#include "algorithm_types.h"
#include <net/if.h>
+#if __has_include(<nw/private.h>)
+#include <nw/private.h>
+#else
+#include <network/nat64.h>
+#endif
#define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock"
#define VPNCTL_CMD_START_PH2 0x0013
#define VPNCTL_CMD_XAUTH_INFO 0x0014
#define VPNCTL_CMD_START_DPD 0x0015
+#define VPNCTL_CMD_ASSERT 0x0016
+#define VPNCTL_CMD_RECONNECT 0x0017
+#define VPNCTL_CMD_SET_NAT64_PREFIX 0x0018
#define VPNCTL_STATUS_IKE_FAILED 0x8001
#define VPNCTL_STATUS_PH1_START_US 0x8011
#define VPNCTL_STATUS_PH1_START_PEER 0x8012
#define VPNCTL_STATUS_PH2_ESTABLISHED 0x8022
#define VPNCTL_STATUS_NEED_AUTHINFO 0x8101
#define VPNCTL_STATUS_NEED_REAUTHINFO 0x8102
+#define VPNCTL_STATUS_PEER_RESP 0x8103
/*
* Flags
*/
#define VPNCTL_FLAG_MODECFG_USED 0x0001
+#define VPNCTL_FLAG_IKE_VERSION 0x0002
+#define VPNCTL_FLAG_IKEV2 VPNCTL_FLAG_IKE_VERSION
/*
* XAUTH Attribute Types
/* connect to specified address */
-struct vpnctl_cmd_connect{
+struct vpnctl_cmd_connect {
struct vpnctl_hdr hdr;
u_int32_t address;
};
+struct vpnctl_cmd_set_nat64_prefix {
+ struct vpnctl_hdr hdr;
+ nw_nat64_prefix_t nat64_prefix;
+};
+
struct vpnctl_sa_selector {
u_int32_t src_tunnel_address;
u_int32_t src_tunnel_mask;
/* array of struct vpnctl_algo */
};
+/* assert connection (after network change) */
+struct vpnctl_cmd_assert {
+ struct vpnctl_hdr hdr;
+ u_int32_t src_address;
+ u_int32_t dst_address;
+};
+
/* set xauth info */
struct vpnctl_cmd_xauth_info {
struct vpnctl_hdr hdr;
#define VPNCTL_NTYPE_PEER_DEAD 50001 /* detected by DPD */
#define VPNCTL_NTYPE_PH1_DELETE 50002 /* received a delete payload leaving no PH1 SA for the remote address */
#define VPNCTL_NTYPE_IDLE_TIMEOUT 50003
-#define VPNCTL_NTYPE_PH1_DELETE_CERT_ERROR VPNCTL_NTYPE_IDLE_TIMEOUT /* used for offsetting cert errors */
-#define VPNCTL_NTYPE_PH1_DELETE_CERT_PREMATURE 50004 /* received a delete payload & there was a cert verification error leaving no PH1 SA for the remote address */
-#define VPNCTL_NTYPE_PH1_DELETE_CERT_EXPIRED 50005 /* received a delete payload & there was a cert verification error leaving no PH1 SA for the remote address */
+#define VPNCTL_NTYPE_LOCAL_CERT_PREMATURE 50004 /* certificate is premature */
+#define VPNCTL_NTYPE_LOCAL_CERT_EXPIRED 50005 /* certificate has expired */
+#define VPNCTL_NTYPE_PEER_CERT_PREMATURE 50006 /* peer's certificate is premature */
+#define VPNCTL_NTYPE_PEER_CERT_EXPIRED 50007 /* peer's certificate has expired */
+#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJNAME 50008 /* peer's certificate has an invalid subjname */
+#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJALTNAME 50009 /* peer's certificate has an invalid subjaltname */
#define VPNCTL_NTYPE_INTERNAL_ERROR -1
u_int8_t data[0];
};
+struct vpnctl_status_peer_resp {
+ struct vpnctl_hdr hdr;
+ u_int32_t address;
+ u_int16_t ike_code;
+};
#endif /* _VPN_CONTROL_H */
projects / apple / ipsec.git / blobdiff