[apple/ipsec.git] / ipsec-tools / racoon / vpn_control.h

/* $Id: vpn_control.h,v 1.10 2004/12/30 13:45:49 manubsd Exp $ */

/*
 * Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef _VPN_CONTROL_H
#define _VPN_CONTROL_H

#include "algorithm_types.h"
#include <net/if.h>

#define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock"

#define FROM_LOCAL	0
#define FROM_REMOTE 1


extern char *vpncontrolsock_path;
extern uid_t vpncontrolsock_owner;
extern gid_t vpncontrolsock_group;
extern mode_t vpncontrolsock_mode;


/*
 * message types
 */
#define VPNCTL_CMD_BIND					0x0001
#define VPNCTL_CMD_UNBIND				0x0002
#define VPNCTL_CMD_REDIRECT				0x0003
#define VPNCTL_CMD_PING					0x0004
#define VPNCTL_CMD_CONNECT				0x0011
#define VPNCTL_CMD_DISCONNECT			0x0012
#define VPNCTL_CMD_START_PH2			0x0013
#define VPNCTL_CMD_XAUTH_INFO			0x0014
#define VPNCTL_CMD_START_DPD			0x0015
#define VPNCTL_CMD_ASSERT				0x0016
#define VPNCTL_CMD_RECONNECT			0x0017
#define VPNCTL_STATUS_IKE_FAILED		0x8001
#define VPNCTL_STATUS_PH1_START_US		0x8011
#define VPNCTL_STATUS_PH1_START_PEER	0x8012
#define VPNCTL_STATUS_PH1_ESTABLISHED	0x8013
#define VPNCTL_STATUS_PH2_START			0x8021
#define VPNCTL_STATUS_PH2_ESTABLISHED	0x8022
#define VPNCTL_STATUS_NEED_AUTHINFO		0x8101
#define VPNCTL_STATUS_NEED_REAUTHINFO	0x8102
#define VPNCTL_STATUS_PEER_RESP		0x8103

/*
 * Flags
 */
#define VPNCTL_FLAG_MODECFG_USED		0x0001

/*
 * XAUTH Attribute Types
 */
#ifndef __IPSEC_BUILD__
#define	XAUTH_TYPE                16520
#define	XAUTH_USER_NAME           16521
#define	XAUTH_USER_PASSWORD       16522
#define	XAUTH_PASSCODE            16523
#define	XAUTH_MESSAGE             16524
#define	XAUTH_CHALLENGE           16525
#define	XAUTH_DOMAIN              16526
#define	XAUTH_STATUS              16527
#define	XAUTH_NEXT_PIN            16528
#define	XAUTH_ANSWER              16529


/* Types for XAUTH_TYPE */
#define	XAUTH_TYPE_GENERIC 	0
#define	XAUTH_TYPE_CHAP    	1
#define	XAUTH_TYPE_OTP     	2
#define	XAUTH_TYPE_SKEY    	3


/* Mode cfg Attribute types */
#define INTERNAL_IP4_ADDRESS        1
#define INTERNAL_IP4_NETMASK        2
#define INTERNAL_IP4_DNS            3
#define INTERNAL_IP4_NBNS           4
#define INTERNAL_ADDRESS_EXPIRY     5
#define INTERNAL_IP4_DHCP           6
#define APPLICATION_VERSION         7
#define INTERNAL_IP6_ADDRESS        8
#define INTERNAL_IP6_NETMASK        9
#define INTERNAL_IP6_DNS           10
#define INTERNAL_IP6_NBNS          11
#define INTERNAL_IP6_DHCP          12
#define INTERNAL_IP4_SUBNET        13
#define SUPPORTED_ATTRIBUTES       14
#define INTERNAL_IP6_SUBNET        15

#define UNITY_BANNER			28672
#define UNITY_SAVE_PASSWD		28673
#define UNITY_DEF_DOMAIN		28674
#define UNITY_SPLITDNS_NAME		28675
#define UNITY_SPLIT_INCLUDE		28676
#define UNITY_NATT_PORT			28677
#define UNITY_LOCAL_LAN			28678
#define UNITY_PFS				28679
#define UNITY_FW_TYPE			28680
#define UNITY_BACKUP_SERVERS	28681
#define UNITY_DDNS_HOSTNAME		28682

/* 3.3 Data Attributes
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        !A!       Attribute Type        !    AF=0  Attribute Length     !
        !F!                             !    AF=1  Attribute Value      !
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        .                   AF=0  Attribute Value                       .
        .                   AF=1  Not Transmitted                       .
        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct isakmp_data {
	u_int16_t type;		/* defined by DOI-spec, and Attribute Format */
	u_int16_t lorv;		/* if f equal 1, Attribute Length */
	/* if f equal 0, Attribute Value */
	/* if f equal 1, Attribute Value */
};
#endif

/* commands and status for vpn control. */
/* network byte order. */

/* Packet header */
struct vpnctl_hdr {
	u_int16_t			msg_type;
	u_int16_t			flags;		
	u_int32_t			cookie;
	u_int32_t			reserved;
	u_int16_t			result;	
	u_int16_t			len;			/* payload length */	
};

/* Packet formats for commands */

/* bind to receive status for specified address */
struct vpnctl_cmd_bind {
	struct vpnctl_hdr		hdr;
	u_int32_t				address;	/* 0xFFFFFFFF = all */
	u_int16_t				vers_len;	/* if zero - no version provided */
	/* name/version string of length vers_len */
};

/* unbind to stop receiving status for specified address */
struct vpnctl_cmd_unbind {
	struct vpnctl_hdr		hdr;
	u_int32_t				address;	/* 0xFFFFFFFF = all */
};


/* connect to specified address */
struct vpnctl_cmd_connect{
	struct vpnctl_hdr		hdr;
	u_int32_t				address;
};

struct vpnctl_sa_selector {
	u_int32_t		src_tunnel_address;
	u_int32_t		src_tunnel_mask;
	u_int32_t		dst_tunnel_address;
	u_int32_t		dst_tunnel_mask;
	u_int16_t		src_tunnel_port;
	u_int16_t		dst_tunnel_port;
	u_int16_t		ul_protocol;
	u_int16_t		reserved;
};

struct vpnctl_algo {
	u_int16_t	algo_class;
	u_int16_t	algo;
	u_int16_t	key_len;	/* for enc algorithms only */
	u_int16_t	reserved;
};

/* start phase 2 */
struct vpnctl_cmd_start_ph2 {
	struct vpnctl_hdr		hdr;
	u_int32_t				address;
	u_int32_t				lifetime;  /* seconds */
	u_int16_t				pfs_group;	/* defined in algorithm_types.h */
	u_int16_t				selector_count;
	u_int16_t				algo_count;
	u_int16_t				reserved;
	/* array of struct vpnctl_sa_selector */
	/* array of struct vpnctl_algo */
};

/* assert connection (after network change) */
struct vpnctl_cmd_assert {
	struct vpnctl_hdr		hdr;
	u_int32_t				src_address;
	u_int32_t				dst_address;
};

/* set xauth info */
struct vpnctl_cmd_xauth_info {	
	struct vpnctl_hdr		hdr;
	u_int32_t				address;
	/* packed array of variable sized struct isakmp_data */
};

/* redirect client to specified address */
struct vpnctl_cmd_redirect {	
 	struct vpnctl_hdr		hdr;
 	u_int32_t				address;
	u_int32_t				redirect_address;
	u_int16_t				force;
};

/* start dpd */
struct vpnctl_cmd_start_dpd {
	struct vpnctl_hdr		hdr;
	u_int32_t               address;
};

/*
 * IKE Notify codes - mirrors codes in isakmp.h
 */
#define VPNCTL_NTYPE_INVALID_PAYLOAD_TYPE		1
#define VPNCTL_NTYPE_DOI_NOT_SUPPORTED			2
#define VPNCTL_NTYPE_SITUATION_NOT_SUPPORTED	3
#define VPNCTL_NTYPE_INVALID_COOKIE				4
#define VPNCTL_NTYPE_INVALID_MAJOR_VERSION		5
#define VPNCTL_NTYPE_INVALID_MINOR_VERSION		6
#define VPNCTL_NTYPE_INVALID_EXCHANGE_TYPE		7
#define VPNCTL_NTYPE_INVALID_FLAGS				8
#define VPNCTL_NTYPE_INVALID_MESSAGE_ID			9
#define VPNCTL_NTYPE_INVALID_PROTOCOL_ID		10
#define VPNCTL_NTYPE_INVALID_SPI				11
#define VPNCTL_NTYPE_INVALID_TRANSFORM_ID		12
#define VPNCTL_NTYPE_ATTRIBUTES_NOT_SUPPORTED	13
#define VPNCTL_NTYPE_NO_PROPOSAL_CHOSEN			14
#define VPNCTL_NTYPE_BAD_PROPOSAL_SYNTAX		15
#define VPNCTL_NTYPE_PAYLOAD_MALFORMED			16
#define VPNCTL_NTYPE_INVALID_KEY_INFORMATION	17
#define VPNCTL_NTYPE_INVALID_ID_INFORMATION		18
#define VPNCTL_NTYPE_INVALID_CERT_ENCODING		19
#define VPNCTL_NTYPE_INVALID_CERTIFICATE		20
#define VPNCTL_NTYPE_BAD_CERT_REQUEST_SYNTAX	21
#define VPNCTL_NTYPE_INVALID_CERT_AUTHORITY		22
#define VPNCTL_NTYPE_INVALID_HASH_INFORMATION	23
#define VPNCTL_NTYPE_AUTHENTICATION_FAILED		24
#define VPNCTL_NTYPE_INVALID_SIGNATURE			25
#define VPNCTL_NTYPE_ADDRESS_NOTIFICATION		26
#define VPNCTL_NTYPE_NOTIFY_SA_LIFETIME			27
#define VPNCTL_NTYPE_CERTIFICATE_UNAVAILABLE	28
#define VPNCTL_NTYPE_UNSUPPORTED_EXCHANGE_TYPE	29
#define VPNCTL_NTYPE_UNEQUAL_PAYLOAD_LENGTHS	30
#define VPNCTL_NTYPE_LOAD_BALANCE				40501
#define VPNCTL_NTYPE_PEER_DEAD					50001	/* detected by DPD */
#define VPNCTL_NTYPE_PH1_DELETE					50002	/* received a delete payload leaving no PH1 SA for the remote address */
#define VPNCTL_NTYPE_IDLE_TIMEOUT				50003
#define VPNCTL_NTYPE_LOCAL_CERT_PREMATURE		50004	/* certificate is premature */
#define VPNCTL_NTYPE_LOCAL_CERT_EXPIRED			50005	/* certificate has expired */
#define VPNCTL_NTYPE_PEER_CERT_PREMATURE		50006	/* peer's certificate is premature */
#define VPNCTL_NTYPE_PEER_CERT_EXPIRED			50007	/* peer's certificate has expired */
#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJNAME		50008	/* peer's certificate has an invalid subjname */
#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJALTNAME	50009	/* peer's certificate has an invalid subjaltname */
#define VPNCTL_NTYPE_INTERNAL_ERROR				-1


/* packet format for phase change status */
struct vpnctl_status_phase_change {
	struct vpnctl_hdr			hdr;
	u_int32_t					address;
	/* The following is included when VPNCTL_FLAG_MODECFG_USED flag set */
	// struct vpnctl_modecfg_params	mode_cfg;

};


/* packet format for auth needed status */
struct vpnctl_status_need_authinfo {
	struct vpnctl_hdr			hdr;
	u_int32_t					address;
	/* packed array of variable sized struct isakmp_data */
};


struct split_address {
	u_int32_t	splitaddr;
	u_int32_t	splitmask;
};

struct vpnctl_modecfg_params {	
	u_int32_t					outer_local_addr;
	u_int16_t					outer_remote_port;
	u_int16_t					outer_local_port;
	u_int8_t					ifname[IFNAMSIZ];
	/*
	 *	ifname for outer_local_addr (not null terminated)
	 *	followed by packed array of attributes (struct isakmp_data)
	 */
};


/* Packet formats for failed status */
struct vpnctl_status_failed {
	struct vpnctl_hdr			hdr;
	u_int32_t					address;
	u_int16_t					ike_code;
	u_int16_t					from;
	u_int8_t					data[0];
};

struct vpnctl_status_peer_resp {
	struct vpnctl_hdr			hdr;
	u_int32_t					address;
	u_int16_t					ike_code;
};

#endif /* _VPN_CONTROL_H */
Commit	Line	Data
52b7d2ce A	1	/* $Id: vpn_control.h,v 1.10 2004/12/30 13:45:49 manubsd Exp $ */
	2
	3	/*
	4	* Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
	5	*
	6	* @APPLE_LICENSE_HEADER_START@
	7	*
	8	* The contents of this file constitute Original Code as defined in and
	9	* are subject to the Apple Public Source License Version 1.1 (the
	10	* "License"). You may not use this file except in compliance with the
	11	* License. Please obtain a copy of the License at
	12	* http://www.apple.com/publicsource and read it before using this file.
	13	*
	14	* This Original Code and all software distributed under the License are
	15	* distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	16	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	17	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	18	* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
	19	* License for the specific language governing rights and limitations
	20	* under the License.
	21	*
	22	* @APPLE_LICENSE_HEADER_END@
	23	*/
	24
	25	/*
	26	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	27	* All rights reserved.
	28	*
	29	* Redistribution and use in source and binary forms, with or without
	30	* modification, are permitted provided that the following conditions
	31	* are met:
	32	* 1. Redistributions of source code must retain the above copyright
	33	* notice, this list of conditions and the following disclaimer.
	34	* 2. Redistributions in binary form must reproduce the above copyright
	35	* notice, this list of conditions and the following disclaimer in the
	36	* documentation and/or other materials provided with the distribution.
	37	* 3. Neither the name of the project nor the names of its contributors
	38	* may be used to endorse or promote products derived from this software
	39	* without specific prior written permission.
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*/
	53
	54	#ifndef _VPN_CONTROL_H
	55	#define _VPN_CONTROL_H
	56
d1e348cf A	57	#include "algorithm_types.h"
	58	#include <net/if.h>
	59
52b7d2ce A	60	#define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock"
	61
	62	#define FROM_LOCAL 0
	63	#define FROM_REMOTE 1
	64
d1e348cf	65
52b7d2ce A	66	extern char *vpncontrolsock_path;
	67	extern uid_t vpncontrolsock_owner;
	68	extern gid_t vpncontrolsock_group;
	69	extern mode_t vpncontrolsock_mode;
	70
	71
	72	/*
	73	* message types
	74	*/
	75	#define VPNCTL_CMD_BIND 0x0001
	76	#define VPNCTL_CMD_UNBIND 0x0002
	77	#define VPNCTL_CMD_REDIRECT 0x0003
	78	#define VPNCTL_CMD_PING 0x0004
d1e348cf A	79	#define VPNCTL_CMD_CONNECT 0x0011
	80	#define VPNCTL_CMD_DISCONNECT 0x0012
	81	#define VPNCTL_CMD_START_PH2 0x0013
	82	#define VPNCTL_CMD_XAUTH_INFO 0x0014
	83	#define VPNCTL_CMD_START_DPD 0x0015
e8d9021d A	84	#define VPNCTL_CMD_ASSERT 0x0016
e8d9021d A	85	#define VPNCTL_CMD_RECONNECT 0x0017
52b7d2ce A	86	#define VPNCTL_STATUS_IKE_FAILED 0x8001
	87	#define VPNCTL_STATUS_PH1_START_US 0x8011
	88	#define VPNCTL_STATUS_PH1_START_PEER 0x8012
	89	#define VPNCTL_STATUS_PH1_ESTABLISHED 0x8013
	90	#define VPNCTL_STATUS_PH2_START 0x8021
	91	#define VPNCTL_STATUS_PH2_ESTABLISHED 0x8022
d1e348cf A	92	#define VPNCTL_STATUS_NEED_AUTHINFO 0x8101
d1e348cf A	93	#define VPNCTL_STATUS_NEED_REAUTHINFO 0x8102
e8d9021d	94	#define VPNCTL_STATUS_PEER_RESP 0x8103
d1e348cf A	95
	96	/*
	97	* Flags
	98	*/
	99	#define VPNCTL_FLAG_MODECFG_USED 0x0001
	100
	101	/*
	102	* XAUTH Attribute Types
	103	*/
	104	#ifndef __IPSEC_BUILD__
	105	#define XAUTH_TYPE 16520
	106	#define XAUTH_USER_NAME 16521
	107	#define XAUTH_USER_PASSWORD 16522
	108	#define XAUTH_PASSCODE 16523
	109	#define XAUTH_MESSAGE 16524
	110	#define XAUTH_CHALLENGE 16525
	111	#define XAUTH_DOMAIN 16526
	112	#define XAUTH_STATUS 16527
	113	#define XAUTH_NEXT_PIN 16528
	114	#define XAUTH_ANSWER 16529
	115
	116
	117	/* Types for XAUTH_TYPE */
	118	#define XAUTH_TYPE_GENERIC 0
	119	#define XAUTH_TYPE_CHAP 1
	120	#define XAUTH_TYPE_OTP 2
	121	#define XAUTH_TYPE_SKEY 3
	122
	123
	124	/* Mode cfg Attribute types */
	125	#define INTERNAL_IP4_ADDRESS 1
	126	#define INTERNAL_IP4_NETMASK 2
	127	#define INTERNAL_IP4_DNS 3
	128	#define INTERNAL_IP4_NBNS 4
	129	#define INTERNAL_ADDRESS_EXPIRY 5
	130	#define INTERNAL_IP4_DHCP 6
	131	#define APPLICATION_VERSION 7
	132	#define INTERNAL_IP6_ADDRESS 8
	133	#define INTERNAL_IP6_NETMASK 9
	134	#define INTERNAL_IP6_DNS 10
	135	#define INTERNAL_IP6_NBNS 11
	136	#define INTERNAL_IP6_DHCP 12
	137	#define INTERNAL_IP4_SUBNET 13
	138	#define SUPPORTED_ATTRIBUTES 14
	139	#define INTERNAL_IP6_SUBNET 15
52b7d2ce	140
d1e348cf A	141	#define UNITY_BANNER 28672
	142	#define UNITY_SAVE_PASSWD 28673
	143	#define UNITY_DEF_DOMAIN 28674
	144	#define UNITY_SPLITDNS_NAME 28675
	145	#define UNITY_SPLIT_INCLUDE 28676
	146	#define UNITY_NATT_PORT 28677
	147	#define UNITY_LOCAL_LAN 28678
	148	#define UNITY_PFS 28679
	149	#define UNITY_FW_TYPE 28680
	150	#define UNITY_BACKUP_SERVERS 28681
	151	#define UNITY_DDNS_HOSTNAME 28682
	152
	153	/* 3.3 Data Attributes
	154	0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
	155	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	156	!A! Attribute Type ! AF=0 Attribute Length !
	157	!F! ! AF=1 Attribute Value !
	158	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	159	. AF=0 Attribute Value .
	160	. AF=1 Not Transmitted .
	161	+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
	162	*/
	163	struct isakmp_data {
	164	u_int16_t type; /* defined by DOI-spec, and Attribute Format */
	165	u_int16_t lorv; /* if f equal 1, Attribute Length */
	166	/* if f equal 0, Attribute Value */
	167	/* if f equal 1, Attribute Value */
	168	};
	169	#endif
52b7d2ce A	170
	171	/* commands and status for vpn control. */
	172	/* network byte order. */
	173
	174	/* Packet header */
	175	struct vpnctl_hdr {
	176	u_int16_t msg_type;
	177	u_int16_t flags;
	178	u_int32_t cookie;
	179	u_int32_t reserved;
	180	u_int16_t result;
	181	u_int16_t len; /* payload length */
	182	};
	183
	184	/* Packet formats for commands */
	185
	186	/* bind to receive status for specified address */
	187	struct vpnctl_cmd_bind {
	188	struct vpnctl_hdr hdr;
	189	u_int32_t address; /* 0xFFFFFFFF = all */
d1e348cf A	190	u_int16_t vers_len; /* if zero - no version provided */
d1e348cf A	191	/* name/version string of length vers_len */
52b7d2ce A	192	};
	193
	194	/* unbind to stop receiving status for specified address */
	195	struct vpnctl_cmd_unbind {
	196	struct vpnctl_hdr hdr;
	197	u_int32_t address; /* 0xFFFFFFFF = all */
	198	};
	199
d1e348cf A	200
	201	/* connect to specified address */
	202	struct vpnctl_cmd_connect{
52b7d2ce A	203	struct vpnctl_hdr hdr;
52b7d2ce A	204	u_int32_t address;
d1e348cf A	205	};
	206
	207	struct vpnctl_sa_selector {
	208	u_int32_t src_tunnel_address;
	209	u_int32_t src_tunnel_mask;
	210	u_int32_t dst_tunnel_address;
	211	u_int32_t dst_tunnel_mask;
	212	u_int16_t src_tunnel_port;
	213	u_int16_t dst_tunnel_port;
	214	u_int16_t ul_protocol;
	215	u_int16_t reserved;
	216	};
	217
	218	struct vpnctl_algo {
	219	u_int16_t algo_class;
	220	u_int16_t algo;
	221	u_int16_t key_len; /* for enc algorithms only */
	222	u_int16_t reserved;
	223	};
	224
	225	/* start phase 2 */
	226	struct vpnctl_cmd_start_ph2 {
	227	struct vpnctl_hdr hdr;
	228	u_int32_t address;
	229	u_int32_t lifetime; /* seconds */
	230	u_int16_t pfs_group; /* defined in algorithm_types.h */
	231	u_int16_t selector_count;
	232	u_int16_t algo_count;
	233	u_int16_t reserved;
	234	/* array of struct vpnctl_sa_selector */
	235	/* array of struct vpnctl_algo */
	236	};
	237
e8d9021d A	238	/* assert connection (after network change) */
	239	struct vpnctl_cmd_assert {
	240	struct vpnctl_hdr hdr;
	241	u_int32_t src_address;
	242	u_int32_t dst_address;
	243	};
	244
d1e348cf A	245	/* set xauth info */
	246	struct vpnctl_cmd_xauth_info {
	247	struct vpnctl_hdr hdr;
	248	u_int32_t address;
	249	/* packed array of variable sized struct isakmp_data */
	250	};
	251
	252	/* redirect client to specified address */
	253	struct vpnctl_cmd_redirect {
	254	struct vpnctl_hdr hdr;
	255	u_int32_t address;
52b7d2ce A	256	u_int32_t redirect_address;
	257	u_int16_t force;
	258	};
	259
d1e348cf A	260	/* start dpd */
	261	struct vpnctl_cmd_start_dpd {
	262	struct vpnctl_hdr hdr;
	263	u_int32_t address;
	264	};
52b7d2ce A	265
	266	/*
	267	* IKE Notify codes - mirrors codes in isakmp.h
	268	*/
	269	#define VPNCTL_NTYPE_INVALID_PAYLOAD_TYPE 1
	270	#define VPNCTL_NTYPE_DOI_NOT_SUPPORTED 2
	271	#define VPNCTL_NTYPE_SITUATION_NOT_SUPPORTED 3
	272	#define VPNCTL_NTYPE_INVALID_COOKIE 4
	273	#define VPNCTL_NTYPE_INVALID_MAJOR_VERSION 5
	274	#define VPNCTL_NTYPE_INVALID_MINOR_VERSION 6
	275	#define VPNCTL_NTYPE_INVALID_EXCHANGE_TYPE 7
	276	#define VPNCTL_NTYPE_INVALID_FLAGS 8
	277	#define VPNCTL_NTYPE_INVALID_MESSAGE_ID 9
	278	#define VPNCTL_NTYPE_INVALID_PROTOCOL_ID 10
	279	#define VPNCTL_NTYPE_INVALID_SPI 11
	280	#define VPNCTL_NTYPE_INVALID_TRANSFORM_ID 12
	281	#define VPNCTL_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13
	282	#define VPNCTL_NTYPE_NO_PROPOSAL_CHOSEN 14
	283	#define VPNCTL_NTYPE_BAD_PROPOSAL_SYNTAX 15
	284	#define VPNCTL_NTYPE_PAYLOAD_MALFORMED 16
	285	#define VPNCTL_NTYPE_INVALID_KEY_INFORMATION 17
	286	#define VPNCTL_NTYPE_INVALID_ID_INFORMATION 18
	287	#define VPNCTL_NTYPE_INVALID_CERT_ENCODING 19
	288	#define VPNCTL_NTYPE_INVALID_CERTIFICATE 20
	289	#define VPNCTL_NTYPE_BAD_CERT_REQUEST_SYNTAX 21
	290	#define VPNCTL_NTYPE_INVALID_CERT_AUTHORITY 22
	291	#define VPNCTL_NTYPE_INVALID_HASH_INFORMATION 23
	292	#define VPNCTL_NTYPE_AUTHENTICATION_FAILED 24
	293	#define VPNCTL_NTYPE_INVALID_SIGNATURE 25
	294	#define VPNCTL_NTYPE_ADDRESS_NOTIFICATION 26
	295	#define VPNCTL_NTYPE_NOTIFY_SA_LIFETIME 27
	296	#define VPNCTL_NTYPE_CERTIFICATE_UNAVAILABLE 28
	297	#define VPNCTL_NTYPE_UNSUPPORTED_EXCHANGE_TYPE 29
	298	#define VPNCTL_NTYPE_UNEQUAL_PAYLOAD_LENGTHS 30
	299	#define VPNCTL_NTYPE_LOAD_BALANCE 40501
d1e348cf A	300	#define VPNCTL_NTYPE_PEER_DEAD 50001 /* detected by DPD */
	301	#define VPNCTL_NTYPE_PH1_DELETE 50002 /* received a delete payload leaving no PH1 SA for the remote address */
	302	#define VPNCTL_NTYPE_IDLE_TIMEOUT 50003
e8d9021d A	303	#define VPNCTL_NTYPE_LOCAL_CERT_PREMATURE 50004 /* certificate is premature */
	304	#define VPNCTL_NTYPE_LOCAL_CERT_EXPIRED 50005 /* certificate has expired */
	305	#define VPNCTL_NTYPE_PEER_CERT_PREMATURE 50006 /* peer's certificate is premature */
	306	#define VPNCTL_NTYPE_PEER_CERT_EXPIRED 50007 /* peer's certificate has expired */
	307	#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJNAME 50008 /* peer's certificate has an invalid subjname */
	308	#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJALTNAME 50009 /* peer's certificate has an invalid subjaltname */
52b7d2ce A	309	#define VPNCTL_NTYPE_INTERNAL_ERROR -1
	310
	311
	312	/* packet format for phase change status */
	313	struct vpnctl_status_phase_change {
	314	struct vpnctl_hdr hdr;
	315	u_int32_t address;
d1e348cf A	316	/* The following is included when VPNCTL_FLAG_MODECFG_USED flag set */
	317	// struct vpnctl_modecfg_params mode_cfg;
	318
	319	};
	320
	321
	322	/* packet format for auth needed status */
	323	struct vpnctl_status_need_authinfo {
	324	struct vpnctl_hdr hdr;
	325	u_int32_t address;
	326	/* packed array of variable sized struct isakmp_data */
52b7d2ce A	327	};
52b7d2ce A	328
d1e348cf A	329
	330	struct split_address {
	331	u_int32_t splitaddr;
	332	u_int32_t splitmask;
	333	};
	334
	335	struct vpnctl_modecfg_params {
	336	u_int32_t outer_local_addr;
	337	u_int16_t outer_remote_port;
	338	u_int16_t outer_local_port;
	339	u_int8_t ifname[IFNAMSIZ];
	340	/*
	341	* ifname for outer_local_addr (not null terminated)
	342	* followed by packed array of attributes (struct isakmp_data)
	343	*/
	344	};
	345
	346
52b7d2ce A	347	/* Packet formats for failed status */
	348	struct vpnctl_status_failed {
	349	struct vpnctl_hdr hdr;
	350	u_int32_t address;
	351	u_int16_t ike_code;
	352	u_int16_t from;
	353	u_int8_t data[0];
	354	};
	355
e8d9021d A	356	struct vpnctl_status_peer_resp {
	357	struct vpnctl_hdr hdr;
	358	u_int32_t address;
	359	u_int16_t ike_code;
	360	};
52b7d2ce A	361
52b7d2ce A	362	#endif /* _VPN_CONTROL_H */