48579e27a184445c9c394ba55cc7a5c5b8b15cef
[strongswan.git] / src / libfreeswan / pfkeyv2.h
1 /*
2 * RCSID $Id: pfkeyv2.h,v 1.5 2004/10/04 22:43:56 as Exp $
3 */
4
5 /*
6 RFC 2367 PF_KEY Key Management API July 1998
7
8
9 Appendix D: Sample Header File
10
11 This file defines structures and symbols for the PF_KEY Version 2
12 key management interface. It was written at the U.S. Naval Research
13 Laboratory. This file is in the public domain. The authors ask that
14 you leave this credit intact on any copies of this file.
15 */
16 #ifndef __PFKEY_V2_H
17 #define __PFKEY_V2_H 1
18
19 #define PF_KEY_V2 2
20 #define PFKEYV2_REVISION 199806L
21
22 #define SADB_RESERVED 0
23 #define SADB_GETSPI 1
24 #define SADB_UPDATE 2
25 #define SADB_ADD 3
26 #define SADB_DELETE 4
27 #define SADB_GET 5
28 #define SADB_ACQUIRE 6
29 #define SADB_REGISTER 7
30 #define SADB_EXPIRE 8
31 #define SADB_FLUSH 9
32 #define SADB_DUMP 10
33 #define SADB_X_PROMISC 11
34 #define SADB_X_PCHANGE 12
35 #define SADB_X_GRPSA 13
36 #define SADB_X_ADDFLOW 14
37 #define SADB_X_DELFLOW 15
38 #define SADB_X_DEBUG 16
39 #ifdef NAT_TRAVERSAL
40 #define SADB_X_NAT_T_NEW_MAPPING 17
41 #define SADB_MAX 17
42 #else
43 #define SADB_MAX 16
44 #endif
45
46 struct sadb_msg {
47 uint8_t sadb_msg_version;
48 uint8_t sadb_msg_type;
49 uint8_t sadb_msg_errno;
50 uint8_t sadb_msg_satype;
51 uint16_t sadb_msg_len;
52 uint16_t sadb_msg_reserved;
53 uint32_t sadb_msg_seq;
54 uint32_t sadb_msg_pid;
55 };
56
57 struct sadb_ext {
58 uint16_t sadb_ext_len;
59 uint16_t sadb_ext_type;
60 };
61
62 struct sadb_sa {
63 uint16_t sadb_sa_len;
64 uint16_t sadb_sa_exttype;
65 uint32_t sadb_sa_spi;
66 uint8_t sadb_sa_replay;
67 uint8_t sadb_sa_state;
68 uint8_t sadb_sa_auth;
69 uint8_t sadb_sa_encrypt;
70 uint32_t sadb_sa_flags;
71 uint32_t /*IPsecSAref_t*/ sadb_x_sa_ref; /* 32 bits */
72 uint8_t sadb_x_reserved[4];
73 };
74
75 struct sadb_sa_v1 {
76 uint16_t sadb_sa_len;
77 uint16_t sadb_sa_exttype;
78 uint32_t sadb_sa_spi;
79 uint8_t sadb_sa_replay;
80 uint8_t sadb_sa_state;
81 uint8_t sadb_sa_auth;
82 uint8_t sadb_sa_encrypt;
83 uint32_t sadb_sa_flags;
84 };
85
86 struct sadb_lifetime {
87 uint16_t sadb_lifetime_len;
88 uint16_t sadb_lifetime_exttype;
89 uint32_t sadb_lifetime_allocations;
90 uint64_t sadb_lifetime_bytes;
91 uint64_t sadb_lifetime_addtime;
92 uint64_t sadb_lifetime_usetime;
93 uint32_t sadb_x_lifetime_packets;
94 uint32_t sadb_x_lifetime_reserved;
95 };
96
97 struct sadb_address {
98 uint16_t sadb_address_len;
99 uint16_t sadb_address_exttype;
100 uint8_t sadb_address_proto;
101 uint8_t sadb_address_prefixlen;
102 uint16_t sadb_address_reserved;
103 };
104
105 struct sadb_key {
106 uint16_t sadb_key_len;
107 uint16_t sadb_key_exttype;
108 uint16_t sadb_key_bits;
109 uint16_t sadb_key_reserved;
110 };
111
112 struct sadb_ident {
113 uint16_t sadb_ident_len;
114 uint16_t sadb_ident_exttype;
115 uint16_t sadb_ident_type;
116 uint16_t sadb_ident_reserved;
117 uint64_t sadb_ident_id;
118 };
119
120 struct sadb_sens {
121 uint16_t sadb_sens_len;
122 uint16_t sadb_sens_exttype;
123 uint32_t sadb_sens_dpd;
124 uint8_t sadb_sens_sens_level;
125 uint8_t sadb_sens_sens_len;
126 uint8_t sadb_sens_integ_level;
127 uint8_t sadb_sens_integ_len;
128 uint32_t sadb_sens_reserved;
129 };
130
131 struct sadb_prop {
132 uint16_t sadb_prop_len;
133 uint16_t sadb_prop_exttype;
134 uint8_t sadb_prop_replay;
135 uint8_t sadb_prop_reserved[3];
136 };
137
138 struct sadb_comb {
139 uint8_t sadb_comb_auth;
140 uint8_t sadb_comb_encrypt;
141 uint16_t sadb_comb_flags;
142 uint16_t sadb_comb_auth_minbits;
143 uint16_t sadb_comb_auth_maxbits;
144 uint16_t sadb_comb_encrypt_minbits;
145 uint16_t sadb_comb_encrypt_maxbits;
146 uint32_t sadb_comb_reserved;
147 uint32_t sadb_comb_soft_allocations;
148 uint32_t sadb_comb_hard_allocations;
149 uint64_t sadb_comb_soft_bytes;
150 uint64_t sadb_comb_hard_bytes;
151 uint64_t sadb_comb_soft_addtime;
152 uint64_t sadb_comb_hard_addtime;
153 uint64_t sadb_comb_soft_usetime;
154 uint64_t sadb_comb_hard_usetime;
155 uint32_t sadb_x_comb_soft_packets;
156 uint32_t sadb_x_comb_hard_packets;
157 };
158
159 struct sadb_supported {
160 uint16_t sadb_supported_len;
161 uint16_t sadb_supported_exttype;
162 uint32_t sadb_supported_reserved;
163 };
164
165 struct sadb_alg {
166 uint8_t sadb_alg_id;
167 uint8_t sadb_alg_ivlen;
168 uint16_t sadb_alg_minbits;
169 uint16_t sadb_alg_maxbits;
170 uint16_t sadb_alg_reserved;
171 };
172
173 struct sadb_spirange {
174 uint16_t sadb_spirange_len;
175 uint16_t sadb_spirange_exttype;
176 uint32_t sadb_spirange_min;
177 uint32_t sadb_spirange_max;
178 uint32_t sadb_spirange_reserved;
179 };
180
181 struct sadb_x_kmprivate {
182 uint16_t sadb_x_kmprivate_len;
183 uint16_t sadb_x_kmprivate_exttype;
184 uint32_t sadb_x_kmprivate_reserved;
185 };
186
187 struct sadb_x_satype {
188 uint16_t sadb_x_satype_len;
189 uint16_t sadb_x_satype_exttype;
190 uint8_t sadb_x_satype_satype;
191 uint8_t sadb_x_satype_reserved[3];
192 };
193
194 struct sadb_x_policy {
195 uint16_t sadb_x_policy_len;
196 uint16_t sadb_x_policy_exttype;
197 uint16_t sadb_x_policy_type;
198 uint8_t sadb_x_policy_dir;
199 uint8_t sadb_x_policy_reserved;
200 uint32_t sadb_x_policy_id;
201 uint32_t sadb_x_policy_reserved2;
202 };
203
204 struct sadb_x_debug {
205 uint16_t sadb_x_debug_len;
206 uint16_t sadb_x_debug_exttype;
207 uint32_t sadb_x_debug_tunnel;
208 uint32_t sadb_x_debug_netlink;
209 uint32_t sadb_x_debug_xform;
210 uint32_t sadb_x_debug_eroute;
211 uint32_t sadb_x_debug_spi;
212 uint32_t sadb_x_debug_radij;
213 uint32_t sadb_x_debug_esp;
214 uint32_t sadb_x_debug_ah;
215 uint32_t sadb_x_debug_rcv;
216 uint32_t sadb_x_debug_pfkey;
217 uint32_t sadb_x_debug_ipcomp;
218 uint32_t sadb_x_debug_verbose;
219 uint8_t sadb_x_debug_reserved[4];
220 };
221
222 #ifdef NAT_TRAVERSAL
223 struct sadb_x_nat_t_type {
224 uint16_t sadb_x_nat_t_type_len;
225 uint16_t sadb_x_nat_t_type_exttype;
226 uint8_t sadb_x_nat_t_type_type;
227 uint8_t sadb_x_nat_t_type_reserved[3];
228 };
229 struct sadb_x_nat_t_port {
230 uint16_t sadb_x_nat_t_port_len;
231 uint16_t sadb_x_nat_t_port_exttype;
232 uint16_t sadb_x_nat_t_port_port;
233 uint16_t sadb_x_nat_t_port_reserved;
234 };
235 #endif
236
237 /*
238 * A protocol structure for passing through the transport level
239 * protocol. It contains more fields than are actually used/needed
240 * but it is this way to be compatible with the structure used in
241 * OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.h)
242 */
243 struct sadb_protocol {
244 uint16_t sadb_protocol_len;
245 uint16_t sadb_protocol_exttype;
246 uint8_t sadb_protocol_proto;
247 uint8_t sadb_protocol_direction;
248 uint8_t sadb_protocol_flags;
249 uint8_t sadb_protocol_reserved2;
250 };
251
252 #define SADB_EXT_RESERVED 0
253 #define SADB_EXT_SA 1
254 #define SADB_EXT_LIFETIME_CURRENT 2
255 #define SADB_EXT_LIFETIME_HARD 3
256 #define SADB_EXT_LIFETIME_SOFT 4
257 #define SADB_EXT_ADDRESS_SRC 5
258 #define SADB_EXT_ADDRESS_DST 6
259 #define SADB_EXT_ADDRESS_PROXY 7
260 #define SADB_EXT_KEY_AUTH 8
261 #define SADB_EXT_KEY_ENCRYPT 9
262 #define SADB_EXT_IDENTITY_SRC 10
263 #define SADB_EXT_IDENTITY_DST 11
264 #define SADB_EXT_SENSITIVITY 12
265 #define SADB_EXT_PROPOSAL 13
266 #define SADB_EXT_SUPPORTED_AUTH 14
267 #define SADB_EXT_SUPPORTED_ENCRYPT 15
268 #define SADB_EXT_SPIRANGE 16
269 #define SADB_X_EXT_KMPRIVATE 17
270 #define SADB_X_EXT_SATYPE2 18
271 #ifdef KERNEL26_HAS_KAME_DUPLICATES
272 #define SADB_X_EXT_POLICY 18
273 #endif
274 #define SADB_X_EXT_SA2 19
275 #define SADB_X_EXT_ADDRESS_DST2 20
276 #define SADB_X_EXT_ADDRESS_SRC_FLOW 21
277 #define SADB_X_EXT_ADDRESS_DST_FLOW 22
278 #define SADB_X_EXT_ADDRESS_SRC_MASK 23
279 #define SADB_X_EXT_ADDRESS_DST_MASK 24
280 #define SADB_X_EXT_DEBUG 25
281 #define SADB_X_EXT_PROTOCOL 26
282 #ifdef NAT_TRAVERSAL
283 #define SADB_X_EXT_NAT_T_TYPE 27
284 #define SADB_X_EXT_NAT_T_SPORT 28
285 #define SADB_X_EXT_NAT_T_DPORT 29
286 #define SADB_X_EXT_NAT_T_OA 30
287 #define SADB_EXT_MAX 30
288 #else
289 #define SADB_EXT_MAX 26
290 #endif
291
292 /* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */
293 #define SADB_X_EXT_ADDRESS_DELFLOW \
294 ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \
295 | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \
296 | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \
297 | (1<<SADB_X_EXT_ADDRESS_DST_MASK))
298
299 #define SADB_SATYPE_UNSPEC 0
300 #define SADB_SATYPE_AH 2
301 #define SADB_SATYPE_ESP 3
302 #define SADB_SATYPE_RSVP 5
303 #define SADB_SATYPE_OSPFV2 6
304 #define SADB_SATYPE_RIPV2 7
305 #define SADB_SATYPE_MIP 8
306 #define SADB_X_SATYPE_IPIP 9
307 #ifdef KERNEL26_HAS_KAME_DUPLICATES
308 #define SADB_X_SATYPE_IPCOMP 9 /* ICK! */
309 #endif
310 #define SADB_X_SATYPE_COMP 10
311 #define SADB_X_SATYPE_INT 11
312 #define SADB_SATYPE_MAX 11
313
314 #define SADB_SASTATE_LARVAL 0
315 #define SADB_SASTATE_MATURE 1
316 #define SADB_SASTATE_DYING 2
317 #define SADB_SASTATE_DEAD 3
318 #define SADB_SASTATE_MAX 3
319
320 #define SADB_SAFLAGS_PFS 1
321 #define SADB_X_SAFLAGS_REPLACEFLOW 2
322 #define SADB_X_SAFLAGS_CLEARFLOW 4
323 #define SADB_X_SAFLAGS_INFLOW 8
324
325 /* not obvious, but these are the same values as used in isakmp,
326 * and in freeswan/ipsec_policy.h. If you need to add any, they
327 * should be added as according to
328 * http://www.iana.org/assignments/isakmp-registry
329 *
330 * and if not, then please try to use a private-use value, and
331 * consider asking IANA to assign a value.
332 */
333 #define SADB_AALG_NONE 0
334 #define SADB_AALG_MD5_HMAC 2
335 #define SADB_AALG_SHA1_HMAC 3
336 #define SADB_AALG_DES_MAC 4
337 #define SADB_AALG_SHA2_256_HMAC 5
338 #define SADB_AALG_SHA2_384_HMAC 6
339 #define SADB_AALG_SHA2_512_HMAC 7
340 #define SADB_AALG_RIPEMD_160_HMAC 8
341 #define SADB_AALG_AES_XCBC_MAC 9
342 #define SADB_X_AALG_NULL 251 /* kame */
343 #define SADB_AALG_MAX 251
344
345 #define SADB_EALG_NONE 0
346 #define SADB_EALG_DES_CBC 2
347 #define SADB_EALG_3DES_CBC 3
348 #define SADB_EALG_RC5_CBC 4
349 #define SADB_EALG_IDEA_CBC 5
350 #define SADB_EALG_CAST_CBC 6
351 #define SADB_EALG_BLOWFISH_CBC 7
352 #define SADB_EALG_NULL 11
353 #define SADB_EALG_AES_CBC 12
354 #define SADB_EALG_AES_CTR 13
355 #define SADB_X_EALG_SERPENT_CBC 252
356 #define SADB_X_EALG_TWOFISH_CBC 253
357 #define SADB_EALG_MAX 253
358
359 #define SADB_X_CALG_NONE 0
360 #define SADB_X_CALG_OUI 1
361 #define SADB_X_CALG_DEFLATE 2
362 #define SADB_X_CALG_LZS 3
363 #define SADB_X_CALG_V42BIS 4
364 #ifdef KERNEL26_HAS_KAME_DUPLICATES
365 #define SADB_X_CALG_LZJH 4
366 #endif
367 #define SADB_X_CALG_MAX 4
368
369 #define SADB_X_TALG_NONE 0
370 #define SADB_X_TALG_IPv4_in_IPv4 1
371 #define SADB_X_TALG_IPv6_in_IPv4 2
372 #define SADB_X_TALG_IPv4_in_IPv6 3
373 #define SADB_X_TALG_IPv6_in_IPv6 4
374 #define SADB_X_TALG_MAX 4
375
376
377 #define SADB_IDENTTYPE_RESERVED 0
378 #define SADB_IDENTTYPE_PREFIX 1
379 #define SADB_IDENTTYPE_FQDN 2
380 #define SADB_IDENTTYPE_USERFQDN 3
381 #define SADB_X_IDENTTYPE_CONNECTION 4
382 #define SADB_IDENTTYPE_MAX 4
383
384 #define SADB_KEY_FLAGS_MAX 0
385 #endif /* __PFKEY_V2_H */