]>
Commit | Line | Data |
---|---|---|
1 | /* $Id: vpn_control.h,v 1.10 2004/12/30 13:45:49 manubsd Exp $ */ | |
2 | ||
3 | /* | |
4 | * Copyright (c) 2006 Apple Computer, Inc. All rights reserved. | |
5 | * | |
6 | * @APPLE_LICENSE_HEADER_START@ | |
7 | * | |
8 | * The contents of this file constitute Original Code as defined in and | |
9 | * are subject to the Apple Public Source License Version 1.1 (the | |
10 | * "License"). You may not use this file except in compliance with the | |
11 | * License. Please obtain a copy of the License at | |
12 | * http://www.apple.com/publicsource and read it before using this file. | |
13 | * | |
14 | * This Original Code and all software distributed under the License are | |
15 | * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
16 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
17 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
18 | * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the | |
19 | * License for the specific language governing rights and limitations | |
20 | * under the License. | |
21 | * | |
22 | * @APPLE_LICENSE_HEADER_END@ | |
23 | */ | |
24 | ||
25 | /* | |
26 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
27 | * All rights reserved. | |
28 | * | |
29 | * Redistribution and use in source and binary forms, with or without | |
30 | * modification, are permitted provided that the following conditions | |
31 | * are met: | |
32 | * 1. Redistributions of source code must retain the above copyright | |
33 | * notice, this list of conditions and the following disclaimer. | |
34 | * 2. Redistributions in binary form must reproduce the above copyright | |
35 | * notice, this list of conditions and the following disclaimer in the | |
36 | * documentation and/or other materials provided with the distribution. | |
37 | * 3. Neither the name of the project nor the names of its contributors | |
38 | * may be used to endorse or promote products derived from this software | |
39 | * without specific prior written permission. | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | */ | |
53 | ||
54 | #ifndef _VPN_CONTROL_H | |
55 | #define _VPN_CONTROL_H | |
56 | ||
57 | #define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock" | |
58 | ||
59 | #define FROM_LOCAL 0 | |
60 | #define FROM_REMOTE 1 | |
61 | ||
62 | extern char *vpncontrolsock_path; | |
63 | extern uid_t vpncontrolsock_owner; | |
64 | extern gid_t vpncontrolsock_group; | |
65 | extern mode_t vpncontrolsock_mode; | |
66 | ||
67 | ||
68 | /* | |
69 | * message types | |
70 | */ | |
71 | #define VPNCTL_CMD_BIND 0x0001 | |
72 | #define VPNCTL_CMD_UNBIND 0x0002 | |
73 | #define VPNCTL_CMD_REDIRECT 0x0003 | |
74 | #define VPNCTL_CMD_PING 0x0004 | |
75 | #define VPNCTL_STATUS_IKE_FAILED 0x8001 | |
76 | #define VPNCTL_STATUS_PH1_START_US 0x8011 | |
77 | #define VPNCTL_STATUS_PH1_START_PEER 0x8012 | |
78 | #define VPNCTL_STATUS_PH1_ESTABLISHED 0x8013 | |
79 | #define VPNCTL_STATUS_PH2_START 0x8021 | |
80 | #define VPNCTL_STATUS_PH2_ESTABLISHED 0x8022 | |
81 | ||
82 | ||
83 | /* commands and status for vpn control. */ | |
84 | /* network byte order. */ | |
85 | ||
86 | /* Packet header */ | |
87 | struct vpnctl_hdr { | |
88 | u_int16_t msg_type; | |
89 | u_int16_t flags; | |
90 | u_int32_t cookie; | |
91 | u_int32_t reserved; | |
92 | u_int16_t result; | |
93 | u_int16_t len; /* payload length */ | |
94 | }; | |
95 | ||
96 | /* Packet formats for commands */ | |
97 | ||
98 | /* bind to receive status for specified address */ | |
99 | struct vpnctl_cmd_bind { | |
100 | struct vpnctl_hdr hdr; | |
101 | u_int32_t address; /* 0xFFFFFFFF = all */ | |
102 | }; | |
103 | ||
104 | /* unbind to stop receiving status for specified address */ | |
105 | struct vpnctl_cmd_unbind { | |
106 | struct vpnctl_hdr hdr; | |
107 | u_int32_t address; /* 0xFFFFFFFF = all */ | |
108 | }; | |
109 | ||
110 | /* redirect client to specified address */ | |
111 | struct vpnctl_cmd_redirect { | |
112 | struct vpnctl_hdr hdr; | |
113 | u_int32_t address; | |
114 | u_int32_t redirect_address; | |
115 | u_int16_t force; | |
116 | }; | |
117 | ||
118 | ||
119 | /* | |
120 | * IKE Notify codes - mirrors codes in isakmp.h | |
121 | */ | |
122 | #define VPNCTL_NTYPE_INVALID_PAYLOAD_TYPE 1 | |
123 | #define VPNCTL_NTYPE_DOI_NOT_SUPPORTED 2 | |
124 | #define VPNCTL_NTYPE_SITUATION_NOT_SUPPORTED 3 | |
125 | #define VPNCTL_NTYPE_INVALID_COOKIE 4 | |
126 | #define VPNCTL_NTYPE_INVALID_MAJOR_VERSION 5 | |
127 | #define VPNCTL_NTYPE_INVALID_MINOR_VERSION 6 | |
128 | #define VPNCTL_NTYPE_INVALID_EXCHANGE_TYPE 7 | |
129 | #define VPNCTL_NTYPE_INVALID_FLAGS 8 | |
130 | #define VPNCTL_NTYPE_INVALID_MESSAGE_ID 9 | |
131 | #define VPNCTL_NTYPE_INVALID_PROTOCOL_ID 10 | |
132 | #define VPNCTL_NTYPE_INVALID_SPI 11 | |
133 | #define VPNCTL_NTYPE_INVALID_TRANSFORM_ID 12 | |
134 | #define VPNCTL_NTYPE_ATTRIBUTES_NOT_SUPPORTED 13 | |
135 | #define VPNCTL_NTYPE_NO_PROPOSAL_CHOSEN 14 | |
136 | #define VPNCTL_NTYPE_BAD_PROPOSAL_SYNTAX 15 | |
137 | #define VPNCTL_NTYPE_PAYLOAD_MALFORMED 16 | |
138 | #define VPNCTL_NTYPE_INVALID_KEY_INFORMATION 17 | |
139 | #define VPNCTL_NTYPE_INVALID_ID_INFORMATION 18 | |
140 | #define VPNCTL_NTYPE_INVALID_CERT_ENCODING 19 | |
141 | #define VPNCTL_NTYPE_INVALID_CERTIFICATE 20 | |
142 | #define VPNCTL_NTYPE_BAD_CERT_REQUEST_SYNTAX 21 | |
143 | #define VPNCTL_NTYPE_INVALID_CERT_AUTHORITY 22 | |
144 | #define VPNCTL_NTYPE_INVALID_HASH_INFORMATION 23 | |
145 | #define VPNCTL_NTYPE_AUTHENTICATION_FAILED 24 | |
146 | #define VPNCTL_NTYPE_INVALID_SIGNATURE 25 | |
147 | #define VPNCTL_NTYPE_ADDRESS_NOTIFICATION 26 | |
148 | #define VPNCTL_NTYPE_NOTIFY_SA_LIFETIME 27 | |
149 | #define VPNCTL_NTYPE_CERTIFICATE_UNAVAILABLE 28 | |
150 | #define VPNCTL_NTYPE_UNSUPPORTED_EXCHANGE_TYPE 29 | |
151 | #define VPNCTL_NTYPE_UNEQUAL_PAYLOAD_LENGTHS 30 | |
152 | #define VPNCTL_NTYPE_LOAD_BALANCE 40501 | |
153 | #define VPNCTL_NTYPE_INTERNAL_ERROR -1 | |
154 | ||
155 | ||
156 | /* packet format for phase change status */ | |
157 | struct vpnctl_status_phase_change { | |
158 | struct vpnctl_hdr hdr; | |
159 | u_int32_t address; | |
160 | }; | |
161 | ||
162 | /* Packet formats for failed status */ | |
163 | struct vpnctl_status_failed { | |
164 | struct vpnctl_hdr hdr; | |
165 | u_int32_t address; | |
166 | u_int16_t ike_code; | |
167 | u_int16_t from; | |
168 | u_int8_t data[0]; | |
169 | }; | |
170 | ||
171 | ||
172 | #endif /* _VPN_CONTROL_H */ |