[apple/ipsec.git] / ipsec-tools / racoon / vpn_control.h

/* $Id: vpn_control.h,v 1.10 2004/12/30 13:45:49 manubsd Exp $ */

/*
 * Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef _VPN_CONTROL_H
#define _VPN_CONTROL_H

#include "algorithm_types.h"
#include <net/if.h>

#define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock"

#define FROM_LOCAL	0
#define FROM_REMOTE 1


extern char *vpncontrolsock_path;
extern uid_t vpncontrolsock_owner;
extern gid_t vpncontrolsock_group;
extern mode_t vpncontrolsock_mode;


/*
 * message types
 */
#define VPNCTL_CMD_BIND					0x0001
#define VPNCTL_CMD_UNBIND				0x0002
#define VPNCTL_CMD_REDIRECT				0x0003
#define VPNCTL_CMD_PING					0x0004
#define VPNCTL_CMD_CONNECT				0x0011
#define VPNCTL_CMD_DISCONNECT			0x0012
#define VPNCTL_CMD_START_PH2			0x0013
#define VPNCTL_CMD_XAUTH_INFO			0x0014
#define VPNCTL_CMD_START_DPD			0x0015
#define VPNCTL_STATUS_IKE_FAILED		0x8001
#define VPNCTL_STATUS_PH1_START_US		0x8011
#define VPNCTL_STATUS_PH1_START_PEER	0x8012
#define VPNCTL_STATUS_PH1_ESTABLISHED	0x8013
#define VPNCTL_STATUS_PH2_START			0x8021
#define VPNCTL_STATUS_PH2_ESTABLISHED	0x8022
#define VPNCTL_STATUS_NEED_AUTHINFO		0x8101
#define VPNCTL_STATUS_NEED_REAUTHINFO	0x8102

/*
 * Flags
 */
#define VPNCTL_FLAG_MODECFG_USED		0x0001

/*
 * XAUTH Attribute Types
 */
#ifndef __IPSEC_BUILD__
#define	XAUTH_TYPE                16520
#define	XAUTH_USER_NAME           16521
#define	XAUTH_USER_PASSWORD       16522
#define	XAUTH_PASSCODE            16523
#define	XAUTH_MESSAGE             16524
#define	XAUTH_CHALLENGE           16525
#define	XAUTH_DOMAIN              16526
#define	XAUTH_STATUS              16527
#define	XAUTH_NEXT_PIN            16528
#define	XAUTH_ANSWER              16529


/* Types for XAUTH_TYPE */
#define	XAUTH_TYPE_GENERIC 	0
#define	XAUTH_TYPE_CHAP    	1
#define	XAUTH_TYPE_OTP     	2
#define	XAUTH_TYPE_SKEY    	3


/* Mode cfg Attribute types */
#define INTERNAL_IP4_ADDRESS        1
#define INTERNAL_IP4_NETMASK        2
#define INTERNAL_IP4_DNS            3
#define INTERNAL_IP4_NBNS           4
#define INTERNAL_ADDRESS_EXPIRY     5
#define INTERNAL_IP4_DHCP           6
#define APPLICATION_VERSION         7
#define INTERNAL_IP6_ADDRESS        8
#define INTERNAL_IP6_NETMASK        9
#define INTERNAL_IP6_DNS           10
#define INTERNAL_IP6_NBNS          11
#define INTERNAL_IP6_DHCP          12
#define INTERNAL_IP4_SUBNET        13
#define SUPPORTED_ATTRIBUTES       14
#define INTERNAL_IP6_SUBNET        15

#define UNITY_BANNER			28672
#define UNITY_SAVE_PASSWD		28673
#define UNITY_DEF_DOMAIN		28674
#define UNITY_SPLITDNS_NAME		28675
#define UNITY_SPLIT_INCLUDE		28676
#define UNITY_NATT_PORT			28677
#define UNITY_LOCAL_LAN			28678
#define UNITY_PFS				28679
#define UNITY_FW_TYPE			28680
#define UNITY_BACKUP_SERVERS	28681
#define UNITY_DDNS_HOSTNAME		28682

/* 3.3 Data Attributes
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        !A!       Attribute Type        !    AF=0  Attribute Length     !
        !F!                             !    AF=1  Attribute Value      !
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        .                   AF=0  Attribute Value                       .
        .                   AF=1  Not Transmitted                       .
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct isakmp_data {
	u_int16_t type;		/* defined by DOI-spec, and Attribute Format */
	u_int16_t lorv;		/* if f equal 1, Attribute Length */
	/* if f equal 0, Attribute Value */
	/* if f equal 1, Attribute Value */
};
#endif

/* commands and status for vpn control. */
/* network byte order. */

/* Packet header */
struct vpnctl_hdr {
	u_int16_t			msg_type;
	u_int16_t			flags;		
	u_int32_t			cookie;
	u_int32_t			reserved;
	u_int16_t			result;	
	u_int16_t			len;			/* payload length */	
};

/* Packet formats for commands */

/* bind to receive status for specified address */
struct vpnctl_cmd_bind {
	struct vpnctl_hdr		hdr;
	u_int32_t				address;	/* 0xFFFFFFFF = all */
	u_int16_t				vers_len;	/* if zero - no version provided */
	/* name/version string of length vers_len */
};

/* unbind to stop receiving status for specified address */
struct vpnctl_cmd_unbind {
	struct vpnctl_hdr		hdr;
	u_int32_t				address;	/* 0xFFFFFFFF = all */
};


/* connect to specified address */
struct vpnctl_cmd_connect{
	struct vpnctl_hdr		hdr;
	u_int32_t				address;
};

struct vpnctl_sa_selector {
	u_int32_t		src_tunnel_address;
	u_int32_t		src_tunnel_mask;
	u_int32_t		dst_tunnel_address;
	u_int32_t		dst_tunnel_mask;
	u_int16_t		src_tunnel_port;
	u_int16_t		dst_tunnel_port;
	u_int16_t		ul_protocol;
	u_int16_t		reserved;
};

struct vpnctl_algo {
	u_int16_t	algo_class;
	u_int16_t	algo;
	u_int16_t	key_len;	/* for enc algorithms only */
	u_int16_t	reserved;
};

/* start phase 2 */
struct vpnctl_cmd_start_ph2 {
	struct vpnctl_hdr		hdr;
	u_int32_t				address;
	u_int32_t				lifetime;  /* seconds */
	u_int16_t				pfs_group;	/* defined in algorithm_types.h */
	u_int16_t				selector_count;
	u_int16_t				algo_count;
	u_int16_t				reserved;
	/* array of struct vpnctl_sa_selector */
	/* array of struct vpnctl_algo */
};

/* set xauth info */
struct vpnctl_cmd_xauth_info {	
	struct vpnctl_hdr		hdr;
	u_int32_t				address;
	/* packed array of variable sized struct isakmp_data */
};

/* redirect client to specified address */
struct vpnctl_cmd_redirect {	
 	struct vpnctl_hdr		hdr;
 	u_int32_t				address;
	u_int32_t				redirect_address;
	u_int16_t				force;
};

/* start dpd */
struct vpnctl_cmd_start_dpd {
	struct vpnctl_hdr		hdr;
	u_int32_t               address;
};

/*
 * IKE Notify codes - mirrors codes in isakmp.h
 */
#define VPNCTL_NTYPE_INVALID_PAYLOAD_TYPE		1
#define VPNCTL_NTYPE_DOI_NOT_SUPPORTED			2
#define VPNCTL_NTYPE_SITUATION_NOT_SUPPORTED	3
#define VPNCTL_NTYPE_INVALID_COOKIE				4
#define VPNCTL_NTYPE_INVALID_MAJOR_VERSION		5
#define VPNCTL_NTYPE_INVALID_MINOR_VERSION		6
#define VPNCTL_NTYPE_INVALID_EXCHANGE_TYPE		7
#define VPNCTL_NTYPE_INVALID_FLAGS				8
#define VPNCTL_NTYPE_INVALID_MESSAGE_ID			9
#define VPNCTL_NTYPE_INVALID_PROTOCOL_ID		10
#define VPNCTL_NTYPE_INVALID_SPI				11
#define VPNCTL_NTYPE_INVALID_TRANSFORM_ID		12
#define VPNCTL_NTYPE_ATTRIBUTES_NOT_SUPPORTED	13
#define VPNCTL_NTYPE_NO_PROPOSAL_CHOSEN			14
#define VPNCTL_NTYPE_BAD_PROPOSAL_SYNTAX		15
#define VPNCTL_NTYPE_PAYLOAD_MALFORMED			16
#define VPNCTL_NTYPE_INVALID_KEY_INFORMATION	17
#define VPNCTL_NTYPE_INVALID_ID_INFORMATION		18
#define VPNCTL_NTYPE_INVALID_CERT_ENCODING		19
#define VPNCTL_NTYPE_INVALID_CERTIFICATE		20
#define VPNCTL_NTYPE_BAD_CERT_REQUEST_SYNTAX	21
#define VPNCTL_NTYPE_INVALID_CERT_AUTHORITY		22
#define VPNCTL_NTYPE_INVALID_HASH_INFORMATION	23
#define VPNCTL_NTYPE_AUTHENTICATION_FAILED		24
#define VPNCTL_NTYPE_INVALID_SIGNATURE			25
#define VPNCTL_NTYPE_ADDRESS_NOTIFICATION		26
#define VPNCTL_NTYPE_NOTIFY_SA_LIFETIME			27
#define VPNCTL_NTYPE_CERTIFICATE_UNAVAILABLE	28
#define VPNCTL_NTYPE_UNSUPPORTED_EXCHANGE_TYPE	29
#define VPNCTL_NTYPE_UNEQUAL_PAYLOAD_LENGTHS	30
#define VPNCTL_NTYPE_LOAD_BALANCE				40501
#define VPNCTL_NTYPE_PEER_DEAD					50001	/* detected by DPD */
#define VPNCTL_NTYPE_PH1_DELETE					50002	/* received a delete payload leaving no PH1 SA for the remote address */
#define VPNCTL_NTYPE_IDLE_TIMEOUT				50003
#define VPNCTL_NTYPE_PH1_DELETE_CERT_ERROR                      VPNCTL_NTYPE_IDLE_TIMEOUT /* used for offsetting cert errors */
#define VPNCTL_NTYPE_PH1_DELETE_CERT_PREMATURE                  50004   /* received a delete payload & there was a cert verification error leaving no PH1 SA for the remote address */
#define VPNCTL_NTYPE_PH1_DELETE_CERT_EXPIRED                    50005   /* received a delete payload & there was a cert verification error leaving no PH1 SA for the remote address */
#define VPNCTL_NTYPE_INTERNAL_ERROR				-1


/* packet format for phase change status */
struct vpnctl_status_phase_change {
	struct vpnctl_hdr			hdr;
	u_int32_t					address;
	/* The following is included when VPNCTL_FLAG_MODECFG_USED flag set */
	// struct vpnctl_modecfg_params	mode_cfg;

};


/* packet format for auth needed status */
struct vpnctl_status_need_authinfo {
	struct vpnctl_hdr			hdr;
	u_int32_t					address;
	/* packed array of variable sized struct isakmp_data */
};


struct split_address {
	u_int32_t	splitaddr;
	u_int32_t	splitmask;
};

struct vpnctl_modecfg_params {	
	u_int32_t					outer_local_addr;
	u_int16_t					outer_remote_port;
	u_int16_t					outer_local_port;
	u_int8_t					ifname[IFNAMSIZ];
	/*
	 *	ifname for outer_local_addr (not null terminated)
	 *	followed by packed array of attributes (struct isakmp_data)
	 */
};


/* Packet formats for failed status */
struct vpnctl_status_failed {
	struct vpnctl_hdr			hdr;
	u_int32_t					address;
	u_int16_t					ike_code;
	u_int16_t					from;
	u_int8_t					data[0];
};


#endif /* _VPN_CONTROL_H */
Commit	Line	Data
52b7d2ce A	1	/* $Id: vpn_control.h,v 1.10 2004/12/30 13:45:49 manubsd Exp $ */
	2
	3	/*
	4	* Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
	5	*
	6	* @APPLE_LICENSE_HEADER_START@
	7	*
	8	* The contents of this file constitute Original Code as defined in and
	9	* are subject to the Apple Public Source License Version 1.1 (the
	10	* "License"). You may not use this file except in compliance with the
	11	* License. Please obtain a copy of the License at
	12	* http://www.apple.com/publicsource and read it before using this file.
	13	*
	14	* This Original Code and all software distributed under the License are
	15	* distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	16	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	17	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	18	* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
	19	* License for the specific language governing rights and limitations
	20	* under the License.
	21	*
	22	* @APPLE_LICENSE_HEADER_END@
	23	*/
	24
	25	/*
	26	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	27	* All rights reserved.
	28	*
	29	* Redistribution and use in source and binary forms, with or without
	30	* modification, are permitted provided that the following conditions
	31	* are met:
	32	* 1. Redistributions of source code must retain the above copyright
	33	* notice, this list of conditions and the following disclaimer.
	34	* 2. Redistributions in binary form must reproduce the above copyright
	35	* notice, this list of conditions and the following disclaimer in the
	36	* documentation and/or other materials provided with the distribution.
	37	* 3. Neither the name of the project nor the names of its contributors
	38	* may be used to endorse or promote products derived from this software
	39	* without specific prior written permission.
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*/
	53
	54	#ifndef _VPN_CONTROL_H
	55	#define _VPN_CONTROL_H
	56
d1e348cf A	57	#include "algorithm_types.h"
	58	#include <net/if.h>
	59
52b7d2ce A	60	#define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock"
	61
	62	#define FROM_LOCAL 0
	63	#define FROM_REMOTE 1
	64
d1e348cf	65
52b7d2ce A	66	extern char *vpncontrolsock_path;
	67	extern uid_t vpncontrolsock_owner;
	68	extern gid_t vpncontrolsock_group;
	69	extern mode_t vpncontrolsock_mode;
	70
	71
	72	/*
	73	* message types
	74	*/
	75	#define VPNCTL_CMD_BIND 0x0001
	76	#define VPNCTL_CMD_UNBIND 0x0002
	77	#define VPNCTL_CMD_REDIRECT 0x0003
	78	#define VPNCTL_CMD_PING 0x0004
d1e348cf A	79	#define VPNCTL_CMD_CONNECT 0x0011
	80	#define VPNCTL_CMD_DISCONNECT 0x0012
	81	#define VPNCTL_CMD_START_PH2 0x0013
	82	#define VPNCTL_CMD_XAUTH_INFO 0x0014
	83	#define VPNCTL_CMD_START_DPD 0x0015
52b7d2ce A	84	#define VPNCTL_STATUS_IKE_FAILED 0x8001
	85	#define VPNCTL_STATUS_PH1_START_US 0x8011
	86	#define VPNCTL_STATUS_PH1_START_PEER 0x8012
	87	#define VPNCTL_STATUS_PH1_ESTABLISHED 0x8013
	88	#define VPNCTL_STATUS_PH2_START 0x8021
	89	#define VPNCTL_STATUS_PH2_ESTABLISHED 0x8022
d1e348cf A	90	#define VPNCTL_STATUS_NEED_AUTHINFO 0x8101
	91	#define VPNCTL_STATUS_NEED_REAUTHINFO 0x8102
	92
	93	/*
	94	* Flags
	95	*/
	96	#define VPNCTL_FLAG_MODECFG_USED 0x0001
	97
	98	/*
	99	* XAUTH Attribute Types
	100	*/
	101	#ifndef __IPSEC_BUILD__
	102	#define XAUTH_TYPE 16520
	103	#define XAUTH_USER_NAME 16521
	104	#define XAUTH_USER_PASSWORD 16522
	105	#define XAUTH_PASSCODE 16523
	106	#define XAUTH_MESSAGE 16524
	107	#define XAUTH_CHALLENGE 16525
	108	#define XAUTH_DOMAIN 16526
	109	#define XAUTH_STATUS 16527
	110	#define XAUTH_NEXT_PIN 16528
	111	#define XAUTH_ANSWER 16529
	112
	113
	114	/* Types for XAUTH_TYPE */
	115	#define XAUTH_TYPE_GENERIC 0
	116	#define XAUTH_TYPE_CHAP 1
	117	#define XAUTH_TYPE_OTP 2
	118	#define XAUTH_TYPE_SKEY 3
	119
	120
	121	/* Mode cfg Attribute types */
	122	#define INTERNAL_IP4_ADDRESS 1
	123	#define INTERNAL_IP4_NETMASK 2
	124	#define INTERNAL_IP4_DNS 3
	125	#define INTERNAL_IP4_NBNS 4
	126	#define INTERNAL_ADDRESS_EXPIRY 5
	127	#define INTERNAL_IP4_DHCP 6
	128	#define APPLICATION_VERSION 7
	129	#define INTERNAL_IP6_ADDRESS 8
	130	#define INTERNAL_IP6_NETMASK 9
	131	#define INTERNAL_IP6_DNS 10
	132	#define INTERNAL_IP6_NBNS 11
	133	#define INTERNAL_IP6_DHCP 12
	134	#define INTERNAL_IP4_SUBNET 13
	135	#define SUPPORTED_ATTRIBUTES 14
	136	#define INTERNAL_IP6_SUBNET 15
52b7d2ce	137
d1e348cf A	138	#define UNITY_BANNER 28672
	139	#define UNITY_SAVE_PASSWD 28673
	140	#define UNITY_DEF_DOMAIN 28674
	141	#define UNITY_SPLITDNS_NAME 28675
	142	#define UNITY_SPLIT_INCLUDE 28676
	143	#define UNITY_NATT_PORT 28677
	144	#define UNITY_LOCAL_LAN 28678
	145	#define UNITY_PFS 28679
	146	#define UNITY_FW_TYPE 28680
	147	#define UNITY_BACKUP_SERVERS 28681
	148	#define UNITY_DDNS_HOSTNAME 28682
	149
	150	/* 3.3 Data Attributes
	151	0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
	152	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	153	!A! Attribute Type ! AF=0 Attribute Length !
	154	!F! ! AF=1 Attribute Value !
	155	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	156	. AF=0 Attribute Value .
	157	. AF=1 Not Transmitted .
	158	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	159	*/
	160	struct isakmp_data {
	161	u_int16_t type; /* defined by DOI-spec, and Attribute Format */
	162	u_int16_t lorv; /* if f equal 1, Attribute Length */
	163	/* if f equal 0, Attribute Value */
	164	/* if f equal 1, Attribute Value */
	165	};
	166	#endif
52b7d2ce A	167
	168	/* commands and status for vpn control. */
	169	/* network byte order. */
	170
	171	/* Packet header */
	172	struct vpnctl_hdr {
	173	u_int16_t msg_type;
	174	u_int16_t flags;
	175	u_int32_t cookie;
	176	u_int32_t reserved;
	177	u_int16_t result;
	178	u_int16_t len; /* payload length */
	179	};
	180
	181	/* Packet formats for commands */
	182
	183	/* bind to receive status for specified address */
	184	struct vpnctl_cmd_bind {
	185	struct vpnctl_hdr hdr;
	186	u_int32_t address; /* 0xFFFFFFFF = all */
d1e348cf A	187	u_int16_t vers_len; /* if zero - no version provided */
d1e348cf A	188	/* name/version string of length vers_len */
52b7d2ce A	189	};
	190
	191	/* unbind to stop receiving status for specified address */
	192	struct vpnctl_cmd_unbind {
	193	struct vpnctl_hdr hdr;
	194	u_int32_t address; /* 0xFFFFFFFF = all */
	195	};
	196
d1e348cf A	197
	198	/* connect to specified address */
	199	struct vpnctl_cmd_connect{
52b7d2ce A	200	struct vpnctl_hdr hdr;
52b7d2ce A	201	u_int32_t address;
d1e348cf A	202	};
	203
	204	struct vpnctl_sa_selector {
	205	u_int32_t src_tunnel_address;
	206	u_int32_t src_tunnel_mask;
	207	u_int32_t dst_tunnel_address;
	208	u_int32_t dst_tunnel_mask;
	209	u_int16_t src_tunnel_port;
	210	u_int16_t dst_tunnel_port;
	211	u_int16_t ul_protocol;
	212	u_int16_t reserved;
	213	};
	214
	215	struct vpnctl_algo {
	216	u_int16_t algo_class;
	217	u_int16_t algo;
	218	u_int16_t key_len; /* for enc algorithms only */
	219	u_int16_t reserved;
	220	};
	221
	222	/* start phase 2 */
	223	struct vpnctl_cmd_start_ph2 {
	224	struct vpnctl_hdr hdr;
	225	u_int32_t address;
	226	u_int32_t lifetime; /* seconds */
	227	u_int16_t pfs_group; /* defined in algorithm_types.h */
	228	u_int16_t selector_count;
	229	u_int16_t algo_count;
	230	u_int16_t reserved;
	231	/* array of struct vpnctl_sa_selector */
	232	/* array of struct vpnctl_algo */
	233	};
	234
	235	/* set xauth info */
	236	struct vpnctl_cmd_xauth_info {
	237	struct vpnctl_hdr hdr;
	238	u_int32_t address;
	239	/* packed array of variable sized struct isakmp_data */
	240	};
	241
	242	/* redirect client to specified address */
	243	struct vpnctl_cmd_redirect {
	244	struct vpnctl_hdr hdr;
	245	u_int32_t address;
52b7d2ce A	246	u_int32_t redirect_address;
	247	u_int16_t force;
	248	};
	249
d1e348cf A	250	/* start dpd */
	251	struct vpnctl_cmd_start_dpd {
	252	struct vpnctl_hdr hdr;
	253	u_int32_t address;
	254	};
52b7d2ce A	255
	256	/*
	257	* IKE Notify codes - mirrors codes in isakmp.h
	258	*/
	259	#define VPNCTL_NTYPE_INVALID_PAYLOAD_TYPE 1
	260	#define VPNCTL_NTYPE_DOI_NOT_SUPPORTED 2
	261	#define VPNCTL_NTYPE_SITUATION_NOT_SUPPORTED 3
	262	#define VPNCTL_NTYPE_INVALID_COOKIE 4
	263	#define VPNCTL_NTYPE_INVALID_MAJOR_VERSION 5
	264	#define VPNCTL_NTYPE_INVALID_MINOR_VERSION 6
	265	#define VPNCTL_NTYPE_INVALID_EXCHANGE_TYPE 7
	266	#define VPNCTL_NTYPE_INVALID_FLAGS 8
	267	#define VPNCTL_NTYPE_INVALID_MESSAGE_ID 9
	268	#define VPNCTL_NTYPE_INVALID_PROTOCOL_ID 10
	269	#define VPNCTL_NTYPE_INVALID_SPI 11
	270	#define VPNCTL_NTYPE_INVALID_TRANSFORM_ID 12
	271	#define VPNCTL_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13
	272	#define VPNCTL_NTYPE_NO_PROPOSAL_CHOSEN 14
	273	#define VPNCTL_NTYPE_BAD_PROPOSAL_SYNTAX 15
	274	#define VPNCTL_NTYPE_PAYLOAD_MALFORMED 16
	275	#define VPNCTL_NTYPE_INVALID_KEY_INFORMATION 17
	276	#define VPNCTL_NTYPE_INVALID_ID_INFORMATION 18
	277	#define VPNCTL_NTYPE_INVALID_CERT_ENCODING 19
	278	#define VPNCTL_NTYPE_INVALID_CERTIFICATE 20
	279	#define VPNCTL_NTYPE_BAD_CERT_REQUEST_SYNTAX 21
	280	#define VPNCTL_NTYPE_INVALID_CERT_AUTHORITY 22
	281	#define VPNCTL_NTYPE_INVALID_HASH_INFORMATION 23
	282	#define VPNCTL_NTYPE_AUTHENTICATION_FAILED 24
	283	#define VPNCTL_NTYPE_INVALID_SIGNATURE 25
	284	#define VPNCTL_NTYPE_ADDRESS_NOTIFICATION 26
	285	#define VPNCTL_NTYPE_NOTIFY_SA_LIFETIME 27
	286	#define VPNCTL_NTYPE_CERTIFICATE_UNAVAILABLE 28
	287	#define VPNCTL_NTYPE_UNSUPPORTED_EXCHANGE_TYPE 29
	288	#define VPNCTL_NTYPE_UNEQUAL_PAYLOAD_LENGTHS 30
	289	#define VPNCTL_NTYPE_LOAD_BALANCE 40501
d1e348cf A	290	#define VPNCTL_NTYPE_PEER_DEAD 50001 /* detected by DPD */
	291	#define VPNCTL_NTYPE_PH1_DELETE 50002 /* received a delete payload leaving no PH1 SA for the remote address */
	292	#define VPNCTL_NTYPE_IDLE_TIMEOUT 50003
fce29cd9 A	293	#define VPNCTL_NTYPE_PH1_DELETE_CERT_ERROR VPNCTL_NTYPE_IDLE_TIMEOUT /* used for offsetting cert errors */
	294	#define VPNCTL_NTYPE_PH1_DELETE_CERT_PREMATURE 50004 /* received a delete payload & there was a cert verification error leaving no PH1 SA for the remote address */
	295	#define VPNCTL_NTYPE_PH1_DELETE_CERT_EXPIRED 50005 /* received a delete payload & there was a cert verification error leaving no PH1 SA for the remote address */
52b7d2ce A	296	#define VPNCTL_NTYPE_INTERNAL_ERROR -1
	297
	298
	299	/* packet format for phase change status */
	300	struct vpnctl_status_phase_change {
	301	struct vpnctl_hdr hdr;
	302	u_int32_t address;
d1e348cf A	303	/* The following is included when VPNCTL_FLAG_MODECFG_USED flag set */
	304	// struct vpnctl_modecfg_params mode_cfg;
	305
	306	};
	307
	308
	309	/* packet format for auth needed status */
	310	struct vpnctl_status_need_authinfo {
	311	struct vpnctl_hdr hdr;
	312	u_int32_t address;
	313	/* packed array of variable sized struct isakmp_data */
52b7d2ce A	314	};
52b7d2ce A	315
d1e348cf A	316
	317	struct split_address {
	318	u_int32_t splitaddr;
	319	u_int32_t splitmask;
	320	};
	321
	322	struct vpnctl_modecfg_params {
	323	u_int32_t outer_local_addr;
	324	u_int16_t outer_remote_port;
	325	u_int16_t outer_local_port;
	326	u_int8_t ifname[IFNAMSIZ];
	327	/*
	328	* ifname for outer_local_addr (not null terminated)
	329	* followed by packed array of attributes (struct isakmp_data)
	330	*/
	331	};
	332
	333
52b7d2ce A	334	/* Packet formats for failed status */
	335	struct vpnctl_status_failed {
	336	struct vpnctl_hdr hdr;
	337	u_int32_t address;
	338	u_int16_t ike_code;
	339	u_int16_t from;
	340	u_int8_t data[0];
	341	};
	342
	343
	344	#endif /* _VPN_CONTROL_H */