removed old FreeS/WAN cvs revision entries
[strongswan.git] / src / libfreeswan / pfkey.h
1 /*
2 * FreeS/WAN specific PF_KEY headers
3 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * RCSID $Id: pfkey.h,v 1.2 2004/03/22 21:53:18 as Exp $
16 */
17
18 #ifndef __NET_IPSEC_PF_KEY_H
19 #define __NET_IPSEC_PF_KEY_H
20 #ifdef __KERNEL__
21 extern struct proto_ops pfkey_proto_ops;
22 typedef struct sock pfkey_sock;
23 extern int debug_pfkey;
24
25 extern /* void */ int pfkey_init(void);
26 extern /* void */ int pfkey_cleanup(void);
27
28 extern struct sock *pfkey_sock_list;
29 struct socket_list
30 {
31 struct socket *socketp;
32 struct socket_list *next;
33 };
34 extern int pfkey_list_insert_socket(struct socket*, struct socket_list**);
35 extern int pfkey_list_remove_socket(struct socket*, struct socket_list**);
36 extern struct socket_list *pfkey_open_sockets;
37 extern struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1];
38
39 /*
40 * There is a field-by-field copy in klips/net/ipsec/ipsec_alg.h
41 * please keep in sync until we migrate all support stuff
42 * to ipsec_alg objects
43 */
44 struct supported
45 {
46 uint16_t supported_alg_exttype;
47 uint8_t supported_alg_id;
48 uint8_t supported_alg_ivlen;
49 uint16_t supported_alg_minbits;
50 uint16_t supported_alg_maxbits;
51 };
52 extern struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
53 struct supported_list
54 {
55 struct supported *supportedp;
56 struct supported_list *next;
57 };
58 extern int pfkey_list_insert_supported(struct supported*, struct supported_list**);
59 extern int pfkey_list_remove_supported(struct supported*, struct supported_list**);
60
61 struct sockaddr_key
62 {
63 uint16_t key_family; /* PF_KEY */
64 uint16_t key_pad; /* not used */
65 uint32_t key_pid; /* process ID */
66 };
67
68 struct pfkey_extracted_data
69 {
70 struct ipsec_sa* ips;
71 struct ipsec_sa* ips2;
72 struct eroute *eroute;
73 };
74
75 extern int
76 pfkey_alloc_eroute(struct eroute** eroute);
77
78 extern int
79 pfkey_sa_process(struct sadb_ext *pfkey_ext,
80 struct pfkey_extracted_data* extr);
81
82 extern int
83 pfkey_lifetime_process(struct sadb_ext *pfkey_ext,
84 struct pfkey_extracted_data* extr);
85
86 extern int
87 pfkey_address_process(struct sadb_ext *pfkey_ext,
88 struct pfkey_extracted_data* extr);
89
90 extern int
91 pfkey_key_process(struct sadb_ext *pfkey_ext,
92 struct pfkey_extracted_data* extr);
93
94 extern int
95 pfkey_ident_process(struct sadb_ext *pfkey_ext,
96 struct pfkey_extracted_data* extr);
97
98 extern int
99 pfkey_sens_process(struct sadb_ext *pfkey_ext,
100 struct pfkey_extracted_data* extr);
101
102 extern int
103 pfkey_prop_process(struct sadb_ext *pfkey_ext,
104 struct pfkey_extracted_data* extr);
105
106 extern int
107 pfkey_supported_process(struct sadb_ext *pfkey_ext,
108 struct pfkey_extracted_data* extr);
109
110 extern int
111 pfkey_spirange_process(struct sadb_ext *pfkey_ext,
112 struct pfkey_extracted_data* extr);
113
114 extern int
115 pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext,
116 struct pfkey_extracted_data* extr);
117
118 extern int
119 pfkey_x_satype_process(struct sadb_ext *pfkey_ext,
120 struct pfkey_extracted_data* extr);
121
122 extern int
123 pfkey_x_debug_process(struct sadb_ext *pfkey_ext,
124 struct pfkey_extracted_data* extr);
125
126 extern int pfkey_register_reply(int satype, struct sadb_msg *);
127 extern int pfkey_upmsg(struct socket *, struct sadb_msg *);
128 extern int pfkey_expire(struct ipsec_sa *, int);
129 extern int pfkey_acquire(struct ipsec_sa *);
130 #else /* ! __KERNEL__ */
131
132 extern void (*pfkey_debug_func)(const char *message, ...);
133
134 #endif /* __KERNEL__ */
135
136 extern uint8_t satype2proto(uint8_t satype);
137 extern uint8_t proto2satype(uint8_t proto);
138 extern char* satype2name(uint8_t satype);
139 extern char* proto2name(uint8_t proto);
140
141 struct key_opt
142 {
143 uint32_t key_pid; /* process ID */
144 struct sock *sk;
145 };
146
147 #define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid
148
149 #define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t))
150 #define BITS_PER_OCTET 8
151 #define OCTETBITS 8
152 #define PFKEYBITS 64
153 #define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */
154 #define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */
155
156 #define PFKEYv2_MAX_MSGSIZE 4096
157
158 /*
159 * PF_KEYv2 permitted and required extensions in and out bitmaps
160 */
161 struct pf_key_ext_parsers_def {
162 int (*parser)(struct sadb_ext*);
163 char *parser_name;
164 };
165
166
167 extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/];
168 #define EXT_BITS_IN 0
169 #define EXT_BITS_OUT 1
170 #define EXT_BITS_PERM 0
171 #define EXT_BITS_REQ 1
172
173 extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
174 extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
175 extern void pfkey_msg_free(struct sadb_msg **pfkey_msg);
176
177 extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg,
178 struct pf_key_ext_parsers_def *ext_parsers[],
179 struct sadb_ext **extensions,
180 int dir);
181
182 /*
183 * PF_KEYv2 build function prototypes
184 */
185
186 int
187 pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext,
188 uint8_t msg_type,
189 uint8_t satype,
190 uint8_t msg_errno,
191 uint32_t seq,
192 uint32_t pid);
193
194 int
195 pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext,
196 uint16_t exttype,
197 uint32_t spi, /* in network order */
198 uint8_t replay_window,
199 uint8_t sa_state,
200 uint8_t auth,
201 uint8_t encrypt,
202 uint32_t flags,
203 uint32_t/*IPsecSAref_t*/ ref);
204
205 int
206 pfkey_sa_build(struct sadb_ext ** pfkey_ext,
207 uint16_t exttype,
208 uint32_t spi, /* in network order */
209 uint8_t replay_window,
210 uint8_t sa_state,
211 uint8_t auth,
212 uint8_t encrypt,
213 uint32_t flags);
214
215 int
216 pfkey_lifetime_build(struct sadb_ext ** pfkey_ext,
217 uint16_t exttype,
218 uint32_t allocations,
219 uint64_t bytes,
220 uint64_t addtime,
221 uint64_t usetime,
222 uint32_t packets);
223
224 int
225 pfkey_address_build(struct sadb_ext** pfkey_ext,
226 uint16_t exttype,
227 uint8_t proto,
228 uint8_t prefixlen,
229 struct sockaddr* address);
230
231 int
232 pfkey_key_build(struct sadb_ext** pfkey_ext,
233 uint16_t exttype,
234 uint16_t key_bits,
235 char* key);
236
237 int
238 pfkey_ident_build(struct sadb_ext** pfkey_ext,
239 uint16_t exttype,
240 uint16_t ident_type,
241 uint64_t ident_id,
242 uint8_t ident_len,
243 char* ident_string);
244
245 #ifdef __KERNEL__
246 extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16);
247 extern int pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
248 extern int pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
249 #endif /* __KERNEL__ */
250
251 int
252 pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext,
253 uint8_t type);
254 int
255 pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext,
256 uint16_t exttype,
257 uint16_t port);
258
259 int
260 pfkey_sens_build(struct sadb_ext** pfkey_ext,
261 uint32_t dpd,
262 uint8_t sens_level,
263 uint8_t sens_len,
264 uint64_t* sens_bitmap,
265 uint8_t integ_level,
266 uint8_t integ_len,
267 uint64_t* integ_bitmap);
268
269 int
270 pfkey_x_protocol_build(struct sadb_ext **, uint8_t);
271
272
273 int
274 pfkey_prop_build(struct sadb_ext** pfkey_ext,
275 uint8_t replay,
276 unsigned int comb_num,
277 struct sadb_comb* comb);
278
279 int
280 pfkey_supported_build(struct sadb_ext** pfkey_ext,
281 uint16_t exttype,
282 unsigned int alg_num,
283 struct sadb_alg* alg);
284
285 int
286 pfkey_spirange_build(struct sadb_ext** pfkey_ext,
287 uint16_t exttype,
288 uint32_t min,
289 uint32_t max);
290
291 int
292 pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext);
293
294 int
295 pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
296 uint8_t satype);
297
298 int
299 pfkey_x_debug_build(struct sadb_ext** pfkey_ext,
300 uint32_t tunnel,
301 uint32_t netlink,
302 uint32_t xform,
303 uint32_t eroute,
304 uint32_t spi,
305 uint32_t radij,
306 uint32_t esp,
307 uint32_t ah,
308 uint32_t rcv,
309 uint32_t pfkey,
310 uint32_t ipcomp,
311 uint32_t verbose);
312
313 int
314 pfkey_msg_build(struct sadb_msg** pfkey_msg,
315 struct sadb_ext* extensions[],
316 int dir);
317
318 /* in pfkey_v2_debug.c - routines to decode numbers -> strings */
319 const char *
320 pfkey_v2_sadb_ext_string(int extnum);
321
322 const char *
323 pfkey_v2_sadb_type_string(int sadb_type);
324
325
326 #endif /* __NET_IPSEC_PF_KEY_H */