network_cmds-245.8.tar.gz

[apple/network_cmds.git] / racoon.tproj / ipsec_doi.h

diff --git a/racoon.tproj/ipsec_doi.h b/racoon.tproj/ipsec_doi.h
index 6e5a5aa3f11503675d9cac42b039474aeed9ee99..1b53b5d113c52385e342ca9290730b14e2649937 100644 (file)
--- a/racoon.tproj/ipsec_doi.h
+++ b/racoon.tproj/ipsec_doi.h
@@ -29,6 +29,9 @@
  * SUCH DAMAGE.
  */
 
  * SUCH DAMAGE.
  */
 

+#ifndef __IPSEC_DOI_H__
+#define __IPSEC_DOI_H__
+

 /* refered to RFC2407 */
 
 #define IPSEC_DOI 1
 /* refered to RFC2407 */
 
 #define IPSEC_DOI 1


@@ -100,8 +103,16 @@
 #define   IPSECDOI_ATTR_ENC_MODE_ANY            0      /* NOTE:internal use */
 #define   IPSECDOI_ATTR_ENC_MODE_TUNNEL         1
 #define   IPSECDOI_ATTR_ENC_MODE_TRNS           2
 #define   IPSECDOI_ATTR_ENC_MODE_ANY            0      /* NOTE:internal use */
 #define   IPSECDOI_ATTR_ENC_MODE_TUNNEL         1
 #define   IPSECDOI_ATTR_ENC_MODE_TRNS           2

-#define   IPSECDOI_ATTR_ENC_MODE_UDP_TUNNEL            3       /* UDP Encapsulated IPSec, NAT-T */
-#define   IPSECDOI_ATTR_ENC_MODE_UDP_TRNS              4       /* UDP Encapsulated IPSec, NAT-T */
+
+/* NAT-T up to draft-ietf-ipsec-nat-t-ike-04 */
+#define   IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT       61443
+#define   IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT         61444
+
+/* NAT-T draft-ietf-ipsec-nat-t-ike-05 and later */
+#define   IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC 3
+#define   IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC   4
+
+

 #define IPSECDOI_ATTR_AUTH                    5 /* B */
        /* 0 means not to use authentication. */
 #define   IPSECDOI_ATTR_AUTH_HMAC_MD5           1
 #define IPSECDOI_ATTR_AUTH                    5 /* B */
        /* 0 means not to use authentication. */
 #define   IPSECDOI_ATTR_AUTH_HMAC_MD5           1


@@ -164,7 +175,7 @@ struct ipsecdoi_pl_id {
 #define IPSECDOI_ID_KEY_ID                           11
 
 /* compressing doi type, it's internal use. */
 #define IPSECDOI_ID_KEY_ID                           11
 
 /* compressing doi type, it's internal use. */

-#define IDTYPE_FQDN            0
+#define IDTYPE_FQDN                    0

 #define IDTYPE_USERFQDN                1
 #define IDTYPE_KEYID           2
 #define IDTYPE_ADDRESS         3
 #define IDTYPE_USERFQDN                1
 #define IDTYPE_KEYID           2
 #define IDTYPE_ADDRESS         3


@@ -175,6 +186,15 @@ struct ipsecdoi_pl_id {
 #define SECRETTYPE_KEY         1
 #define SECRETTYPE_KEYCHAIN    2
 
 #define SECRETTYPE_KEY         1
 #define SECRETTYPE_KEYCHAIN    2
 

+/* verification modules */
+#define VERIFICATION_MODULE_OPENSSL                    0
+#define VERIFICATION_MODULE_SEC_FRAMEWORK      1
+
+/* verification options */
+#define VERIFICATION_OPTION_NONE                               0
+#define VERIFICATION_OPTION_PEERS_IDENTIFIER   1
+#define VERIFICATION_OPTION_OPEN_DIR                   2
+

 /* The use for checking proposal payload. This is not exchange type. */
 #define IPSECDOI_TYPE_PH1      0
 #define IPSECDOI_TYPE_PH2      1
 /* The use for checking proposal payload. This is not exchange type. */
 #define IPSECDOI_TYPE_PH1      0
 #define IPSECDOI_TYPE_PH2      1


@@ -206,6 +226,7 @@ extern const char *ipsecdoi_id2str __P((const vchar_t *));
 extern vchar_t *ipsecdoi_setph1proposal __P((struct isakmpsa *));
 extern int ipsecdoi_setph2proposal __P((struct ph2handle *));
 extern int ipsecdoi_transportmode __P((struct ph2handle *));
 extern vchar_t *ipsecdoi_setph1proposal __P((struct isakmpsa *));
 extern int ipsecdoi_setph2proposal __P((struct ph2handle *));
 extern int ipsecdoi_transportmode __P((struct ph2handle *));

+extern int ipsecdoi_tunnelmode __P((struct ph2handle *));

 extern int ipsecdoi_get_defaultlifetime __P((void));
 extern int ipsecdoi_checkalgtypes __P((int, int, int, int));
 extern int ipproto2doi __P((int));
 extern int ipsecdoi_get_defaultlifetime __P((void));
 extern int ipsecdoi_checkalgtypes __P((int, int, int, int));
 extern int ipproto2doi __P((int));


@@ -217,3 +238,6 @@ extern int ipsecdoi_authalg2trnsid __P((int));
 extern int idtype2doi __P((int));
 extern int doi2idtype __P((int));
 
 extern int idtype2doi __P((int));
 extern int doi2idtype __P((int));
 

+
+#endif /* __IPSEC_DOI_H__ */
+