1 | /* $NetBSD: isakmp.h,v 1.7 2009/05/20 07:54:50 vanhu Exp $ */ |
---|
2 | |
---|
3 | /* Id: isakmp.h,v 1.11 2005/04/25 22:19:39 manubsd Exp */ |
---|
4 | |
---|
5 | /* |
---|
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
---|
7 | * All rights reserved. |
---|
8 | * |
---|
9 | * Redistribution and use in source and binary forms, with or without |
---|
10 | * modification, are permitted provided that the following conditions |
---|
11 | * are met: |
---|
12 | * 1. Redistributions of source code must retain the above copyright |
---|
13 | * notice, this list of conditions and the following disclaimer. |
---|
14 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
15 | * notice, this list of conditions and the following disclaimer in the |
---|
16 | * documentation and/or other materials provided with the distribution. |
---|
17 | * 3. Neither the name of the project nor the names of its contributors |
---|
18 | * may be used to endorse or promote products derived from this software |
---|
19 | * without specific prior written permission. |
---|
20 | * |
---|
21 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
31 | * SUCH DAMAGE. |
---|
32 | */ |
---|
33 | |
---|
34 | #ifndef _ISAKMP_H |
---|
35 | #define _ISAKMP_H |
---|
36 | |
---|
37 | /* refer to RFC 2408 */ |
---|
38 | |
---|
39 | #include <netinet/in.h> |
---|
40 | #include "isakmp_var.h" |
---|
41 | |
---|
42 | #define INITIATOR 0 /* synonym sender */ |
---|
43 | #define RESPONDER 1 /* synonym receiver */ |
---|
44 | |
---|
45 | #define GENERATE 1 |
---|
46 | #define VALIDATE 0 |
---|
47 | |
---|
48 | /* 3.1 ISAKMP Header Format |
---|
49 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
---|
50 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
51 | ! Initiator ! |
---|
52 | ! Cookie ! |
---|
53 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
54 | ! Responder ! |
---|
55 | ! Cookie ! |
---|
56 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
57 | ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags ! |
---|
58 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
59 | ! Message ID ! |
---|
60 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
61 | ! Length ! |
---|
62 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
63 | */ |
---|
64 | struct isakmp { |
---|
65 | cookie_t i_ck; /* Initiator Cookie */ |
---|
66 | cookie_t r_ck; /* Responder Cookie */ |
---|
67 | u_int8_t np; /* Next Payload Type */ |
---|
68 | u_int8_t v; |
---|
69 | u_int8_t etype; /* Exchange Type */ |
---|
70 | u_int8_t flags; /* Flags */ |
---|
71 | u_int32_t msgid; |
---|
72 | u_int32_t len; /* Length */ |
---|
73 | } __attribute__((__packed__)); |
---|
74 | |
---|
75 | /* Next Payload Type */ |
---|
76 | #define ISAKMP_NPTYPE_NONE 0 /* NONE*/ |
---|
77 | #define ISAKMP_NPTYPE_SA 1 /* Security Association */ |
---|
78 | #define ISAKMP_NPTYPE_P 2 /* Proposal */ |
---|
79 | #define ISAKMP_NPTYPE_T 3 /* Transform */ |
---|
80 | #define ISAKMP_NPTYPE_KE 4 /* Key Exchange */ |
---|
81 | #define ISAKMP_NPTYPE_ID 5 /* Identification */ |
---|
82 | #define ISAKMP_NPTYPE_CERT 6 /* Certificate */ |
---|
83 | #define ISAKMP_NPTYPE_CR 7 /* Certificate Request */ |
---|
84 | #define ISAKMP_NPTYPE_HASH 8 /* Hash */ |
---|
85 | #define ISAKMP_NPTYPE_SIG 9 /* Signature */ |
---|
86 | #define ISAKMP_NPTYPE_NONCE 10 /* Nonce */ |
---|
87 | #define ISAKMP_NPTYPE_N 11 /* Notification */ |
---|
88 | #define ISAKMP_NPTYPE_D 12 /* Delete */ |
---|
89 | #define ISAKMP_NPTYPE_VID 13 /* Vendor ID */ |
---|
90 | #define ISAKMP_NPTYPE_ATTR 14 /* Attribute */ |
---|
91 | |
---|
92 | |
---|
93 | /* NAT-T draft-ietf-ipsec-nat-t-ike-05 and later */ |
---|
94 | /* XXX conflicts with values assigned to RFC 3547 */ |
---|
95 | #define ISAKMP_NPTYPE_NATD_BADDRAFT 15 /* NAT Discovery */ |
---|
96 | #define ISAKMP_NPTYPE_NATOA_BADDRAFT 16 /* NAT Original Address */ |
---|
97 | |
---|
98 | |
---|
99 | /* NAT-T RFC */ |
---|
100 | #define ISAKMP_NPTYPE_NATD_RFC 20 /* NAT Discovery */ |
---|
101 | #define ISAKMP_NPTYPE_NATOA_RFC 21 /* NAT Original Address */ |
---|
102 | |
---|
103 | /* NAT-T up to draft-ietf-ipsec-nat-t-ike-04 */ |
---|
104 | #define ISAKMP_NPTYPE_NATD_DRAFT 130 /* NAT Discovery */ |
---|
105 | #define ISAKMP_NPTYPE_NATOA_DRAFT 131 /* NAT Original Address */ |
---|
106 | |
---|
107 | /* Frag does not seems to be documented */ |
---|
108 | #define ISAKMP_NPTYPE_FRAG 132 /* IKE fragmentation payload */ |
---|
109 | |
---|
110 | #define ISAKMP_NPTYPE_MAX 17 |
---|
111 | /* 128 - 255 Private Use */ |
---|
112 | |
---|
113 | /* |
---|
114 | * The following are valid when the Vendor ID is one of the |
---|
115 | * following: |
---|
116 | * |
---|
117 | * MD5("A GSS-API Authentication Method for IKE") |
---|
118 | * MD5("GSSAPI") (recognized by Windows 2000) |
---|
119 | * MD5("MS NT5 ISAKMPOAKLEY") (sent by Windows 2000) |
---|
120 | * |
---|
121 | * See draft-ietf-ipsec-isakmp-gss-auth-06.txt. |
---|
122 | */ |
---|
123 | #define ISAKMP_NPTYPE_GSS 129 /* GSS token */ |
---|
124 | |
---|
125 | #define ISAKMP_MAJOR_VERSION 1 |
---|
126 | #define ISAKMP_MINOR_VERSION 0 |
---|
127 | #define ISAKMP_VERSION_NUMBER 0x10 |
---|
128 | #define ISAKMP_GETMAJORV(v) (((v) & 0xf0) >> 4) |
---|
129 | #define ISAKMP_SETMAJORV(v, m) ((v) = ((v) & 0x0f) | (((m) << 4) & 0xf0)) |
---|
130 | #define ISAKMP_GETMINORV(v) ((v) & 0x0f) |
---|
131 | #define ISAKMP_SETMINORV(v, m) ((v) = ((v) & 0xf0) | ((m) & 0x0f)) |
---|
132 | |
---|
133 | /* Exchange Type */ |
---|
134 | #define ISAKMP_ETYPE_NONE 0 /* NONE */ |
---|
135 | #define ISAKMP_ETYPE_BASE 1 /* Base */ |
---|
136 | #define ISAKMP_ETYPE_IDENT 2 /* Identity Protection */ |
---|
137 | #define ISAKMP_ETYPE_AUTH 3 /* Authentication Only */ |
---|
138 | #define ISAKMP_ETYPE_AGG 4 /* Aggressive */ |
---|
139 | #define ISAKMP_ETYPE_INFO 5 /* Informational */ |
---|
140 | #define ISAKMP_ETYPE_CFG 6 /* Mode config */ |
---|
141 | /* Additional Exchange Type */ |
---|
142 | #define ISAKMP_ETYPE_QUICK 32 /* Quick Mode */ |
---|
143 | #define ISAKMP_ETYPE_NEWGRP 33 /* New group Mode */ |
---|
144 | #define ISAKMP_ETYPE_ACKINFO 34 /* Acknowledged Informational */ |
---|
145 | |
---|
146 | /* Flags */ |
---|
147 | #define ISAKMP_FLAG_E 0x01 /* Encryption Bit */ |
---|
148 | #define ISAKMP_FLAG_C 0x02 /* Commit Bit */ |
---|
149 | #define ISAKMP_FLAG_A 0x04 /* Authentication Only Bit */ |
---|
150 | |
---|
151 | /* 3.2 Payload Generic Header |
---|
152 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
---|
153 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
154 | ! Next Payload ! RESERVED ! Payload Length ! |
---|
155 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
156 | */ |
---|
157 | struct isakmp_gen { |
---|
158 | u_int8_t np; /* Next Payload */ |
---|
159 | u_int8_t reserved; /* RESERVED, unused, must set to 0 */ |
---|
160 | u_int16_t len; /* Payload Length */ |
---|
161 | } __attribute__((__packed__)); |
---|
162 | |
---|
163 | /* 3.3 Data Attributes |
---|
164 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
---|
165 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
166 | !A! Attribute Type ! AF=0 Attribute Length ! |
---|
167 | !F! ! AF=1 Attribute Value ! |
---|
168 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
169 | . AF=0 Attribute Value . |
---|
170 | . AF=1 Not Transmitted . |
---|
171 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
---|
172 | */ |
---|
173 | struct isakmp_data { |
---|
174 | u_int16_t type; /* defined by DOI-spec, and Attribute Format */ |
---|
175 | u_int16_t lorv; /* if f equal 1, Attribute Length */ |
---|
176 | /* if f equal 0, Attribute Value */ |
---|
177 | /* if f equal 1, Attribute Value */ |
---|
178 | } __attribute__((__packed__)); |
---|
179 | #define ISAKMP_GEN_TLV 0x0000 |
---|
180 | #define ISAKMP_GEN_TV 0x8000 |
---|
181 | /* mask for type of attribute format */ |
---|
182 | #define ISAKMP_GEN_MASK 0x8000 |
---|
183 | |
---|
184 | #if 0 |
---|
185 | /* MAY NOT be used, because of being defined in ipsec-doi. */ |
---|
186 | /* 3.4 Security Association Payload */ |
---|
187 | struct isakmp_pl_sa { |
---|
188 | struct isakmp_gen h; |
---|
189 | u_int32_t doi; /* Domain of Interpretation */ |
---|
190 | u_int32_t sit; /* Situation */ |
---|
191 | } __attribute__((__packed__)); |
---|
192 | #endif |
---|
193 | |
---|
194 | /* 3.5 Proposal Payload */ |
---|
195 | /* |
---|
196 | The value of the next payload field MUST only contain the value "2" |
---|
197 | or "0". If there are additional Proposal payloads in the message, |
---|
198 | then this field will be 2. If the current Proposal payload is the |
---|
199 | last within the security association proposal, then this field will |
---|
200 | be 0. |
---|
201 | */ |
---|
202 | struct isakmp_pl_p { |
---|
203 | struct isakmp_gen h; |
---|
204 | u_int8_t p_no; /* Proposal # */ |
---|
205 | u_int8_t proto_id; /* Protocol */ |
---|
206 | u_int8_t spi_size; /* SPI Size */ |
---|
207 | u_int8_t num_t; /* Number of Transforms */ |
---|
208 | /* SPI */ |
---|
209 | } __attribute__((__packed__)); |
---|
210 | |
---|
211 | /* 3.6 Transform Payload */ |
---|
212 | /* |
---|
213 | The value of the next payload field MUST only contain the value "3" |
---|
214 | or "0". If there are additional Transform payloads in the proposal, |
---|
215 | then this field will be 3. If the current Transform payload is the |
---|
216 | last within the proposal, then this field will be 0. |
---|
217 | */ |
---|
218 | struct isakmp_pl_t { |
---|
219 | struct isakmp_gen h; |
---|
220 | u_int8_t t_no; /* Transform # */ |
---|
221 | u_int8_t t_id; /* Transform-Id */ |
---|
222 | u_int16_t reserved; /* RESERVED2 */ |
---|
223 | /* SA Attributes */ |
---|
224 | } __attribute__((__packed__)); |
---|
225 | |
---|
226 | /* 3.7 Key Exchange Payload */ |
---|
227 | struct isakmp_pl_ke { |
---|
228 | struct isakmp_gen h; |
---|
229 | /* Key Exchange Data */ |
---|
230 | } __attribute__((__packed__)); |
---|
231 | |
---|
232 | #if 0 |
---|
233 | /* NOTE: MUST NOT use because of being defined in ipsec-doi instead them. */ |
---|
234 | /* 3.8 Identification Payload */ |
---|
235 | struct isakmp_pl_id { |
---|
236 | struct isakmp_gen h; |
---|
237 | union { |
---|
238 | u_int8_t id_type; /* ID Type */ |
---|
239 | u_int32_t doi_data; /* DOI Specific ID Data */ |
---|
240 | } d; |
---|
241 | /* Identification Data */ |
---|
242 | } __attribute__((__packed__)); |
---|
243 | /* A.4 ISAKMP Identification Type Values */ |
---|
244 | #define ISAKMP_ID_IPV4_ADDR 0 |
---|
245 | #define ISAKMP_ID_IPV4_ADDR_SUBNET 1 |
---|
246 | #define ISAKMP_ID_IPV6_ADDR 2 |
---|
247 | #define ISAKMP_ID_IPV6_ADDR_SUBNET 3 |
---|
248 | #endif |
---|
249 | |
---|
250 | /* 3.9 Certificate Payload */ |
---|
251 | struct isakmp_pl_cert { |
---|
252 | struct isakmp_gen h; |
---|
253 | /* |
---|
254 | * Encoding type of 1 octet follows immediately, |
---|
255 | * variable length CERT data follows encoding type. |
---|
256 | */ |
---|
257 | } __attribute__((__packed__)); |
---|
258 | |
---|
259 | /* Certificate Type */ |
---|
260 | #define ISAKMP_CERT_NONE 0 |
---|
261 | #define ISAKMP_CERT_PKCS7 1 |
---|
262 | #define ISAKMP_CERT_PGP 2 |
---|
263 | #define ISAKMP_CERT_DNS 3 |
---|
264 | #define ISAKMP_CERT_X509SIGN 4 |
---|
265 | #define ISAKMP_CERT_X509KE 5 |
---|
266 | #define ISAKMP_CERT_KERBEROS 6 |
---|
267 | #define ISAKMP_CERT_CRL 7 |
---|
268 | #define ISAKMP_CERT_ARL 8 |
---|
269 | #define ISAKMP_CERT_SPKI 9 |
---|
270 | #define ISAKMP_CERT_X509ATTR 10 |
---|
271 | #define ISAKMP_CERT_PLAINRSA 11 |
---|
272 | |
---|
273 | /* 3.10 Certificate Request Payload */ |
---|
274 | struct isakmp_pl_cr { |
---|
275 | struct isakmp_gen h; |
---|
276 | u_int8_t num_cert; /* # Cert. Types */ |
---|
277 | /* |
---|
278 | Certificate Types (variable length) |
---|
279 | -- Contains a list of the types of certificates requested, |
---|
280 | sorted in order of preference. Each individual certificate |
---|
281 | type is 1 octet. This field is NOT required. |
---|
282 | */ |
---|
283 | /* # Certificate Authorities (1 octet) */ |
---|
284 | /* Certificate Authorities (variable length) */ |
---|
285 | } __attribute__((__packed__)); |
---|
286 | |
---|
287 | /* 3.11 Hash Payload */ |
---|
288 | struct isakmp_pl_hash { |
---|
289 | struct isakmp_gen h; |
---|
290 | /* Hash Data */ |
---|
291 | } __attribute__((__packed__)); |
---|
292 | |
---|
293 | /* 3.12 Signature Payload */ |
---|
294 | struct isakmp_pl_sig { |
---|
295 | struct isakmp_gen h; |
---|
296 | /* Signature Data */ |
---|
297 | } __attribute__((__packed__)); |
---|
298 | |
---|
299 | /* 3.13 Nonce Payload */ |
---|
300 | struct isakmp_pl_nonce { |
---|
301 | struct isakmp_gen h; |
---|
302 | /* Nonce Data */ |
---|
303 | } __attribute__((__packed__)); |
---|
304 | |
---|
305 | /* 3.14 Notification Payload */ |
---|
306 | struct isakmp_pl_n { |
---|
307 | struct isakmp_gen h; |
---|
308 | u_int32_t doi; /* Domain of Interpretation */ |
---|
309 | u_int8_t proto_id; /* Protocol-ID */ |
---|
310 | u_int8_t spi_size; /* SPI Size */ |
---|
311 | u_int16_t type; /* Notify Message Type */ |
---|
312 | /* SPI */ |
---|
313 | /* Notification Data */ |
---|
314 | } __attribute__((__packed__)); |
---|
315 | |
---|
316 | /* 3.14.1 Notify Message Types */ |
---|
317 | /* NOTIFY MESSAGES - ERROR TYPES */ |
---|
318 | #define ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE 1 |
---|
319 | #define ISAKMP_NTYPE_DOI_NOT_SUPPORTED 2 |
---|
320 | #define ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED 3 |
---|
321 | #define ISAKMP_NTYPE_INVALID_COOKIE 4 |
---|
322 | #define ISAKMP_NTYPE_INVALID_MAJOR_VERSION 5 |
---|
323 | #define ISAKMP_NTYPE_INVALID_MINOR_VERSION 6 |
---|
324 | #define ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE 7 |
---|
325 | #define ISAKMP_NTYPE_INVALID_FLAGS 8 |
---|
326 | #define ISAKMP_NTYPE_INVALID_MESSAGE_ID 9 |
---|
327 | #define ISAKMP_NTYPE_INVALID_PROTOCOL_ID 10 |
---|
328 | #define ISAKMP_NTYPE_INVALID_SPI 11 |
---|
329 | #define ISAKMP_NTYPE_INVALID_TRANSFORM_ID 12 |
---|
330 | #define ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13 |
---|
331 | #define ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN 14 |
---|
332 | #define ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX 15 |
---|
333 | #define ISAKMP_NTYPE_PAYLOAD_MALFORMED 16 |
---|
334 | #define ISAKMP_NTYPE_INVALID_KEY_INFORMATION 17 |
---|
335 | #define ISAKMP_NTYPE_INVALID_ID_INFORMATION 18 |
---|
336 | #define ISAKMP_NTYPE_INVALID_CERT_ENCODING 19 |
---|
337 | #define ISAKMP_NTYPE_INVALID_CERTIFICATE 20 |
---|
338 | #define ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX 21 |
---|
339 | #define ISAKMP_NTYPE_INVALID_CERT_AUTHORITY 22 |
---|
340 | #define ISAKMP_NTYPE_INVALID_HASH_INFORMATION 23 |
---|
341 | #define ISAKMP_NTYPE_AUTHENTICATION_FAILED 24 |
---|
342 | #define ISAKMP_NTYPE_INVALID_SIGNATURE 25 |
---|
343 | #define ISAKMP_NTYPE_ADDRESS_NOTIFICATION 26 |
---|
344 | #define ISAKMP_NTYPE_NOTIFY_SA_LIFETIME 27 |
---|
345 | #define ISAKMP_NTYPE_CERTIFICATE_UNAVAILABLE 28 |
---|
346 | #define ISAKMP_NTYPE_UNSUPPORTED_EXCHANGE_TYPE 29 |
---|
347 | #define ISAKMP_NTYPE_UNEQUAL_PAYLOAD_LENGTHS 30 |
---|
348 | #define ISAKMP_NTYPE_MINERROR 1 |
---|
349 | #define ISAKMP_NTYPE_MAXERROR 16383 |
---|
350 | /* NOTIFY MESSAGES - STATUS TYPES */ |
---|
351 | #define ISAKMP_NTYPE_CONNECTED 16384 |
---|
352 | /* 4.6.3 IPSEC DOI Notify Message Types */ |
---|
353 | #define ISAKMP_NTYPE_RESPONDER_LIFETIME 24576 |
---|
354 | #define ISAKMP_NTYPE_REPLAY_STATUS 24577 |
---|
355 | #define ISAKMP_NTYPE_INITIAL_CONTACT 24578 |
---|
356 | |
---|
357 | /* DPD */ |
---|
358 | #define ISAKMP_NTYPE_R_U_THERE 36136 |
---|
359 | #define ISAKMP_NTYPE_R_U_THERE_ACK 36137 |
---|
360 | |
---|
361 | #define ISAKMP_NTYPE_HEARTBEAT 40503 |
---|
362 | |
---|
363 | /* using only to log */ |
---|
364 | #define ISAKMP_LOG_RETRY_LIMIT_REACHED 65530 |
---|
365 | |
---|
366 | /* XXX means internal error but it's not reserved by any drafts... */ |
---|
367 | #define ISAKMP_INTERNAL_ERROR -1 |
---|
368 | |
---|
369 | /* 3.15 Delete Payload */ |
---|
370 | struct isakmp_pl_d { |
---|
371 | struct isakmp_gen h; |
---|
372 | u_int32_t doi; /* Domain of Interpretation */ |
---|
373 | u_int8_t proto_id; /* Protocol-Id */ |
---|
374 | u_int8_t spi_size; /* SPI Size */ |
---|
375 | u_int16_t num_spi; /* # of SPIs */ |
---|
376 | /* SPI(es) */ |
---|
377 | } __attribute__((__packed__)); |
---|
378 | |
---|
379 | struct payload_list { |
---|
380 | struct payload_list *next, *prev; |
---|
381 | vchar_t *payload; |
---|
382 | u_int8_t payload_type; |
---|
383 | u_int8_t free_payload; |
---|
384 | }; |
---|
385 | |
---|
386 | |
---|
387 | /* See draft-ietf-ipsec-isakmp-mode-cfg-04.txt, 3.2 */ |
---|
388 | struct isakmp_pl_attr { |
---|
389 | struct isakmp_gen h; |
---|
390 | u_int8_t type; /* Exchange type */ |
---|
391 | u_int8_t res2; |
---|
392 | u_int16_t id; /* Per transaction id */ |
---|
393 | } __attribute__((__packed__)); |
---|
394 | |
---|
395 | /* Exchange type */ |
---|
396 | #define ISAKMP_CFG_REQUEST 1 |
---|
397 | #define ISAKMP_CFG_REPLY 2 |
---|
398 | #define ISAKMP_CFG_SET 3 |
---|
399 | #define ISAKMP_CFG_ACK 4 |
---|
400 | |
---|
401 | /* IKE fragmentation payload */ |
---|
402 | struct isakmp_frag { |
---|
403 | u_int16_t unknown0; /* always set to zero? */ |
---|
404 | u_int16_t len; |
---|
405 | u_int16_t unknown1; /* always set to 1? */ |
---|
406 | u_int8_t index; |
---|
407 | u_int8_t flags; |
---|
408 | } __attribute__((__packed__)); |
---|
409 | |
---|
410 | /* flags */ |
---|
411 | #define ISAKMP_FRAG_LAST 1 |
---|
412 | |
---|
413 | /* DPD R-U-THERE / R-U-THERE-ACK Payload */ |
---|
414 | struct isakmp_pl_ru { |
---|
415 | struct isakmp_gen h; |
---|
416 | u_int32_t doi; /* Domain of Interpretation */ |
---|
417 | u_int8_t proto_id; /* Protocol-Id */ |
---|
418 | u_int8_t spi_size; /* SPI Size */ |
---|
419 | u_int16_t type; /* Notify type */ |
---|
420 | cookie_t i_ck; /* Initiator Cookie */ |
---|
421 | cookie_t r_ck; /* Responder cookie*/ |
---|
422 | u_int32_t data; /* Notification data */ |
---|
423 | } __attribute__((__packed__)); |
---|
424 | |
---|
425 | #endif /* _ISAKMP_H */ |
---|