ipsec-292.40.4.tar.gz

[apple/ipsec.git] / ipsec-tools / racoon / vpn_control.h

diff --git a/ipsec-tools/racoon/vpn_control.h b/ipsec-tools/racoon/vpn_control.h
index fd545d8b4abd916e04feb5f04cb24c296232fe3d..33c18a23092777eb4f3b3a986574c932ca638da2 100644 (file)
--- a/ipsec-tools/racoon/vpn_control.h
+++ b/ipsec-tools/racoon/vpn_control.h
@@ -56,6 +56,7 @@
 
 #include "algorithm_types.h"
 #include <net/if.h>
+#include <network/nat64.h>
 
 #define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock"
 
@@ -81,6 +82,9 @@ extern mode_t vpncontrolsock_mode;
 #define VPNCTL_CMD_START_PH2                   0x0013
 #define VPNCTL_CMD_XAUTH_INFO                  0x0014
 #define VPNCTL_CMD_START_DPD                   0x0015
+#define VPNCTL_CMD_ASSERT                              0x0016
+#define VPNCTL_CMD_RECONNECT                   0x0017
+#define VPNCTL_CMD_SET_NAT64_PREFIX            0x0018
 #define VPNCTL_STATUS_IKE_FAILED               0x8001
 #define VPNCTL_STATUS_PH1_START_US             0x8011
 #define VPNCTL_STATUS_PH1_START_PEER   0x8012
@@ -89,11 +93,14 @@ extern mode_t vpncontrolsock_mode;
 #define VPNCTL_STATUS_PH2_ESTABLISHED  0x8022
 #define VPNCTL_STATUS_NEED_AUTHINFO            0x8101
 #define VPNCTL_STATUS_NEED_REAUTHINFO  0x8102
+#define VPNCTL_STATUS_PEER_RESP                0x8103
 
 /*
  * Flags
  */
 #define VPNCTL_FLAG_MODECFG_USED               0x0001
+#define VPNCTL_FLAG_IKE_VERSION                        0x0002
+#define VPNCTL_FLAG_IKEV2                              VPNCTL_FLAG_IKE_VERSION
 
 /*
  * XAUTH Attribute Types
@@ -196,11 +203,16 @@ struct vpnctl_cmd_unbind {
 
 
 /* connect to specified address */
-struct vpnctl_cmd_connect{
+struct vpnctl_cmd_connect {
        struct vpnctl_hdr               hdr;
        u_int32_t                               address;
 };
 
+struct vpnctl_cmd_set_nat64_prefix {
+       struct vpnctl_hdr               hdr;
+       nw_nat64_prefix_t               nat64_prefix;
+};
+
 struct vpnctl_sa_selector {
        u_int32_t               src_tunnel_address;
        u_int32_t               src_tunnel_mask;
@@ -232,6 +244,13 @@ struct vpnctl_cmd_start_ph2 {
        /* array of struct vpnctl_algo */
 };
 
+/* assert connection (after network change) */
+struct vpnctl_cmd_assert {
+       struct vpnctl_hdr               hdr;
+       u_int32_t                               src_address;
+       u_int32_t                               dst_address;
+};
+
 /* set xauth info */
 struct vpnctl_cmd_xauth_info { 
        struct vpnctl_hdr               hdr;
@@ -290,6 +309,12 @@ struct vpnctl_cmd_start_dpd {
 #define VPNCTL_NTYPE_PEER_DEAD                                 50001   /* detected by DPD */
 #define VPNCTL_NTYPE_PH1_DELETE                                        50002   /* received a delete payload leaving no PH1 SA for the remote address */
 #define VPNCTL_NTYPE_IDLE_TIMEOUT                              50003
+#define VPNCTL_NTYPE_LOCAL_CERT_PREMATURE              50004   /* certificate is premature */
+#define VPNCTL_NTYPE_LOCAL_CERT_EXPIRED                        50005   /* certificate has expired */
+#define VPNCTL_NTYPE_PEER_CERT_PREMATURE               50006   /* peer's certificate is premature */
+#define VPNCTL_NTYPE_PEER_CERT_EXPIRED                 50007   /* peer's certificate has expired */
+#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJNAME                50008   /* peer's certificate has an invalid subjname */
+#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJALTNAME     50009   /* peer's certificate has an invalid subjaltname */
 #define VPNCTL_NTYPE_INTERNAL_ERROR                            -1
 
 
@@ -337,5 +362,10 @@ struct vpnctl_status_failed {
        u_int8_t                                        data[0];
 };
 
+struct vpnctl_status_peer_resp {
+       struct vpnctl_hdr                       hdr;
+       u_int32_t                                       address;
+       u_int16_t                                       ike_code;
+};
 
 #endif /* _VPN_CONTROL_H */