Print this page
8927 sadb_x_kmc_t's KM cookie should be 64-bits
Reviewed by: Jason King <jason.king@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Yuri Pankov <yuripv@gmx.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/net/pfkeyv2.h
+++ new/usr/src/uts/common/net/pfkeyv2.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 +/*
26 + * Copyright 2017 Joyent, Inc.
27 + */
25 28
26 29 #ifndef _NET_PFKEYV2_H
27 30 #define _NET_PFKEYV2_H
28 31
29 32 /*
30 33 * Definitions and structures for PF_KEY version 2. See RFC 2367 for
31 34 * more details. SA == Security Association, which is what PF_KEY provides
32 35 * an API for managing.
33 36 */
34 37
35 38 #ifdef __cplusplus
36 39 extern "C" {
37 40 #endif
38 41
39 42 #define PF_KEY_V2 2
40 43 #define PFKEYV2_REVISION 200109L
41 44
42 45 /*
43 46 * Base PF_KEY message.
44 47 */
45 48
46 49 typedef struct sadb_msg {
47 50 uint8_t sadb_msg_version; /* Version, currently PF_KEY_V2 */
48 51 uint8_t sadb_msg_type; /* ADD, UPDATE, etc. */
49 52 uint8_t sadb_msg_errno; /* Error number from UNIX errno space */
50 53 uint8_t sadb_msg_satype; /* ESP, AH, etc. */
51 54 uint16_t sadb_msg_len; /* Length in 64-bit words. */
52 55 uint16_t sadb_msg_reserved; /* must be zero */
53 56 /*
54 57 * Use the reserved field for extended diagnostic information on errno
55 58 * responses.
56 59 */
57 60 #define sadb_x_msg_diagnostic sadb_msg_reserved
58 61 /* Union is for guaranteeing 64-bit alignment. */
59 62 union {
60 63 struct {
61 64 uint32_t sadb_x_msg_useq; /* Set by originator */
62 65 uint32_t sadb_x_msg_upid; /* Set by originator */
63 66 } sadb_x_msg_actual;
64 67 uint64_t sadb_x_msg_alignment;
65 68 } sadb_x_msg_u;
66 69 #define sadb_msg_seq sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_useq
67 70 #define sadb_msg_pid sadb_x_msg_u.sadb_x_msg_actual.sadb_x_msg_upid
68 71 } sadb_msg_t;
69 72
70 73 /*
71 74 * Generic extension header.
72 75 */
73 76
74 77 typedef struct sadb_ext {
75 78 union {
76 79 /* Union is for guaranteeing 64-bit alignment. */
77 80 struct {
78 81 uint16_t sadb_x_ext_ulen; /* In 64s, inclusive */
79 82 uint16_t sadb_x_ext_utype; /* 0 is reserved */
80 83 } sadb_x_ext_actual;
81 84 uint64_t sadb_x_ext_alignment;
82 85 } sadb_x_ext_u;
83 86 #define sadb_ext_len sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_ulen
84 87 #define sadb_ext_type sadb_x_ext_u.sadb_x_ext_actual.sadb_x_ext_utype
85 88 } sadb_ext_t;
86 89
87 90 /*
88 91 * Security Association information extension.
89 92 */
90 93
91 94 typedef struct sadb_sa {
92 95 /* Union is for guaranteeing 64-bit alignment. */
93 96 union {
94 97 struct {
95 98 uint16_t sadb_x_sa_ulen;
96 99 uint16_t sadb_x_sa_uexttype; /* ASSOCIATION */
97 100 uint32_t sadb_x_sa_uspi; /* Sec. Param. Index */
98 101 } sadb_x_sa_uactual;
99 102 uint64_t sadb_x_sa_alignment;
100 103 } sadb_x_sa_u;
101 104 #define sadb_sa_len sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_ulen
102 105 #define sadb_sa_exttype sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uexttype
103 106 #define sadb_sa_spi sadb_x_sa_u.sadb_x_sa_uactual.sadb_x_sa_uspi
104 107 uint8_t sadb_sa_replay; /* Replay counter */
105 108 uint8_t sadb_sa_state; /* MATURE, DEAD, DYING, LARVAL */
106 109 uint8_t sadb_sa_auth; /* Authentication algorithm */
107 110 uint8_t sadb_sa_encrypt; /* Encryption algorithm */
108 111 uint32_t sadb_sa_flags; /* SA flags. */
109 112 } sadb_sa_t;
110 113
111 114 /*
112 115 * SA Lifetime extension. Already 64-bit aligned thanks to uint64_t fields.
113 116 */
114 117
115 118 typedef struct sadb_lifetime {
116 119 uint16_t sadb_lifetime_len;
117 120 uint16_t sadb_lifetime_exttype; /* SOFT, HARD, CURRENT */
118 121 uint32_t sadb_lifetime_allocations;
119 122 uint64_t sadb_lifetime_bytes;
120 123 uint64_t sadb_lifetime_addtime; /* These fields are assumed to hold */
121 124 uint64_t sadb_lifetime_usetime; /* >= sizeof (time_t). */
122 125 } sadb_lifetime_t;
123 126
124 127 /*
125 128 * SA address information.
126 129 */
127 130
128 131 typedef struct sadb_address {
129 132 /* Union is for guaranteeing 64-bit alignment. */
130 133 union {
131 134 struct {
132 135 uint16_t sadb_x_address_ulen;
133 136 uint16_t sadb_x_address_uexttype; /* SRC, DST, PROXY */
134 137 uint8_t sadb_x_address_uproto; /* Proto for ports... */
135 138 uint8_t sadb_x_address_uprefixlen; /* Prefix length. */
136 139 uint16_t sadb_x_address_ureserved; /* Padding */
137 140 } sadb_x_address_actual;
138 141 uint64_t sadb_x_address_alignment;
139 142 } sadb_x_address_u;
140 143 #define sadb_address_len \
141 144 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ulen
142 145 #define sadb_address_exttype \
143 146 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uexttype
144 147 #define sadb_address_proto \
145 148 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uproto
146 149 #define sadb_address_prefixlen \
147 150 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_uprefixlen
148 151 #define sadb_address_reserved \
149 152 sadb_x_address_u.sadb_x_address_actual.sadb_x_address_ureserved
150 153 /* Followed by a sockaddr structure which may contain ports. */
151 154 } sadb_address_t;
152 155
153 156 /*
154 157 * SA key information.
155 158 */
156 159
157 160 typedef struct sadb_key {
158 161 /* Union is for guaranteeing 64-bit alignment. */
159 162 union {
160 163 struct {
161 164 uint16_t sadb_x_key_ulen;
162 165 uint16_t sadb_x_key_uexttype; /* AUTH, ENCRYPT */
163 166 uint16_t sadb_x_key_ubits; /* Actual len (bits) */
164 167 uint16_t sadb_x_key_ureserved;
165 168 } sadb_x_key_actual;
166 169 uint64_t sadb_x_key_alignment;
167 170 } sadb_x_key_u;
168 171 #define sadb_key_len sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ulen
169 172 #define sadb_key_exttype sadb_x_key_u.sadb_x_key_actual.sadb_x_key_uexttype
170 173 #define sadb_key_bits sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ubits
171 174 #define sadb_key_reserved sadb_x_key_u.sadb_x_key_actual.sadb_x_key_ureserved
172 175 /* Followed by actual key(s) in canonical (outbound proc.) order. */
173 176 } sadb_key_t;
174 177
175 178 /*
176 179 * SA Identity information. Already 64-bit aligned thanks to uint64_t fields.
177 180 */
178 181
179 182 typedef struct sadb_ident {
180 183 uint16_t sadb_ident_len;
181 184 uint16_t sadb_ident_exttype; /* SRC, DST, PROXY */
182 185 uint16_t sadb_ident_type; /* FQDN, USER_FQDN, etc. */
183 186 uint16_t sadb_ident_reserved; /* Padding */
184 187 uint64_t sadb_ident_id; /* For userid, etc. */
185 188 /* Followed by an identity null-terminate C string if present. */
186 189 } sadb_ident_t;
187 190
188 191 /*
189 192 * SA sensitivity information. This is mostly useful on MLS systems.
190 193 */
191 194
192 195 typedef struct sadb_sens {
193 196 /* Union is for guaranteeing 64-bit alignment. */
194 197 union {
195 198 struct {
196 199 uint16_t sadb_x_sens_ulen;
197 200 uint16_t sadb_x_sens_uexttype; /* SENSITIVITY */
198 201 uint32_t sadb_x_sens_udpd; /* Protection domain */
199 202 } sadb_x_sens_actual;
200 203 uint64_t sadb_x_sens_alignment;
201 204 } sadb_x_sens_u;
202 205 #define sadb_sens_len sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_ulen
203 206 #define sadb_sens_exttype sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_uexttype
204 207 #define sadb_sens_dpd sadb_x_sens_u.sadb_x_sens_actual.sadb_x_sens_udpd
205 208 uint8_t sadb_sens_sens_level;
206 209 uint8_t sadb_sens_sens_len; /* 64-bit words */
207 210 uint8_t sadb_sens_integ_level;
208 211 uint8_t sadb_sens_integ_len; /* 64-bit words */
209 212 uint32_t sadb_x_sens_flags;
210 213 /*
211 214 * followed by two uint64_t arrays
212 215 * uint64_t sadb_sens_bitmap[sens_bitmap_len];
213 216 * uint64_t sadb_integ_bitmap[integ_bitmap_len];
214 217 */
215 218 } sadb_sens_t;
216 219
217 220 /*
218 221 * We recycled the formerly reserved word for flags.
219 222 */
220 223
221 224 #define sadb_sens_reserved sadb_x_sens_flags
222 225
223 226 #define SADB_X_SENS_IMPLICIT 0x1 /* implicit labelling */
224 227 #define SADB_X_SENS_UNLABELED 0x2 /* peer is unlabeled */
225 228
226 229 /*
227 230 * a proposal extension. This is found in an ACQUIRE message, and it
228 231 * proposes what sort of SA the kernel would like to ACQUIRE.
229 232 */
230 233
231 234 /* First, a base structure... */
232 235
233 236 typedef struct sadb_x_propbase {
234 237 uint16_t sadb_x_propb_len;
235 238 uint16_t sadb_x_propb_exttype; /* PROPOSAL, X_EPROP */
236 239 union {
237 240 struct {
238 241 uint8_t sadb_x_propb_lenres_replay;
239 242 uint8_t sadb_x_propb_lenres_eres;
240 243 uint16_t sadb_x_propb_lenres_numecombs;
241 244 } sadb_x_propb_lenres;
242 245 struct {
243 246 uint8_t sadb_x_propb_oldres_replay;
244 247 uint8_t sadb_x_propb_oldres_reserved[3];
245 248 } sadb_x_propb_oldres;
246 249 } sadb_x_propb_u;
247 250 #define sadb_x_propb_replay \
248 251 sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_replay
249 252 #define sadb_x_propb_reserved \
250 253 sadb_x_propb_u.sadb_x_propb_oldres.sadb_x_propb_oldres_reserved
251 254 #define sadb_x_propb_ereserved \
252 255 sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_eres
253 256 #define sadb_x_propb_numecombs \
254 257 sadb_x_propb_u.sadb_x_propb_lenres.sadb_x_propb_lenres_numecombs
255 258 /* Followed by sadb_comb[] array or sadb_ecomb[] array. */
256 259 } sadb_x_propbase_t;
257 260
258 261 /* Now, the actual sadb_prop structure, which will have alignment in it! */
259 262
260 263 typedef struct sadb_prop {
261 264 /* Union is for guaranteeing 64-bit alignment. */
262 265 union {
263 266 sadb_x_propbase_t sadb_x_prop_actual;
264 267 uint64_t sadb_x_prop_alignment;
265 268 } sadb_x_prop_u;
266 269 #define sadb_prop_len sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_len
267 270 #define sadb_prop_exttype sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_exttype
268 271 #define sadb_prop_replay sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_replay
269 272 #define sadb_prop_reserved \
270 273 sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_reserved
271 274 #define sadb_x_prop_ereserved \
272 275 sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_ereserved
273 276 #define sadb_x_prop_numecombs \
274 277 sadb_x_prop_u.sadb_x_prop_actual.sadb_x_propb_numecombs
275 278 } sadb_prop_t;
276 279
277 280 /*
278 281 * This is a proposed combination. Many of these can follow a proposal
279 282 * extension. Already 64-bit aligned thanks to uint64_t fields.
280 283 */
281 284
282 285 typedef struct sadb_comb {
283 286 uint8_t sadb_comb_auth; /* Authentication algorithm */
284 287 uint8_t sadb_comb_encrypt; /* Encryption algorithm */
285 288 uint16_t sadb_comb_flags; /* Comb. flags (e.g. PFS) */
286 289 uint16_t sadb_comb_auth_minbits; /* Bit strengths for auth */
287 290 uint16_t sadb_comb_auth_maxbits;
288 291 uint16_t sadb_comb_encrypt_minbits; /* Bit strengths for encrypt */
289 292 uint16_t sadb_comb_encrypt_maxbits;
290 293 uint32_t sadb_comb_reserved;
291 294 uint32_t sadb_comb_soft_allocations; /* Lifetime proposals for */
292 295 uint32_t sadb_comb_hard_allocations; /* this combination. */
293 296 uint64_t sadb_comb_soft_bytes;
294 297 uint64_t sadb_comb_hard_bytes;
295 298 uint64_t sadb_comb_soft_addtime;
296 299 uint64_t sadb_comb_hard_addtime;
297 300 uint64_t sadb_comb_soft_usetime;
298 301 uint64_t sadb_comb_hard_usetime;
299 302 } sadb_comb_t;
300 303
301 304 /*
302 305 * An extended combination that can comprise of many SA types.
303 306 * A single combination has algorithms and SA types locked.
304 307 * These are represented by algorithm descriptors, the second structure
305 308 * in the list. For example, if the EACQUIRE requests AH(MD5) + ESP(DES/null)
306 309 * _or_ ESP(DES/MD5), it would have two combinations:
307 310 *
308 311 * COMB: algdes(AH, AUTH, MD5), algdes(ESP, CRYPT, DES)
309 312 * COMB: algdes(ESP, AUTH, MD5), algdes(ESP, CRYPT, DES)
310 313 *
311 314 * If an SA type supports an algorithm type, and there's no descriptor,
312 315 * assume it requires NONE, just like it were explicitly stated.
313 316 * (This includes ESP NULL encryption, BTW.)
314 317 *
315 318 * Already 64-bit aligned thanks to uint64_t fields.
316 319 */
317 320
318 321 typedef struct sadb_x_ecomb {
319 322 uint8_t sadb_x_ecomb_numalgs;
320 323 uint8_t sadb_x_ecomb_reserved;
321 324 uint16_t sadb_x_ecomb_flags; /* E.g. PFS? */
322 325 uint32_t sadb_x_ecomb_reserved2;
323 326 uint32_t sadb_x_ecomb_soft_allocations;
324 327 uint32_t sadb_x_ecomb_hard_allocations;
325 328 uint64_t sadb_x_ecomb_soft_bytes;
326 329 uint64_t sadb_x_ecomb_hard_bytes;
327 330 uint64_t sadb_x_ecomb_soft_addtime;
328 331 uint64_t sadb_x_ecomb_hard_addtime;
329 332 uint64_t sadb_x_ecomb_soft_usetime;
330 333 uint64_t sadb_x_ecomb_hard_usetime;
331 334 } sadb_x_ecomb_t;
332 335
333 336 typedef struct sadb_x_algdesc {
334 337 /* Union is for guaranteeing 64-bit alignment. */
335 338 union {
336 339 struct {
337 340 uint8_t sadb_x_algdesc_usatype; /* ESP, AH, etc. */
338 341 uint8_t sadb_x_algdesc_ualgtype; /* AUTH, CRYPT, COMP */
339 342 uint8_t sadb_x_algdesc_ualg; /* 3DES, MD5, etc. */
340 343 uint8_t sadb_x_algdesc_ureserved;
341 344 uint16_t sadb_x_algdesc_uminbits; /* Bit strengths. */
342 345 uint16_t sadb_x_algdesc_umaxbits;
343 346 } sadb_x_algdesc_actual;
344 347 uint64_t sadb_x_algdesc_alignment;
345 348 } sadb_x_algdesc_u;
346 349 #define sadb_x_algdesc_satype \
347 350 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_usatype
348 351 #define sadb_x_algdesc_algtype \
349 352 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualgtype
350 353 #define sadb_x_algdesc_alg \
351 354 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ualg
352 355 #define sadb_x_algdesc_reserved \
353 356 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_ureserved
354 357 #define sadb_x_algdesc_minbits \
355 358 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_uminbits
356 359 #define sadb_x_algdesc_maxbits \
357 360 sadb_x_algdesc_u.sadb_x_algdesc_actual.sadb_x_algdesc_umaxbits
358 361 } sadb_x_algdesc_t;
359 362
360 363 /*
361 364 * When key mgmt. registers with the kernel, the kernel will tell key mgmt.
362 365 * its supported algorithms.
363 366 */
364 367
365 368 typedef struct sadb_supported {
366 369 /* Union is for guaranteeing 64-bit alignment. */
367 370 union {
368 371 struct {
369 372 uint16_t sadb_x_supported_ulen;
370 373 uint16_t sadb_x_supported_uexttype;
371 374 uint32_t sadb_x_supported_ureserved;
372 375 } sadb_x_supported_actual;
373 376 uint64_t sadb_x_supported_alignment;
374 377 } sadb_x_supported_u;
375 378 #define sadb_supported_len \
376 379 sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ulen
377 380 #define sadb_supported_exttype \
378 381 sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_uexttype
379 382 #define sadb_supported_reserved \
380 383 sadb_x_supported_u.sadb_x_supported_actual.sadb_x_supported_ureserved
381 384 } sadb_supported_t;
382 385
383 386 /* First, a base structure... */
384 387 typedef struct sadb_x_algb {
385 388 uint8_t sadb_x_algb_id; /* Algorithm type. */
386 389 uint8_t sadb_x_algb_ivlen; /* IV len, in bits */
387 390 uint16_t sadb_x_algb_minbits; /* Min. key len (in bits) */
388 391 uint16_t sadb_x_algb_maxbits; /* Max. key length */
389 392 union {
390 393 uint16_t sadb_x_algb_ureserved;
391 394 uint8_t sadb_x_algb_udefaults[2];
392 395 } sadb_x_algb_union;
393 396
394 397 #define sadb_x_algb_reserved sadb_x_algb_union.sadb_x_algb_ureserved
395 398 #define sadb_x_algb_increment sadb_x_algb_union.sadb_x_algb_udefaults[0]
396 399 #define sadb_x_algb_saltbits sadb_x_algb_union.sadb_x_algb_udefaults[1]
397 400 /*
398 401 * alg_increment: the number of bits from a key length to the next
399 402 */
400 403 } sadb_x_algb_t;
401 404
402 405 /* Now, the actual sadb_alg structure, which will have alignment in it. */
403 406 typedef struct sadb_alg {
404 407 /* Union is for guaranteeing 64-bit alignment. */
405 408 union {
406 409 sadb_x_algb_t sadb_x_alg_actual;
407 410 uint64_t sadb_x_alg_alignment;
408 411 } sadb_x_alg_u;
409 412 #define sadb_alg_id sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_id
410 413 #define sadb_alg_ivlen sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_ivlen
411 414 #define sadb_alg_minbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_minbits
412 415 #define sadb_alg_maxbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_maxbits
413 416 #define sadb_alg_reserved sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_reserved
414 417 #define sadb_x_alg_increment \
415 418 sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_increment
416 419 #define sadb_x_alg_saltbits sadb_x_alg_u.sadb_x_alg_actual.sadb_x_algb_saltbits
417 420 } sadb_alg_t;
418 421
419 422 /*
420 423 * If key mgmt. needs an SPI in a range (including 0 to 0xFFFFFFFF), it
421 424 * asks the kernel with this extension in the SADB_GETSPI message.
422 425 */
423 426
424 427 typedef struct sadb_spirange {
425 428 uint16_t sadb_spirange_len;
426 429 uint16_t sadb_spirange_exttype; /* SPI_RANGE */
427 430 uint32_t sadb_spirange_min;
428 431 /* Union is for guaranteeing 64-bit alignment. */
429 432 union {
430 433 struct {
431 434 uint32_t sadb_x_spirange_umax;
432 435 uint32_t sadb_x_spirange_ureserved;
433 436 } sadb_x_spirange_actual;
434 437 uint64_t sadb_x_spirange_alignment;
435 438 } sadb_x_spirange_u;
436 439 #define sadb_spirange_max \
437 440 sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_umax
438 441 #define sadb_spirange_reserved \
439 442 sadb_x_spirange_u.sadb_x_spirange_actual.sadb_x_spirange_ureserved
440 443 } sadb_spirange_t;
441 444
442 445 /*
443 446 * For the "extended REGISTER" which'll tell the kernel to send me
444 447 * "extended ACQUIREs".
445 448 */
446 449
447 450 typedef struct sadb_x_ereg {
448 451 /* Union is for guaranteeing 64-bit alignment. */
449 452 union {
450 453 struct {
451 454 uint16_t sadb_x_ereg_ulen;
452 455 uint16_t sadb_x_ereg_uexttype; /* X_EREG */
453 456 /* Array of SA types, 0-terminated. */
454 457 uint8_t sadb_x_ereg_usatypes[4];
455 458 } sadb_x_ereg_actual;
456 459 uint64_t sadb_x_ereg_alignment;
457 460 } sadb_x_ereg_u;
458 461 #define sadb_x_ereg_len \
459 462 sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_ulen
460 463 #define sadb_x_ereg_exttype \
461 464 sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_uexttype
462 465 #define sadb_x_ereg_satypes \
463 466 sadb_x_ereg_u.sadb_x_ereg_actual.sadb_x_ereg_usatypes
464 467 } sadb_x_ereg_t;
465 468
466 469 /*
467 470 * For conveying a Key Management Cookie with SADB_GETSPI, SADB_ADD,
468 471 * SADB_ACQUIRE, or SADB_X_INVERSE_ACQUIRE.
469 472 */
|
↓ open down ↓ |
435 lines elided |
↑ open up ↑ |
470 473
471 474 typedef struct sadb_x_kmc {
472 475 uint16_t sadb_x_kmc_len;
473 476 uint16_t sadb_x_kmc_exttype; /* X_KM_COOKIE */
474 477 uint32_t sadb_x_kmc_proto; /* KM protocol */
475 478 union {
476 479 struct {
477 480 uint32_t sadb_x_kmc_ucookie; /* KMP-specific */
478 481 uint32_t sadb_x_kmc_ureserved; /* Must be zero */
479 482 } sadb_x_kmc_actual;
480 - uint64_t sadb_x_kmc_alignment;
483 + uint64_t sadb_x_kmc_ucookie64;
481 484 } sadb_x_kmc_u;
482 485 #define sadb_x_kmc_cookie sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ucookie
483 486 #define sadb_x_kmc_reserved sadb_x_kmc_u.sadb_x_kmc_actual.sadb_x_kmc_ureserved
487 +#define sadb_x_kmc_cookie64 sadb_x_kmc_u.sadb_x_kmc_ucookie64
484 488 } sadb_x_kmc_t;
485 489
486 490 typedef struct sadb_x_pair {
487 491 union {
488 492 /* Union is for guaranteeing 64-bit alignment. */
489 493 struct {
490 494 uint16_t sadb_x_pair_ulen;
491 495 uint16_t sadb_x_pair_uexttype;
492 496 uint32_t sadb_x_pair_uspi; /* SPI of paired SA */
493 497 } sadb_x_pair_actual;
494 498 uint64_t sadb_x_ext_alignment;
495 499 } sadb_x_pair_u;
496 500 #define sadb_x_pair_len sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_ulen
497 501 #define sadb_x_pair_exttype \
498 502 sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uexttype
499 503 #define sadb_x_pair_spi sadb_x_pair_u.sadb_x_pair_actual.sadb_x_pair_uspi
500 504 } sadb_x_pair_t;
501 505
502 506 /*
503 507 * For the Sequence numbers to be used with SADB_DUMP, SADB_GET, SADB_UPDATE.
504 508 */
505 509
506 510 typedef struct sadb_x_replay_ctr {
507 511 uint16_t sadb_x_rc_len;
508 512 uint16_t sadb_x_rc_exttype;
509 513 uint32_t sadb_x_rc_replay32; /* For 240x SAs. */
510 514 uint64_t sadb_x_rc_replay64; /* For 430x SAs. */
511 515 } sadb_x_replay_ctr_t;
512 516
513 517 /*
514 518 * For extended DUMP request. Dumps the SAs which were idle for
515 519 * longer than the timeout specified.
516 520 */
517 521
518 522 typedef struct sadb_x_edump {
519 523 uint16_t sadb_x_edump_len;
520 524 uint16_t sadb_x_edump_exttype;
521 525 uint32_t sadb_x_edump_reserved;
522 526 uint64_t sadb_x_edump_timeout;
523 527 } sadb_x_edump_t;
524 528
525 529 /*
526 530 * Base message types.
527 531 */
528 532
529 533 #define SADB_RESERVED 0
530 534 #define SADB_GETSPI 1
531 535 #define SADB_UPDATE 2
532 536 #define SADB_ADD 3
533 537 #define SADB_DELETE 4
534 538 #define SADB_GET 5
535 539 #define SADB_ACQUIRE 6
536 540 #define SADB_REGISTER 7
537 541 #define SADB_EXPIRE 8
538 542 #define SADB_FLUSH 9
539 543 #define SADB_DUMP 10 /* not used normally */
540 544 #define SADB_X_PROMISC 11
541 545 #define SADB_X_INVERSE_ACQUIRE 12
542 546 #define SADB_X_UPDATEPAIR 13
543 547 #define SADB_X_DELPAIR 14
544 548 #define SADB_X_DELPAIR_STATE 15
545 549 #define SADB_MAX 15
546 550
547 551 /*
548 552 * SA flags
549 553 */
550 554
551 555 #define SADB_SAFLAGS_PFS 0x1 /* Perfect forward secrecy? */
552 556 #define SADB_SAFLAGS_NOREPLAY 0x2 /* Replay field NOT PRESENT. */
553 557
554 558 /* Below flags are used by this implementation. Grow from left-to-right. */
555 559 #define SADB_X_SAFLAGS_USED 0x80000000 /* SA used/not used */
556 560 #define SADB_X_SAFLAGS_UNIQUE 0x40000000 /* SA unique/reusable */
557 561 #define SADB_X_SAFLAGS_AALG1 0x20000000 /* Auth-alg specific flag 1 */
558 562 #define SADB_X_SAFLAGS_AALG2 0x10000000 /* Auth-alg specific flag 2 */
559 563 #define SADB_X_SAFLAGS_EALG1 0x8000000 /* Encr-alg specific flag 1 */
560 564 #define SADB_X_SAFLAGS_EALG2 0x4000000 /* Encr-alg specific flag 2 */
561 565 #define SADB_X_SAFLAGS_KM1 0x2000000 /* Key mgmt. specific flag 1 */
562 566 #define SADB_X_SAFLAGS_KM2 0x1000000 /* Key mgmt. specific flag 2 */
563 567 #define SADB_X_SAFLAGS_KM3 0x800000 /* Key mgmt. specific flag 3 */
564 568 #define SADB_X_SAFLAGS_KM4 0x400000 /* Key mgmt. specific flag 4 */
565 569 #define SADB_X_SAFLAGS_KRES1 0x200000 /* Reserved by the kernel */
566 570 #define SADB_X_SAFLAGS_NATT_LOC 0x100000 /* this has a natted src SA */
567 571 #define SADB_X_SAFLAGS_NATT_REM 0x80000 /* this has a natted dst SA */
568 572 #define SADB_X_SAFLAGS_KRES2 0x40000 /* Reserved by the kernel */
569 573 #define SADB_X_SAFLAGS_TUNNEL 0x20000 /* tunnel mode */
570 574 #define SADB_X_SAFLAGS_PAIRED 0x10000 /* inbound/outbound pair */
571 575 #define SADB_X_SAFLAGS_OUTBOUND 0x8000 /* SA direction bit */
572 576 #define SADB_X_SAFLAGS_INBOUND 0x4000 /* SA direction bit */
573 577 #define SADB_X_SAFLAGS_NATTED 0x1000 /* Local node is behind a NAT */
574 578
575 579 #define SADB_X_SAFLAGS_KRES \
576 580 SADB_X_SAFLAGS_KRES1 | SADB_X_SAFLAGS_KRES2
577 581
578 582 /*
579 583 * SA state.
580 584 */
581 585
582 586 #define SADB_SASTATE_LARVAL 0
583 587 #define SADB_SASTATE_MATURE 1
584 588 #define SADB_SASTATE_DYING 2
585 589 #define SADB_SASTATE_DEAD 3
586 590 #define SADB_X_SASTATE_ACTIVE_ELSEWHERE 4
587 591 #define SADB_X_SASTATE_IDLE 5
588 592 #define SADB_X_SASTATE_ACTIVE 6
589 593
590 594 #define SADB_SASTATE_MAX 6
591 595
592 596 /*
593 597 * SA type. Gaps are present in the number space because (for the time being)
594 598 * these types correspond to the SA types in the IPsec DOI document.
595 599 */
596 600
597 601 #define SADB_SATYPE_UNSPEC 0
598 602 #define SADB_SATYPE_AH 2 /* RFC-1826 */
599 603 #define SADB_SATYPE_ESP 3 /* RFC-1827 */
600 604 #define SADB_SATYPE_RSVP 5 /* RSVP Authentication */
601 605 #define SADB_SATYPE_OSPFV2 6 /* OSPFv2 Authentication */
602 606 #define SADB_SATYPE_RIPV2 7 /* RIPv2 Authentication */
603 607 #define SADB_SATYPE_MIP 8 /* Mobile IPv4 Authentication */
604 608
605 609 #define SADB_SATYPE_MAX 8
606 610
607 611 /*
608 612 * Algorithm types. Gaps are present because (for the time being) these types
609 613 * correspond to the SA types in the IPsec DOI document.
610 614 *
611 615 * NOTE: These are numbered to play nice with the IPsec DOI. That's why
612 616 * there are gaps.
613 617 */
614 618
615 619 /* Authentication algorithms */
616 620 #define SADB_AALG_NONE 0
617 621 #define SADB_AALG_MD5HMAC 2
618 622 #define SADB_AALG_SHA1HMAC 3
619 623 #define SADB_AALG_SHA256HMAC 5
620 624 #define SADB_AALG_SHA384HMAC 6
621 625 #define SADB_AALG_SHA512HMAC 7
622 626
623 627 #define SADB_AALG_MAX 7
624 628
625 629 /* Encryption algorithms */
626 630 #define SADB_EALG_NONE 0
627 631 #define SADB_EALG_DESCBC 2
628 632 #define SADB_EALG_3DESCBC 3
629 633 #define SADB_EALG_BLOWFISH 7
630 634 #define SADB_EALG_NULL 11
631 635 #define SADB_EALG_AES 12
632 636 #define SADB_EALG_AES_CCM_8 14
633 637 #define SADB_EALG_AES_CCM_12 15
634 638 #define SADB_EALG_AES_CCM_16 16
635 639 #define SADB_EALG_AES_GCM_8 18
636 640 #define SADB_EALG_AES_GCM_12 19
637 641 #define SADB_EALG_AES_GCM_16 20
638 642 #define SADB_EALG_MAX 20
639 643
640 644 /*
641 645 * Extension header values.
642 646 */
643 647
644 648 #define SADB_EXT_RESERVED 0
645 649
646 650 #define SADB_EXT_SA 1
647 651 #define SADB_EXT_LIFETIME_CURRENT 2
648 652 #define SADB_EXT_LIFETIME_HARD 3
649 653 #define SADB_EXT_LIFETIME_SOFT 4
650 654 #define SADB_EXT_ADDRESS_SRC 5
651 655 #define SADB_EXT_ADDRESS_DST 6
652 656 /* These two are synonyms. */
653 657 #define SADB_EXT_ADDRESS_PROXY 7
654 658 #define SADB_X_EXT_ADDRESS_INNER_SRC SADB_EXT_ADDRESS_PROXY
655 659 #define SADB_EXT_KEY_AUTH 8
656 660 #define SADB_EXT_KEY_ENCRYPT 9
657 661 #define SADB_EXT_IDENTITY_SRC 10
658 662 #define SADB_EXT_IDENTITY_DST 11
659 663 #define SADB_EXT_SENSITIVITY 12
660 664 #define SADB_EXT_PROPOSAL 13
661 665 #define SADB_EXT_SUPPORTED_AUTH 14
662 666 #define SADB_EXT_SUPPORTED_ENCRYPT 15
663 667 #define SADB_EXT_SPIRANGE 16
664 668 #define SADB_X_EXT_EREG 17
665 669 #define SADB_X_EXT_EPROP 18
666 670 #define SADB_X_EXT_KM_COOKIE 19
667 671 #define SADB_X_EXT_ADDRESS_NATT_LOC 20
668 672 #define SADB_X_EXT_ADDRESS_NATT_REM 21
669 673 #define SADB_X_EXT_ADDRESS_INNER_DST 22
670 674 #define SADB_X_EXT_PAIR 23
671 675 #define SADB_X_EXT_REPLAY_VALUE 24
672 676 #define SADB_X_EXT_EDUMP 25
673 677 #define SADB_X_EXT_LIFETIME_IDLE 26
674 678 #define SADB_X_EXT_OUTER_SENS 27
675 679
676 680 #define SADB_EXT_MAX 27
677 681
678 682 /*
679 683 * Identity types.
680 684 */
681 685
682 686 #define SADB_IDENTTYPE_RESERVED 0
683 687
684 688 /*
685 689 * For PREFIX and ADDR_RANGE, use the AF of the PROXY if present, or the SRC
686 690 * if not present.
687 691 */
688 692 #define SADB_IDENTTYPE_PREFIX 1
689 693 #define SADB_IDENTTYPE_FQDN 2 /* Fully qualified domain name. */
690 694 #define SADB_IDENTTYPE_USER_FQDN 3 /* e.g. root@domain.com */
691 695 #define SADB_X_IDENTTYPE_DN 4 /* ASN.1 DER Distinguished Name. */
692 696 #define SADB_X_IDENTTYPE_GN 5 /* ASN.1 DER Generic Name. */
693 697 #define SADB_X_IDENTTYPE_KEY_ID 6 /* Generic KEY ID. */
694 698 #define SADB_X_IDENTTYPE_ADDR_RANGE 7
695 699
696 700 #define SADB_IDENTTYPE_MAX 7
697 701
698 702 /*
699 703 * Protection DOI values for the SENSITIVITY extension. There are no values
700 704 * currently, so the MAX is the only non-zero value available.
701 705 */
702 706
703 707 #define SADB_DPD_NONE 0
704 708
705 709 #define SADB_DPD_MAX 1
706 710
707 711 /*
708 712 * Diagnostic codes. These supplement error messages. Be sure to
709 713 * update libipsecutil's keysock_diag() if you change any of these.
710 714 */
711 715
712 716 #define SADB_X_DIAGNOSTIC_PRESET -1 /* Internal value. */
713 717
714 718 #define SADB_X_DIAGNOSTIC_NONE 0
715 719
716 720 #define SADB_X_DIAGNOSTIC_UNKNOWN_MSG 1
717 721 #define SADB_X_DIAGNOSTIC_UNKNOWN_EXT 2
718 722 #define SADB_X_DIAGNOSTIC_BAD_EXTLEN 3
719 723 #define SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE 4
720 724 #define SADB_X_DIAGNOSTIC_SATYPE_NEEDED 5
721 725 #define SADB_X_DIAGNOSTIC_NO_SADBS 6
722 726 #define SADB_X_DIAGNOSTIC_NO_EXT 7
723 727 /* Bad address family value */
724 728 #define SADB_X_DIAGNOSTIC_BAD_SRC_AF 8
725 729 /* in sockaddr->sa_family. */
726 730 #define SADB_X_DIAGNOSTIC_BAD_DST_AF 9
727 731 /* These two are synonyms. */
728 732 #define SADB_X_DIAGNOSTIC_BAD_PROXY_AF 10
729 733 #define SADB_X_DIAGNOSTIC_BAD_INNER_SRC_AF 10
730 734
731 735 #define SADB_X_DIAGNOSTIC_AF_MISMATCH 11
732 736
733 737 #define SADB_X_DIAGNOSTIC_BAD_SRC 12
734 738 #define SADB_X_DIAGNOSTIC_BAD_DST 13
735 739
736 740 #define SADB_X_DIAGNOSTIC_ALLOC_HSERR 14
737 741 #define SADB_X_DIAGNOSTIC_BYTES_HSERR 15
738 742 #define SADB_X_DIAGNOSTIC_ADDTIME_HSERR 16
739 743 #define SADB_X_DIAGNOSTIC_USETIME_HSERR 17
740 744
741 745 #define SADB_X_DIAGNOSTIC_MISSING_SRC 18
742 746 #define SADB_X_DIAGNOSTIC_MISSING_DST 19
743 747 #define SADB_X_DIAGNOSTIC_MISSING_SA 20
744 748 #define SADB_X_DIAGNOSTIC_MISSING_EKEY 21
745 749 #define SADB_X_DIAGNOSTIC_MISSING_AKEY 22
746 750 #define SADB_X_DIAGNOSTIC_MISSING_RANGE 23
747 751
748 752 #define SADB_X_DIAGNOSTIC_DUPLICATE_SRC 24
749 753 #define SADB_X_DIAGNOSTIC_DUPLICATE_DST 25
750 754 #define SADB_X_DIAGNOSTIC_DUPLICATE_SA 26
751 755 #define SADB_X_DIAGNOSTIC_DUPLICATE_EKEY 27
752 756 #define SADB_X_DIAGNOSTIC_DUPLICATE_AKEY 28
753 757 #define SADB_X_DIAGNOSTIC_DUPLICATE_RANGE 29
754 758
755 759 #define SADB_X_DIAGNOSTIC_MALFORMED_SRC 30
756 760 #define SADB_X_DIAGNOSTIC_MALFORMED_DST 31
757 761 #define SADB_X_DIAGNOSTIC_MALFORMED_SA 32
758 762 #define SADB_X_DIAGNOSTIC_MALFORMED_EKEY 33
759 763 #define SADB_X_DIAGNOSTIC_MALFORMED_AKEY 34
760 764 #define SADB_X_DIAGNOSTIC_MALFORMED_RANGE 35
761 765
762 766 #define SADB_X_DIAGNOSTIC_AKEY_PRESENT 36
763 767 #define SADB_X_DIAGNOSTIC_EKEY_PRESENT 37
764 768 #define SADB_X_DIAGNOSTIC_PROP_PRESENT 38
765 769 #define SADB_X_DIAGNOSTIC_SUPP_PRESENT 39
766 770
767 771 #define SADB_X_DIAGNOSTIC_BAD_AALG 40
768 772 #define SADB_X_DIAGNOSTIC_BAD_EALG 41
769 773 #define SADB_X_DIAGNOSTIC_BAD_SAFLAGS 42
770 774 #define SADB_X_DIAGNOSTIC_BAD_SASTATE 43
771 775
772 776 #define SADB_X_DIAGNOSTIC_BAD_AKEYBITS 44
773 777 #define SADB_X_DIAGNOSTIC_BAD_EKEYBITS 45
774 778
775 779 #define SADB_X_DIAGNOSTIC_ENCR_NOTSUPP 46
776 780
777 781 #define SADB_X_DIAGNOSTIC_WEAK_EKEY 47
778 782 #define SADB_X_DIAGNOSTIC_WEAK_AKEY 48
779 783
780 784 #define SADB_X_DIAGNOSTIC_DUPLICATE_KMP 49
781 785 #define SADB_X_DIAGNOSTIC_DUPLICATE_KMC 50
782 786
783 787 #define SADB_X_DIAGNOSTIC_MISSING_NATT_LOC 51
784 788 #define SADB_X_DIAGNOSTIC_MISSING_NATT_REM 52
785 789 #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_LOC 53
786 790 #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_REM 54
787 791 #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC 55
788 792 #define SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM 56
789 793 #define SADB_X_DIAGNOSTIC_DUPLICATE_NATT_PORTS 57
790 794
791 795 #define SADB_X_DIAGNOSTIC_MISSING_INNER_SRC 58
792 796 #define SADB_X_DIAGNOSTIC_MISSING_INNER_DST 59
793 797 #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC 60
794 798 #define SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST 61
795 799 #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC 62
796 800 #define SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST 63
797 801
798 802 #define SADB_X_DIAGNOSTIC_PREFIX_INNER_SRC 64
799 803 #define SADB_X_DIAGNOSTIC_PREFIX_INNER_DST 65
800 804 #define SADB_X_DIAGNOSTIC_BAD_INNER_DST_AF 66
801 805 #define SADB_X_DIAGNOSTIC_INNER_AF_MISMATCH 67
802 806
803 807 #define SADB_X_DIAGNOSTIC_BAD_NATT_REM_AF 68
804 808 #define SADB_X_DIAGNOSTIC_BAD_NATT_LOC_AF 69
805 809
806 810 #define SADB_X_DIAGNOSTIC_PROTO_MISMATCH 70
807 811 #define SADB_X_DIAGNOSTIC_INNER_PROTO_MISMATCH 71
808 812
809 813 #define SADB_X_DIAGNOSTIC_DUAL_PORT_SETS 72
810 814
811 815 #define SADB_X_DIAGNOSTIC_PAIR_INAPPROPRIATE 73
812 816 #define SADB_X_DIAGNOSTIC_PAIR_ADD_MISMATCH 74
813 817 #define SADB_X_DIAGNOSTIC_PAIR_ALREADY 75
814 818 #define SADB_X_DIAGNOSTIC_PAIR_SA_NOTFOUND 76
815 819 #define SADB_X_DIAGNOSTIC_BAD_SA_DIRECTION 77
816 820
817 821 #define SADB_X_DIAGNOSTIC_SA_NOTFOUND 78
818 822 #define SADB_X_DIAGNOSTIC_SA_EXPIRED 79
819 823 #define SADB_X_DIAGNOSTIC_BAD_CTX 80
820 824 #define SADB_X_DIAGNOSTIC_INVALID_REPLAY 81
821 825 #define SADB_X_DIAGNOSTIC_MISSING_LIFETIME 82
822 826
823 827 #define SADB_X_DIAGNOSTIC_BAD_LABEL 83
824 828 #define SADB_X_DIAGNOSTIC_MAX 83
825 829
826 830 /* Algorithm type for sadb_x_algdesc above... */
|
↓ open down ↓ |
333 lines elided |
↑ open up ↑ |
827 831
828 832 #define SADB_X_ALGTYPE_NONE 0
829 833 #define SADB_X_ALGTYPE_AUTH 1
830 834 #define SADB_X_ALGTYPE_CRYPT 2
831 835 #define SADB_X_ALGTYPE_COMPRESS 3
832 836
833 837 #define SADB_X_ALGTYPE_MAX 3
834 838
835 839 /* Key management protocol for sadb_x_kmc above... */
836 840
837 -#define SADB_X_KMP_MANUAL 0
841 +#define SADB_X_KMP_MANUAL 0 /* Cookie is ignored. */
838 842 #define SADB_X_KMP_IKE 1
839 843 #define SADB_X_KMP_KINK 2
840 844
841 845 #define SADB_X_KMP_MAX 2
842 846
843 847 /*
844 848 * Handy conversion macros. Not part of the PF_KEY spec...
845 849 */
846 850
847 851 #define SADB_64TO8(x) ((x) << 3)
848 852 #define SADB_8TO64(x) ((x) >> 3)
849 853 #define SADB_8TO1(x) ((x) << 3)
850 854 #define SADB_1TO8(x) ((x) >> 3)
851 855
852 856 #ifdef __cplusplus
853 857 }
854 858 #endif
855 859
856 860 #endif /* _NET_PFKEYV2_H */
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX