X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/d1e348cfd503b08e7d34b7683d23aae209af0a71..d06a7ccbc5c7dbb1b65b08cfdbb7c4ec0824c666:/ipsec-tools/racoon/vpn_control.h

diff --git a/ipsec-tools/racoon/vpn_control.h b/ipsec-tools/racoon/vpn_control.h
index fd545d8..33c18a2 100644
--- a/ipsec-tools/racoon/vpn_control.h
+++ b/ipsec-tools/racoon/vpn_control.h
@@ -56,6 +56,7 @@
 
 #include "algorithm_types.h"
 #include <net/if.h>
+#include <network/nat64.h>
 
 #define VPNCONTROLSOCK_PATH ADMINPORTDIR "/vpncontrol.sock"
 
@@ -81,6 +82,9 @@ extern mode_t vpncontrolsock_mode;
 #define VPNCTL_CMD_START_PH2			0x0013
 #define VPNCTL_CMD_XAUTH_INFO			0x0014
 #define VPNCTL_CMD_START_DPD			0x0015
+#define VPNCTL_CMD_ASSERT				0x0016
+#define VPNCTL_CMD_RECONNECT			0x0017
+#define VPNCTL_CMD_SET_NAT64_PREFIX		0x0018
 #define VPNCTL_STATUS_IKE_FAILED		0x8001
 #define VPNCTL_STATUS_PH1_START_US		0x8011
 #define VPNCTL_STATUS_PH1_START_PEER	0x8012
@@ -89,11 +93,14 @@ extern mode_t vpncontrolsock_mode;
 #define VPNCTL_STATUS_PH2_ESTABLISHED	0x8022
 #define VPNCTL_STATUS_NEED_AUTHINFO		0x8101
 #define VPNCTL_STATUS_NEED_REAUTHINFO	0x8102
+#define VPNCTL_STATUS_PEER_RESP		0x8103
 
 /*
  * Flags
  */
 #define VPNCTL_FLAG_MODECFG_USED		0x0001
+#define VPNCTL_FLAG_IKE_VERSION			0x0002
+#define VPNCTL_FLAG_IKEV2				VPNCTL_FLAG_IKE_VERSION
 
 /*
  * XAUTH Attribute Types
@@ -196,11 +203,16 @@ struct vpnctl_cmd_unbind {
 
 
 /* connect to specified address */
-struct vpnctl_cmd_connect{
+struct vpnctl_cmd_connect {
 	struct vpnctl_hdr		hdr;
 	u_int32_t				address;
 };
 
+struct vpnctl_cmd_set_nat64_prefix {
+	struct vpnctl_hdr		hdr;
+	nw_nat64_prefix_t		nat64_prefix;
+};
+
 struct vpnctl_sa_selector {
 	u_int32_t		src_tunnel_address;
 	u_int32_t		src_tunnel_mask;
@@ -232,6 +244,13 @@ struct vpnctl_cmd_start_ph2 {
 	/* array of struct vpnctl_algo */
 };
 
+/* assert connection (after network change) */
+struct vpnctl_cmd_assert {
+	struct vpnctl_hdr		hdr;
+	u_int32_t				src_address;
+	u_int32_t				dst_address;
+};
+
 /* set xauth info */
 struct vpnctl_cmd_xauth_info {	
 	struct vpnctl_hdr		hdr;
@@ -290,6 +309,12 @@ struct vpnctl_cmd_start_dpd {
 #define VPNCTL_NTYPE_PEER_DEAD					50001	/* detected by DPD */
 #define VPNCTL_NTYPE_PH1_DELETE					50002	/* received a delete payload leaving no PH1 SA for the remote address */
 #define VPNCTL_NTYPE_IDLE_TIMEOUT				50003
+#define VPNCTL_NTYPE_LOCAL_CERT_PREMATURE		50004	/* certificate is premature */
+#define VPNCTL_NTYPE_LOCAL_CERT_EXPIRED			50005	/* certificate has expired */
+#define VPNCTL_NTYPE_PEER_CERT_PREMATURE		50006	/* peer's certificate is premature */
+#define VPNCTL_NTYPE_PEER_CERT_EXPIRED			50007	/* peer's certificate has expired */
+#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJNAME		50008	/* peer's certificate has an invalid subjname */
+#define VPNCTL_NTYPE_PEER_CERT_INVALID_SUBJALTNAME	50009	/* peer's certificate has an invalid subjaltname */
 #define VPNCTL_NTYPE_INTERNAL_ERROR				-1
 
 
@@ -337,5 +362,10 @@ struct vpnctl_status_failed {
 	u_int8_t					data[0];
 };
 
+struct vpnctl_status_peer_resp {
+	struct vpnctl_hdr			hdr;
+	u_int32_t					address;
+	u_int16_t					ike_code;
+};
 
 #endif /* _VPN_CONTROL_H */