]>
Commit | Line | Data |
---|---|---|
52b7d2ce A |
1 | /* $Id: isakmp.h,v 1.10 2005/01/29 16:34:25 vanhu Exp $ */ |
2 | ||
3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | |
15 | * 3. Neither the name of the project nor the names of its contributors | |
16 | * may be used to endorse or promote products derived from this software | |
17 | * without specific prior written permission. | |
18 | * | |
19 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | |
30 | */ | |
31 | ||
32 | #ifndef _ISAKMP_H | |
33 | #define _ISAKMP_H | |
34 | ||
35 | /* refer to RFC 2408 */ | |
36 | ||
37 | /* must include <netinet/in.h> first. */ | |
38 | /* must include "isakmp_var.h" first. */ | |
39 | ||
40 | #define INITIATOR 0 /* synonym sender */ | |
41 | #define RESPONDER 1 /* synonym receiver */ | |
42 | ||
43 | #define GENERATE 1 | |
44 | #define VALIDATE 0 | |
45 | ||
46 | /* 3.1 ISAKMP Header Format | |
47 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
48 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
49 | ! Initiator ! | |
50 | ! Cookie ! | |
51 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
52 | ! Responder ! | |
53 | ! Cookie ! | |
54 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
55 | ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags ! | |
56 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
57 | ! Message ID ! | |
58 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
59 | ! Length ! | |
60 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
61 | */ | |
62 | struct isakmp { | |
63 | cookie_t i_ck; /* Initiator Cookie */ | |
64 | cookie_t r_ck; /* Responder Cookie */ | |
65 | u_int8_t np; /* Next Payload Type */ | |
66 | u_int8_t v; | |
67 | u_int8_t etype; /* Exchange Type */ | |
68 | u_int8_t flags; /* Flags */ | |
69 | u_int32_t msgid; | |
70 | u_int32_t len; /* Length */ | |
71 | } __attribute__((__packed__)); | |
72 | ||
73 | /* Next Payload Type */ | |
74 | #define ISAKMP_NPTYPE_NONE 0 /* NONE*/ | |
75 | #define ISAKMP_NPTYPE_SA 1 /* Security Association */ | |
76 | #define ISAKMP_NPTYPE_P 2 /* Proposal */ | |
77 | #define ISAKMP_NPTYPE_T 3 /* Transform */ | |
78 | #define ISAKMP_NPTYPE_KE 4 /* Key Exchange */ | |
79 | #define ISAKMP_NPTYPE_ID 5 /* Identification */ | |
80 | #define ISAKMP_NPTYPE_CERT 6 /* Certificate */ | |
81 | #define ISAKMP_NPTYPE_CR 7 /* Certificate Request */ | |
82 | #define ISAKMP_NPTYPE_HASH 8 /* Hash */ | |
83 | #define ISAKMP_NPTYPE_SIG 9 /* Signature */ | |
84 | #define ISAKMP_NPTYPE_NONCE 10 /* Nonce */ | |
85 | #define ISAKMP_NPTYPE_N 11 /* Notification */ | |
86 | #define ISAKMP_NPTYPE_D 12 /* Delete */ | |
87 | #define ISAKMP_NPTYPE_VID 13 /* Vendor ID */ | |
88 | #define ISAKMP_NPTYPE_ATTR 14 /* Attribute */ | |
89 | ||
90 | ||
91 | /* NAT-T draft-ietf-ipsec-nat-t-ike-05 and later */ | |
92 | /* XXX conflicts with values assigned to RFC 3547 */ | |
93 | #define ISAKMP_NPTYPE_NATD_BADDRAFT 15 /* NAT Discovery */ | |
94 | #define ISAKMP_NPTYPE_NATOA_BADDRAFT 16 /* NAT Original Address */ | |
95 | ||
96 | ||
97 | /* NAT-T RFC */ | |
98 | #define ISAKMP_NPTYPE_NATD_RFC 20 /* NAT Discovery */ | |
99 | #define ISAKMP_NPTYPE_NATOA_RFC 21 /* NAT Original Address */ | |
100 | ||
101 | /* NAT-T up to draft-ietf-ipsec-nat-t-ike-04 */ | |
102 | #define ISAKMP_NPTYPE_NATD_DRAFT 130 /* NAT Discovery */ | |
103 | #define ISAKMP_NPTYPE_NATOA_DRAFT 131 /* NAT Original Address */ | |
104 | ||
105 | /* Frag does not seems to be documented */ | |
106 | #define ISAKMP_NPTYPE_FRAG 132 /* IKE fragmentation payload */ | |
107 | ||
108 | #define ISAKMP_NPTYPE_MAX 17 | |
109 | /* 128 - 255 Private Use */ | |
110 | ||
111 | /* | |
112 | * The following are valid when the Vendor ID is one of the | |
113 | * following: | |
114 | * | |
115 | * MD5("A GSS-API Authentication Method for IKE") | |
116 | * MD5("GSSAPI") (recognized by Windows 2000) | |
117 | * MD5("MS NT5 ISAKMPOAKLEY") (sent by Windows 2000) | |
118 | * | |
119 | * See draft-ietf-ipsec-isakmp-gss-auth-06.txt. | |
120 | */ | |
121 | #define ISAKMP_NPTYPE_GSS 129 /* GSS token */ | |
122 | ||
123 | #define ISAKMP_MAJOR_VERSION 1 | |
124 | #define ISAKMP_MINOR_VERSION 0 | |
125 | #define ISAKMP_VERSION_NUMBER 0x10 | |
126 | #define ISAKMP_GETMAJORV(v) (((v) & 0xf0) >> 4) | |
127 | #define ISAKMP_SETMAJORV(v, m) ((v) = ((v) & 0x0f) | (((m) << 4) & 0xf0)) | |
128 | #define ISAKMP_GETMINORV(v) ((v) & 0x0f) | |
129 | #define ISAKMP_SETMINORV(v, m) ((v) = ((v) & 0xf0) | ((m) & 0x0f)) | |
130 | ||
131 | /* Exchange Type */ | |
132 | #define ISAKMP_ETYPE_NONE 0 /* NONE */ | |
133 | #define ISAKMP_ETYPE_BASE 1 /* Base */ | |
134 | #define ISAKMP_ETYPE_IDENT 2 /* Identity Proteciton */ | |
135 | #define ISAKMP_ETYPE_AUTH 3 /* Authentication Only */ | |
136 | #define ISAKMP_ETYPE_AGG 4 /* Aggressive */ | |
137 | #define ISAKMP_ETYPE_INFO 5 /* Informational */ | |
138 | #define ISAKMP_ETYPE_CFG 6 /* Mode config */ | |
139 | /* Additional Exchange Type */ | |
140 | #define ISAKMP_ETYPE_QUICK 32 /* Quick Mode */ | |
141 | #define ISAKMP_ETYPE_NEWGRP 33 /* New group Mode */ | |
142 | #define ISAKMP_ETYPE_ACKINFO 34 /* Acknowledged Informational */ | |
143 | ||
144 | /* Flags */ | |
145 | #define ISAKMP_FLAG_E 0x01 /* Encryption Bit */ | |
146 | #define ISAKMP_FLAG_C 0x02 /* Commit Bit */ | |
147 | #define ISAKMP_FLAG_A 0x04 /* Authentication Only Bit */ | |
148 | ||
149 | /* 3.2 Payload Generic Header | |
150 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
151 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
152 | ! Next Payload ! RESERVED ! Payload Length ! | |
153 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
154 | */ | |
155 | struct isakmp_gen { | |
156 | u_int8_t np; /* Next Payload */ | |
157 | u_int8_t reserved; /* RESERVED, unused, must set to 0 */ | |
158 | u_int16_t len; /* Payload Length */ | |
159 | } __attribute__((__packed__)); | |
160 | ||
161 | /* 3.3 Data Attributes | |
162 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
163 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
164 | !A! Attribute Type ! AF=0 Attribute Length ! | |
165 | !F! ! AF=1 Attribute Value ! | |
166 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
167 | . AF=0 Attribute Value . | |
168 | . AF=1 Not Transmitted . | |
169 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
170 | */ | |
171 | struct isakmp_data { | |
172 | u_int16_t type; /* defined by DOI-spec, and Attribute Format */ | |
173 | u_int16_t lorv; /* if f equal 1, Attribute Length */ | |
174 | /* if f equal 0, Attribute Value */ | |
175 | /* if f equal 1, Attribute Value */ | |
176 | } __attribute__((__packed__)); | |
177 | #define ISAKMP_GEN_TLV 0x0000 | |
178 | #define ISAKMP_GEN_TV 0x8000 | |
179 | /* mask for type of attribute format */ | |
180 | #define ISAKMP_GEN_MASK 0x8000 | |
181 | ||
182 | #if 0 | |
183 | /* MAY NOT be used, because of being defined in ipsec-doi. */ | |
184 | /* 3.4 Security Association Payload */ | |
185 | struct isakmp_pl_sa { | |
186 | struct isakmp_gen h; | |
187 | u_int32_t doi; /* Domain of Interpretation */ | |
188 | u_int32_t sit; /* Situation */ | |
189 | } __attribute__((__packed__)); | |
190 | #endif | |
191 | ||
192 | /* 3.5 Proposal Payload */ | |
193 | /* | |
194 | The value of the next payload field MUST only contain the value "2" | |
195 | or "0". If there are additional Proposal payloads in the message, | |
196 | then this field will be 2. If the current Proposal payload is the | |
197 | last within the security association proposal, then this field will | |
198 | be 0. | |
199 | */ | |
200 | struct isakmp_pl_p { | |
201 | struct isakmp_gen h; | |
202 | u_int8_t p_no; /* Proposal # */ | |
203 | u_int8_t proto_id; /* Protocol */ | |
204 | u_int8_t spi_size; /* SPI Size */ | |
205 | u_int8_t num_t; /* Number of Transforms */ | |
206 | /* SPI */ | |
207 | } __attribute__((__packed__)); | |
208 | ||
209 | /* 3.6 Transform Payload */ | |
210 | /* | |
211 | The value of the next payload field MUST only contain the value "3" | |
212 | or "0". If there are additional Transform payloads in the proposal, | |
213 | then this field will be 3. If the current Transform payload is the | |
214 | last within the proposal, then this field will be 0. | |
215 | */ | |
216 | struct isakmp_pl_t { | |
217 | struct isakmp_gen h; | |
218 | u_int8_t t_no; /* Transform # */ | |
219 | u_int8_t t_id; /* Transform-Id */ | |
220 | u_int16_t reserved; /* RESERVED2 */ | |
221 | /* SA Attributes */ | |
222 | } __attribute__((__packed__)); | |
223 | ||
224 | /* 3.7 Key Exchange Payload */ | |
225 | struct isakmp_pl_ke { | |
226 | struct isakmp_gen h; | |
227 | /* Key Exchange Data */ | |
228 | } __attribute__((__packed__)); | |
229 | ||
230 | #if 0 | |
231 | /* NOTE: MUST NOT use because of being defined in ipsec-doi instead them. */ | |
232 | /* 3.8 Identification Payload */ | |
233 | struct isakmp_pl_id { | |
234 | struct isakmp_gen h; | |
235 | union { | |
236 | u_int8_t id_type; /* ID Type */ | |
237 | u_int32_t doi_data; /* DOI Specific ID Data */ | |
238 | } d; | |
239 | /* Identification Data */ | |
240 | } __attribute__((__packed__)); | |
241 | /* A.4 ISAKMP Identification Type Values */ | |
242 | #define ISAKMP_ID_IPV4_ADDR 0 | |
243 | #define ISAKMP_ID_IPV4_ADDR_SUBNET 1 | |
244 | #define ISAKMP_ID_IPV6_ADDR 2 | |
245 | #define ISAKMP_ID_IPV6_ADDR_SUBNET 3 | |
246 | #endif | |
247 | ||
248 | /* 3.9 Certificate Payload */ | |
249 | struct isakmp_pl_cert { | |
250 | struct isakmp_gen h; | |
251 | /* | |
252 | * Encoding type of 1 octet follows immediately, | |
253 | * variable length CERT data follows encoding type. | |
254 | */ | |
255 | } __attribute__((__packed__)); | |
256 | ||
257 | /* Certificate Type */ | |
258 | #define ISAKMP_CERT_NONE 0 | |
259 | #define ISAKMP_CERT_PKCS7 1 | |
260 | #define ISAKMP_CERT_PGP 2 | |
261 | #define ISAKMP_CERT_DNS 3 | |
262 | #define ISAKMP_CERT_X509SIGN 4 | |
263 | #define ISAKMP_CERT_X509KE 5 | |
264 | #define ISAKMP_CERT_KERBEROS 6 | |
265 | #define ISAKMP_CERT_CRL 7 | |
266 | #define ISAKMP_CERT_ARL 8 | |
267 | #define ISAKMP_CERT_SPKI 9 | |
268 | #define ISAKMP_CERT_X509ATTR 10 | |
269 | #define ISAKMP_CERT_PLAINRSA 11 | |
270 | ||
271 | /* the method to get peers certificate */ | |
272 | #define ISAKMP_GETCERT_PAYLOAD 1 | |
273 | #define ISAKMP_GETCERT_LOCALFILE 2 | |
274 | #define ISAKMP_GETCERT_DNS 3 | |
275 | ||
276 | /* 3.10 Certificate Request Payload */ | |
277 | struct isakmp_pl_cr { | |
278 | struct isakmp_gen h; | |
279 | u_int8_t num_cert; /* # Cert. Types */ | |
280 | /* | |
281 | Certificate Types (variable length) | |
282 | -- Contains a list of the types of certificates requested, | |
283 | sorted in order of preference. Each individual certificate | |
284 | type is 1 octet. This field is NOT required. | |
285 | */ | |
286 | /* # Certificate Authorities (1 octet) */ | |
287 | /* Certificate Authorities (variable length) */ | |
288 | } __attribute__((__packed__)); | |
289 | ||
290 | /* 3.11 Hash Payload */ | |
291 | struct isakmp_pl_hash { | |
292 | struct isakmp_gen h; | |
293 | /* Hash Data */ | |
294 | } __attribute__((__packed__)); | |
295 | ||
296 | /* 3.12 Signature Payload */ | |
297 | struct isakmp_pl_sig { | |
298 | struct isakmp_gen h; | |
299 | /* Signature Data */ | |
300 | } __attribute__((__packed__)); | |
301 | ||
302 | /* 3.13 Nonce Payload */ | |
303 | struct isakmp_pl_nonce { | |
304 | struct isakmp_gen h; | |
305 | /* Nonce Data */ | |
306 | } __attribute__((__packed__)); | |
307 | ||
308 | /* 3.14 Notification Payload */ | |
309 | struct isakmp_pl_n { | |
310 | struct isakmp_gen h; | |
311 | u_int32_t doi; /* Domain of Interpretation */ | |
312 | u_int8_t proto_id; /* Protocol-ID */ | |
313 | u_int8_t spi_size; /* SPI Size */ | |
314 | u_int16_t type; /* Notify Message Type */ | |
315 | /* SPI */ | |
316 | /* Notification Data */ | |
317 | } __attribute__((__packed__)); | |
318 | ||
319 | /* 3.14.1 Notify Message Types */ | |
320 | /* NOTIFY MESSAGES - ERROR TYPES */ | |
321 | #define ISAKMP_NTYPE_INVALID_PAYLOAD_TYPE 1 | |
322 | #define ISAKMP_NTYPE_DOI_NOT_SUPPORTED 2 | |
323 | #define ISAKMP_NTYPE_SITUATION_NOT_SUPPORTED 3 | |
324 | #define ISAKMP_NTYPE_INVALID_COOKIE 4 | |
325 | #define ISAKMP_NTYPE_INVALID_MAJOR_VERSION 5 | |
326 | #define ISAKMP_NTYPE_INVALID_MINOR_VERSION 6 | |
327 | #define ISAKMP_NTYPE_INVALID_EXCHANGE_TYPE 7 | |
328 | #define ISAKMP_NTYPE_INVALID_FLAGS 8 | |
329 | #define ISAKMP_NTYPE_INVALID_MESSAGE_ID 9 | |
330 | #define ISAKMP_NTYPE_INVALID_PROTOCOL_ID 10 | |
331 | #define ISAKMP_NTYPE_INVALID_SPI 11 | |
332 | #define ISAKMP_NTYPE_INVALID_TRANSFORM_ID 12 | |
333 | #define ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13 | |
334 | #define ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN 14 | |
335 | #define ISAKMP_NTYPE_BAD_PROPOSAL_SYNTAX 15 | |
336 | #define ISAKMP_NTYPE_PAYLOAD_MALFORMED 16 | |
337 | #define ISAKMP_NTYPE_INVALID_KEY_INFORMATION 17 | |
338 | #define ISAKMP_NTYPE_INVALID_ID_INFORMATION 18 | |
339 | #define ISAKMP_NTYPE_INVALID_CERT_ENCODING 19 | |
340 | #define ISAKMP_NTYPE_INVALID_CERTIFICATE 20 | |
341 | #define ISAKMP_NTYPE_BAD_CERT_REQUEST_SYNTAX 21 | |
342 | #define ISAKMP_NTYPE_INVALID_CERT_AUTHORITY 22 | |
343 | #define ISAKMP_NTYPE_INVALID_HASH_INFORMATION 23 | |
344 | #define ISAKMP_NTYPE_AUTHENTICATION_FAILED 24 | |
345 | #define ISAKMP_NTYPE_INVALID_SIGNATURE 25 | |
346 | #define ISAKMP_NTYPE_ADDRESS_NOTIFICATION 26 | |
347 | #define ISAKMP_NTYPE_NOTIFY_SA_LIFETIME 27 | |
348 | #define ISAKMP_NTYPE_CERTIFICATE_UNAVAILABLE 28 | |
349 | #define ISAKMP_NTYPE_UNSUPPORTED_EXCHANGE_TYPE 29 | |
350 | #define ISAKMP_NTYPE_UNEQUAL_PAYLOAD_LENGTHS 30 | |
d1e348cf A |
351 | #define ISAKMP_NTYPE_MINERROR 1 |
352 | #define ISAKMP_NTYPE_MAXERROR 16383 | |
52b7d2ce A |
353 | /* NOTIFY MESSAGES - STATUS TYPES */ |
354 | #define ISAKMP_NTYPE_CONNECTED 16384 | |
355 | /* 4.6.3 IPSEC DOI Notify Message Types */ | |
356 | #define ISAKMP_NTYPE_RESPONDER_LIFETIME 24576 | |
357 | #define ISAKMP_NTYPE_REPLAY_STATUS 24577 | |
358 | #define ISAKMP_NTYPE_INITIAL_CONTACT 24578 | |
359 | ||
360 | /* DPD */ | |
361 | #define ISAKMP_NTYPE_R_U_THERE 36136 | |
362 | #define ISAKMP_NTYPE_R_U_THERE_ACK 36137 | |
363 | ||
364 | #define ISAKMP_NTYPE_LOAD_BALANCE 40501 | |
365 | #define ISAKMP_NTYPE_HEARTBEAT 40503 | |
366 | ||
d1e348cf | 367 | |
52b7d2ce A |
368 | /* using only to log */ |
369 | #define ISAKMP_LOG_RETRY_LIMIT_REACHED 65530 | |
370 | ||
371 | /* XXX means internal error but it's not reserved by any drafts... */ | |
372 | #define ISAKMP_INTERNAL_ERROR -1 | |
373 | ||
374 | /* 3.15 Delete Payload */ | |
375 | struct isakmp_pl_d { | |
376 | struct isakmp_gen h; | |
377 | u_int32_t doi; /* Domain of Interpretation */ | |
378 | u_int8_t proto_id; /* Protocol-Id */ | |
379 | u_int8_t spi_size; /* SPI Size */ | |
380 | u_int16_t num_spi; /* # of SPIs */ | |
381 | /* SPI(es) */ | |
382 | } __attribute__((__packed__)); | |
383 | ||
384 | /* natoa payload */ | |
385 | struct isakmp_pl_natoa { | |
386 | struct isakmp_gen h; | |
387 | u_int8_t id_type; /* address type */ | |
388 | u_int8_t reserved1; /* reserved */ | |
389 | u_int16_t reserved2; /* reserved */ | |
390 | /* IP address */ | |
391 | } __attribute__((__packed__)); | |
392 | ||
393 | struct payload_list { | |
394 | struct payload_list *next, *prev; | |
395 | vchar_t *payload; | |
396 | int payload_type; | |
397 | }; | |
398 | ||
399 | ||
400 | /* See draft-ietf-ipsec-isakmp-mode-cfg-04.txt, 3.2 */ | |
401 | struct isakmp_pl_attr { | |
402 | struct isakmp_gen h; | |
403 | u_int8_t type; /* Exchange type */ | |
404 | u_int8_t res2; | |
405 | u_int16_t id; /* Per transaction id */ | |
406 | } __attribute__((__packed__)); | |
407 | ||
408 | /* Exchange type */ | |
409 | #define ISAKMP_CFG_REQUEST 1 | |
410 | #define ISAKMP_CFG_REPLY 2 | |
411 | #define ISAKMP_CFG_SET 3 | |
412 | #define ISAKMP_CFG_ACK 4 | |
413 | ||
414 | /* IKE fragmentation payload */ | |
415 | struct isakmp_frag { | |
e8d9021d | 416 | u_int16_t unknown0; /* Next Payload (1st u_int8_t) and RESERVED (2nd u_int8_t), both must set to 0 */ |
52b7d2ce | 417 | u_int16_t len; |
e8d9021d | 418 | u_int16_t unknown1; /* fragid */ |
52b7d2ce A |
419 | u_int8_t index; |
420 | u_int8_t flags; | |
421 | } __attribute__((__packed__)); | |
422 | ||
423 | /* flags */ | |
424 | #define ISAKMP_FRAG_LAST 1 | |
425 | ||
426 | /* DPD R-U-THERE / R-U-THERE-ACK Payload */ | |
427 | struct isakmp_pl_ru { | |
428 | struct isakmp_gen h; | |
429 | u_int32_t doi; /* Domain of Interpretation */ | |
430 | u_int8_t proto_id; /* Protocol-Id */ | |
431 | u_int8_t spi_size; /* SPI Size */ | |
432 | u_int16_t type; /* Notify type */ | |
433 | cookie_t i_ck; /* Initiator Cookie */ | |
434 | cookie_t r_ck; /* Responder cookie*/ | |
435 | u_int32_t data; /* Notification data */ | |
436 | } __attribute__((__packed__)); | |
437 | ||
438 | /* Load Balance Notification */ | |
439 | struct isakmp_pl_lb { | |
440 | struct isakmp_gen h; | |
441 | u_int32_t doi; /* Domain of Interpretation */ | |
442 | u_int8_t proto_id; /* Protocol-Id */ | |
443 | u_int8_t spi_size; /* SPI Size */ | |
444 | u_int16_t type; /* Notify type */ | |
445 | cookie_t i_ck; /* Initiator Cookie */ | |
446 | cookie_t r_ck; /* Responder cookie*/ | |
447 | u_int32_t address; /* redirect address */ | |
448 | } __attribute__((__packed__)); | |
449 | ||
d1e348cf A |
450 | /* Responder-Lifetime Notification */ |
451 | struct isakmp_pl_resp_lifetime { | |
452 | struct isakmp_gen h; | |
453 | u_int32_t doi; /* Domain of Interpretation */ | |
454 | u_int8_t proto_id; /* Protocol-Id */ | |
455 | u_int8_t spi_size; /* SPI Size */ | |
456 | u_int16_t type; /* Notify type */ | |
457 | /* spi follows next */ | |
458 | /* data follows next */ | |
459 | } __attribute__((__packed__)); | |
460 | ||
52b7d2ce | 461 | #endif /* _ISAKMP_H */ |