2 * Copyright (c) 2000-2011 Apple Computer, Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
28 /* $KAME: pfkeyv2.h,v 1.10 2000/03/22 07:04:20 sakane Exp $ */
31 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
32 * All rights reserved.
34 * Redistribution and use in source and binary forms, with or without
35 * modification, are permitted provided that the following conditions
37 * 1. Redistributions of source code must retain the above copyright
38 * notice, this list of conditions and the following disclaimer.
39 * 2. Redistributions in binary form must reproduce the above copyright
40 * notice, this list of conditions and the following disclaimer in the
41 * documentation and/or other materials provided with the distribution.
42 * 3. Neither the name of the project nor the names of its contributors
43 * may be used to endorse or promote products derived from this software
44 * without specific prior written permission.
46 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * This file has been derived rfc 2367,
61 * And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_.
65 #ifndef _NET_PFKEYV2_H_
66 #define _NET_PFKEYV2_H_
67 #include <sys/appleapiopts.h>
71 * This file defines structures and symbols for the PF_KEY Version 2
72 * key management interface. It was written at the U.S. Naval Research
73 * Laboratory. This file is in the public domain. The authors ask that
74 * you leave this credit intact on any copies of this file.
77 #define __PFKEY_V2_H 1
80 #define PFKEYV2_REVISION 199806L
82 #define SADB_RESERVED 0
88 #define SADB_ACQUIRE 6
89 #define SADB_REGISTER 7
93 #define SADB_X_PROMISC 11
94 #define SADB_X_PCHANGE 12
96 #define SADB_X_SPDUPDATE 13
97 #define SADB_X_SPDADD 14
98 #define SADB_X_SPDDELETE 15 /* by policy index */
99 #define SADB_X_SPDGET 16
100 #define SADB_X_SPDACQUIRE 17
101 #define SADB_X_SPDDUMP 18
102 #define SADB_X_SPDFLUSH 19
103 #define SADB_X_SPDSETIDX 20
104 #define SADB_X_SPDEXPIRE 21
105 #define SADB_X_SPDDELETE2 22 /* by policy id */
106 #define SADB_GETSASTAT 23
107 #define SADB_X_SPDENABLE 24 /* by policy id */
108 #define SADB_X_SPDDISABLE 25 /* by policy id */
109 #define SADB_MIGRATE 26
113 u_int8_t sadb_msg_version
;
114 u_int8_t sadb_msg_type
;
115 u_int8_t sadb_msg_errno
;
116 u_int8_t sadb_msg_satype
;
117 u_int16_t sadb_msg_len
;
118 u_int16_t sadb_msg_reserved
;
119 u_int32_t sadb_msg_seq
;
120 u_int32_t sadb_msg_pid
;
124 u_int16_t sadb_ext_len
;
125 u_int16_t sadb_ext_type
;
129 u_int16_t sadb_sa_len
;
130 u_int16_t sadb_sa_exttype
;
131 u_int32_t sadb_sa_spi
;
132 u_int8_t sadb_sa_replay
;
133 u_int8_t sadb_sa_state
;
134 u_int8_t sadb_sa_auth
;
135 u_int8_t sadb_sa_encrypt
;
136 u_int32_t sadb_sa_flags
;
142 u_int16_t sadb_sa_natt_port
;
144 u_int16_t sadb_reserved0
;
145 u_int16_t sadb_sa_natt_interval
;
149 u_int32_t sadb_reserved1
;
150 u_int16_t sadb_sa_natt_offload_interval
;
155 struct sadb_lifetime
{
156 u_int16_t sadb_lifetime_len
;
157 u_int16_t sadb_lifetime_exttype
;
158 u_int32_t sadb_lifetime_allocations
;
159 u_int64_t sadb_lifetime_bytes
;
160 u_int64_t sadb_lifetime_addtime
;
161 u_int64_t sadb_lifetime_usetime
;
164 struct sadb_address
{
165 u_int16_t sadb_address_len
;
166 u_int16_t sadb_address_exttype
;
167 u_int8_t sadb_address_proto
;
168 u_int8_t sadb_address_prefixlen
;
169 u_int16_t sadb_address_reserved
;
173 u_int16_t sadb_key_len
;
174 u_int16_t sadb_key_exttype
;
175 u_int16_t sadb_key_bits
;
176 u_int16_t sadb_key_reserved
;
180 u_int16_t sadb_ident_len
;
181 u_int16_t sadb_ident_exttype
;
182 u_int16_t sadb_ident_type
;
183 u_int16_t sadb_ident_reserved
;
184 u_int64_t sadb_ident_id
;
188 u_int16_t sadb_sens_len
;
189 u_int16_t sadb_sens_exttype
;
190 u_int32_t sadb_sens_dpd
;
191 u_int8_t sadb_sens_sens_level
;
192 u_int8_t sadb_sens_sens_len
;
193 u_int8_t sadb_sens_integ_level
;
194 u_int8_t sadb_sens_integ_len
;
195 u_int32_t sadb_sens_reserved
;
199 u_int16_t sadb_prop_len
;
200 u_int16_t sadb_prop_exttype
;
201 u_int8_t sadb_prop_replay
;
202 u_int8_t sadb_prop_reserved
[3];
206 u_int8_t sadb_comb_auth
;
207 u_int8_t sadb_comb_encrypt
;
208 u_int16_t sadb_comb_flags
;
209 u_int16_t sadb_comb_auth_minbits
;
210 u_int16_t sadb_comb_auth_maxbits
;
211 u_int16_t sadb_comb_encrypt_minbits
;
212 u_int16_t sadb_comb_encrypt_maxbits
;
213 u_int32_t sadb_comb_reserved
;
214 u_int32_t sadb_comb_soft_allocations
;
215 u_int32_t sadb_comb_hard_allocations
;
216 u_int64_t sadb_comb_soft_bytes
;
217 u_int64_t sadb_comb_hard_bytes
;
218 u_int64_t sadb_comb_soft_addtime
;
219 u_int64_t sadb_comb_hard_addtime
;
220 u_int64_t sadb_comb_soft_usetime
;
221 u_int64_t sadb_comb_hard_usetime
;
224 struct sadb_supported
{
225 u_int16_t sadb_supported_len
;
226 u_int16_t sadb_supported_exttype
;
227 u_int32_t sadb_supported_reserved
;
231 u_int8_t sadb_alg_id
;
232 u_int8_t sadb_alg_ivlen
;
233 u_int16_t sadb_alg_minbits
;
234 u_int16_t sadb_alg_maxbits
;
235 u_int16_t sadb_alg_reserved
;
238 struct sadb_spirange
{
239 u_int16_t sadb_spirange_len
;
240 u_int16_t sadb_spirange_exttype
;
241 u_int32_t sadb_spirange_min
;
242 u_int32_t sadb_spirange_max
;
243 u_int32_t sadb_spirange_reserved
;
246 struct sadb_x_kmprivate
{
247 u_int16_t sadb_x_kmprivate_len
;
248 u_int16_t sadb_x_kmprivate_exttype
;
249 u_int32_t sadb_x_kmprivate_reserved
;
253 * XXX Additional SA Extension.
254 * mode: tunnel or transport
255 * reqid: to make SA unique nevertheless the address pair of SA are same.
256 * Mainly it's for VPN.
259 u_int16_t sadb_x_sa2_len
;
260 u_int16_t sadb_x_sa2_exttype
;
261 u_int8_t sadb_x_sa2_mode
;
263 u_int8_t sadb_x_sa2_reserved1
;
265 u_int8_t sadb_x_sa2_alwaysexpire
;
269 u_int16_t sadb_x_sa2_reserved2
;
271 u_int16_t sadb_x_sa2_flags
;
274 u_int32_t sadb_x_sa2_sequence
;
275 u_int32_t sadb_x_sa2_reqid
;
278 /* XXX Policy Extension */
279 /* sizeof(struct sadb_x_policy) == 16 */
280 struct sadb_x_policy
{
281 u_int16_t sadb_x_policy_len
;
282 u_int16_t sadb_x_policy_exttype
;
283 u_int16_t sadb_x_policy_type
; /* See policy type of ipsec.h */
284 u_int8_t sadb_x_policy_dir
; /* direction, see ipsec.h */
285 u_int8_t sadb_x_policy_reserved
;
286 u_int32_t sadb_x_policy_id
;
287 u_int32_t sadb_x_policy_reserved2
;
290 * When policy_type == IPSEC, it is followed by some of
291 * the ipsec policy request.
292 * [total length of ipsec policy requests]
293 * = (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy))
296 /* IPSec Interface Extension:
297 * IPSec interface can be specified alone, or all three
298 * of internal, outgoing, and IPSec interfaces must be
301 struct sadb_x_ipsecif
{
302 u_int16_t sadb_x_ipsecif_len
;
303 u_int16_t sadb_x_ipsecif_exttype
;
304 char sadb_x_ipsecif_internal_if
[IFXNAMSIZ
]; /* Steal packets from this interface */
305 char sadb_x_ipsecif_outgoing_if
[IFXNAMSIZ
]; /* Send packets out on this interface */
306 char sadb_x_ipsecif_ipsec_if
[IFXNAMSIZ
]; /* Direct packets through ipsec interface */
307 u_int16_t sadb_x_ipsecif_init_disabled
; /* 0 or 1, flag to ignore policy */
311 /* XXX IPsec Policy Request Extension */
313 * This structure is aligned 8 bytes.
315 struct sadb_x_ipsecrequest
{
316 u_int16_t sadb_x_ipsecrequest_len
; /* structure length aligned to 8 bytes.
317 * This value is true length of bytes.
318 * Not in units of 64 bits. */
319 u_int16_t sadb_x_ipsecrequest_proto
; /* See ipsec.h */
320 u_int8_t sadb_x_ipsecrequest_mode
; /* See IPSEC_MODE_XX in ipsec.h. */
321 u_int8_t sadb_x_ipsecrequest_level
; /* See IPSEC_LEVEL_XX in ipsec.h */
322 u_int16_t sadb_x_ipsecrequest_reqid
; /* See ipsec.h */
325 * followed by source IP address of SA, and immediately followed by
326 * destination IP address of SA. These encoded into two of sockaddr
327 * structure without any padding. Must set each sa_len exactly.
328 * Each of length of the sockaddr structure are not aligned to 64bits,
329 * but sum of x_request and addresses is aligned to 64bits.
333 struct sadb_session_id
{
334 u_int16_t sadb_session_id_len
;
335 u_int16_t sadb_session_id_exttype
;
336 /* [0] is an arbitrary handle that means something only for requester
337 * [1] is a global session id for lookups in the kernel and racoon.
339 u_int64_t sadb_session_id_v
[2];
340 } __attribute__ ((aligned(8)));
343 u_int32_t spi
; /* SPI Value, network byte order */
344 u_int32_t created
; /* for lifetime */
345 struct sadb_lifetime lft_c
; /* CURRENT lifetime. */
346 }; // no need to align
349 u_int16_t sadb_sastat_len
;
350 u_int16_t sadb_sastat_exttype
;
351 u_int32_t sadb_sastat_dir
;
352 u_int32_t sadb_sastat_reserved
;
353 u_int32_t sadb_sastat_list_len
;
354 /* list of struct sastat comes after */
355 } __attribute__ ((aligned(8)));
357 #define SADB_EXT_RESERVED 0
358 #define SADB_EXT_SA 1
359 #define SADB_EXT_LIFETIME_CURRENT 2
360 #define SADB_EXT_LIFETIME_HARD 3
361 #define SADB_EXT_LIFETIME_SOFT 4
362 #define SADB_EXT_ADDRESS_SRC 5
363 #define SADB_EXT_ADDRESS_DST 6
364 #define SADB_EXT_ADDRESS_PROXY 7
365 #define SADB_EXT_KEY_AUTH 8
366 #define SADB_EXT_KEY_ENCRYPT 9
367 #define SADB_EXT_IDENTITY_SRC 10
368 #define SADB_EXT_IDENTITY_DST 11
369 #define SADB_EXT_SENSITIVITY 12
370 #define SADB_EXT_PROPOSAL 13
371 #define SADB_EXT_SUPPORTED_AUTH 14
372 #define SADB_EXT_SUPPORTED_ENCRYPT 15
373 #define SADB_EXT_SPIRANGE 16
374 #define SADB_X_EXT_KMPRIVATE 17
375 #define SADB_X_EXT_POLICY 18
376 #define SADB_X_EXT_SA2 19
377 #define SADB_EXT_SESSION_ID 20
378 #define SADB_EXT_SASTAT 21
379 #define SADB_X_EXT_IPSECIF 22
380 #define SADB_X_EXT_ADDR_RANGE_SRC_START 23
381 #define SADB_X_EXT_ADDR_RANGE_SRC_END 24
382 #define SADB_X_EXT_ADDR_RANGE_DST_START 25
383 #define SADB_X_EXT_ADDR_RANGE_DST_END 26
384 #define SADB_EXT_MIGRATE_ADDRESS_SRC 27
385 #define SADB_EXT_MIGRATE_ADDRESS_DST 28
386 #define SADB_X_EXT_MIGRATE_IPSECIF 29
387 #define SADB_EXT_MAX 29
389 #define SADB_SATYPE_UNSPEC 0
390 #define SADB_SATYPE_AH 2
391 #define SADB_SATYPE_ESP 3
392 #define SADB_SATYPE_RSVP 5
393 #define SADB_SATYPE_OSPFV2 6
394 #define SADB_SATYPE_RIPV2 7
395 #define SADB_SATYPE_MIP 8
396 #define SADB_X_SATYPE_IPCOMP 9
397 #define SADB_X_SATYPE_POLICY 10
398 #define SADB_SATYPE_MAX 11
400 #define SADB_SASTATE_LARVAL 0
401 #define SADB_SASTATE_MATURE 1
402 #define SADB_SASTATE_DYING 2
403 #define SADB_SASTATE_DEAD 3
404 #define SADB_SASTATE_MAX 3
406 #define SADB_SAFLAGS_PFS 1
408 /* RFC2367 numbers - meets RFC2407 */
409 #define SADB_AALG_NONE 0
410 #define SADB_AALG_MD5HMAC 1 /*2*/
411 #define SADB_AALG_SHA1HMAC 2 /*3*/
412 #define SADB_AALG_MAX 8
413 /* private allocations - based on RFC2407/IANA assignment */
414 #define SADB_X_AALG_SHA2_256 6 /*5*/
415 #define SADB_X_AALG_SHA2_384 7 /*6*/
416 #define SADB_X_AALG_SHA2_512 8 /*7*/
417 /* private allocations should use 249-255 (RFC2407) */
418 #define SADB_X_AALG_MD5 3 /*249*/ /* Keyed MD5 */
419 #define SADB_X_AALG_SHA 4 /*250*/ /* Keyed SHA */
420 #define SADB_X_AALG_NULL 5 /*251*/ /* null authentication */
422 /* RFC2367 numbers - meets RFC2407 */
423 #define SADB_EALG_NONE 0
424 #define SADB_EALG_DESCBC 1 /*2*/
425 #define SADB_EALG_3DESCBC 2 /*3*/
426 #define SADB_EALG_NULL 3 /*11*/
427 #define SADB_EALG_MAX 12
428 /* private allocations - based on RFC2407/IANA assignment */
429 #define SADB_X_EALG_CAST128CBC 5 /*6*/
430 #define SADB_X_EALG_BLOWFISHCBC 4 /*7*/
431 #define SADB_X_EALG_RIJNDAELCBC 12
432 #define SADB_X_EALG_AESCBC 12
433 #define SADB_X_EALG_AES 12
434 #define SADB_X_EALG_AES_GCM 13
435 #define SADB_X_EALG_CHACHA20POLY1305 14
436 /* private allocations should use 249-255 (RFC2407) */
438 #if 1 /*nonstandard */
439 #define SADB_X_CALG_NONE 0
440 #define SADB_X_CALG_OUI 1
441 #define SADB_X_CALG_DEFLATE 2
442 #define SADB_X_CALG_LZS 3
443 #define SADB_X_CALG_MAX 4
446 #define SADB_IDENTTYPE_RESERVED 0
447 #define SADB_IDENTTYPE_PREFIX 1
448 #define SADB_IDENTTYPE_FQDN 2
449 #define SADB_IDENTTYPE_USERFQDN 3
450 #define SADB_X_IDENTTYPE_ADDR 4
451 #define SADB_IDENTTYPE_MAX 4
453 /* `flags' in sadb_sa structure holds followings */
454 #define SADB_X_EXT_NONE 0x0000 /* i.e. new format. */
455 #define SADB_X_EXT_OLD 0x0001 /* old format. */
457 #define SADB_X_EXT_NATT 0x0002 /* Use UDP encapsulation to traverse NAT */
458 #define SADB_X_EXT_NATT_KEEPALIVE 0x0004 /* Local node is behind NAT, send keepalives */
459 /* Should only be set for outbound SAs */
460 #define SADB_X_EXT_NATT_MULTIPLEUSERS 0x0008 /* For use on VPN server - support multiple users */
464 #define SADB_X_EXT_IV4B 0x0010 /* IV length of 4 bytes in use */
465 #define SADB_X_EXT_DERIV 0x0020 /* DES derived */
466 #define SADB_X_EXT_CYCSEQ 0x0040 /* allowing to cyclic sequence. */
468 /* three of followings are exclusive flags each them */
469 #define SADB_X_EXT_PSEQ 0x0000 /* sequencial padding for ESP */
470 #define SADB_X_EXT_PRAND 0x0100 /* random padding for ESP */
471 #define SADB_X_EXT_PZERO 0x0200 /* zero padding for ESP */
472 #define SADB_X_EXT_PMASK 0x0300 /* mask for padding flag */
474 #define SADB_X_EXT_IIV 0x0400 /* Implicit IV */
477 #define SADB_X_EXT_NATT_DETECTED_PEER 0x1000
478 #define SADB_X_EXT_ESP_KEEPALIVE 0x2000
479 #define SADB_X_EXT_PUNT_RX_KEEPALIVE 0x4000
480 #define SADB_X_EXT_NATT_KEEPALIVE_OFFLOAD 0x8000
484 #define NATT_KEEPALIVE_OFFLOAD_INTERVAL 0x1
488 #define SADB_X_EXT_RAWCPI 0x0080 /* use well known CPI (IPComp) */
491 #define SADB_KEY_FLAGS_MAX 0x7fff
494 #define SADB_X_EXT_SA2_DELETE_ON_DETACH 0x0001
497 /* SPI size for PF_KEYv2 */
498 #define PFKEY_SPI_SIZE sizeof(u_int32_t)
500 /* Identifier for menber of lifetime structure */
501 #define SADB_X_LIFETIME_ALLOCATIONS 0
502 #define SADB_X_LIFETIME_BYTES 1
503 #define SADB_X_LIFETIME_ADDTIME 2
504 #define SADB_X_LIFETIME_USETIME 3
506 /* The rate for SOFT lifetime against HARD one. */
507 #define PFKEY_SOFT_LIFETIME_RATE 80
510 #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
511 #define PFKEY_EXTLEN(msg) \
512 PFKEY_UNUNIT64(((struct sadb_ext *)(msg))->sadb_ext_len)
513 #define PFKEY_ADDR_PREFIX(ext) \
514 (((struct sadb_address *)(ext))->sadb_address_prefixlen)
515 #define PFKEY_ADDR_PROTO(ext) \
516 (((struct sadb_address *)(ext))->sadb_address_proto)
517 #define PFKEY_ADDR_SADDR(ext) \
518 ((struct sockaddr *)((caddr_t)(ext) + sizeof(struct sadb_address)))
521 #define PFKEY_UNUNIT64(a) ((a) << 3)
522 #define PFKEY_UNIT64(a) ((a) >> 3)
524 #endif /* __PFKEY_V2_H */
526 #endif /* _NET_PFKEYV2_H_ */
projects / apple / xnu.git / blob