Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
422 | giacomo | 1 | #ifndef _LINUX_XFRM_H |
2 | #define _LINUX_XFRM_H |
||
3 | |||
4 | #include <linux/types.h> |
||
5 | |||
6 | /* All of the structures in this file may not change size as they are |
||
7 | * passed into the kernel from userspace via netlink sockets. |
||
8 | */ |
||
9 | |||
10 | /* Structure to encapsulate addresses. I do not want to use |
||
11 | * "standard" structure. My apologies. |
||
12 | */ |
||
13 | typedef union |
||
14 | { |
||
15 | __u32 a4; |
||
16 | __u32 a6[4]; |
||
17 | } xfrm_address_t; |
||
18 | |||
19 | /* Ident of a specific xfrm_state. It is used on input to lookup |
||
20 | * the state by (spi,daddr,ah/esp) or to store information about |
||
21 | * spi, protocol and tunnel address on output. |
||
22 | */ |
||
23 | struct xfrm_id |
||
24 | { |
||
25 | xfrm_address_t daddr; |
||
26 | __u32 spi; |
||
27 | __u8 proto; |
||
28 | }; |
||
29 | |||
30 | /* Selector, used as selector both on policy rules (SPD) and SAs. */ |
||
31 | |||
32 | struct xfrm_selector |
||
33 | { |
||
34 | xfrm_address_t daddr; |
||
35 | xfrm_address_t saddr; |
||
36 | __u16 dport; |
||
37 | __u16 dport_mask; |
||
38 | __u16 sport; |
||
39 | __u16 sport_mask; |
||
40 | __u16 family; |
||
41 | __u8 prefixlen_d; |
||
42 | __u8 prefixlen_s; |
||
43 | __u8 proto; |
||
44 | int ifindex; |
||
45 | uid_t user; |
||
46 | }; |
||
47 | |||
48 | #define XFRM_INF (~(__u64)0) |
||
49 | |||
50 | struct xfrm_lifetime_cfg |
||
51 | { |
||
52 | __u64 soft_byte_limit; |
||
53 | __u64 hard_byte_limit; |
||
54 | __u64 soft_packet_limit; |
||
55 | __u64 hard_packet_limit; |
||
56 | __u64 soft_add_expires_seconds; |
||
57 | __u64 hard_add_expires_seconds; |
||
58 | __u64 soft_use_expires_seconds; |
||
59 | __u64 hard_use_expires_seconds; |
||
60 | }; |
||
61 | |||
62 | struct xfrm_lifetime_cur |
||
63 | { |
||
64 | __u64 bytes; |
||
65 | __u64 packets; |
||
66 | __u64 add_time; |
||
67 | __u64 use_time; |
||
68 | }; |
||
69 | |||
70 | struct xfrm_replay_state |
||
71 | { |
||
72 | __u32 oseq; |
||
73 | __u32 seq; |
||
74 | __u32 bitmap; |
||
75 | }; |
||
76 | |||
77 | struct xfrm_algo { |
||
78 | char alg_name[64]; |
||
79 | int alg_key_len; /* in bits */ |
||
80 | char alg_key[0]; |
||
81 | }; |
||
82 | |||
83 | struct xfrm_stats { |
||
84 | __u32 replay_window; |
||
85 | __u32 replay; |
||
86 | __u32 integrity_failed; |
||
87 | }; |
||
88 | |||
89 | enum |
||
90 | { |
||
91 | XFRM_POLICY_IN = 0, |
||
92 | XFRM_POLICY_OUT = 1, |
||
93 | XFRM_POLICY_FWD = 2, |
||
94 | XFRM_POLICY_MAX = 3 |
||
95 | }; |
||
96 | |||
97 | enum |
||
98 | { |
||
99 | XFRM_SHARE_ANY, /* No limitations */ |
||
100 | XFRM_SHARE_SESSION, /* For this session only */ |
||
101 | XFRM_SHARE_USER, /* For this user only */ |
||
102 | XFRM_SHARE_UNIQUE /* Use once */ |
||
103 | }; |
||
104 | |||
105 | /* Netlink configuration messages. */ |
||
106 | #define XFRM_MSG_BASE 0x10 |
||
107 | |||
108 | #define XFRM_MSG_NEWSA (XFRM_MSG_BASE + 0) |
||
109 | #define XFRM_MSG_DELSA (XFRM_MSG_BASE + 1) |
||
110 | #define XFRM_MSG_GETSA (XFRM_MSG_BASE + 2) |
||
111 | |||
112 | #define XFRM_MSG_NEWPOLICY (XFRM_MSG_BASE + 3) |
||
113 | #define XFRM_MSG_DELPOLICY (XFRM_MSG_BASE + 4) |
||
114 | #define XFRM_MSG_GETPOLICY (XFRM_MSG_BASE + 5) |
||
115 | |||
116 | #define XFRM_MSG_ALLOCSPI (XFRM_MSG_BASE + 6) |
||
117 | #define XFRM_MSG_ACQUIRE (XFRM_MSG_BASE + 7) |
||
118 | #define XFRM_MSG_EXPIRE (XFRM_MSG_BASE + 8) |
||
119 | |||
120 | #define XFRM_MSG_UPDPOLICY (XFRM_MSG_BASE + 9) |
||
121 | #define XFRM_MSG_UPDSA (XFRM_MSG_BASE + 10) |
||
122 | |||
123 | #define XFRM_MSG_POLEXPIRE (XFRM_MSG_BASE + 11) |
||
124 | |||
125 | #define XFRM_MSG_MAX (XFRM_MSG_POLEXPIRE+1) |
||
126 | |||
127 | struct xfrm_user_tmpl { |
||
128 | struct xfrm_id id; |
||
129 | __u16 family; |
||
130 | xfrm_address_t saddr; |
||
131 | __u32 reqid; |
||
132 | __u8 mode; |
||
133 | __u8 share; |
||
134 | __u8 optional; |
||
135 | __u32 aalgos; |
||
136 | __u32 ealgos; |
||
137 | __u32 calgos; |
||
138 | }; |
||
139 | |||
140 | struct xfrm_encap_tmpl { |
||
141 | __u16 encap_type; |
||
142 | __u16 encap_sport; |
||
143 | __u16 encap_dport; |
||
144 | xfrm_address_t encap_oa; |
||
145 | }; |
||
146 | |||
147 | /* Netlink message attributes. */ |
||
148 | enum xfrm_attr_type_t { |
||
149 | XFRMA_UNSPEC, |
||
150 | XFRMA_ALG_AUTH, /* struct xfrm_algo */ |
||
151 | XFRMA_ALG_CRYPT, /* struct xfrm_algo */ |
||
152 | XFRMA_ALG_COMP, /* struct xfrm_algo */ |
||
153 | XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ |
||
154 | XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ |
||
155 | |||
156 | #define XFRMA_MAX XFRMA_TMPL |
||
157 | }; |
||
158 | |||
159 | struct xfrm_usersa_info { |
||
160 | struct xfrm_selector sel; |
||
161 | struct xfrm_id id; |
||
162 | xfrm_address_t saddr; |
||
163 | struct xfrm_lifetime_cfg lft; |
||
164 | struct xfrm_lifetime_cur curlft; |
||
165 | struct xfrm_stats stats; |
||
166 | __u32 seq; |
||
167 | __u32 reqid; |
||
168 | __u16 family; |
||
169 | __u8 mode; /* 0=transport,1=tunnel */ |
||
170 | __u8 replay_window; |
||
171 | __u8 flags; |
||
172 | #define XFRM_STATE_NOECN 1 |
||
173 | }; |
||
174 | |||
175 | struct xfrm_usersa_id { |
||
176 | xfrm_address_t daddr; |
||
177 | __u32 spi; |
||
178 | __u16 family; |
||
179 | __u8 proto; |
||
180 | }; |
||
181 | |||
182 | struct xfrm_userspi_info { |
||
183 | struct xfrm_usersa_info info; |
||
184 | __u32 min; |
||
185 | __u32 max; |
||
186 | }; |
||
187 | |||
188 | struct xfrm_userpolicy_info { |
||
189 | struct xfrm_selector sel; |
||
190 | struct xfrm_lifetime_cfg lft; |
||
191 | struct xfrm_lifetime_cur curlft; |
||
192 | __u32 priority; |
||
193 | __u32 index; |
||
194 | __u8 dir; |
||
195 | __u8 action; |
||
196 | #define XFRM_POLICY_ALLOW 0 |
||
197 | #define XFRM_POLICY_BLOCK 1 |
||
198 | __u8 flags; |
||
199 | #define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ |
||
200 | __u8 share; |
||
201 | }; |
||
202 | |||
203 | struct xfrm_userpolicy_id { |
||
204 | struct xfrm_selector sel; |
||
205 | __u32 index; |
||
206 | __u8 dir; |
||
207 | }; |
||
208 | |||
209 | struct xfrm_user_acquire { |
||
210 | struct xfrm_id id; |
||
211 | xfrm_address_t saddr; |
||
212 | struct xfrm_selector sel; |
||
213 | struct xfrm_userpolicy_info policy; |
||
214 | __u32 aalgos; |
||
215 | __u32 ealgos; |
||
216 | __u32 calgos; |
||
217 | __u32 seq; |
||
218 | }; |
||
219 | |||
220 | struct xfrm_user_expire { |
||
221 | struct xfrm_usersa_info state; |
||
222 | __u8 hard; |
||
223 | }; |
||
224 | |||
225 | struct xfrm_user_polexpire { |
||
226 | struct xfrm_userpolicy_info pol; |
||
227 | __u8 hard; |
||
228 | }; |
||
229 | |||
230 | #define XFRMGRP_ACQUIRE 1 |
||
231 | #define XFRMGRP_EXPIRE 2 |
||
232 | |||
233 | #endif /* _LINUX_XFRM_H */ |