ 279*7c478bd9Sstevel@tonic-gate uint16_t sadb_comb_flags; /* Comb. flags (e.g. PFS) */ 280*7c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_minbits; /* Bit strengths for auth */ 281*7c478bd9Sstevel@tonic-gate uint16_t sadb_comb_auth_maxbits; 282*7c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_minbits; /* Bit strengths for encrypt */ 283*7c478bd9Sstevel@tonic-gate uint16_t sadb_comb_encrypt_maxbits; 284*7c478bd9Sstevel@tonic-gate uint32_t sadb_comb_reserved; 285*7c478bd9Sstevel@tonic-gate uint32_t sadb_comb_soft_allocations; /* Lifetime proposals for */ 286*7c478bd9Sstevel@tonic-gate uint32_t sadb_comb_hard_allocations; /* this combination. */ 287*7c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_bytes; 288*7c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_bytes; 289*7c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_addtime; 290*7c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_addtime; 291*7c478bd9Sstevel@tonic-gate uint64_t sadb_comb_soft_usetime; 292*7c478bd9Sstevel@tonic-gate uint64_t sadb_comb_hard_usetime; 293*7c478bd9Sstevel@tonic-gate } sadb_comb_t; 294*7c478bd9Sstevel@tonic-gate 295*7c478bd9Sstevel@tonic-gate /* 296*7c478bd9Sstevel@tonic-gate * An extended combination that can comprise of many SA types. 297*7c478bd9Sstevel@tonic-gate * A single combination has algorithms and SA types locked. 298*7c478bd9Sstevel@tonic-gate * These are represented by algorithm descriptors, the second structure 299*7c478bd9Sstevel@tonic-gate * in the list. For example, if the EACQUIRE requests AH(MD5) + ESP(DES/null) 300*7c478bd9Sstevel@tonic-gate * _or_ ESP(DES/MD5), it would have two combinations: 301*7c478bd9Sstevel@tonic-gate * 302*7c478bd9Sstevel@tonic-gate * COMB: algdes(AH, AUTH, MD5), algdes(ESP, CRYPT, DES) 303*7c478bd9Sstevel@tonic-gate * COMB: algdes(ESP, AUTH, MD5), algdes(ESP, CRYPT, DES) 304*7c478bd9Sstevel@tonic-gate * 305*7c478bd9Sstevel@tonic-gate * If an SA type supports an algorithm type, and there's no descriptor, 306*7c478bd9Sstevel@tonic-gate * assume it requires NONE, just like it were explicitly stated. 307*7c478bd9Sstevel@tonic-gate * (This includes ESP NULL encryption, BTW.) 308*7c478bd9Sstevel@tonic-gate * 309*7c478bd9Sstevel@tonic-gate * Already 64-bit aligned thanks to uint64_t fields. 310*7c478bd9Sstevel@tonic-gate */ 311*7c478bd9Sstevel@tonic-gate 312*7c478bd9Sstevel@tonic-gate typedef struct sadb_x_ecomb { 313*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_numalgs; 314*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_ecomb_reserved; 315*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_ecomb_flags; /* E.g. PFS? */ 316*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_reserved2; 317*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_soft_allocations; 318*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_ecomb_hard_allocations; 319*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_bytes; 320*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_bytes; 321*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_addtime; 322*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_addtime; 323*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_soft_usetime; 324*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ecomb_hard_usetime; 325*7c478bd9Sstevel@tonic-gate } sadb_x_ecomb_t; 326*7c478bd9Sstevel@tonic-gate 327*7c478bd9Sstevel@tonic-gate typedef struct sadb_x_algdesc { 328*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 329*7c478bd9Sstevel@tonic-gate union { 330*7c478bd9Sstevel@tonic-gate struct { 331*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_usatype; /* ESP, AH, etc. */ 332*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualgtype; /* AUTH, CRYPT, COMP */ 333*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ualg; /* 3DES, MD5, etc. */ 334*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_algdesc_ureserved; 335*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_uminbits; /* Bit strengths. */ 336*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_algdesc_umaxbits; 337*7c478bd9Sstevel@tonic-gate } sadb_x_algdesc_actual; 338*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_algdesc_alignment; 339*7c478bd9Sstevel@tonic-gate } sadb_x_algdesc_u; 340*7c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_satype \ 341*7c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_usatype 342*7c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_algtype \ 343*7c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualgtype 344*7c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_alg \ 345*7c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualg 346*7c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_reserved \ 347*7c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ureserved 348*7c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_minbits \ 349*7c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_uminbits 350*7c478bd9Sstevel@tonic-gate #define sadb_x_algdesc_maxbits \ 351*7c478bd9Sstevel@tonic-gate sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_umaxbits 352*7c478bd9Sstevel@tonic-gate } sadb_x_algdesc_t; 353*7c478bd9Sstevel@tonic-gate 354*7c478bd9Sstevel@tonic-gate /* 355*7c478bd9Sstevel@tonic-gate * When key mgmt. registers with the kernel, the kernel will tell key mgmt. 356*7c478bd9Sstevel@tonic-gate * its supported algorithms. 357*7c478bd9Sstevel@tonic-gate */ 358*7c478bd9Sstevel@tonic-gate 359*7c478bd9Sstevel@tonic-gate typedef struct sadb_supported { 360*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 361*7c478bd9Sstevel@tonic-gate union { 362*7c478bd9Sstevel@tonic-gate struct { 363*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_ulen; 364*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_supported_uexttype; 365*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_supported_ureserved; 366*7c478bd9Sstevel@tonic-gate } sadb_x_supported_actual; 367*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_supported_alignment; 368*7c478bd9Sstevel@tonic-gate } sadb_x_supported_u; 369*7c478bd9Sstevel@tonic-gate #define sadb_supported_len \ 370*7c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ulen 371*7c478bd9Sstevel@tonic-gate #define sadb_supported_exttype \ 372*7c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_uexttype 373*7c478bd9Sstevel@tonic-gate #define sadb_supported_reserved \ 374*7c478bd9Sstevel@tonic-gate sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ureserved 375*7c478bd9Sstevel@tonic-gate } sadb_supported_t; 376*7c478bd9Sstevel@tonic-gate 377*7c478bd9Sstevel@tonic-gate /* First, a base structure... */ 378*7c478bd9Sstevel@tonic-gate typedef struct sadb_x_algb { 379*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_id; /* Algorithm type. */ 380*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_ivlen; /* IV len, in bits */ 381*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_minbits; /* Min. key len (in bits) */ 382*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_maxbits; /* Max. key length */ 383*7c478bd9Sstevel@tonic-gate union { 384*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_algb_ureserved; 385*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_algb_udefaults[2]; 386*7c478bd9Sstevel@tonic-gate } sadb_x_algb_union; 387*7c478bd9Sstevel@tonic-gate 388*7c478bd9Sstevel@tonic-gate #define sadb_x_algb_reserved sadb_x_algb_union.sadb_x_algb_ureserved 389*7c478bd9Sstevel@tonic-gate #define sadb_x_algb_increment sadb_x_algb_union.sadb_x_algb_udefaults[0] 390*7c478bd9Sstevel@tonic-gate #define sadb_x_algb_defincr sadb_x_algb_union.sadb_x_algb_udefaults[1] 391*7c478bd9Sstevel@tonic-gate /* 392*7c478bd9Sstevel@tonic-gate * alg_increment: the number of bits from a key length to the next 393*7c478bd9Sstevel@tonic-gate * alg_defincr: the number of increments from the smallest possible 394*7c478bd9Sstevel@tonic-gate * key to the default key length 395*7c478bd9Sstevel@tonic-gate */ 396*7c478bd9Sstevel@tonic-gate } sadb_x_algb_t; 397*7c478bd9Sstevel@tonic-gate /* useful macros for dealing with defincr */ 398*7c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_LEN(min, incr, defincr) ((min) + ((defincr) * (incr))) 399*7c478bd9Sstevel@tonic-gate #define SADB_ALG_DEFAULT_INCR(min, incr, default) (((default) - (min)) / (incr)) 400*7c478bd9Sstevel@tonic-gate 401*7c478bd9Sstevel@tonic-gate /* Now, the actual sadb_alg structure, which will have alignment in it. */ 402*7c478bd9Sstevel@tonic-gate typedef struct sadb_alg { 403*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 404*7c478bd9Sstevel@tonic-gate union { 405*7c478bd9Sstevel@tonic-gate sadb_x_algb_t sadb_x_alg_actual; 406*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_alg_alignment; 407*7c478bd9Sstevel@tonic-gate } sadb_x_alg_u; 408*7c478bd9Sstevel@tonic-gate #define sadb_alg_id sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_id 409*7c478bd9Sstevel@tonic-gate #define sadb_alg_ivlen sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_ivlen 410*7c478bd9Sstevel@tonic-gate #define sadb_alg_minbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_minbits 411*7c478bd9Sstevel@tonic-gate #define sadb_alg_maxbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_maxbits 412*7c478bd9Sstevel@tonic-gate #define sadb_alg_reserved sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_reserved 413*7c478bd9Sstevel@tonic-gate #define sadb_x_alg_increment \ 414*7c478bd9Sstevel@tonic-gate sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_increment 415*7c478bd9Sstevel@tonic-gate #define sadb_x_alg_defincr sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_defincr 416*7c478bd9Sstevel@tonic-gate } sadb_alg_t; 417*7c478bd9Sstevel@tonic-gate 418*7c478bd9Sstevel@tonic-gate /* 419*7c478bd9Sstevel@tonic-gate * If key mgmt. needs an SPI in a range (including 0 to 0xFFFFFFFF), it 420*7c478bd9Sstevel@tonic-gate * asks the kernel with this extension in the SADB_GETSPI message. 421*7c478bd9Sstevel@tonic-gate */ 422*7c478bd9Sstevel@tonic-gate 423*7c478bd9Sstevel@tonic-gate typedef struct sadb_spirange { 424*7c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_len; 425*7c478bd9Sstevel@tonic-gate uint16_t sadb_spirange_exttype; /* SPI_RANGE */ 426*7c478bd9Sstevel@tonic-gate uint32_t sadb_spirange_min; 427*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 428*7c478bd9Sstevel@tonic-gate union { 429*7c478bd9Sstevel@tonic-gate struct { 430*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_umax; 431*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_spirange_ureserved; 432*7c478bd9Sstevel@tonic-gate } sadb_x_spirange_actual; 433*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_spirange_alignment; 434*7c478bd9Sstevel@tonic-gate } sadb_x_spirange_u; 435*7c478bd9Sstevel@tonic-gate #define sadb_spirange_max \ 436*7c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_umax 437*7c478bd9Sstevel@tonic-gate #define sadb_spirange_reserved \ 438*7c478bd9Sstevel@tonic-gate sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_ureserved 439*7c478bd9Sstevel@tonic-gate } sadb_spirange_t; 440*7c478bd9Sstevel@tonic-gate 441*7c478bd9Sstevel@tonic-gate /* 442*7c478bd9Sstevel@tonic-gate * For the "extended REGISTER" which'll tell the kernel to send me 443*7c478bd9Sstevel@tonic-gate * "extended ACQUIREs". 444*7c478bd9Sstevel@tonic-gate */ 445*7c478bd9Sstevel@tonic-gate 446*7c478bd9Sstevel@tonic-gate typedef struct sadb_x_ereg { 447*7c478bd9Sstevel@tonic-gate /* Union is for guaranteeing 64-bit alignment. */ 448*7c478bd9Sstevel@tonic-gate union { 449*7c478bd9Sstevel@tonic-gate struct { 450*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_ulen; 451*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_ereg_uexttype; /* X_EREG */ 452*7c478bd9Sstevel@tonic-gate /* Array of SA types, 0-terminated. */ 453*7c478bd9Sstevel@tonic-gate uint8_t sadb_x_ereg_usatypes[4]; 454*7c478bd9Sstevel@tonic-gate } sadb_x_ereg_actual; 455*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_ereg_alignment; 456*7c478bd9Sstevel@tonic-gate } sadb_x_ereg_u; 457*7c478bd9Sstevel@tonic-gate #define sadb_x_ereg_len \ 458*7c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_ulen 459*7c478bd9Sstevel@tonic-gate #define sadb_x_ereg_exttype \ 460*7c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_uexttype 461*7c478bd9Sstevel@tonic-gate #define sadb_x_ereg_satypes \ 462*7c478bd9Sstevel@tonic-gate sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_usatypes 463*7c478bd9Sstevel@tonic-gate } sadb_x_ereg_t; 464*7c478bd9Sstevel@tonic-gate 465*7c478bd9Sstevel@tonic-gate /* 466*7c478bd9Sstevel@tonic-gate * For conveying a Key Management Cookie with SADB_GETSPI, SADB_ADD, 467*7c478bd9Sstevel@tonic-gate * SADB_ACQUIRE, or SADB_X_INVERSE_ACQUIRE. 468*7c478bd9Sstevel@tonic-gate */ 469*7c478bd9Sstevel@tonic-gate 470*7c478bd9Sstevel@tonic-gate typedef struct sadb_x_kmc { 471*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_len; 472*7c478bd9Sstevel@tonic-gate uint16_t sadb_x_kmc_exttype; /* X_KM_COOKIE */ 473*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_proto; /* KM protocol */ 474*7c478bd9Sstevel@tonic-gate union { 475*7c478bd9Sstevel@tonic-gate struct { 476*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ucookie; /* KMP-specific */ 477*7c478bd9Sstevel@tonic-gate uint32_t sadb_x_kmc_ureserved; /* Must be zero */ 478*7c478bd9Sstevel@tonic-gate } sadb_x_kmc_actual; 479*7c478bd9Sstevel@tonic-gate uint64_t sadb_x_kmc_alignment; 480*7c478bd9Sstevel@tonic-gate } sadb_x_kmc_u; 481*7c478bd9Sstevel@tonic-gate #define sadb_x_kmc_cookie sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ucookie 482*7c478bd9Sstevel@tonic-gate #define sadb_x_kmc_reserved sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ureserved 483*7c478bd9Sstevel@tonic-gate } sadb_x_kmc_t; 484*7c478bd9Sstevel@tonic-gate 485*7c478bd9Sstevel@tonic-gate 486*7c478bd9Sstevel@tonic-gate 487*7c478bd9Sstevel@tonic-gate /* 488*7c478bd9Sstevel@tonic-gate * Base message types. 489*7c478bd9Sstevel@tonic-gate */ 490*7c478bd9Sstevel@tonic-gate 491*7c478bd9Sstevel@tonic-gate #define SADB_RESERVED 0 492*7c478bd9Sstevel@tonic-gate #define SADB_GETSPI 1 493*7c478bd9Sstevel@tonic-gate #define SADB_UPDATE 2 494*7c478bd9Sstevel@tonic-gate #define SADB_ADD 3 495*7c478bd9Sstevel@tonic-gate #define SADB_DELETE 4 496*7c478bd9Sstevel@tonic-gate #define SADB_GET 5 497*7c478bd9Sstevel@tonic-gate #define SADB_ACQUIRE 6 498*7c478bd9Sstevel@tonic-gate #define SADB_REGISTER 7 499*7c478bd9Sstevel@tonic-gate #define SADB_EXPIRE 8 500*7c478bd9Sstevel@tonic-gate #define SADB_FLUSH 9 501*7c478bd9Sstevel@tonic-gate #define SADB_DUMP 10 /* not used normally */ 502*7c478bd9Sstevel@tonic-gate #define SADB_X_PROMISC 11 503*7c478bd9Sstevel@tonic-gate #define SADB_X_INVERSE_ACQUIRE 12 504*7c478bd9Sstevel@tonic-gate #define SADB_MAX 12 505*7c478bd9Sstevel@tonic-gate 506*7c478bd9Sstevel@tonic-gate /* 507*7c478bd9Sstevel@tonic-gate * SA flags 508*7c478bd9Sstevel@tonic-gate */ 509*7c478bd9Sstevel@tonic-gate 510*7c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */ 511*7c478bd9Sstevel@tonic-gate #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */ 512*7c478bd9Sstevel@tonic-gate 513*7c478bd9Sstevel@tonic-gate /* Below flags are used by this implementation. Grow from left-to-right. */ 514*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */ 515*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */ 516*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */ 517*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */ 518*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */ 519*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */ 520*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */ 521*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */ 522*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */ 523*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */ 524*7c478bd9Sstevel@tonic-gate /* skip x200000 because it's used in the kernel */ 525*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */ 526*7c478bd9Sstevel@tonic-gate #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */ 527*7c478bd9Sstevel@tonic-gate /* 528*7c478bd9Sstevel@tonic-gate * SA state. 529*7c478bd9Sstevel@tonic-gate */ 530*7c478bd9Sstevel@tonic-gate 531*7c478bd9Sstevel@tonic-gate #define SADB_SASTATE_LARVAL 0 532*7c478bd9Sstevel@tonic-gate #define SADB_SASTATE_MATURE 1 533*7c478bd9Sstevel@tonic-gate #define SADB_SASTATE_DYING 2 534*7c478bd9Sstevel@tonic-gate #define SADB_SASTATE_DEAD 3 535*7c478bd9Sstevel@tonic-gate 536*7c478bd9Sstevel@tonic-gate #define SADB_SASTATE_MAX 3 537*7c478bd9Sstevel@tonic-gate 538*7c478bd9Sstevel@tonic-gate /* 539*7c478bd9Sstevel@tonic-gate * SA type. Gaps are present in the number space because (for the time being) 540*7c478bd9Sstevel@tonic-gate * these types correspond to the SA types in the IPsec DOI document. 541*7c478bd9Sstevel@tonic-gate */ 542*7c478bd9Sstevel@tonic-gate 543*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_UNSPEC 0 544*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_AH 2 /* RFC-1826 */ 545*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_ESP 3 /* RFC-1827 */ 546*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */ 547*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */ 548*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */ 549*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */ 550*7c478bd9Sstevel@tonic-gate 551*7c478bd9Sstevel@tonic-gate #define SADB_SATYPE_MAX 8 552*7c478bd9Sstevel@tonic-gate 553*7c478bd9Sstevel@tonic-gate /* 554*7c478bd9Sstevel@tonic-gate * Algorithm types. Gaps are present because (for the time being) these types 555*7c478bd9Sstevel@tonic-gate * correspond to the SA types in the IPsec DOI document. 556*7c478bd9Sstevel@tonic-gate * 557*7c478bd9Sstevel@tonic-gate * NOTE: These are numbered to play nice with the IPsec DOI. That's why 558*7c478bd9Sstevel@tonic-gate * there are gaps. 559*7c478bd9Sstevel@tonic-gate */ 560*7c478bd9Sstevel@tonic-gate 561*7c478bd9Sstevel@tonic-gate /* Authentication algorithms */ 562*7c478bd9Sstevel@tonic-gate #define SADB_AALG_NONE 0 563*7c478bd9Sstevel@tonic-gate #define SADB_AALG_MD5HMAC 2 564*7c478bd9Sstevel@tonic-gate #define SADB_AALG_SHA1HMAC 3 565*7c478bd9Sstevel@tonic-gate 566*7c478bd9Sstevel@tonic-gate #define SADB_AALG_MAX 3 567*7c478bd9Sstevel@tonic-gate 568*7c478bd9Sstevel@tonic-gate /* Encryption algorithms */ 569*7c478bd9Sstevel@tonic-gate #define SADB_EALG_NONE 0 570*7c478bd9Sstevel@tonic-gate #define SADB_EALG_DESCBC 2 571*7c478bd9Sstevel@tonic-gate #define SADB_EALG_3DESCBC 3 572*7c478bd9Sstevel@tonic-gate #define SADB_EALG_BLOWFISH 7 573*7c478bd9Sstevel@tonic-gate #define SADB_EALG_NULL 11 574*7c478bd9Sstevel@tonic-gate #define SADB_EALG_AES 12 575*7c478bd9Sstevel@tonic-gate #define SADB_EALG_MAX 12 576*7c478bd9Sstevel@tonic-gate 577*7c478bd9Sstevel@tonic-gate /* 578*7c478bd9Sstevel@tonic-gate * Extension header values. 579*7c478bd9Sstevel@tonic-gate */ 580*7c478bd9Sstevel@tonic-gate 581*7c478bd9Sstevel@tonic-gate #define SADB_EXT_RESERVED 0 582*7c478bd9Sstevel@tonic-gate 583*7c478bd9Sstevel@tonic-gate #define SADB_EXT_SA 1 584*7c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_CURRENT 2 585*7c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_HARD 3 586*7c478bd9Sstevel@tonic-gate #define SADB_EXT_LIFETIME_SOFT 4 587*7c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_SRC 5 588*7c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_DST 6 589*7c478bd9Sstevel@tonic-gate #define SADB_EXT_ADDRESS_PROXY 7 590*7c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_AUTH 8 591*7c478bd9Sstevel@tonic-gate #define SADB_EXT_KEY_ENCRYPT 9 592*7c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_SRC 10 593*7c478bd9Sstevel@tonic-gate #define SADB_EXT_IDENTITY_DST 11 594*7c478bd9Sstevel@tonic-gate #define SADB_EXT_SENSITIVITY 12 595*7c478bd9Sstevel@tonic-gate #define SADB_EXT_PROPOSAL 13 596*7c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_AUTH 14 597*7c478bd9Sstevel@tonic-gate #define SADB_EXT_SUPPORTED_ENCRYPT 15 598*7c478bd9Sstevel@tonic-gate #define SADB_EXT_SPIRANGE 16 599*7c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EREG 17 600*7c478bd9Sstevel@tonic-gate #define SADB_X_EXT_EPROP 18 601*7c478bd9Sstevel@tonic-gate #define SADB_X_EXT_KM_COOKIE 19 602*7c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_LOC 20 603*7c478bd9Sstevel@tonic-gate #define SADB_X_EXT_ADDRESS_NATT_REM 21 604*7c478bd9Sstevel@tonic-gate 605*7c478bd9Sstevel@tonic-gate #define SADB_EXT_MAX 21 606*7c478bd9Sstevel@tonic-gate 607*7c478bd9Sstevel@tonic-gate /* 608*7c478bd9Sstevel@tonic-gate * Identity types. 609*7c478bd9Sstevel@tonic-gate */ 610*7c478bd9Sstevel@tonic-gate 611*7c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_RESERVED 0 612*7c478bd9Sstevel@tonic-gate 613*7c478bd9Sstevel@tonic-gate /* 614*7c478bd9Sstevel@tonic-gate * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC 615*7c478bd9Sstevel@tonic-gate * if not present. 616*7c478bd9Sstevel@tonic-gate */ 617*7c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_PREFIX 1 618*7c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */ 619*7c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */ 620*7c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */ 621*7c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */ 622*7c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_KEY_ID 6 /* Generic KEY ID. */ 623*7c478bd9Sstevel@tonic-gate #define SADB_X_IDENTTYPE_ADDR_RANGE 7 624*7c478bd9Sstevel@tonic-gate 625*7c478bd9Sstevel@tonic-gate #define SADB_IDENTTYPE_MAX 7 626*7c478bd9Sstevel@tonic-gate 627*7c478bd9Sstevel@tonic-gate /* 628*7c478bd9Sstevel@tonic-gate * Protection DOI values for the SENSITIVITY extension. There are no values 629*7c478bd9Sstevel@tonic-gate * currently, so the MAX is the only non-zero value available. 630*7c478bd9Sstevel@tonic-gate */ 631*7c478bd9Sstevel@tonic-gate 632*7c478bd9Sstevel@tonic-gate #define SADB_DPD_NONE 0 633*7c478bd9Sstevel@tonic-gate 634*7c478bd9Sstevel@tonic-gate #define SADB_DPD_MAX 1 635*7c478bd9Sstevel@tonic-gate 636*7c478bd9Sstevel@tonic-gate /* 637*7c478bd9Sstevel@tonic-gate * Diagnostic codes. These supplement error messages. Be sure to 638*7c478bd9Sstevel@tonic-gate * update libipsecutil's keysock_diag() if you change any of these. 639*7c478bd9Sstevel@tonic-gate */ 640*7c478bd9Sstevel@tonic-gate 641*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PRESET -1 /* Internal value. */ 642*7c478bd9Sstevel@tonic-gate 643*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NONE 0 644*7c478bd9Sstevel@tonic-gate 645*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_MSG 1 646*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_EXT 2 647*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EXTLEN 3 648*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE 4 649*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SATYPE_NEEDED 5 650*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_SADBS 6 651*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_NO_EXT 7 652*7c478bd9Sstevel@tonic-gate /* Bad address family value */ 653*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC_AF 8 654*7c478bd9Sstevel@tonic-gate /* in sockaddr->sa_family. */ 655*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST_AF 9 656*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_PROXY_AF 10 657*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AF_MISMATCH 11 658*7c478bd9Sstevel@tonic-gate 659*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SRC 12 660*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_DST 13 661*7c478bd9Sstevel@tonic-gate 662*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ALLOC_HSERR 14 663*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BYTES_HSERR 15 664*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ADDTIME_HSERR 16 665*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_USETIME_HSERR 17 666*7c478bd9Sstevel@tonic-gate 667*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SRC 18 668*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_DST 19 669*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_SA 20 670*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_EKEY 21 671*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_AKEY 22 672*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_RANGE 23 673*7c478bd9Sstevel@tonic-gate 674*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SRC 24 675*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_DST 25 676*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_SA 26 677*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_EKEY 27 678*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_AKEY 28 679*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_RANGE 29 680*7c478bd9Sstevel@tonic-gate 681*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SRC 30 682*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_DST 31 683*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_SA 32 684*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_EKEY 33 685*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_AKEY 34 686*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_RANGE 35 687*7c478bd9Sstevel@tonic-gate 688*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_AKEY_PRESENT 36 689*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_EKEY_PRESENT 37 690*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_PROP_PRESENT 38 691*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_SUPP_PRESENT 39 692*7c478bd9Sstevel@tonic-gate 693*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AALG 40 694*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EALG 41 695*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SAFLAGS 42 696*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_SASTATE 43 697*7c478bd9Sstevel@tonic-gate 698*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_AKEYBITS 44 699*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_BAD_EKEYBITS 45 700*7c478bd9Sstevel@tonic-gate 701*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_ENCR_NOTSUPP 46 702*7c478bd9Sstevel@tonic-gate 703*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_EKEY 47 704*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_WEAK_AKEY 48 705*7c478bd9Sstevel@tonic-gate 706*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMP 49 707*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_KMC 50 708*7c478bd9Sstevel@tonic-gate 709*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_LOC 51 710*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MISSING_NATT_REM 52 711*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_LOC 53 712*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_REM 54 713*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC 55 714*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM 56 715*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_PORTS 57 716*7c478bd9Sstevel@tonic-gate #define SADB_X_DIAGNOSTIC_MAX 57 717*7c478bd9Sstevel@tonic-gate 718*7c478bd9Sstevel@tonic-gate /* Algorithm type for sadb_x_algdesc above... */ 719*7c478bd9Sstevel@tonic-gate 720*7c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_NONE 0 721*7c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_AUTH 1 722*7c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_CRYPT 2 723*7c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_COMPRESS 3 724*7c478bd9Sstevel@tonic-gate 725*7c478bd9Sstevel@tonic-gate #define SADB_X_ALGTYPE_MAX 3 726*7c478bd9Sstevel@tonic-gate 727*7c478bd9Sstevel@tonic-gate /* Key management protocol for sadb_x_kmc above... */ 728*7c478bd9Sstevel@tonic-gate 729*7c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MANUAL 0 730*7c478bd9Sstevel@tonic-gate #define SADB_X_KMP_IKE 1 731*7c478bd9Sstevel@tonic-gate #define SADB_X_KMP_KINK 2 732*7c478bd9Sstevel@tonic-gate 733*7c478bd9Sstevel@tonic-gate #define SADB_X_KMP_MAX 2 734*7c478bd9Sstevel@tonic-gate 735*7c478bd9Sstevel@tonic-gate /* 736*7c478bd9Sstevel@tonic-gate * Handy conversion macros. Not part of the PF_KEY spec... 737*7c478bd9Sstevel@tonic-gate */ 738*7c478bd9Sstevel@tonic-gate 739*7c478bd9Sstevel@tonic-gate #define SADB_64TO8(x) ((x) << 3) 740*7c478bd9Sstevel@tonic-gate #define SADB_8TO64(x) ((x) >> 3) 741*7c478bd9Sstevel@tonic-gate #define SADB_8TO1(x) ((x) << 3) 742*7c478bd9Sstevel@tonic-gate #define SADB_1TO8(x) ((x) >> 3) 743*7c478bd9Sstevel@tonic-gate 744*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 745*7c478bd9Sstevel@tonic-gate } 746*7c478bd9Sstevel@tonic-gate #endif 747*7c478bd9Sstevel@tonic-gate 748*7c478bd9Sstevel@tonic-gate #endif /* _NET_PFKEYV2_H */ 749