1 | /* $NetBSD: libpfkey.h,v 1.18 2010/12/03 14:32:52 tteras Exp $ */ |
---|
2 | |
---|
3 | /* Id: libpfkey.h,v 1.13 2005/12/04 20:26:43 manubsd Exp */ |
---|
4 | |
---|
5 | /* |
---|
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
---|
7 | * All rights reserved. |
---|
8 | * |
---|
9 | * Redistribution and use in source and binary forms, with or without |
---|
10 | * modification, are permitted provided that the following conditions |
---|
11 | * are met: |
---|
12 | * 1. Redistributions of source code must retain the above copyright |
---|
13 | * notice, this list of conditions and the following disclaimer. |
---|
14 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
15 | * notice, this list of conditions and the following disclaimer in the |
---|
16 | * documentation and/or other materials provided with the distribution. |
---|
17 | * 3. Neither the name of the project nor the names of its contributors |
---|
18 | * may be used to endorse or promote products derived from this software |
---|
19 | * without specific prior written permission. |
---|
20 | * |
---|
21 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
31 | * SUCH DAMAGE. |
---|
32 | */ |
---|
33 | |
---|
34 | #ifndef _LIBPFKEY_H |
---|
35 | #define _LIBPFKEY_H |
---|
36 | |
---|
37 | #ifndef KAME_LIBPFKEY_H |
---|
38 | #define KAME_LIBPFKEY_H |
---|
39 | |
---|
40 | #define PRIORITY_LOW 0xC0000000 |
---|
41 | #define PRIORITY_DEFAULT 0x80000000 |
---|
42 | #define PRIORITY_HIGH 0x40000000 |
---|
43 | |
---|
44 | #define PRIORITY_OFFSET_POSITIVE_MAX 0x3fffffff |
---|
45 | #define PRIORITY_OFFSET_NEGATIVE_MAX 0x40000000 |
---|
46 | |
---|
47 | struct sadb_msg; |
---|
48 | extern void pfkey_sadump __P((struct sadb_msg *)); |
---|
49 | extern void pfkey_sadump_withports __P((struct sadb_msg *)); |
---|
50 | extern void pfkey_spdump __P((struct sadb_msg *)); |
---|
51 | extern void pfkey_spdump_withports __P((struct sadb_msg *)); |
---|
52 | |
---|
53 | struct sockaddr; |
---|
54 | struct sadb_alg; |
---|
55 | |
---|
56 | /* Accomodate different prototypes in <netinet6/ipsec.h> */ |
---|
57 | #include <sys/types.h> |
---|
58 | #include PATH_IPSEC_H |
---|
59 | |
---|
60 | #ifndef HAVE_IPSEC_POLICY_T |
---|
61 | typedef caddr_t ipsec_policy_t; |
---|
62 | #define __ipsec_const |
---|
63 | #else |
---|
64 | #define __ipsec_const const |
---|
65 | #endif |
---|
66 | |
---|
67 | struct pfkey_send_sa_args { |
---|
68 | int so; /* socket */ |
---|
69 | u_int type; |
---|
70 | u_int satype; |
---|
71 | u_int mode; |
---|
72 | struct sockaddr *src; /* IP src address for SA */ |
---|
73 | struct sockaddr *dst; /* IP dst address for SA */ |
---|
74 | u_int32_t spi; /* SA's spi */ |
---|
75 | u_int32_t reqid; |
---|
76 | u_int wsize; |
---|
77 | caddr_t keymat; |
---|
78 | u_int e_type, e_keylen; /* Encryption alg and keylen */ |
---|
79 | u_int a_type, a_keylen; /* Authentication alg and key */ |
---|
80 | u_int flags; |
---|
81 | u_int32_t l_alloc; |
---|
82 | u_int32_t l_bytes; |
---|
83 | u_int32_t l_addtime; |
---|
84 | u_int32_t l_usetime; |
---|
85 | u_int32_t seq; |
---|
86 | u_int8_t l_natt_type; |
---|
87 | u_int16_t l_natt_sport, l_natt_dport; |
---|
88 | struct sockaddr *l_natt_oa; |
---|
89 | u_int16_t l_natt_frag; |
---|
90 | u_int8_t ctxdoi, ctxalg; /* Security context DOI and algorithm */ |
---|
91 | caddr_t ctxstr; /* Security context string */ |
---|
92 | u_int16_t ctxstrlen; /* length of security context string */ |
---|
93 | }; |
---|
94 | |
---|
95 | /* The options built into libipsec */ |
---|
96 | extern int libipsec_opt; |
---|
97 | #define LIBIPSEC_OPT_NATT 0x01 |
---|
98 | #define LIBIPSEC_OPT_FRAG 0x02 |
---|
99 | #define LIBIPSEC_OPT_SEC_CTX 0x04 |
---|
100 | |
---|
101 | /* IPsec Library Routines */ |
---|
102 | |
---|
103 | int ipsec_check_keylen __P((u_int, u_int, u_int)); |
---|
104 | int ipsec_check_keylen2 __P((u_int, u_int, u_int)); |
---|
105 | int ipsec_get_keylen __P((u_int, u_int, struct sadb_alg *)); |
---|
106 | char *ipsec_dump_policy_withports __P((void *, const char *)); |
---|
107 | void ipsec_hexdump __P((const void *, int)); |
---|
108 | const char *ipsec_strerror __P((void)); |
---|
109 | void kdebug_sadb __P((struct sadb_msg *)); |
---|
110 | ipsec_policy_t ipsec_set_policy __P((__ipsec_const char *, int)); |
---|
111 | int ipsec_get_policylen __P((ipsec_policy_t)); |
---|
112 | char *ipsec_dump_policy __P((ipsec_policy_t, __ipsec_const char *)); |
---|
113 | |
---|
114 | /* PFKey Routines */ |
---|
115 | |
---|
116 | u_int pfkey_set_softrate __P((u_int, u_int)); |
---|
117 | u_int pfkey_get_softrate __P((u_int)); |
---|
118 | int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *, |
---|
119 | struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t)); |
---|
120 | int pfkey_send_getspi_nat __P((int, u_int, u_int, |
---|
121 | struct sockaddr *, struct sockaddr *, u_int8_t, u_int16_t, u_int16_t, |
---|
122 | u_int32_t, u_int32_t, u_int32_t, u_int32_t)); |
---|
123 | |
---|
124 | int pfkey_send_update2 __P((struct pfkey_send_sa_args *)); |
---|
125 | int pfkey_send_add2 __P((struct pfkey_send_sa_args *)); |
---|
126 | int pfkey_send_delete __P((int, u_int, u_int, |
---|
127 | struct sockaddr *, struct sockaddr *, u_int32_t)); |
---|
128 | int pfkey_send_delete_all __P((int, u_int, u_int, |
---|
129 | struct sockaddr *, struct sockaddr *)); |
---|
130 | int pfkey_send_get __P((int, u_int, u_int, |
---|
131 | struct sockaddr *, struct sockaddr *, u_int32_t)); |
---|
132 | int pfkey_send_register __P((int, u_int)); |
---|
133 | int pfkey_recv_register __P((int)); |
---|
134 | int pfkey_set_supported __P((struct sadb_msg *, int)); |
---|
135 | int pfkey_send_flush __P((int, u_int)); |
---|
136 | int pfkey_send_dump __P((int, u_int)); |
---|
137 | int pfkey_send_promisc_toggle __P((int, int)); |
---|
138 | int pfkey_send_spdadd __P((int, struct sockaddr *, u_int, |
---|
139 | struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); |
---|
140 | int pfkey_send_spdadd2 __P((int, struct sockaddr *, u_int, |
---|
141 | struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t, |
---|
142 | caddr_t, int, u_int32_t)); |
---|
143 | int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int, |
---|
144 | struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); |
---|
145 | int pfkey_send_spdupdate2 __P((int, struct sockaddr *, u_int, |
---|
146 | struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t, |
---|
147 | caddr_t, int, u_int32_t)); |
---|
148 | int pfkey_send_spddelete __P((int, struct sockaddr *, u_int, |
---|
149 | struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); |
---|
150 | int pfkey_send_spddelete2 __P((int, u_int32_t)); |
---|
151 | int pfkey_send_spdget __P((int, u_int32_t)); |
---|
152 | int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int, |
---|
153 | struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); |
---|
154 | int pfkey_send_spdflush __P((int)); |
---|
155 | int pfkey_send_spddump __P((int)); |
---|
156 | #ifdef SADB_X_MIGRATE |
---|
157 | int pfkey_send_migrate __P((int, struct sockaddr *, struct sockaddr *, |
---|
158 | struct sockaddr *, u_int, struct sockaddr *, u_int, u_int, |
---|
159 | caddr_t, int, u_int32_t)); |
---|
160 | #endif |
---|
161 | |
---|
162 | /* XXX should be somewhere else !!! |
---|
163 | */ |
---|
164 | #ifdef SADB_X_EXT_NAT_T_TYPE |
---|
165 | #define PFKEY_ADDR_X_PORT(ext) (ntohs(((struct sadb_x_nat_t_port *)ext)->sadb_x_nat_t_port_port)) |
---|
166 | #define PFKEY_ADDR_X_NATTYPE(ext) ( ext != NULL && ((struct sadb_x_nat_t_type *)ext)->sadb_x_nat_t_type_type ) |
---|
167 | #endif |
---|
168 | |
---|
169 | |
---|
170 | int pfkey_open __P((void)); |
---|
171 | void pfkey_close __P((int)); |
---|
172 | int pfkey_set_buffer_size __P((int, int)); |
---|
173 | struct sadb_msg *pfkey_recv __P((int)); |
---|
174 | int pfkey_send __P((int, struct sadb_msg *, int)); |
---|
175 | int pfkey_align __P((struct sadb_msg *, caddr_t *)); |
---|
176 | int pfkey_check __P((caddr_t *)); |
---|
177 | |
---|
178 | /* |
---|
179 | * Deprecated, available for backward compatibility with third party |
---|
180 | * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead |
---|
181 | */ |
---|
182 | int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *, |
---|
183 | struct sockaddr *, u_int32_t, u_int32_t, u_int, |
---|
184 | caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, |
---|
185 | u_int64_t, u_int64_t, u_int32_t)); |
---|
186 | int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *, |
---|
187 | struct sockaddr *, u_int32_t, u_int32_t, u_int, |
---|
188 | caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, |
---|
189 | u_int64_t, u_int64_t, u_int32_t, |
---|
190 | u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t)); |
---|
191 | int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *, |
---|
192 | struct sockaddr *, u_int32_t, u_int32_t, u_int, |
---|
193 | caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, |
---|
194 | u_int64_t, u_int64_t, u_int32_t)); |
---|
195 | int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *, |
---|
196 | struct sockaddr *, u_int32_t, u_int32_t, u_int, |
---|
197 | caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, |
---|
198 | u_int64_t, u_int64_t, u_int32_t, |
---|
199 | u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t)); |
---|
200 | |
---|
201 | #ifndef __SYSDEP_SA_LEN__ |
---|
202 | #define __SYSDEP_SA_LEN__ |
---|
203 | #include <netinet/in.h> |
---|
204 | |
---|
205 | #ifndef IPPROTO_IPV4 |
---|
206 | #define IPPROTO_IPV4 IPPROTO_IPIP |
---|
207 | #endif |
---|
208 | |
---|
209 | #ifndef IPPROTO_IPCOMP |
---|
210 | #define IPPROTO_IPCOMP IPPROTO_COMP |
---|
211 | #endif |
---|
212 | |
---|
213 | #ifndef IPPROTO_MH |
---|
214 | #define IPPROTO_MH 135 |
---|
215 | #endif |
---|
216 | |
---|
217 | static __inline u_int8_t |
---|
218 | sysdep_sa_len (const struct sockaddr *sa) |
---|
219 | { |
---|
220 | #ifdef __linux__ |
---|
221 | switch (sa->sa_family) |
---|
222 | { |
---|
223 | case AF_INET: |
---|
224 | return sizeof (struct sockaddr_in); |
---|
225 | case AF_INET6: |
---|
226 | return sizeof (struct sockaddr_in6); |
---|
227 | } |
---|
228 | // log_print ("sysdep_sa_len: unknown sa family %d", sa->sa_family); |
---|
229 | return sizeof (struct sockaddr_in); |
---|
230 | #else |
---|
231 | return sa->sa_len; |
---|
232 | #endif |
---|
233 | } |
---|
234 | #endif |
---|
235 | |
---|
236 | #endif /* KAME_LIBPFKEY_H */ |
---|
237 | |
---|
238 | #endif /* _LIBPFKEY_H */ |
---|