1/* PF_KEY user interface, this is defined by rfc2367 so 2 * do not make arbitrary modifications or else this header 3 * file will not be compliant. 4 */ 5 6#ifndef _LINUX_PFKEY2_H 7#define _LINUX_PFKEY2_H 8 9#include <linux/types.h> 10 11#define PF_KEY_V2 2 12#define PFKEYV2_REVISION 199806L 13 14struct sadb_msg { 15 __u8 sadb_msg_version; 16 __u8 sadb_msg_type; 17 __u8 sadb_msg_errno; 18 __u8 sadb_msg_satype; 19 __u16 sadb_msg_len; 20 __u16 sadb_msg_reserved; 21 __u32 sadb_msg_seq; 22 __u32 sadb_msg_pid; 23} __attribute__((packed)); 24/* sizeof(struct sadb_msg) == 16 */ 25 26struct sadb_ext { 27 __u16 sadb_ext_len; 28 __u16 sadb_ext_type; 29} __attribute__((packed)); 30/* sizeof(struct sadb_ext) == 4 */ 31 32struct sadb_sa { 33 __u16 sadb_sa_len; 34 __u16 sadb_sa_exttype; 35 __be32 sadb_sa_spi; 36 __u8 sadb_sa_replay; 37 __u8 sadb_sa_state; 38 __u8 sadb_sa_auth; 39 __u8 sadb_sa_encrypt; 40 __u32 sadb_sa_flags; 41} __attribute__((packed)); 42/* sizeof(struct sadb_sa) == 16 */ 43 44struct sadb_lifetime { 45 __u16 sadb_lifetime_len; 46 __u16 sadb_lifetime_exttype; 47 __u32 sadb_lifetime_allocations; 48 __u64 sadb_lifetime_bytes; 49 __u64 sadb_lifetime_addtime; 50 __u64 sadb_lifetime_usetime; 51} __attribute__((packed)); 52/* sizeof(struct sadb_lifetime) == 32 */ 53 54struct sadb_address { 55 __u16 sadb_address_len; 56 __u16 sadb_address_exttype; 57 __u8 sadb_address_proto; 58 __u8 sadb_address_prefixlen; 59 __u16 sadb_address_reserved; 60} __attribute__((packed)); 61/* sizeof(struct sadb_address) == 8 */ 62 63struct sadb_key { 64 __u16 sadb_key_len; 65 __u16 sadb_key_exttype; 66 __u16 sadb_key_bits; 67 __u16 sadb_key_reserved; 68} __attribute__((packed)); 69/* sizeof(struct sadb_key) == 8 */ 70 71struct sadb_ident { 72 __u16 sadb_ident_len; 73 __u16 sadb_ident_exttype; 74 __u16 sadb_ident_type; 75 __u16 sadb_ident_reserved; 76 __u64 sadb_ident_id; 77} __attribute__((packed)); 78/* sizeof(struct sadb_ident) == 16 */ 79 80struct sadb_sens { 81 __u16 sadb_sens_len; 82 __u16 sadb_sens_exttype; 83 __u32 sadb_sens_dpd; 84 __u8 sadb_sens_sens_level; 85 __u8 sadb_sens_sens_len; 86 __u8 sadb_sens_integ_level; 87 __u8 sadb_sens_integ_len; 88 __u32 sadb_sens_reserved; 89} __attribute__((packed)); 90/* sizeof(struct sadb_sens) == 16 */ 91 92/* followed by: 93 __u64 sadb_sens_bitmap[sens_len]; 94 __u64 sadb_integ_bitmap[integ_len]; */ 95 96struct sadb_prop { 97 __u16 sadb_prop_len; 98 __u16 sadb_prop_exttype; 99 __u8 sadb_prop_replay; 100 __u8 sadb_prop_reserved[3]; 101} __attribute__((packed)); 102/* sizeof(struct sadb_prop) == 8 */ 103 104/* followed by: 105 struct sadb_comb sadb_combs[(sadb_prop_len + 106 sizeof(__u64) - sizeof(struct sadb_prop)) / 107 sizeof(struct sadb_comb)]; */ 108 109struct sadb_comb { 110 __u8 sadb_comb_auth; 111 __u8 sadb_comb_encrypt; 112 __u16 sadb_comb_flags; 113 __u16 sadb_comb_auth_minbits; 114 __u16 sadb_comb_auth_maxbits; 115 __u16 sadb_comb_encrypt_minbits; 116 __u16 sadb_comb_encrypt_maxbits; 117 __u32 sadb_comb_reserved; 118 __u32 sadb_comb_soft_allocations; 119 __u32 sadb_comb_hard_allocations; 120 __u64 sadb_comb_soft_bytes; 121 __u64 sadb_comb_hard_bytes; 122 __u64 sadb_comb_soft_addtime; 123 __u64 sadb_comb_hard_addtime; 124 __u64 sadb_comb_soft_usetime; 125 __u64 sadb_comb_hard_usetime; 126} __attribute__((packed)); 127/* sizeof(struct sadb_comb) == 72 */ 128 129struct sadb_supported { 130 __u16 sadb_supported_len; 131 __u16 sadb_supported_exttype; 132 __u32 sadb_supported_reserved; 133} __attribute__((packed)); 134/* sizeof(struct sadb_supported) == 8 */ 135 136/* followed by: 137 struct sadb_alg sadb_algs[(sadb_supported_len + 138 sizeof(__u64) - sizeof(struct sadb_supported)) / 139 sizeof(struct sadb_alg)]; */ 140 141struct sadb_alg { 142 __u8 sadb_alg_id; 143 __u8 sadb_alg_ivlen; 144 __u16 sadb_alg_minbits; 145 __u16 sadb_alg_maxbits; 146 __u16 sadb_alg_reserved; 147} __attribute__((packed)); 148/* sizeof(struct sadb_alg) == 8 */ 149 150struct sadb_spirange { 151 __u16 sadb_spirange_len; 152 __u16 sadb_spirange_exttype; 153 __u32 sadb_spirange_min; 154 __u32 sadb_spirange_max; 155 __u32 sadb_spirange_reserved; 156} __attribute__((packed)); 157/* sizeof(struct sadb_spirange) == 16 */ 158 159struct sadb_x_kmprivate { 160 __u16 sadb_x_kmprivate_len; 161 __u16 sadb_x_kmprivate_exttype; 162 __u32 sadb_x_kmprivate_reserved; 163} __attribute__((packed)); 164/* sizeof(struct sadb_x_kmprivate) == 8 */ 165 166struct sadb_x_sa2 { 167 __u16 sadb_x_sa2_len; 168 __u16 sadb_x_sa2_exttype; 169 __u8 sadb_x_sa2_mode; 170 __u8 sadb_x_sa2_reserved1; 171 __u16 sadb_x_sa2_reserved2; 172 __u32 sadb_x_sa2_sequence; 173 __u32 sadb_x_sa2_reqid; 174} __attribute__((packed)); 175/* sizeof(struct sadb_x_sa2) == 16 */ 176 177struct sadb_x_policy { 178 __u16 sadb_x_policy_len; 179 __u16 sadb_x_policy_exttype; 180 __u16 sadb_x_policy_type; 181 __u8 sadb_x_policy_dir; 182 __u8 sadb_x_policy_reserved; 183 __u32 sadb_x_policy_id; 184 __u32 sadb_x_policy_priority; 185} __attribute__((packed)); 186/* sizeof(struct sadb_x_policy) == 16 */ 187 188struct sadb_x_ipsecrequest { 189 __u16 sadb_x_ipsecrequest_len; 190 __u16 sadb_x_ipsecrequest_proto; 191 __u8 sadb_x_ipsecrequest_mode; 192 __u8 sadb_x_ipsecrequest_level; 193 __u16 sadb_x_ipsecrequest_reserved1; 194 __u32 sadb_x_ipsecrequest_reqid; 195 __u32 sadb_x_ipsecrequest_reserved2; 196} __attribute__((packed)); 197/* sizeof(struct sadb_x_ipsecrequest) == 16 */ 198 199/* This defines the TYPE of Nat Traversal in use. Currently only one 200 * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06 201 */ 202struct sadb_x_nat_t_type { 203 __u16 sadb_x_nat_t_type_len; 204 __u16 sadb_x_nat_t_type_exttype; 205 __u8 sadb_x_nat_t_type_type; 206 __u8 sadb_x_nat_t_type_reserved[3]; 207} __attribute__((packed)); 208/* sizeof(struct sadb_x_nat_t_type) == 8 */ 209 210/* Pass a NAT Traversal port (Source or Dest port) */ 211struct sadb_x_nat_t_port { 212 __u16 sadb_x_nat_t_port_len; 213 __u16 sadb_x_nat_t_port_exttype; 214 __be16 sadb_x_nat_t_port_port; 215 __u16 sadb_x_nat_t_port_reserved; 216} __attribute__((packed)); 217/* sizeof(struct sadb_x_nat_t_port) == 8 */ 218 219/* Generic LSM security context */ 220struct sadb_x_sec_ctx { 221 __u16 sadb_x_sec_len; 222 __u16 sadb_x_sec_exttype; 223 __u8 sadb_x_ctx_alg; /* LSMs: e.g., selinux == 1 */ 224 __u8 sadb_x_ctx_doi; 225 __u16 sadb_x_ctx_len; 226} __attribute__((packed)); 227/* sizeof(struct sadb_sec_ctx) = 8 */ 228 229/* Used by MIGRATE to pass addresses IKE will use to perform 230 * negotiation with the peer */ 231struct sadb_x_kmaddress { 232 __u16 sadb_x_kmaddress_len; 233 __u16 sadb_x_kmaddress_exttype; 234 __u32 sadb_x_kmaddress_reserved; 235} __attribute__((packed)); 236/* sizeof(struct sadb_x_kmaddress) == 8 */ 237 238/* To specify the SA dump filter */ 239struct sadb_x_filter { 240 __u16 sadb_x_filter_len; 241 __u16 sadb_x_filter_exttype; 242 __u32 sadb_x_filter_saddr[4]; 243 __u32 sadb_x_filter_daddr[4]; 244 __u16 sadb_x_filter_family; 245 __u8 sadb_x_filter_splen; 246 __u8 sadb_x_filter_dplen; 247} __attribute__((packed)); 248/* sizeof(struct sadb_x_filter) == 40 */ 249 250/* Message types */ 251#define SADB_RESERVED 0 252#define SADB_GETSPI 1 253#define SADB_UPDATE 2 254#define SADB_ADD 3 255#define SADB_DELETE 4 256#define SADB_GET 5 257#define SADB_ACQUIRE 6 258#define SADB_REGISTER 7 259#define SADB_EXPIRE 8 260#define SADB_FLUSH 9 261#define SADB_DUMP 10 262#define SADB_X_PROMISC 11 263#define SADB_X_PCHANGE 12 264#define SADB_X_SPDUPDATE 13 265#define SADB_X_SPDADD 14 266#define SADB_X_SPDDELETE 15 267#define SADB_X_SPDGET 16 268#define SADB_X_SPDACQUIRE 17 269#define SADB_X_SPDDUMP 18 270#define SADB_X_SPDFLUSH 19 271#define SADB_X_SPDSETIDX 20 272#define SADB_X_SPDEXPIRE 21 273#define SADB_X_SPDDELETE2 22 274#define SADB_X_NAT_T_NEW_MAPPING 23 275#define SADB_X_MIGRATE 24 276#define SADB_MAX 24 277 278/* Security Association flags */ 279#define SADB_SAFLAGS_PFS 1 280#define SADB_SAFLAGS_NOPMTUDISC 0x20000000 281#define SADB_SAFLAGS_DECAP_DSCP 0x40000000 282#define SADB_SAFLAGS_NOECN 0x80000000 283 284/* Security Association states */ 285#define SADB_SASTATE_LARVAL 0 286#define SADB_SASTATE_MATURE 1 287#define SADB_SASTATE_DYING 2 288#define SADB_SASTATE_DEAD 3 289#define SADB_SASTATE_MAX 3 290 291/* Security Association types */ 292#define SADB_SATYPE_UNSPEC 0 293#define SADB_SATYPE_AH 2 294#define SADB_SATYPE_ESP 3 295#define SADB_SATYPE_RSVP 5 296#define SADB_SATYPE_OSPFV2 6 297#define SADB_SATYPE_RIPV2 7 298#define SADB_SATYPE_MIP 8 299#define SADB_X_SATYPE_IPCOMP 9 300#define SADB_SATYPE_MAX 9 301 302/* Authentication algorithms */ 303#define SADB_AALG_NONE 0 304#define SADB_AALG_MD5HMAC 2 305#define SADB_AALG_SHA1HMAC 3 306#define SADB_X_AALG_SHA2_256HMAC 5 307#define SADB_X_AALG_SHA2_384HMAC 6 308#define SADB_X_AALG_SHA2_512HMAC 7 309#define SADB_X_AALG_RIPEMD160HMAC 8 310#define SADB_X_AALG_AES_XCBC_MAC 9 311#define SADB_X_AALG_NULL 251 /* kame */ 312#define SADB_AALG_MAX 251 313 314/* Encryption algorithms */ 315#define SADB_EALG_NONE 0 316#define SADB_EALG_DESCBC 2 317#define SADB_EALG_3DESCBC 3 318#define SADB_X_EALG_CASTCBC 6 319#define SADB_X_EALG_BLOWFISHCBC 7 320#define SADB_EALG_NULL 11 321#define SADB_X_EALG_AESCBC 12 322#define SADB_X_EALG_AESCTR 13 323#define SADB_X_EALG_AES_CCM_ICV8 14 324#define SADB_X_EALG_AES_CCM_ICV12 15 325#define SADB_X_EALG_AES_CCM_ICV16 16 326#define SADB_X_EALG_AES_GCM_ICV8 18 327#define SADB_X_EALG_AES_GCM_ICV12 19 328#define SADB_X_EALG_AES_GCM_ICV16 20 329#define SADB_X_EALG_CAMELLIACBC 22 330#define SADB_X_EALG_NULL_AES_GMAC 23 331#define SADB_EALG_MAX 253 /* last EALG */ 332/* private allocations should use 249-255 (RFC2407) */ 333#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ 334#define SADB_X_EALG_TWOFISHCBC 253 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ 335 336/* Compression algorithms */ 337#define SADB_X_CALG_NONE 0 338#define SADB_X_CALG_OUI 1 339#define SADB_X_CALG_DEFLATE 2 340#define SADB_X_CALG_LZS 3 341#define SADB_X_CALG_LZJH 4 342#define SADB_X_CALG_MAX 4 343 344/* Extension Header values */ 345#define SADB_EXT_RESERVED 0 346#define SADB_EXT_SA 1 347#define SADB_EXT_LIFETIME_CURRENT 2 348#define SADB_EXT_LIFETIME_HARD 3 349#define SADB_EXT_LIFETIME_SOFT 4 350#define SADB_EXT_ADDRESS_SRC 5 351#define SADB_EXT_ADDRESS_DST 6 352#define SADB_EXT_ADDRESS_PROXY 7 353#define SADB_EXT_KEY_AUTH 8 354#define SADB_EXT_KEY_ENCRYPT 9 355#define SADB_EXT_IDENTITY_SRC 10 356#define SADB_EXT_IDENTITY_DST 11 357#define SADB_EXT_SENSITIVITY 12 358#define SADB_EXT_PROPOSAL 13 359#define SADB_EXT_SUPPORTED_AUTH 14 360#define SADB_EXT_SUPPORTED_ENCRYPT 15 361#define SADB_EXT_SPIRANGE 16 362#define SADB_X_EXT_KMPRIVATE 17 363#define SADB_X_EXT_POLICY 18 364#define SADB_X_EXT_SA2 19 365/* The next four entries are for setting up NAT Traversal */ 366#define SADB_X_EXT_NAT_T_TYPE 20 367#define SADB_X_EXT_NAT_T_SPORT 21 368#define SADB_X_EXT_NAT_T_DPORT 22 369#define SADB_X_EXT_NAT_T_OA 23 370#define SADB_X_EXT_SEC_CTX 24 371/* Used with MIGRATE to pass @ to IKE for negotiation */ 372#define SADB_X_EXT_KMADDRESS 25 373#define SADB_X_EXT_FILTER 26 374#define SADB_EXT_MAX 26 375 376/* Identity Extension values */ 377#define SADB_IDENTTYPE_RESERVED 0 378#define SADB_IDENTTYPE_PREFIX 1 379#define SADB_IDENTTYPE_FQDN 2 380#define SADB_IDENTTYPE_USERFQDN 3 381#define SADB_IDENTTYPE_MAX 3 382 383#endif /* !(_LINUX_PFKEY2_H) */ 384