added most problematic linux headers to distribution
authorMartin Willi <martin@strongswan.org>
Thu, 19 Apr 2007 08:59:36 +0000 (08:59 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 19 Apr 2007 08:59:36 +0000 (08:59 -0000)
  other/real linux header may be selected using --with-linux-headers=dir

configure.in
src/Makefile.am
src/charon/Makefile.am
src/include/Makefile.am [new file with mode: 0644]
src/include/linux/ipsec.h [new file with mode: 0644]
src/include/linux/pfkeyv2.h [new file with mode: 0644]
src/include/linux/xfrm.h [new file with mode: 0644]

index c437fb3..3748756 100644 (file)
@@ -86,6 +86,13 @@ AC_ARG_WITH(
     [AC_DEFINE_UNQUOTED(SIM_READER_LIB, "$withval")]
 )
 
+AC_ARG_WITH(
+    [linux-headers],
+    AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]),
+    [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "../include")]
+)
+AC_SUBST(LINUX_HEADERS)
+
 AC_ARG_ENABLE(
     [http],
     AS_HELP_STRING([--enable-http],[enable OCSP and fetching of Certificates and CRLs over HTTP (default is NO). Requires libcurl.]),
@@ -222,6 +229,7 @@ dnl ==============================
 AC_OUTPUT(
        Makefile
        src/Makefile
+       src/include/Makefile
        src/libstrongswan/Makefile
        src/libcrypto/Makefile
        src/libfreeswan/Makefile
index a3f90f3..204a211 100644 (file)
@@ -1 +1 @@
-SUBDIRS = libfreeswan libcrypto libstrongswan pluto whack charon stroke starter openac scepclient ipsec _updown _updown_espmark _copyright 
+SUBDIRS = include libfreeswan libcrypto libstrongswan pluto whack charon stroke starter openac scepclient ipsec _updown _updown_espmark _copyright 
index 64ebb35..2dad491 100644 (file)
@@ -101,7 +101,8 @@ sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
 sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
 sa/tasks/task.c sa/tasks/task.h
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
+
+INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
 AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\"
 charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp -lpthread -lm -ldl
 
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
new file mode 100644 (file)
index 0000000..62d423e
--- /dev/null
@@ -0,0 +1 @@
+EXTRA_DIST = linux/ipsec.h linux/pfkeyv2.h linux/xfrm.h
diff --git a/src/include/linux/ipsec.h b/src/include/linux/ipsec.h
new file mode 100644 (file)
index 0000000..d3c5276
--- /dev/null
@@ -0,0 +1,46 @@
+#ifndef _LINUX_IPSEC_H
+#define _LINUX_IPSEC_H
+
+/* The definitions, required to talk to KAME racoon IKE. */
+
+#include <linux/pfkeyv2.h>
+
+#define IPSEC_PORT_ANY         0
+#define IPSEC_ULPROTO_ANY      255
+#define IPSEC_PROTO_ANY                255
+
+enum {
+       IPSEC_MODE_ANY          = 0,    /* We do not support this for SA */
+       IPSEC_MODE_TRANSPORT    = 1,
+       IPSEC_MODE_TUNNEL       = 2
+};
+
+enum {
+       IPSEC_DIR_ANY           = 0,
+       IPSEC_DIR_INBOUND       = 1,
+       IPSEC_DIR_OUTBOUND      = 2,
+       IPSEC_DIR_FWD           = 3,    /* It is our own */
+       IPSEC_DIR_MAX           = 4,
+       IPSEC_DIR_INVALID       = 5
+};
+
+enum {
+       IPSEC_POLICY_DISCARD    = 0,
+       IPSEC_POLICY_NONE       = 1,
+       IPSEC_POLICY_IPSEC      = 2,
+       IPSEC_POLICY_ENTRUST    = 3,
+       IPSEC_POLICY_BYPASS     = 4
+};
+
+enum {
+       IPSEC_LEVEL_DEFAULT     = 0,
+       IPSEC_LEVEL_USE         = 1,
+       IPSEC_LEVEL_REQUIRE     = 2,
+       IPSEC_LEVEL_UNIQUE      = 3
+};
+
+#define IPSEC_MANUAL_REQID_MAX 0x3fff
+
+#define IPSEC_REPLAYWSIZE  32
+
+#endif /* _LINUX_IPSEC_H */
diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h
new file mode 100644 (file)
index 0000000..d5dd471
--- /dev/null
@@ -0,0 +1,348 @@
+/* PF_KEY user interface, this is defined by rfc2367 so
+ * do not make arbitrary modifications or else this header
+ * file will not be compliant.
+ */
+
+#ifndef _LINUX_PFKEY2_H
+#define _LINUX_PFKEY2_H
+
+#include <linux/types.h>
+
+#define PF_KEY_V2              2
+#define PFKEYV2_REVISION       199806L
+
+struct sadb_msg {
+       uint8_t         sadb_msg_version;
+       uint8_t         sadb_msg_type;
+       uint8_t         sadb_msg_errno;
+       uint8_t         sadb_msg_satype;
+       uint16_t        sadb_msg_len;
+       uint16_t        sadb_msg_reserved;
+       uint32_t        sadb_msg_seq;
+       uint32_t        sadb_msg_pid;
+} __attribute__((packed));
+/* sizeof(struct sadb_msg) == 16 */
+
+struct sadb_ext {
+       uint16_t        sadb_ext_len;
+       uint16_t        sadb_ext_type;
+} __attribute__((packed));
+/* sizeof(struct sadb_ext) == 4 */
+
+struct sadb_sa {
+       uint16_t        sadb_sa_len;
+       uint16_t        sadb_sa_exttype;
+       uint32_t        sadb_sa_spi;
+       uint8_t         sadb_sa_replay;
+       uint8_t         sadb_sa_state;
+       uint8_t         sadb_sa_auth;
+       uint8_t         sadb_sa_encrypt;
+       uint32_t        sadb_sa_flags;
+} __attribute__((packed));
+/* sizeof(struct sadb_sa) == 16 */
+
+struct sadb_lifetime {
+       uint16_t        sadb_lifetime_len;
+       uint16_t        sadb_lifetime_exttype;
+       uint32_t        sadb_lifetime_allocations;
+       uint64_t        sadb_lifetime_bytes;
+       uint64_t        sadb_lifetime_addtime;
+       uint64_t        sadb_lifetime_usetime;
+} __attribute__((packed));
+/* sizeof(struct sadb_lifetime) == 32 */
+
+struct sadb_address {
+       uint16_t        sadb_address_len;
+       uint16_t        sadb_address_exttype;
+       uint8_t         sadb_address_proto;
+       uint8_t         sadb_address_prefixlen;
+       uint16_t        sadb_address_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_address) == 8 */
+
+struct sadb_key {
+       uint16_t        sadb_key_len;
+       uint16_t        sadb_key_exttype;
+       uint16_t        sadb_key_bits;
+       uint16_t        sadb_key_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_key) == 8 */
+
+struct sadb_ident {
+       uint16_t        sadb_ident_len;
+       uint16_t        sadb_ident_exttype;
+       uint16_t        sadb_ident_type;
+       uint16_t        sadb_ident_reserved;
+       uint64_t        sadb_ident_id;
+} __attribute__((packed));
+/* sizeof(struct sadb_ident) == 16 */
+
+struct sadb_sens {
+       uint16_t        sadb_sens_len;
+       uint16_t        sadb_sens_exttype;
+       uint32_t        sadb_sens_dpd;
+       uint8_t         sadb_sens_sens_level;
+       uint8_t         sadb_sens_sens_len;
+       uint8_t         sadb_sens_integ_level;
+       uint8_t         sadb_sens_integ_len;
+       uint32_t        sadb_sens_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_sens) == 16 */
+
+/* followed by:
+       uint64_t        sadb_sens_bitmap[sens_len];
+       uint64_t        sadb_integ_bitmap[integ_len];  */
+
+struct sadb_prop {
+       uint16_t        sadb_prop_len;
+       uint16_t        sadb_prop_exttype;
+       uint8_t         sadb_prop_replay;
+       uint8_t         sadb_prop_reserved[3];
+} __attribute__((packed));
+/* sizeof(struct sadb_prop) == 8 */
+
+/* followed by:
+       struct sadb_comb sadb_combs[(sadb_prop_len +
+               sizeof(uint64_t) - sizeof(struct sadb_prop)) /
+               sizeof(struct sadb_comb)]; */
+
+struct sadb_comb {
+       uint8_t         sadb_comb_auth;
+       uint8_t         sadb_comb_encrypt;
+       uint16_t        sadb_comb_flags;
+       uint16_t        sadb_comb_auth_minbits;
+       uint16_t        sadb_comb_auth_maxbits;
+       uint16_t        sadb_comb_encrypt_minbits;
+       uint16_t        sadb_comb_encrypt_maxbits;
+       uint32_t        sadb_comb_reserved;
+       uint32_t        sadb_comb_soft_allocations;
+       uint32_t        sadb_comb_hard_allocations;
+       uint64_t        sadb_comb_soft_bytes;
+       uint64_t        sadb_comb_hard_bytes;
+       uint64_t        sadb_comb_soft_addtime;
+       uint64_t        sadb_comb_hard_addtime;
+       uint64_t        sadb_comb_soft_usetime;
+       uint64_t        sadb_comb_hard_usetime;
+} __attribute__((packed));
+/* sizeof(struct sadb_comb) == 72 */
+
+struct sadb_supported {
+       uint16_t        sadb_supported_len;
+       uint16_t        sadb_supported_exttype;
+       uint32_t        sadb_supported_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_supported) == 8 */
+
+/* followed by:
+       struct sadb_alg sadb_algs[(sadb_supported_len +
+               sizeof(uint64_t) - sizeof(struct sadb_supported)) /
+               sizeof(struct sadb_alg)]; */
+
+struct sadb_alg {
+       uint8_t         sadb_alg_id;
+       uint8_t         sadb_alg_ivlen;
+       uint16_t        sadb_alg_minbits;
+       uint16_t        sadb_alg_maxbits;
+       uint16_t        sadb_alg_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_alg) == 8 */
+
+struct sadb_spirange {
+       uint16_t        sadb_spirange_len;
+       uint16_t        sadb_spirange_exttype;
+       uint32_t        sadb_spirange_min;
+       uint32_t        sadb_spirange_max;
+       uint32_t        sadb_spirange_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_spirange) == 16 */
+
+struct sadb_x_kmprivate {
+       uint16_t        sadb_x_kmprivate_len;
+       uint16_t        sadb_x_kmprivate_exttype;
+       uint32_t        sadb_x_kmprivate_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_kmprivate) == 8 */
+
+struct sadb_x_sa2 {
+       uint16_t        sadb_x_sa2_len;
+       uint16_t        sadb_x_sa2_exttype;
+       uint8_t         sadb_x_sa2_mode;
+       uint8_t         sadb_x_sa2_reserved1;
+       uint16_t        sadb_x_sa2_reserved2;
+       uint32_t        sadb_x_sa2_sequence;
+       uint32_t        sadb_x_sa2_reqid;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_sa2) == 16 */
+
+struct sadb_x_policy {
+       uint16_t        sadb_x_policy_len;
+       uint16_t        sadb_x_policy_exttype;
+       uint16_t        sadb_x_policy_type;
+       uint8_t         sadb_x_policy_dir;
+       uint8_t         sadb_x_policy_reserved;
+       uint32_t        sadb_x_policy_id;
+       uint32_t        sadb_x_policy_priority;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_policy) == 16 */
+
+struct sadb_x_ipsecrequest {
+       uint16_t        sadb_x_ipsecrequest_len;
+       uint16_t        sadb_x_ipsecrequest_proto;
+       uint8_t         sadb_x_ipsecrequest_mode;
+       uint8_t         sadb_x_ipsecrequest_level;
+       uint16_t        sadb_x_ipsecrequest_reserved1;
+       uint32_t        sadb_x_ipsecrequest_reqid;
+       uint32_t        sadb_x_ipsecrequest_reserved2;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_ipsecrequest) == 16 */
+
+/* This defines the TYPE of Nat Traversal in use.  Currently only one
+ * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06
+ */
+struct sadb_x_nat_t_type {
+       uint16_t        sadb_x_nat_t_type_len;
+       uint16_t        sadb_x_nat_t_type_exttype;
+       uint8_t         sadb_x_nat_t_type_type;
+       uint8_t         sadb_x_nat_t_type_reserved[3];
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_type) == 8 */
+
+/* Pass a NAT Traversal port (Source or Dest port) */
+struct sadb_x_nat_t_port {
+       uint16_t        sadb_x_nat_t_port_len;
+       uint16_t        sadb_x_nat_t_port_exttype;
+       uint16_t        sadb_x_nat_t_port_port;
+       uint16_t        sadb_x_nat_t_port_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_port) == 8 */
+
+/* Generic LSM security context */
+struct sadb_x_sec_ctx {
+       uint16_t        sadb_x_sec_len;
+       uint16_t        sadb_x_sec_exttype;
+       uint8_t         sadb_x_ctx_alg;  /* LSMs: e.g., selinux == 1 */
+       uint8_t         sadb_x_ctx_doi;
+       uint16_t        sadb_x_ctx_len;
+} __attribute__((packed));
+/* sizeof(struct sadb_sec_ctx) = 8 */
+
+/* Message types */
+#define SADB_RESERVED          0
+#define SADB_GETSPI            1
+#define SADB_UPDATE            2
+#define SADB_ADD               3
+#define SADB_DELETE            4
+#define SADB_GET               5
+#define SADB_ACQUIRE           6
+#define SADB_REGISTER          7
+#define SADB_EXPIRE            8
+#define SADB_FLUSH             9
+#define SADB_DUMP              10
+#define SADB_X_PROMISC         11
+#define SADB_X_PCHANGE         12
+#define SADB_X_SPDUPDATE       13
+#define SADB_X_SPDADD          14
+#define SADB_X_SPDDELETE       15
+#define SADB_X_SPDGET          16
+#define SADB_X_SPDACQUIRE      17
+#define SADB_X_SPDDUMP         18
+#define SADB_X_SPDFLUSH                19
+#define SADB_X_SPDSETIDX       20
+#define SADB_X_SPDEXPIRE       21
+#define SADB_X_SPDDELETE2      22
+#define SADB_X_NAT_T_NEW_MAPPING       23
+#define SADB_MAX               23
+
+/* Security Association flags */
+#define SADB_SAFLAGS_PFS       1
+#define SADB_SAFLAGS_NOPMTUDISC        0x20000000
+#define SADB_SAFLAGS_DECAP_DSCP        0x40000000
+#define SADB_SAFLAGS_NOECN     0x80000000
+
+/* Security Association states */
+#define SADB_SASTATE_LARVAL    0
+#define SADB_SASTATE_MATURE    1
+#define SADB_SASTATE_DYING     2
+#define SADB_SASTATE_DEAD      3
+#define SADB_SASTATE_MAX       3
+
+/* Security Association types */
+#define SADB_SATYPE_UNSPEC     0
+#define SADB_SATYPE_AH         2
+#define SADB_SATYPE_ESP                3
+#define SADB_SATYPE_RSVP       5
+#define SADB_SATYPE_OSPFV2     6
+#define SADB_SATYPE_RIPV2      7
+#define SADB_SATYPE_MIP                8
+#define SADB_X_SATYPE_IPCOMP   9
+#define SADB_SATYPE_MAX                9
+
+/* Authentication algorithms */
+#define SADB_AALG_NONE                 0
+#define SADB_AALG_MD5HMAC              2
+#define SADB_AALG_SHA1HMAC             3
+#define SADB_X_AALG_SHA2_256HMAC       5
+#define SADB_X_AALG_SHA2_384HMAC       6
+#define SADB_X_AALG_SHA2_512HMAC       7
+#define SADB_X_AALG_RIPEMD160HMAC      8
+#define SADB_X_AALG_NULL               251     /* kame */
+#define SADB_AALG_MAX                  251
+
+/* Encryption algorithms */
+#define SADB_EALG_NONE                 0
+#define SADB_EALG_DESCBC               2
+#define SADB_EALG_3DESCBC              3
+#define SADB_X_EALG_CASTCBC            6
+#define SADB_X_EALG_BLOWFISHCBC                7
+#define SADB_EALG_NULL                 11
+#define SADB_X_EALG_AESCBC             12
+#define SADB_EALG_MAX                   253 /* last EALG */
+/* private allocations should use 249-255 (RFC2407) */
+#define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+#define SADB_X_EALG_TWOFISHCBC  253     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+
+/* Compression algorithms */
+#define SADB_X_CALG_NONE               0
+#define SADB_X_CALG_OUI                        1
+#define SADB_X_CALG_DEFLATE            2
+#define SADB_X_CALG_LZS                        3
+#define SADB_X_CALG_LZJH               4
+#define SADB_X_CALG_MAX                        4
+
+/* Extension Header values */
+#define SADB_EXT_RESERVED              0
+#define SADB_EXT_SA                    1
+#define SADB_EXT_LIFETIME_CURRENT      2
+#define SADB_EXT_LIFETIME_HARD         3
+#define SADB_EXT_LIFETIME_SOFT         4
+#define SADB_EXT_ADDRESS_SRC           5
+#define SADB_EXT_ADDRESS_DST           6
+#define SADB_EXT_ADDRESS_PROXY         7
+#define SADB_EXT_KEY_AUTH              8
+#define SADB_EXT_KEY_ENCRYPT           9
+#define SADB_EXT_IDENTITY_SRC          10
+#define SADB_EXT_IDENTITY_DST          11
+#define SADB_EXT_SENSITIVITY           12
+#define SADB_EXT_PROPOSAL              13
+#define SADB_EXT_SUPPORTED_AUTH                14
+#define SADB_EXT_SUPPORTED_ENCRYPT     15
+#define SADB_EXT_SPIRANGE              16
+#define SADB_X_EXT_KMPRIVATE           17
+#define SADB_X_EXT_POLICY              18
+#define SADB_X_EXT_SA2                 19
+/* The next four entries are for setting up NAT Traversal */
+#define SADB_X_EXT_NAT_T_TYPE          20
+#define SADB_X_EXT_NAT_T_SPORT         21
+#define SADB_X_EXT_NAT_T_DPORT         22
+#define SADB_X_EXT_NAT_T_OA            23
+#define SADB_X_EXT_SEC_CTX             24
+#define SADB_EXT_MAX                   24
+
+/* Identity Extension values */
+#define SADB_IDENTTYPE_RESERVED        0
+#define SADB_IDENTTYPE_PREFIX  1
+#define SADB_IDENTTYPE_FQDN    2
+#define SADB_IDENTTYPE_USERFQDN        3
+#define SADB_IDENTTYPE_MAX     3
+
+#endif /* !(_LINUX_PFKEY2_H) */
diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
new file mode 100644 (file)
index 0000000..ea5b042
--- /dev/null
@@ -0,0 +1,341 @@
+#ifndef _LINUX_XFRM_H
+#define _LINUX_XFRM_H
+
+#include <linux/types.h>
+
+/* All of the structures in this file may not change size as they are
+ * passed into the kernel from userspace via netlink sockets.
+ */
+
+/* Structure to encapsulate addresses. I do not want to use
+ * "standard" structure. My apologies.
+ */
+typedef union
+{
+       __u32           a4;
+       __u32           a6[4];
+} xfrm_address_t;
+
+/* Ident of a specific xfrm_state. It is used on input to lookup
+ * the state by (spi,daddr,ah/esp) or to store information about
+ * spi, protocol and tunnel address on output.
+ */
+struct xfrm_id
+{
+       xfrm_address_t  daddr;
+       __u32           spi;
+       __u8            proto;
+};
+
+struct xfrm_sec_ctx {
+       __u8    ctx_doi;
+       __u8    ctx_alg;
+       __u16   ctx_len;
+       __u32   ctx_sid;
+       char    ctx_str[0];
+};
+
+/* Security Context Domains of Interpretation */
+#define XFRM_SC_DOI_RESERVED 0
+#define XFRM_SC_DOI_LSM 1
+
+/* Security Context Algorithms */
+#define XFRM_SC_ALG_RESERVED 0
+#define XFRM_SC_ALG_SELINUX 1
+
+/* Selector, used as selector both on policy rules (SPD) and SAs. */
+
+struct xfrm_selector
+{
+       xfrm_address_t  daddr;
+       xfrm_address_t  saddr;
+       __u16   dport;
+       __u16   dport_mask;
+       __u16   sport;
+       __u16   sport_mask;
+       __u16   family;
+       __u8    prefixlen_d;
+       __u8    prefixlen_s;
+       __u8    proto;
+       int     ifindex;
+       uid_t   user;
+};
+
+#define XFRM_INF (~(__u64)0)
+
+struct xfrm_lifetime_cfg
+{
+       __u64   soft_byte_limit;
+       __u64   hard_byte_limit;
+       __u64   soft_packet_limit;
+       __u64   hard_packet_limit;
+       __u64   soft_add_expires_seconds;
+       __u64   hard_add_expires_seconds;
+       __u64   soft_use_expires_seconds;
+       __u64   hard_use_expires_seconds;
+};
+
+struct xfrm_lifetime_cur
+{
+       __u64   bytes;
+       __u64   packets;
+       __u64   add_time;
+       __u64   use_time;
+};
+
+struct xfrm_replay_state
+{
+       __u32   oseq;
+       __u32   seq;
+       __u32   bitmap;
+};
+
+struct xfrm_algo {
+       char    alg_name[64];
+       int     alg_key_len;    /* in bits */
+       char    alg_key[0];
+};
+
+struct xfrm_stats {
+       __u32   replay_window;
+       __u32   replay;
+       __u32   integrity_failed;
+};
+
+enum
+{
+       XFRM_POLICY_IN  = 0,
+       XFRM_POLICY_OUT = 1,
+       XFRM_POLICY_FWD = 2,
+       XFRM_POLICY_MAX = 3
+};
+
+enum
+{
+       XFRM_SHARE_ANY,         /* No limitations */
+       XFRM_SHARE_SESSION,     /* For this session only */
+       XFRM_SHARE_USER,        /* For this user only */
+       XFRM_SHARE_UNIQUE       /* Use once */
+};
+
+/* Netlink configuration messages.  */
+enum {
+       XFRM_MSG_BASE = 0x10,
+
+       XFRM_MSG_NEWSA = 0x10,
+#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
+       XFRM_MSG_DELSA,
+#define XFRM_MSG_DELSA XFRM_MSG_DELSA
+       XFRM_MSG_GETSA,
+#define XFRM_MSG_GETSA XFRM_MSG_GETSA
+
+       XFRM_MSG_NEWPOLICY,
+#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
+       XFRM_MSG_DELPOLICY,
+#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
+       XFRM_MSG_GETPOLICY,
+#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
+
+       XFRM_MSG_ALLOCSPI,
+#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
+       XFRM_MSG_ACQUIRE,
+#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
+       XFRM_MSG_EXPIRE,
+#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
+
+       XFRM_MSG_UPDPOLICY,
+#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
+       XFRM_MSG_UPDSA,
+#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
+
+       XFRM_MSG_POLEXPIRE,
+#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
+
+       XFRM_MSG_FLUSHSA,
+#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
+       XFRM_MSG_FLUSHPOLICY,
+#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
+
+       XFRM_MSG_NEWAE,
+#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
+       XFRM_MSG_GETAE,
+#define XFRM_MSG_GETAE XFRM_MSG_GETAE
+       __XFRM_MSG_MAX
+};
+#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
+
+#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
+
+/*
+ * Generic LSM security context for comunicating to user space
+ * NOTE: Same format as sadb_x_sec_ctx
+ */
+struct xfrm_user_sec_ctx {
+       __u16                   len;
+       __u16                   exttype;
+       __u8                    ctx_alg;  /* LSMs: e.g., selinux == 1 */
+       __u8                    ctx_doi;
+       __u16                   ctx_len;
+};
+
+struct xfrm_user_tmpl {
+       struct xfrm_id          id;
+       __u16                   family;
+       xfrm_address_t          saddr;
+       __u32                   reqid;
+       __u8                    mode;
+       __u8                    share;
+       __u8                    optional;
+       __u32                   aalgos;
+       __u32                   ealgos;
+       __u32                   calgos;
+};
+
+struct xfrm_encap_tmpl {
+       __u16           encap_type;
+       __u16           encap_sport;
+       __u16           encap_dport;
+       xfrm_address_t  encap_oa;
+};
+
+/* AEVENT flags  */
+enum xfrm_ae_ftype_t {
+       XFRM_AE_UNSPEC,
+       XFRM_AE_RTHR=1, /* replay threshold*/
+       XFRM_AE_RVAL=2, /* replay value */
+       XFRM_AE_LVAL=4, /* lifetime value */
+       XFRM_AE_ETHR=8, /* expiry timer threshold */
+       XFRM_AE_CR=16, /* Event cause is replay update */
+       XFRM_AE_CE=32, /* Event cause is timer expiry */
+       XFRM_AE_CU=64, /* Event cause is policy update */
+       __XFRM_AE_MAX
+
+#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
+};
+
+/* Netlink message attributes.  */
+enum xfrm_attr_type_t {
+       XFRMA_UNSPEC,
+       XFRMA_ALG_AUTH,         /* struct xfrm_algo */
+       XFRMA_ALG_CRYPT,        /* struct xfrm_algo */
+       XFRMA_ALG_COMP,         /* struct xfrm_algo */
+       XFRMA_ENCAP,            /* struct xfrm_algo + struct xfrm_encap_tmpl */
+       XFRMA_TMPL,             /* 1 or more struct xfrm_user_tmpl */
+       XFRMA_SA,
+       XFRMA_POLICY,
+       XFRMA_SEC_CTX,          /* struct xfrm_sec_ctx */
+       XFRMA_LTIME_VAL,
+       XFRMA_REPLAY_VAL,
+       XFRMA_REPLAY_THRESH,
+       XFRMA_ETIMER_THRESH,
+       __XFRMA_MAX
+
+#define XFRMA_MAX (__XFRMA_MAX - 1)
+};
+
+struct xfrm_usersa_info {
+       struct xfrm_selector            sel;
+       struct xfrm_id                  id;
+       xfrm_address_t                  saddr;
+       struct xfrm_lifetime_cfg        lft;
+       struct xfrm_lifetime_cur        curlft;
+       struct xfrm_stats               stats;
+       __u32                           seq;
+       __u32                           reqid;
+       __u16                           family;
+       __u8                            mode; /* 0=transport,1=tunnel */
+       __u8                            replay_window;
+       __u8                            flags;
+#define XFRM_STATE_NOECN       1
+#define XFRM_STATE_DECAP_DSCP  2
+#define XFRM_STATE_NOPMTUDISC  4
+};
+
+struct xfrm_usersa_id {
+       xfrm_address_t                  daddr;
+       __u32                           spi;
+       __u16                           family;
+       __u8                            proto;
+};
+
+struct xfrm_aevent_id {
+       struct xfrm_usersa_id           sa_id;
+       __u32                           flags;
+};
+
+struct xfrm_userspi_info {
+       struct xfrm_usersa_info         info;
+       __u32                           min;
+       __u32                           max;
+};
+
+struct xfrm_userpolicy_info {
+       struct xfrm_selector            sel;
+       struct xfrm_lifetime_cfg        lft;
+       struct xfrm_lifetime_cur        curlft;
+       __u32                           priority;
+       __u32                           index;
+       __u8                            dir;
+       __u8                            action;
+#define XFRM_POLICY_ALLOW      0
+#define XFRM_POLICY_BLOCK      1
+       __u8                            flags;
+#define XFRM_POLICY_LOCALOK    1       /* Allow user to override global policy */
+       __u8                            share;
+};
+
+struct xfrm_userpolicy_id {
+       struct xfrm_selector            sel;
+       __u32                           index;
+       __u8                            dir;
+};
+
+struct xfrm_user_acquire {
+       struct xfrm_id                  id;
+       xfrm_address_t                  saddr;
+       struct xfrm_selector            sel;
+       struct xfrm_userpolicy_info     policy;
+       __u32                           aalgos;
+       __u32                           ealgos;
+       __u32                           calgos;
+       __u32                           seq;
+};
+
+struct xfrm_user_expire {
+       struct xfrm_usersa_info         state;
+       __u8                            hard;
+};
+
+struct xfrm_user_polexpire {
+       struct xfrm_userpolicy_info     pol;
+       __u8                            hard;
+};
+
+struct xfrm_usersa_flush {
+       __u8                            proto;
+};
+
+/* backwards compatibility for userspace */
+#define XFRMGRP_ACQUIRE                1
+#define XFRMGRP_EXPIRE         2
+#define XFRMGRP_SA             4
+#define XFRMGRP_POLICY         8
+
+enum xfrm_nlgroups {
+       XFRMNLGRP_NONE,
+#define XFRMNLGRP_NONE         XFRMNLGRP_NONE
+       XFRMNLGRP_ACQUIRE,
+#define XFRMNLGRP_ACQUIRE      XFRMNLGRP_ACQUIRE
+       XFRMNLGRP_EXPIRE,
+#define XFRMNLGRP_EXPIRE       XFRMNLGRP_EXPIRE
+       XFRMNLGRP_SA,
+#define XFRMNLGRP_SA           XFRMNLGRP_SA
+       XFRMNLGRP_POLICY,
+#define XFRMNLGRP_POLICY       XFRMNLGRP_POLICY
+       XFRMNLGRP_AEVENTS,
+#define XFRMNLGRP_AEVENTS      XFRMNLGRP_AEVENTS
+       __XFRMNLGRP_MAX
+};
+#define XFRMNLGRP_MAX  (__XFRMNLGRP_MAX - 1)
+
+#endif /* _LINUX_XFRM_H */