X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/1c79356b52d46aa6b508fb032f5ae709b1f2897b..d12e16782ebf8bb779633dff9e14486293bf6d07:/bsd/net/pfkeyv2.h?ds=sidebyside

diff --git a/bsd/net/pfkeyv2.h b/bsd/net/pfkeyv2.h
index cd966f618..4b9ec8d8c 100644
--- a/bsd/net/pfkeyv2.h
+++ b/bsd/net/pfkeyv2.h
@@ -50,8 +50,6 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: pfkeyv2.h,v 1.3 2000/11/22 01:12:11 zarzycki Exp $ */
-
 /*
  * This file has been derived rfc 2367,
  * And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_.
@@ -60,6 +58,7 @@
 
 #ifndef _NET_PFKEYV2_H_
 #define _NET_PFKEYV2_H_
+#include <sys/appleapiopts.h>
 
 /*
 This file defines structures and symbols for the PF_KEY Version 2
@@ -95,7 +94,7 @@ you leave this credit intact on any copies of this file.
 #define SADB_X_SPDDUMP    18
 #define SADB_X_SPDFLUSH   19
 #define SADB_X_SPDSETIDX  20
-#define SADB_X_SPDEXPIRE  21	/* not yet */
+#define SADB_X_SPDEXPIRE  21
 #define SADB_X_SPDDELETE2 22	/* by policy id */
 #define SADB_MAX          22
 
@@ -105,13 +104,9 @@ struct sadb_msg {
   u_int8_t sadb_msg_errno;
   u_int8_t sadb_msg_satype;
   u_int16_t sadb_msg_len;
-  u_int8_t sadb_msg_mode;	/* XXX */
-  u_int8_t sadb_msg_reserved1;
+  u_int16_t sadb_msg_reserved;
   u_int32_t sadb_msg_seq;
   u_int32_t sadb_msg_pid;
-  u_int32_t sadb_msg_reqid;	/* XXX */
-  				/* when policy mng, value is zero. */
-  u_int32_t sadb_msg_reserved2;
 };
 
 struct sadb_ext {
@@ -161,15 +156,6 @@ struct sadb_ident {
   u_int16_t sadb_ident_reserved;
   u_int64_t sadb_ident_id;
 };
-/* in order to use to divide sadb_ident.sadb_ident_id */
-union sadb_x_ident_id {
-  u_int64_t sadb_x_ident_id;
-  struct _sadb_x_ident_id_addr {
-    u_int16_t prefix;
-    u_int16_t ul_proto;
-    u_int32_t reserved;
-  } sadb_x_ident_id_addr;
-};
 
 struct sadb_sens {
   u_int16_t sadb_sens_len;
@@ -236,8 +222,24 @@ struct sadb_x_kmprivate {
   u_int32_t sadb_x_kmprivate_reserved;
 };
 
+/*
+ * XXX Additional SA Extension.
+ * mode: tunnel or transport
+ * reqid: to make SA unique nevertheless the address pair of SA are same.
+ *        Mainly it's for VPN.
+ */
+struct sadb_x_sa2 {
+  u_int16_t sadb_x_sa2_len;
+  u_int16_t sadb_x_sa2_exttype;
+  u_int8_t sadb_x_sa2_mode;
+  u_int8_t sadb_x_sa2_reserved1;
+  u_int16_t sadb_x_sa2_reserved2;
+  u_int32_t sadb_x_sa2_reserved3;
+  u_int32_t sadb_x_sa2_reqid;
+};
+
 /* XXX Policy Extension */
-/* sizeof(struct sadb_x_policy) == 8 */
+/* sizeof(struct sadb_x_policy) == 16 */
 struct sadb_x_policy {
   u_int16_t sadb_x_policy_len;
   u_int16_t sadb_x_policy_exttype;
@@ -295,7 +297,8 @@ struct sadb_x_ipsecrequest {
 #define SADB_EXT_SPIRANGE             16
 #define SADB_X_EXT_KMPRIVATE          17
 #define SADB_X_EXT_POLICY             18
-#define SADB_EXT_MAX                  18
+#define SADB_X_EXT_SA2                19
+#define SADB_EXT_MAX                  19
 
 #define SADB_SATYPE_UNSPEC	0
 #define SADB_SATYPE_AH		2
@@ -316,22 +319,32 @@ struct sadb_x_ipsecrequest {
 
 #define SADB_SAFLAGS_PFS      1
 
-#define SADB_AALG_NONE          0
-#define SADB_AALG_MD5HMAC       1	/* 2 */
-#define SADB_AALG_SHA1HMAC      2	/* 3 */
-#define SADB_AALG_MD5           3       /* Keyed MD5 */
-#define SADB_AALG_SHA           4       /* Keyed SHA */
-#define SADB_AALG_NULL          5       /* null authentication */
-#define SADB_AALG_MAX           6
-
-#define SADB_EALG_NONE          0
-#define SADB_EALG_DESCBC        1	/* 2 */
-#define SADB_EALG_3DESCBC       2	/* 3 */
-#define SADB_EALG_NULL          3	/* 11 */
-#define SADB_EALG_BLOWFISHCBC   4
-#define SADB_EALG_CAST128CBC    5
-#define SADB_EALG_RC5CBC        6
-#define SADB_EALG_MAX           7
+/* RFC2367 numbers - meets RFC2407 */
+#define SADB_AALG_NONE		0
+#define SADB_AALG_MD5HMAC	1	/*2*/
+#define SADB_AALG_SHA1HMAC	2	/*3*/
+#define SADB_AALG_MAX		8
+/* private allocations - based on RFC2407/IANA assignment */
+#define SADB_X_AALG_SHA2_256	6	/*5*/
+#define SADB_X_AALG_SHA2_384	7	/*6*/
+#define SADB_X_AALG_SHA2_512	8	/*7*/
+/* private allocations should use 249-255 (RFC2407) */
+#define SADB_X_AALG_MD5		3	/*249*/	/* Keyed MD5 */
+#define SADB_X_AALG_SHA		4	/*250*/	/* Keyed SHA */
+#define SADB_X_AALG_NULL	5	/*251*/	/* null authentication */
+
+/* RFC2367 numbers - meets RFC2407 */
+#define SADB_EALG_NONE		0
+#define SADB_EALG_DESCBC	1	/*2*/
+#define SADB_EALG_3DESCBC	2	/*3*/
+#define SADB_EALG_NULL		3	/*11*/
+#define SADB_EALG_MAX		12
+/* private allocations - based on RFC2407/IANA assignment */
+#define SADB_X_EALG_CAST128CBC	5	/*6*/
+#define SADB_X_EALG_BLOWFISHCBC	4	/*7*/
+#define SADB_X_EALG_RIJNDAELCBC	12
+#define SADB_X_EALG_AES		12
+/* private allocations should use 249-255 (RFC2407) */
 
 #if 1	/*nonstandard */
 #define SADB_X_CALG_NONE	0
@@ -391,63 +404,9 @@ struct sadb_x_ipsecrequest {
 #define PFKEY_ADDR_SADDR(ext) \
 	((struct sockaddr *)((caddr_t)(ext) + sizeof(struct sadb_address)))
 
-#if 1
 /* in 64bits */
 #define	PFKEY_UNUNIT64(a)	((a) << 3)
 #define	PFKEY_UNIT64(a)		((a) >> 3)
-#else
-#define	PFKEY_UNUNIT64(a)	(a)
-#define	PFKEY_UNIT64(a)		(a)
-#endif
-
-#ifndef KERNEL
-extern void pfkey_sadump __P((struct sadb_msg *));
-extern void pfkey_spdump __P((struct sadb_msg *));
-
-struct sockaddr;
-int ipsec_check_keylen __P((u_int, u_int, u_int));
-u_int pfkey_set_softrate __P((u_int, u_int));
-u_int pfkey_get_softrate __P((u_int));
-int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
-	struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
-int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
-	struct sockaddr *, u_int32_t, u_int32_t, u_int,
-	caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
-	u_int64_t, u_int64_t, u_int32_t));
-int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
-	struct sockaddr *, u_int32_t, u_int32_t, u_int,
-	caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
-	u_int64_t, u_int64_t, u_int32_t));
-int pfkey_send_delete __P((int, u_int, u_int,
-	struct sockaddr *, struct sockaddr *, u_int32_t));
-int pfkey_send_get __P((int, u_int, u_int,
-	struct sockaddr *, struct sockaddr *, u_int32_t));
-int pfkey_send_register __P((int, u_int));
-int pfkey_recv_register __P((int));
-int pfkey_send_flush __P((int, u_int));
-int pfkey_send_dump __P((int, u_int));
-int pfkey_send_promisc_toggle __P((int, int));
-int pfkey_send_spdadd __P((int, struct sockaddr *, u_int,
-	struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
-int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int,
-	struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
-int pfkey_send_spddelete __P((int, struct sockaddr *, u_int,
-	struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
-int pfkey_send_spddelete2 __P((int, u_int32_t));
-int pfkey_send_spdget __P((int, u_int32_t));
-int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int,
-	struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
-int pfkey_send_spdflush __P((int));
-int pfkey_send_spddump __P((int));
-
-int pfkey_open __P((void));
-void pfkey_close __P((int));
-struct sadb_msg *pfkey_recv __P((int));
-int pfkey_send __P((int, struct sadb_msg *, int));
-int pfkey_align __P((struct sadb_msg *, caddr_t *));
-int pfkey_check __P((caddr_t *));
-
-#endif /*!KERNEL*/
 
 #endif /* __PFKEY_V2_H */