updated TODO
[strongswan.git] / src / pluto / linux26 / xfrm.h
1 #ifndef _LINUX_XFRM_H
2 #define _LINUX_XFRM_H
3
4 #include <stdint.h>
5
6 /* All of the structures in this file may not change size as they are
7 * passed into the kernel from userspace via netlink sockets.
8 */
9
10 /* Structure to encapsulate addresses. I do not want to use
11 * "standard" structure. My apologies.
12 */
13 typedef union
14 {
15 uint32_t a4;
16 uint32_t a6[4];
17 } xfrm_address_t;
18
19 /* Ident of a specific xfrm_state. It is used on input to lookup
20 * the state by (spi,daddr,ah/esp) or to store information about
21 * spi, protocol and tunnel address on output.
22 */
23 struct xfrm_id
24 {
25 xfrm_address_t daddr;
26 uint32_t spi;
27 uint8_t proto;
28 };
29
30 /* Selector, used as selector both on policy rules (SPD) and SAs. */
31
32 struct xfrm_selector
33 {
34 xfrm_address_t daddr;
35 xfrm_address_t saddr;
36 uint16_t dport;
37 uint16_t dport_mask;
38 uint16_t sport;
39 uint16_t sport_mask;
40 uint16_t family;
41 uint8_t prefixlen_d;
42 uint8_t prefixlen_s;
43 uint8_t proto;
44 int ifindex;
45 uid_t user;
46 };
47
48 #define XFRM_INF (~(uint64_t)0)
49
50 struct xfrm_lifetime_cfg
51 {
52 uint64_t soft_byte_limit;
53 uint64_t hard_byte_limit;
54 uint64_t soft_packet_limit;
55 uint64_t hard_packet_limit;
56 uint64_t soft_add_expires_seconds;
57 uint64_t hard_add_expires_seconds;
58 uint64_t soft_use_expires_seconds;
59 uint64_t hard_use_expires_seconds;
60 };
61
62 struct xfrm_lifetime_cur
63 {
64 uint64_t bytes;
65 uint64_t packets;
66 uint64_t add_time;
67 uint64_t use_time;
68 };
69
70 struct xfrm_replay_state
71 {
72 uint32_t oseq;
73 uint32_t seq;
74 uint32_t bitmap;
75 };
76
77 struct xfrm_algo {
78 char alg_name[64];
79 int alg_key_len; /* in bits */
80 char alg_key[0];
81 };
82
83 struct xfrm_stats {
84 uint32_t replay_window;
85 uint32_t replay;
86 uint32_t integrity_failed;
87 };
88
89 enum
90 {
91 XFRM_POLICY_IN = 0,
92 XFRM_POLICY_OUT = 1,
93 XFRM_POLICY_FWD = 2,
94 XFRM_POLICY_MAX = 3
95 };
96
97 enum
98 {
99 XFRM_SHARE_ANY, /* No limitations */
100 XFRM_SHARE_SESSION, /* For this session only */
101 XFRM_SHARE_USER, /* For this user only */
102 XFRM_SHARE_UNIQUE /* Use once */
103 };
104
105 /* Netlink configuration messages. */
106 #define XFRM_MSG_BASE 0x10
107
108 #define XFRM_MSG_NEWSA (XFRM_MSG_BASE + 0)
109 #define XFRM_MSG_DELSA (XFRM_MSG_BASE + 1)
110 #define XFRM_MSG_GETSA (XFRM_MSG_BASE + 2)
111
112 #define XFRM_MSG_NEWPOLICY (XFRM_MSG_BASE + 3)
113 #define XFRM_MSG_DELPOLICY (XFRM_MSG_BASE + 4)
114 #define XFRM_MSG_GETPOLICY (XFRM_MSG_BASE + 5)
115
116 #define XFRM_MSG_ALLOCSPI (XFRM_MSG_BASE + 6)
117 #define XFRM_MSG_ACQUIRE (XFRM_MSG_BASE + 7)
118 #define XFRM_MSG_EXPIRE (XFRM_MSG_BASE + 8)
119
120 #define XFRM_MSG_UPDPOLICY (XFRM_MSG_BASE + 9)
121 #define XFRM_MSG_UPDSA (XFRM_MSG_BASE + 10)
122
123 #define XFRM_MSG_POLEXPIRE (XFRM_MSG_BASE + 11)
124
125 #define XFRM_MSG_MAX (XFRM_MSG_POLEXPIRE+1)
126
127 struct xfrm_user_tmpl {
128 struct xfrm_id id;
129 uint16_t family;
130 xfrm_address_t saddr;
131 uint32_t reqid;
132 uint8_t mode;
133 uint8_t share;
134 uint8_t optional;
135 uint32_t aalgos;
136 uint32_t ealgos;
137 uint32_t calgos;
138 };
139
140 struct xfrm_encap_tmpl {
141 uint16_t encap_type;
142 uint16_t encap_sport;
143 uint16_t encap_dport;
144 xfrm_address_t encap_oa;
145 };
146
147 /* Netlink message attributes. */
148 enum xfrm_attr_type_t {
149 XFRMA_UNSPEC,
150 XFRMA_ALG_AUTH, /* struct xfrm_algo */
151 XFRMA_ALG_CRYPT, /* struct xfrm_algo */
152 XFRMA_ALG_COMP, /* struct xfrm_algo */
153 XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */
154 XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
155
156 #define XFRMA_MAX XFRMA_TMPL
157 };
158
159 struct xfrm_usersa_info {
160 struct xfrm_selector sel;
161 struct xfrm_id id;
162 xfrm_address_t saddr;
163 struct xfrm_lifetime_cfg lft;
164 struct xfrm_lifetime_cur curlft;
165 struct xfrm_stats stats;
166 uint32_t seq;
167 uint32_t reqid;
168 uint16_t family;
169 uint8_t mode; /* 0=transport,1=tunnel */
170 uint8_t replay_window;
171 uint8_t flags;
172 #define XFRM_STATE_NOECN 1
173 };
174
175 struct xfrm_usersa_id {
176 xfrm_address_t daddr;
177 uint32_t spi;
178 uint16_t family;
179 uint8_t proto;
180 };
181
182 struct xfrm_userspi_info {
183 struct xfrm_usersa_info info;
184 uint32_t min;
185 uint32_t max;
186 };
187
188 struct xfrm_userpolicy_info {
189 struct xfrm_selector sel;
190 struct xfrm_lifetime_cfg lft;
191 struct xfrm_lifetime_cur curlft;
192 uint32_t priority;
193 uint32_t index;
194 uint8_t dir;
195 uint8_t action;
196 #define XFRM_POLICY_ALLOW 0
197 #define XFRM_POLICY_BLOCK 1
198 uint8_t flags;
199 #define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */
200 uint8_t share;
201 };
202
203 struct xfrm_userpolicy_id {
204 struct xfrm_selector sel;
205 uint32_t index;
206 uint8_t dir;
207 };
208
209 struct xfrm_user_acquire {
210 struct xfrm_id id;
211 xfrm_address_t saddr;
212 struct xfrm_selector sel;
213 struct xfrm_userpolicy_info policy;
214 uint32_t aalgos;
215 uint32_t ealgos;
216 uint32_t calgos;
217 uint32_t seq;
218 };
219
220 struct xfrm_user_expire {
221 struct xfrm_usersa_info state;
222 uint8_t hard;
223 };
224
225 struct xfrm_user_polexpire {
226 struct xfrm_userpolicy_info pol;
227 uint8_t hard;
228 };
229
230 #define XFRMGRP_ACQUIRE 1
231 #define XFRMGRP_EXPIRE 2
232
233 #endif /* _LINUX_XFRM_H */