X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/1c79356b52d46aa6b508fb032f5ae709b1f2897b..813fb2f63a553c957e917ede5f119b021d6ce391:/bsd/net/pfkeyv2.h diff --git a/bsd/net/pfkeyv2.h b/bsd/net/pfkeyv2.h index cd966f618..97d6280fa 100644 --- a/bsd/net/pfkeyv2.h +++ b/bsd/net/pfkeyv2.h @@ -1,23 +1,29 @@ /* - * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2000-2011 Apple Computer, Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* $KAME: pfkeyv2.h,v 1.10 2000/03/22 07:04:20 sakane Exp $ */ @@ -50,8 +56,6 @@ * SUCH DAMAGE. */ -/* $Id: pfkeyv2.h,v 1.3 2000/11/22 01:12:11 zarzycki Exp $ */ - /* * This file has been derived rfc 2367, * And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_. @@ -60,6 +64,8 @@ #ifndef _NET_PFKEYV2_H_ #define _NET_PFKEYV2_H_ +#include +#include /* This file defines structures and symbols for the PF_KEY Version 2 @@ -95,9 +101,13 @@ you leave this credit intact on any copies of this file. #define SADB_X_SPDDUMP 18 #define SADB_X_SPDFLUSH 19 #define SADB_X_SPDSETIDX 20 -#define SADB_X_SPDEXPIRE 21 /* not yet */ +#define SADB_X_SPDEXPIRE 21 #define SADB_X_SPDDELETE2 22 /* by policy id */ -#define SADB_MAX 22 +#define SADB_GETSASTAT 23 +#define SADB_X_SPDENABLE 24 /* by policy id */ +#define SADB_X_SPDDISABLE 25 /* by policy id */ +#define SADB_MIGRATE 26 +#define SADB_MAX 26 struct sadb_msg { u_int8_t sadb_msg_version; @@ -105,13 +115,9 @@ struct sadb_msg { u_int8_t sadb_msg_errno; u_int8_t sadb_msg_satype; u_int16_t sadb_msg_len; - u_int8_t sadb_msg_mode; /* XXX */ - u_int8_t sadb_msg_reserved1; + u_int16_t sadb_msg_reserved; u_int32_t sadb_msg_seq; u_int32_t sadb_msg_pid; - u_int32_t sadb_msg_reqid; /* XXX */ - /* when policy mng, value is zero. */ - u_int32_t sadb_msg_reserved2; }; struct sadb_ext { @@ -130,6 +136,22 @@ struct sadb_sa { u_int32_t sadb_sa_flags; }; +#ifdef PRIVATE +struct sadb_sa_2 { + struct sadb_sa sa; + u_int16_t sadb_sa_natt_port; + union { + u_int16_t sadb_reserved0; + u_int16_t sadb_sa_natt_interval; + }; + + union { + u_int32_t sadb_reserved1; + u_int16_t sadb_sa_natt_offload_interval; + }; +}; +#endif /* PRIVATE */ + struct sadb_lifetime { u_int16_t sadb_lifetime_len; u_int16_t sadb_lifetime_exttype; @@ -161,15 +183,6 @@ struct sadb_ident { u_int16_t sadb_ident_reserved; u_int64_t sadb_ident_id; }; -/* in order to use to divide sadb_ident.sadb_ident_id */ -union sadb_x_ident_id { - u_int64_t sadb_x_ident_id; - struct _sadb_x_ident_id_addr { - u_int16_t prefix; - u_int16_t ul_proto; - u_int32_t reserved; - } sadb_x_ident_id_addr; -}; struct sadb_sens { u_int16_t sadb_sens_len; @@ -236,8 +249,34 @@ struct sadb_x_kmprivate { u_int32_t sadb_x_kmprivate_reserved; }; +/* + * XXX Additional SA Extension. + * mode: tunnel or transport + * reqid: to make SA unique nevertheless the address pair of SA are same. + * Mainly it's for VPN. + */ +struct sadb_x_sa2 { + u_int16_t sadb_x_sa2_len; + u_int16_t sadb_x_sa2_exttype; + u_int8_t sadb_x_sa2_mode; + union { + u_int8_t sadb_x_sa2_reserved1; +#ifdef PRIVATE + u_int8_t sadb_x_sa2_alwaysexpire; +#endif + }; + union { + u_int16_t sadb_x_sa2_reserved2; +#ifdef PRIVATE + u_int16_t sadb_x_sa2_flags; +#endif + }; + u_int32_t sadb_x_sa2_sequence; + u_int32_t sadb_x_sa2_reqid; +}; + /* XXX Policy Extension */ -/* sizeof(struct sadb_x_policy) == 8 */ +/* sizeof(struct sadb_x_policy) == 16 */ struct sadb_x_policy { u_int16_t sadb_x_policy_len; u_int16_t sadb_x_policy_exttype; @@ -253,7 +292,22 @@ struct sadb_x_policy { * [total length of ipsec policy requests] * = (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy)) */ - +#ifdef PRIVATE +/* IPSec Interface Extension: + * IPSec interface can be specified alone, or all three + * of internal, outgoing, and IPSec interfaces must be + * specified. + */ +struct sadb_x_ipsecif { + u_int16_t sadb_x_ipsecif_len; + u_int16_t sadb_x_ipsecif_exttype; + char sadb_x_ipsecif_internal_if[IFXNAMSIZ]; /* Steal packets from this interface */ + char sadb_x_ipsecif_outgoing_if[IFXNAMSIZ]; /* Send packets out on this interface */ + char sadb_x_ipsecif_ipsec_if[IFXNAMSIZ]; /* Direct packets through ipsec interface */ + u_int16_t sadb_x_ipsecif_init_disabled; /* 0 or 1, flag to ignore policy */ + u_int16_t reserved; +}; +#endif /* XXX IPsec Policy Request Extension */ /* * This structure is aligned 8 bytes. @@ -276,6 +330,30 @@ struct sadb_x_ipsecrequest { */ }; +struct sadb_session_id { + u_int16_t sadb_session_id_len; + u_int16_t sadb_session_id_exttype; + /* [0] is an arbitrary handle that means something only for requester + * [1] is a global session id for lookups in the kernel and racoon. + */ + u_int64_t sadb_session_id_v[2]; +} __attribute__ ((aligned(8))); + +struct sastat { + u_int32_t spi; /* SPI Value, network byte order */ + u_int32_t created; /* for lifetime */ + struct sadb_lifetime lft_c; /* CURRENT lifetime. */ +}; // no need to align + +struct sadb_sastat { + u_int16_t sadb_sastat_len; + u_int16_t sadb_sastat_exttype; + u_int32_t sadb_sastat_dir; + u_int32_t sadb_sastat_reserved; + u_int32_t sadb_sastat_list_len; + /* list of struct sastat comes after */ +} __attribute__ ((aligned(8))); + #define SADB_EXT_RESERVED 0 #define SADB_EXT_SA 1 #define SADB_EXT_LIFETIME_CURRENT 2 @@ -295,7 +373,18 @@ struct sadb_x_ipsecrequest { #define SADB_EXT_SPIRANGE 16 #define SADB_X_EXT_KMPRIVATE 17 #define SADB_X_EXT_POLICY 18 -#define SADB_EXT_MAX 18 +#define SADB_X_EXT_SA2 19 +#define SADB_EXT_SESSION_ID 20 +#define SADB_EXT_SASTAT 21 +#define SADB_X_EXT_IPSECIF 22 +#define SADB_X_EXT_ADDR_RANGE_SRC_START 23 +#define SADB_X_EXT_ADDR_RANGE_SRC_END 24 +#define SADB_X_EXT_ADDR_RANGE_DST_START 25 +#define SADB_X_EXT_ADDR_RANGE_DST_END 26 +#define SADB_EXT_MIGRATE_ADDRESS_SRC 27 +#define SADB_EXT_MIGRATE_ADDRESS_DST 28 +#define SADB_X_EXT_MIGRATE_IPSECIF 29 +#define SADB_EXT_MAX 29 #define SADB_SATYPE_UNSPEC 0 #define SADB_SATYPE_AH 2 @@ -316,22 +405,34 @@ struct sadb_x_ipsecrequest { #define SADB_SAFLAGS_PFS 1 -#define SADB_AALG_NONE 0 -#define SADB_AALG_MD5HMAC 1 /* 2 */ -#define SADB_AALG_SHA1HMAC 2 /* 3 */ -#define SADB_AALG_MD5 3 /* Keyed MD5 */ -#define SADB_AALG_SHA 4 /* Keyed SHA */ -#define SADB_AALG_NULL 5 /* null authentication */ -#define SADB_AALG_MAX 6 - -#define SADB_EALG_NONE 0 -#define SADB_EALG_DESCBC 1 /* 2 */ -#define SADB_EALG_3DESCBC 2 /* 3 */ -#define SADB_EALG_NULL 3 /* 11 */ -#define SADB_EALG_BLOWFISHCBC 4 -#define SADB_EALG_CAST128CBC 5 -#define SADB_EALG_RC5CBC 6 -#define SADB_EALG_MAX 7 +/* RFC2367 numbers - meets RFC2407 */ +#define SADB_AALG_NONE 0 +#define SADB_AALG_MD5HMAC 1 /*2*/ +#define SADB_AALG_SHA1HMAC 2 /*3*/ +#define SADB_AALG_MAX 8 +/* private allocations - based on RFC2407/IANA assignment */ +#define SADB_X_AALG_SHA2_256 6 /*5*/ +#define SADB_X_AALG_SHA2_384 7 /*6*/ +#define SADB_X_AALG_SHA2_512 8 /*7*/ +/* private allocations should use 249-255 (RFC2407) */ +#define SADB_X_AALG_MD5 3 /*249*/ /* Keyed MD5 */ +#define SADB_X_AALG_SHA 4 /*250*/ /* Keyed SHA */ +#define SADB_X_AALG_NULL 5 /*251*/ /* null authentication */ + +/* RFC2367 numbers - meets RFC2407 */ +#define SADB_EALG_NONE 0 +#define SADB_EALG_DESCBC 1 /*2*/ +#define SADB_EALG_3DESCBC 2 /*3*/ +#define SADB_EALG_NULL 3 /*11*/ +#define SADB_EALG_MAX 12 +/* private allocations - based on RFC2407/IANA assignment */ +#define SADB_X_EALG_CAST128CBC 5 /*6*/ +#define SADB_X_EALG_BLOWFISHCBC 4 /*7*/ +#define SADB_X_EALG_RIJNDAELCBC 12 +#define SADB_X_EALG_AESCBC 12 +#define SADB_X_EALG_AES 12 +#define SADB_X_EALG_AES_GCM 13 +/* private allocations should use 249-255 (RFC2407) */ #if 1 /*nonstandard */ #define SADB_X_CALG_NONE 0 @@ -351,6 +452,13 @@ struct sadb_x_ipsecrequest { /* `flags' in sadb_sa structure holds followings */ #define SADB_X_EXT_NONE 0x0000 /* i.e. new format. */ #define SADB_X_EXT_OLD 0x0001 /* old format. */ +#ifdef PRIVATE +#define SADB_X_EXT_NATT 0x0002 /* Use UDP encapsulation to traverse NAT */ +#define SADB_X_EXT_NATT_KEEPALIVE 0x0004 /* Local node is behind NAT, send keepalives */ + /* Should only be set for outbound SAs */ +#define SADB_X_EXT_NATT_MULTIPLEUSERS 0x0008 /* For use on VPN server - support multiple users */ + +#endif /* PRIVATE */ #define SADB_X_EXT_IV4B 0x0010 /* IV length of 4 bytes in use */ #define SADB_X_EXT_DERIV 0x0020 /* DES derived */ @@ -362,11 +470,26 @@ struct sadb_x_ipsecrequest { #define SADB_X_EXT_PZERO 0x0200 /* zero padding for ESP */ #define SADB_X_EXT_PMASK 0x0300 /* mask for padding flag */ +#ifdef PRIVATE +#define SADB_X_EXT_NATT_DETECTED_PEER 0x1000 +#define SADB_X_EXT_ESP_KEEPALIVE 0x2000 +#define SADB_X_EXT_PUNT_RX_KEEPALIVE 0x4000 +#define SADB_X_EXT_NATT_KEEPALIVE_OFFLOAD 0x8000 +#endif /* PRIVATE */ + +#ifdef PRIVATE +#define NATT_KEEPALIVE_OFFLOAD_INTERVAL 0x1 +#endif + #if 1 #define SADB_X_EXT_RAWCPI 0x0080 /* use well known CPI (IPComp) */ #endif -#define SADB_KEY_FLAGS_MAX 0x0fff +#define SADB_KEY_FLAGS_MAX 0x7fff + +#ifdef PRIVATE +#define SADB_X_EXT_SA2_DELETE_ON_DETACH 0x0001 +#endif /* SPI size for PF_KEYv2 */ #define PFKEY_SPI_SIZE sizeof(u_int32_t) @@ -391,63 +514,9 @@ struct sadb_x_ipsecrequest { #define PFKEY_ADDR_SADDR(ext) \ ((struct sockaddr *)((caddr_t)(ext) + sizeof(struct sadb_address))) -#if 1 /* in 64bits */ #define PFKEY_UNUNIT64(a) ((a) << 3) #define PFKEY_UNIT64(a) ((a) >> 3) -#else -#define PFKEY_UNUNIT64(a) (a) -#define PFKEY_UNIT64(a) (a) -#endif - -#ifndef KERNEL -extern void pfkey_sadump __P((struct sadb_msg *)); -extern void pfkey_spdump __P((struct sadb_msg *)); - -struct sockaddr; -int ipsec_check_keylen __P((u_int, u_int, u_int)); -u_int pfkey_set_softrate __P((u_int, u_int)); -u_int pfkey_get_softrate __P((u_int)); -int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *, - struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t)); -int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *, - struct sockaddr *, u_int32_t, u_int32_t, u_int, - caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, - u_int64_t, u_int64_t, u_int32_t)); -int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *, - struct sockaddr *, u_int32_t, u_int32_t, u_int, - caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t, - u_int64_t, u_int64_t, u_int32_t)); -int pfkey_send_delete __P((int, u_int, u_int, - struct sockaddr *, struct sockaddr *, u_int32_t)); -int pfkey_send_get __P((int, u_int, u_int, - struct sockaddr *, struct sockaddr *, u_int32_t)); -int pfkey_send_register __P((int, u_int)); -int pfkey_recv_register __P((int)); -int pfkey_send_flush __P((int, u_int)); -int pfkey_send_dump __P((int, u_int)); -int pfkey_send_promisc_toggle __P((int, int)); -int pfkey_send_spdadd __P((int, struct sockaddr *, u_int, - struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); -int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int, - struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); -int pfkey_send_spddelete __P((int, struct sockaddr *, u_int, - struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); -int pfkey_send_spddelete2 __P((int, u_int32_t)); -int pfkey_send_spdget __P((int, u_int32_t)); -int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int, - struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t)); -int pfkey_send_spdflush __P((int)); -int pfkey_send_spddump __P((int)); - -int pfkey_open __P((void)); -void pfkey_close __P((int)); -struct sadb_msg *pfkey_recv __P((int)); -int pfkey_send __P((int, struct sadb_msg *, int)); -int pfkey_align __P((struct sadb_msg *, caddr_t *)); -int pfkey_check __P((caddr_t *)); - -#endif /*!KERNEL*/ #endif /* __PFKEY_V2_H */