494 uint64_t sadb_x_ext_alignment;
495 } sadb_x_pair_u;
496 #define sadb_x_pair_len sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_ulen
497 #define sadb_x_pair_exttype \
498 sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uexttype
499 #define sadb_x_pair_spi sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uspi
500 } sadb_x_pair_t;
501
502 /*
503 * For the Sequence numbers to be used with SADB_DUMP, SADB_GET, SADB_UPDATE.
504 */
505
506 typedef struct sadb_x_replay_ctr {
507 uint16_t sadb_x_rc_len;
508 uint16_t sadb_x_rc_exttype;
509 uint32_t sadb_x_rc_replay32; /* For 240x SAs. */
510 uint64_t sadb_x_rc_replay64; /* For 430x SAs. */
511 } sadb_x_replay_ctr_t;
512
513 /*
514 * For extended DUMP request. Dumps the SAs which were idle for
515 * longer than the timeout specified.
516 */
517
518 typedef struct sadb_x_edump {
519 uint16_t sadb_x_edump_len;
520 uint16_t sadb_x_edump_exttype;
521 uint32_t sadb_x_edump_reserved;
522 uint64_t sadb_x_edump_timeout;
523 } sadb_x_edump_t;
524
525 /*
526 * Base message types.
527 */
528
529 #define SADB_RESERVED 0
530 #define SADB_GETSPI 1
531 #define SADB_UPDATE 2
532 #define SADB_ADD 3
533 #define SADB_DELETE 4
534 #define SADB_GET 5
535 #define SADB_ACQUIRE 6
536 #define SADB_REGISTER 7
537 #define SADB_EXPIRE 8
538 #define SADB_FLUSH 9
539 #define SADB_DUMP 10 /* not used normally */
540 #define SADB_X_PROMISC 11
541 #define SADB_X_INVERSE_ACQUIRE 12
542 #define SADB_X_UPDATEPAIR 13
543 #define SADB_X_DELPAIR 14
544 #define SADB_X_DELPAIR_STATE 15
545 #define SADB_MAX 15
546
547 /*
548 * SA flags
549 */
550
551 #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */
552 #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */
553
554 /* Below flags are used by this implementation. Grow from left-to-right. */
555 #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */
556 #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */
557 #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */
558 #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */
559 #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */
560 #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */
561 #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */
562 #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */
563 #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */
564 #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */
566 #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */
567 #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */
568 #define SADB_X_SAFLAGS_KRES2 0x40000 /* Reserved by the kernel */
569 #define SADB_X_SAFLAGS_TUNNEL 0x20000 /* tunnel mode */
570 #define SADB_X_SAFLAGS_PAIRED 0x10000 /* inbound/outbound pair */
571 #define SADB_X_SAFLAGS_OUTBOUND 0x8000 /* SA direction bit */
572 #define SADB_X_SAFLAGS_INBOUND 0x4000 /* SA direction bit */
573 #define SADB_X_SAFLAGS_NATTED 0x1000 /* Local node is behind a NAT */
574
575 #define SADB_X_SAFLAGS_KRES \
576 SADB_X_SAFLAGS_KRES1 | SADB_X_SAFLAGS_KRES2
577
578 /*
579 * SA state.
580 */
581
582 #define SADB_SASTATE_LARVAL 0
583 #define SADB_SASTATE_MATURE 1
584 #define SADB_SASTATE_DYING 2
585 #define SADB_SASTATE_DEAD 3
586 #define SADB_X_SASTATE_ACTIVE_ELSEWHERE 4
587 #define SADB_X_SASTATE_IDLE 5
588 #define SADB_X_SASTATE_ACTIVE 6
589
590 #define SADB_SASTATE_MAX 6
591
592 /*
593 * SA type. Gaps are present in the number space because (for the time being)
594 * these types correspond to the SA types in the IPsec DOI document.
595 */
596
597 #define SADB_SATYPE_UNSPEC 0
598 #define SADB_SATYPE_AH 2 /* RFC-1826 */
599 #define SADB_SATYPE_ESP 3 /* RFC-1827 */
600 #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */
601 #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */
602 #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */
603 #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */
604
605 #define SADB_SATYPE_MAX 8
606
607 /*
608 * Algorithm types. Gaps are present because (for the time being) these types
652 /* These two are synonyms. */
653 #define SADB_EXT_ADDRESS_PROXY 7
654 #define SADB_X_EXT_ADDRESS_INNER_SRC SADB_EXT_ADDRESS_PROXY
655 #define SADB_EXT_KEY_AUTH 8
656 #define SADB_EXT_KEY_ENCRYPT 9
657 #define SADB_EXT_IDENTITY_SRC 10
658 #define SADB_EXT_IDENTITY_DST 11
659 #define SADB_EXT_SENSITIVITY 12
660 #define SADB_EXT_PROPOSAL 13
661 #define SADB_EXT_SUPPORTED_AUTH 14
662 #define SADB_EXT_SUPPORTED_ENCRYPT 15
663 #define SADB_EXT_SPIRANGE 16
664 #define SADB_X_EXT_EREG 17
665 #define SADB_X_EXT_EPROP 18
666 #define SADB_X_EXT_KM_COOKIE 19
667 #define SADB_X_EXT_ADDRESS_NATT_LOC 20
668 #define SADB_X_EXT_ADDRESS_NATT_REM 21
669 #define SADB_X_EXT_ADDRESS_INNER_DST 22
670 #define SADB_X_EXT_PAIR 23
671 #define SADB_X_EXT_REPLAY_VALUE 24
672 #define SADB_X_EXT_EDUMP 25
673 #define SADB_X_EXT_LIFETIME_IDLE 26
674 #define SADB_X_EXT_OUTER_SENS 27
675
676 #define SADB_EXT_MAX 27
677
678 /*
679 * Identity types.
680 */
681
682 #define SADB_IDENTTYPE_RESERVED 0
683
684 /*
685 * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC
686 * if not present.
687 */
688 #define SADB_IDENTTYPE_PREFIX 1
689 #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */
690 #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */
691 #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */
692 #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */
|
494 uint64_t sadb_x_ext_alignment;
495 } sadb_x_pair_u;
496 #define sadb_x_pair_len sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_ulen
497 #define sadb_x_pair_exttype \
498 sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uexttype
499 #define sadb_x_pair_spi sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uspi
500 } sadb_x_pair_t;
501
502 /*
503 * For the Sequence numbers to be used with SADB_DUMP, SADB_GET, SADB_UPDATE.
504 */
505
506 typedef struct sadb_x_replay_ctr {
507 uint16_t sadb_x_rc_len;
508 uint16_t sadb_x_rc_exttype;
509 uint32_t sadb_x_rc_replay32; /* For 240x SAs. */
510 uint64_t sadb_x_rc_replay64; /* For 430x SAs. */
511 } sadb_x_replay_ctr_t;
512
513 /*
514 * Base message types.
515 */
516
517 #define SADB_RESERVED 0
518 #define SADB_GETSPI 1
519 #define SADB_UPDATE 2
520 #define SADB_ADD 3
521 #define SADB_DELETE 4
522 #define SADB_GET 5
523 #define SADB_ACQUIRE 6
524 #define SADB_REGISTER 7
525 #define SADB_EXPIRE 8
526 #define SADB_FLUSH 9
527 #define SADB_DUMP 10 /* not used normally */
528 #define SADB_X_PROMISC 11
529 #define SADB_X_INVERSE_ACQUIRE 12
530 #define SADB_X_UPDATEPAIR 13
531 #define SADB_X_DELPAIR 14
532 /* #define SADB_X_DELPAIR_STATE 15 */ /* Deprecated */
533 #define SADB_MAX 15
534
535 /*
536 * SA flags
537 */
538
539 #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */
540 #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */
541
542 /* Below flags are used by this implementation. Grow from left-to-right. */
543 #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */
544 #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */
545 #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */
546 #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */
547 #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */
548 #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */
549 #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */
550 #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */
551 #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */
552 #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */
554 #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */
555 #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */
556 #define SADB_X_SAFLAGS_KRES2 0x40000 /* Reserved by the kernel */
557 #define SADB_X_SAFLAGS_TUNNEL 0x20000 /* tunnel mode */
558 #define SADB_X_SAFLAGS_PAIRED 0x10000 /* inbound/outbound pair */
559 #define SADB_X_SAFLAGS_OUTBOUND 0x8000 /* SA direction bit */
560 #define SADB_X_SAFLAGS_INBOUND 0x4000 /* SA direction bit */
561 #define SADB_X_SAFLAGS_NATTED 0x1000 /* Local node is behind a NAT */
562
563 #define SADB_X_SAFLAGS_KRES \
564 SADB_X_SAFLAGS_KRES1 | SADB_X_SAFLAGS_KRES2
565
566 /*
567 * SA state.
568 */
569
570 #define SADB_SASTATE_LARVAL 0
571 #define SADB_SASTATE_MATURE 1
572 #define SADB_SASTATE_DYING 2
573 #define SADB_SASTATE_DEAD 3
574 /* #define SADB_X_SASTATE_ACTIVE_ELSEWHERE 4 */ /* Deprecated */
575 /* #define SADB_X_SASTATE_IDLE 5 */ /* Deprecated */
576 /* #define SADB_X_SASTATE_ACTIVE 6 */ /* Deprecated */
577
578 #define SADB_SASTATE_MAX 6
579
580 /*
581 * SA type. Gaps are present in the number space because (for the time being)
582 * these types correspond to the SA types in the IPsec DOI document.
583 */
584
585 #define SADB_SATYPE_UNSPEC 0
586 #define SADB_SATYPE_AH 2 /* RFC-1826 */
587 #define SADB_SATYPE_ESP 3 /* RFC-1827 */
588 #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */
589 #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */
590 #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */
591 #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */
592
593 #define SADB_SATYPE_MAX 8
594
595 /*
596 * Algorithm types. Gaps are present because (for the time being) these types
640 /* These two are synonyms. */
641 #define SADB_EXT_ADDRESS_PROXY 7
642 #define SADB_X_EXT_ADDRESS_INNER_SRC SADB_EXT_ADDRESS_PROXY
643 #define SADB_EXT_KEY_AUTH 8
644 #define SADB_EXT_KEY_ENCRYPT 9
645 #define SADB_EXT_IDENTITY_SRC 10
646 #define SADB_EXT_IDENTITY_DST 11
647 #define SADB_EXT_SENSITIVITY 12
648 #define SADB_EXT_PROPOSAL 13
649 #define SADB_EXT_SUPPORTED_AUTH 14
650 #define SADB_EXT_SUPPORTED_ENCRYPT 15
651 #define SADB_EXT_SPIRANGE 16
652 #define SADB_X_EXT_EREG 17
653 #define SADB_X_EXT_EPROP 18
654 #define SADB_X_EXT_KM_COOKIE 19
655 #define SADB_X_EXT_ADDRESS_NATT_LOC 20
656 #define SADB_X_EXT_ADDRESS_NATT_REM 21
657 #define SADB_X_EXT_ADDRESS_INNER_DST 22
658 #define SADB_X_EXT_PAIR 23
659 #define SADB_X_EXT_REPLAY_VALUE 24
660 /* #define SADB_X_EXT_EDUMP 25 */ /* Deprecated */
661 #define SADB_X_EXT_LIFETIME_IDLE 26
662 #define SADB_X_EXT_OUTER_SENS 27
663
664 #define SADB_EXT_MAX 27
665
666 /*
667 * Identity types.
668 */
669
670 #define SADB_IDENTTYPE_RESERVED 0
671
672 /*
673 * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC
674 * if not present.
675 */
676 #define SADB_IDENTTYPE_PREFIX 1
677 #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */
678 #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */
679 #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */
680 #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */
|