1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2/* PF_KEY user interface, this is defined by rfc2367 so 3 * do not make arbitrary modifications or else this header 4 * file will not be compliant. 5 */ 6 7#ifndef _LINUX_PFKEY2_H 8#define _LINUX_PFKEY2_H 9 10#include <linux/types.h> 11 12#define PF_KEY_V2 2 13#define PFKEYV2_REVISION 199806L 14 15struct sadb_msg { 16 __u8 sadb_msg_version; 17 __u8 sadb_msg_type; 18 __u8 sadb_msg_errno; 19 __u8 sadb_msg_satype; 20 __u16 sadb_msg_len; 21 __u16 sadb_msg_reserved; 22 __u32 sadb_msg_seq; 23 __u32 sadb_msg_pid; 24} __attribute__((packed)); 25/* sizeof(struct sadb_msg) == 16 */ 26 27struct sadb_ext { 28 __u16 sadb_ext_len; 29 __u16 sadb_ext_type; 30} __attribute__((packed)); 31/* sizeof(struct sadb_ext) == 4 */ 32 33struct sadb_sa { 34 __u16 sadb_sa_len; 35 __u16 sadb_sa_exttype; 36 __be32 sadb_sa_spi; 37 __u8 sadb_sa_replay; 38 __u8 sadb_sa_state; 39 __u8 sadb_sa_auth; 40 __u8 sadb_sa_encrypt; 41 __u32 sadb_sa_flags; 42} __attribute__((packed)); 43/* sizeof(struct sadb_sa) == 16 */ 44 45struct sadb_lifetime { 46 __u16 sadb_lifetime_len; 47 __u16 sadb_lifetime_exttype; 48 __u32 sadb_lifetime_allocations; 49 __u64 sadb_lifetime_bytes; 50 __u64 sadb_lifetime_addtime; 51 __u64 sadb_lifetime_usetime; 52} __attribute__((packed)); 53/* sizeof(struct sadb_lifetime) == 32 */ 54 55struct sadb_address { 56 __u16 sadb_address_len; 57 __u16 sadb_address_exttype; 58 __u8 sadb_address_proto; 59 __u8 sadb_address_prefixlen; 60 __u16 sadb_address_reserved; 61} __attribute__((packed)); 62/* sizeof(struct sadb_address) == 8 */ 63 64struct sadb_key { 65 __u16 sadb_key_len; 66 __u16 sadb_key_exttype; 67 __u16 sadb_key_bits; 68 __u16 sadb_key_reserved; 69} __attribute__((packed)); 70/* sizeof(struct sadb_key) == 8 */ 71 72struct sadb_ident { 73 __u16 sadb_ident_len; 74 __u16 sadb_ident_exttype; 75 __u16 sadb_ident_type; 76 __u16 sadb_ident_reserved; 77 __u64 sadb_ident_id; 78} __attribute__((packed)); 79/* sizeof(struct sadb_ident) == 16 */ 80 81struct sadb_sens { 82 __u16 sadb_sens_len; 83 __u16 sadb_sens_exttype; 84 __u32 sadb_sens_dpd; 85 __u8 sadb_sens_sens_level; 86 __u8 sadb_sens_sens_len; 87 __u8 sadb_sens_integ_level; 88 __u8 sadb_sens_integ_len; 89 __u32 sadb_sens_reserved; 90} __attribute__((packed)); 91/* sizeof(struct sadb_sens) == 16 */ 92 93/* followed by: 94 __u64 sadb_sens_bitmap[sens_len]; 95 __u64 sadb_integ_bitmap[integ_len]; */ 96 97struct sadb_prop { 98 __u16 sadb_prop_len; 99 __u16 sadb_prop_exttype; 100 __u8 sadb_prop_replay; 101 __u8 sadb_prop_reserved[3]; 102} __attribute__((packed)); 103/* sizeof(struct sadb_prop) == 8 */ 104 105/* followed by: 106 struct sadb_comb sadb_combs[(sadb_prop_len + 107 sizeof(__u64) - sizeof(struct sadb_prop)) / 108 sizeof(struct sadb_comb)]; */ 109 110struct sadb_comb { 111 __u8 sadb_comb_auth; 112 __u8 sadb_comb_encrypt; 113 __u16 sadb_comb_flags; 114 __u16 sadb_comb_auth_minbits; 115 __u16 sadb_comb_auth_maxbits; 116 __u16 sadb_comb_encrypt_minbits; 117 __u16 sadb_comb_encrypt_maxbits; 118 __u32 sadb_comb_reserved; 119 __u32 sadb_comb_soft_allocations; 120 __u32 sadb_comb_hard_allocations; 121 __u64 sadb_comb_soft_bytes; 122 __u64 sadb_comb_hard_bytes; 123 __u64 sadb_comb_soft_addtime; 124 __u64 sadb_comb_hard_addtime; 125 __u64 sadb_comb_soft_usetime; 126 __u64 sadb_comb_hard_usetime; 127} __attribute__((packed)); 128/* sizeof(struct sadb_comb) == 72 */ 129 130struct sadb_supported { 131 __u16 sadb_supported_len; 132 __u16 sadb_supported_exttype; 133 __u32 sadb_supported_reserved; 134} __attribute__((packed)); 135/* sizeof(struct sadb_supported) == 8 */ 136 137/* followed by: 138 struct sadb_alg sadb_algs[(sadb_supported_len + 139 sizeof(__u64) - sizeof(struct sadb_supported)) / 140 sizeof(struct sadb_alg)]; */ 141 142struct sadb_alg { 143 __u8 sadb_alg_id; 144 __u8 sadb_alg_ivlen; 145 __u16 sadb_alg_minbits; 146 __u16 sadb_alg_maxbits; 147 __u16 sadb_alg_reserved; 148} __attribute__((packed)); 149/* sizeof(struct sadb_alg) == 8 */ 150 151struct sadb_spirange { 152 __u16 sadb_spirange_len; 153 __u16 sadb_spirange_exttype; 154 __u32 sadb_spirange_min; 155 __u32 sadb_spirange_max; 156 __u32 sadb_spirange_reserved; 157} __attribute__((packed)); 158/* sizeof(struct sadb_spirange) == 16 */ 159 160struct sadb_x_kmprivate { 161 __u16 sadb_x_kmprivate_len; 162 __u16 sadb_x_kmprivate_exttype; 163 __u32 sadb_x_kmprivate_reserved; 164} __attribute__((packed)); 165/* sizeof(struct sadb_x_kmprivate) == 8 */ 166 167struct sadb_x_sa2 { 168 __u16 sadb_x_sa2_len; 169 __u16 sadb_x_sa2_exttype; 170 __u8 sadb_x_sa2_mode; 171 __u8 sadb_x_sa2_reserved1; 172 __u16 sadb_x_sa2_reserved2; 173 __u32 sadb_x_sa2_sequence; 174 __u32 sadb_x_sa2_reqid; 175} __attribute__((packed)); 176/* sizeof(struct sadb_x_sa2) == 16 */ 177 178struct sadb_x_policy { 179 __u16 sadb_x_policy_len; 180 __u16 sadb_x_policy_exttype; 181 __u16 sadb_x_policy_type; 182 __u8 sadb_x_policy_dir; 183 __u8 sadb_x_policy_reserved; 184 __u32 sadb_x_policy_id; 185 __u32 sadb_x_policy_priority; 186} __attribute__((packed)); 187/* sizeof(struct sadb_x_policy) == 16 */ 188 189struct sadb_x_ipsecrequest { 190 __u16 sadb_x_ipsecrequest_len; 191 __u16 sadb_x_ipsecrequest_proto; 192 __u8 sadb_x_ipsecrequest_mode; 193 __u8 sadb_x_ipsecrequest_level; 194 __u16 sadb_x_ipsecrequest_reserved1; 195 __u32 sadb_x_ipsecrequest_reqid; 196 __u32 sadb_x_ipsecrequest_reserved2; 197} __attribute__((packed)); 198/* sizeof(struct sadb_x_ipsecrequest) == 16 */ 199 200/* This defines the TYPE of Nat Traversal in use. Currently only one 201 * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06 202 */ 203struct sadb_x_nat_t_type { 204 __u16 sadb_x_nat_t_type_len; 205 __u16 sadb_x_nat_t_type_exttype; 206 __u8 sadb_x_nat_t_type_type; 207 __u8 sadb_x_nat_t_type_reserved[3]; 208} __attribute__((packed)); 209/* sizeof(struct sadb_x_nat_t_type) == 8 */ 210 211/* Pass a NAT Traversal port (Source or Dest port) */ 212struct sadb_x_nat_t_port { 213 __u16 sadb_x_nat_t_port_len; 214 __u16 sadb_x_nat_t_port_exttype; 215 __be16 sadb_x_nat_t_port_port; 216 __u16 sadb_x_nat_t_port_reserved; 217} __attribute__((packed)); 218/* sizeof(struct sadb_x_nat_t_port) == 8 */ 219 220/* Generic LSM security context */ 221struct sadb_x_sec_ctx { 222 __u16 sadb_x_sec_len; 223 __u16 sadb_x_sec_exttype; 224 __u8 sadb_x_ctx_alg; /* LSMs: e.g., selinux == 1 */ 225 __u8 sadb_x_ctx_doi; 226 __u16 sadb_x_ctx_len; 227} __attribute__((packed)); 228/* sizeof(struct sadb_sec_ctx) = 8 */ 229 230/* Used by MIGRATE to pass addresses IKE will use to perform 231 * negotiation with the peer */ 232struct sadb_x_kmaddress { 233 __u16 sadb_x_kmaddress_len; 234 __u16 sadb_x_kmaddress_exttype; 235 __u32 sadb_x_kmaddress_reserved; 236} __attribute__((packed)); 237/* sizeof(struct sadb_x_kmaddress) == 8 */ 238 239/* To specify the SA dump filter */ 240struct sadb_x_filter { 241 __u16 sadb_x_filter_len; 242 __u16 sadb_x_filter_exttype; 243 __u32 sadb_x_filter_saddr[4]; 244 __u32 sadb_x_filter_daddr[4]; 245 __u16 sadb_x_filter_family; 246 __u8 sadb_x_filter_splen; 247 __u8 sadb_x_filter_dplen; 248} __attribute__((packed)); 249/* sizeof(struct sadb_x_filter) == 40 */ 250 251/* Message types */ 252#define SADB_RESERVED 0 253#define SADB_GETSPI 1 254#define SADB_UPDATE 2 255#define SADB_ADD 3 256#define SADB_DELETE 4 257#define SADB_GET 5 258#define SADB_ACQUIRE 6 259#define SADB_REGISTER 7 260#define SADB_EXPIRE 8 261#define SADB_FLUSH 9 262#define SADB_DUMP 10 263#define SADB_X_PROMISC 11 264#define SADB_X_PCHANGE 12 265#define SADB_X_SPDUPDATE 13 266#define SADB_X_SPDADD 14 267#define SADB_X_SPDDELETE 15 268#define SADB_X_SPDGET 16 269#define SADB_X_SPDACQUIRE 17 270#define SADB_X_SPDDUMP 18 271#define SADB_X_SPDFLUSH 19 272#define SADB_X_SPDSETIDX 20 273#define SADB_X_SPDEXPIRE 21 274#define SADB_X_SPDDELETE2 22 275#define SADB_X_NAT_T_NEW_MAPPING 23 276#define SADB_X_MIGRATE 24 277#define SADB_MAX 24 278 279/* Security Association flags */ 280#define SADB_SAFLAGS_PFS 1 281#define SADB_SAFLAGS_NOPMTUDISC 0x20000000 282#define SADB_SAFLAGS_DECAP_DSCP 0x40000000 283#define SADB_SAFLAGS_NOECN 0x80000000 284 285/* Security Association states */ 286#define SADB_SASTATE_LARVAL 0 287#define SADB_SASTATE_MATURE 1 288#define SADB_SASTATE_DYING 2 289#define SADB_SASTATE_DEAD 3 290#define SADB_SASTATE_MAX 3 291 292/* Security Association types */ 293#define SADB_SATYPE_UNSPEC 0 294#define SADB_SATYPE_AH 2 295#define SADB_SATYPE_ESP 3 296#define SADB_SATYPE_RSVP 5 297#define SADB_SATYPE_OSPFV2 6 298#define SADB_SATYPE_RIPV2 7 299#define SADB_SATYPE_MIP 8 300#define SADB_X_SATYPE_IPCOMP 9 301#define SADB_SATYPE_MAX 9 302 303/* Authentication algorithms */ 304#define SADB_AALG_NONE 0 305#define SADB_AALG_MD5HMAC 2 306#define SADB_AALG_SHA1HMAC 3 307#define SADB_X_AALG_SHA2_256HMAC 5 308#define SADB_X_AALG_SHA2_384HMAC 6 309#define SADB_X_AALG_SHA2_512HMAC 7 310#define SADB_X_AALG_RIPEMD160HMAC 8 311#define SADB_X_AALG_AES_XCBC_MAC 9 312#define SADB_X_AALG_NULL 251 /* kame */ 313#define SADB_AALG_MAX 251 314 315/* Encryption algorithms */ 316#define SADB_EALG_NONE 0 317#define SADB_EALG_DESCBC 2 318#define SADB_EALG_3DESCBC 3 319#define SADB_X_EALG_CASTCBC 6 320#define SADB_X_EALG_BLOWFISHCBC 7 321#define SADB_EALG_NULL 11 322#define SADB_X_EALG_AESCBC 12 323#define SADB_X_EALG_AESCTR 13 324#define SADB_X_EALG_AES_CCM_ICV8 14 325#define SADB_X_EALG_AES_CCM_ICV12 15 326#define SADB_X_EALG_AES_CCM_ICV16 16 327#define SADB_X_EALG_AES_GCM_ICV8 18 328#define SADB_X_EALG_AES_GCM_ICV12 19 329#define SADB_X_EALG_AES_GCM_ICV16 20 330#define SADB_X_EALG_CAMELLIACBC 22 331#define SADB_X_EALG_NULL_AES_GMAC 23 332#define SADB_EALG_MAX 253 /* last EALG */ 333/* private allocations should use 249-255 (RFC2407) */ 334#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ 335#define SADB_X_EALG_TWOFISHCBC 253 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ 336 337/* Compression algorithms */ 338#define SADB_X_CALG_NONE 0 339#define SADB_X_CALG_OUI 1 340#define SADB_X_CALG_DEFLATE 2 341#define SADB_X_CALG_LZS 3 342#define SADB_X_CALG_LZJH 4 343#define SADB_X_CALG_MAX 4 344 345/* Extension Header values */ 346#define SADB_EXT_RESERVED 0 347#define SADB_EXT_SA 1 348#define SADB_EXT_LIFETIME_CURRENT 2 349#define SADB_EXT_LIFETIME_HARD 3 350#define SADB_EXT_LIFETIME_SOFT 4 351#define SADB_EXT_ADDRESS_SRC 5 352#define SADB_EXT_ADDRESS_DST 6 353#define SADB_EXT_ADDRESS_PROXY 7 354#define SADB_EXT_KEY_AUTH 8 355#define SADB_EXT_KEY_ENCRYPT 9 356#define SADB_EXT_IDENTITY_SRC 10 357#define SADB_EXT_IDENTITY_DST 11 358#define SADB_EXT_SENSITIVITY 12 359#define SADB_EXT_PROPOSAL 13 360#define SADB_EXT_SUPPORTED_AUTH 14 361#define SADB_EXT_SUPPORTED_ENCRYPT 15 362#define SADB_EXT_SPIRANGE 16 363#define SADB_X_EXT_KMPRIVATE 17 364#define SADB_X_EXT_POLICY 18 365#define SADB_X_EXT_SA2 19 366/* The next four entries are for setting up NAT Traversal */ 367#define SADB_X_EXT_NAT_T_TYPE 20 368#define SADB_X_EXT_NAT_T_SPORT 21 369#define SADB_X_EXT_NAT_T_DPORT 22 370#define SADB_X_EXT_NAT_T_OA 23 371#define SADB_X_EXT_SEC_CTX 24 372/* Used with MIGRATE to pass @ to IKE for negotiation */ 373#define SADB_X_EXT_KMADDRESS 25 374#define SADB_X_EXT_FILTER 26 375#define SADB_EXT_MAX 26 376 377/* Identity Extension values */ 378#define SADB_IDENTTYPE_RESERVED 0 379#define SADB_IDENTTYPE_PREFIX 1 380#define SADB_IDENTTYPE_FQDN 2 381#define SADB_IDENTTYPE_USERFQDN 3 382#define SADB_IDENTTYPE_MAX 3 383 384#endif /* !(_LINUX_PFKEY2_H) */ 385