X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/d7e50217d7adf6e52786a38bcaa4cd698cb9a79e..3e170ce000f1506b7b5d2c5c7faec85ceabb573d:/bsd/net/pfkeyv2.h diff --git a/bsd/net/pfkeyv2.h b/bsd/net/pfkeyv2.h index 14d610ea6..97d6280fa 100644 --- a/bsd/net/pfkeyv2.h +++ b/bsd/net/pfkeyv2.h @@ -1,16 +1,19 @@ /* - * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2000-2011 Apple Computer, Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ - * - * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER @@ -20,7 +23,7 @@ * Please see the License for the specific language governing rights and * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* $KAME: pfkeyv2.h,v 1.10 2000/03/22 07:04:20 sakane Exp $ */ @@ -62,6 +65,7 @@ #ifndef _NET_PFKEYV2_H_ #define _NET_PFKEYV2_H_ #include +#include /* This file defines structures and symbols for the PF_KEY Version 2 @@ -99,7 +103,11 @@ you leave this credit intact on any copies of this file. #define SADB_X_SPDSETIDX 20 #define SADB_X_SPDEXPIRE 21 #define SADB_X_SPDDELETE2 22 /* by policy id */ -#define SADB_MAX 22 +#define SADB_GETSASTAT 23 +#define SADB_X_SPDENABLE 24 /* by policy id */ +#define SADB_X_SPDDISABLE 25 /* by policy id */ +#define SADB_MIGRATE 26 +#define SADB_MAX 26 struct sadb_msg { u_int8_t sadb_msg_version; @@ -128,6 +136,22 @@ struct sadb_sa { u_int32_t sadb_sa_flags; }; +#ifdef PRIVATE +struct sadb_sa_2 { + struct sadb_sa sa; + u_int16_t sadb_sa_natt_port; + union { + u_int16_t sadb_reserved0; + u_int16_t sadb_sa_natt_interval; + }; + + union { + u_int32_t sadb_reserved1; + u_int16_t sadb_sa_natt_offload_interval; + }; +}; +#endif /* PRIVATE */ + struct sadb_lifetime { u_int16_t sadb_lifetime_len; u_int16_t sadb_lifetime_exttype; @@ -235,9 +259,19 @@ struct sadb_x_sa2 { u_int16_t sadb_x_sa2_len; u_int16_t sadb_x_sa2_exttype; u_int8_t sadb_x_sa2_mode; - u_int8_t sadb_x_sa2_reserved1; - u_int16_t sadb_x_sa2_reserved2; - u_int32_t sadb_x_sa2_reserved3; + union { + u_int8_t sadb_x_sa2_reserved1; +#ifdef PRIVATE + u_int8_t sadb_x_sa2_alwaysexpire; +#endif + }; + union { + u_int16_t sadb_x_sa2_reserved2; +#ifdef PRIVATE + u_int16_t sadb_x_sa2_flags; +#endif + }; + u_int32_t sadb_x_sa2_sequence; u_int32_t sadb_x_sa2_reqid; }; @@ -258,7 +292,22 @@ struct sadb_x_policy { * [total length of ipsec policy requests] * = (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy)) */ - +#ifdef PRIVATE +/* IPSec Interface Extension: + * IPSec interface can be specified alone, or all three + * of internal, outgoing, and IPSec interfaces must be + * specified. + */ +struct sadb_x_ipsecif { + u_int16_t sadb_x_ipsecif_len; + u_int16_t sadb_x_ipsecif_exttype; + char sadb_x_ipsecif_internal_if[IFXNAMSIZ]; /* Steal packets from this interface */ + char sadb_x_ipsecif_outgoing_if[IFXNAMSIZ]; /* Send packets out on this interface */ + char sadb_x_ipsecif_ipsec_if[IFXNAMSIZ]; /* Direct packets through ipsec interface */ + u_int16_t sadb_x_ipsecif_init_disabled; /* 0 or 1, flag to ignore policy */ + u_int16_t reserved; +}; +#endif /* XXX IPsec Policy Request Extension */ /* * This structure is aligned 8 bytes. @@ -281,6 +330,30 @@ struct sadb_x_ipsecrequest { */ }; +struct sadb_session_id { + u_int16_t sadb_session_id_len; + u_int16_t sadb_session_id_exttype; + /* [0] is an arbitrary handle that means something only for requester + * [1] is a global session id for lookups in the kernel and racoon. + */ + u_int64_t sadb_session_id_v[2]; +} __attribute__ ((aligned(8))); + +struct sastat { + u_int32_t spi; /* SPI Value, network byte order */ + u_int32_t created; /* for lifetime */ + struct sadb_lifetime lft_c; /* CURRENT lifetime. */ +}; // no need to align + +struct sadb_sastat { + u_int16_t sadb_sastat_len; + u_int16_t sadb_sastat_exttype; + u_int32_t sadb_sastat_dir; + u_int32_t sadb_sastat_reserved; + u_int32_t sadb_sastat_list_len; + /* list of struct sastat comes after */ +} __attribute__ ((aligned(8))); + #define SADB_EXT_RESERVED 0 #define SADB_EXT_SA 1 #define SADB_EXT_LIFETIME_CURRENT 2 @@ -301,7 +374,17 @@ struct sadb_x_ipsecrequest { #define SADB_X_EXT_KMPRIVATE 17 #define SADB_X_EXT_POLICY 18 #define SADB_X_EXT_SA2 19 -#define SADB_EXT_MAX 19 +#define SADB_EXT_SESSION_ID 20 +#define SADB_EXT_SASTAT 21 +#define SADB_X_EXT_IPSECIF 22 +#define SADB_X_EXT_ADDR_RANGE_SRC_START 23 +#define SADB_X_EXT_ADDR_RANGE_SRC_END 24 +#define SADB_X_EXT_ADDR_RANGE_DST_START 25 +#define SADB_X_EXT_ADDR_RANGE_DST_END 26 +#define SADB_EXT_MIGRATE_ADDRESS_SRC 27 +#define SADB_EXT_MIGRATE_ADDRESS_DST 28 +#define SADB_X_EXT_MIGRATE_IPSECIF 29 +#define SADB_EXT_MAX 29 #define SADB_SATYPE_UNSPEC 0 #define SADB_SATYPE_AH 2 @@ -346,7 +429,9 @@ struct sadb_x_ipsecrequest { #define SADB_X_EALG_CAST128CBC 5 /*6*/ #define SADB_X_EALG_BLOWFISHCBC 4 /*7*/ #define SADB_X_EALG_RIJNDAELCBC 12 +#define SADB_X_EALG_AESCBC 12 #define SADB_X_EALG_AES 12 +#define SADB_X_EALG_AES_GCM 13 /* private allocations should use 249-255 (RFC2407) */ #if 1 /*nonstandard */ @@ -367,6 +452,13 @@ struct sadb_x_ipsecrequest { /* `flags' in sadb_sa structure holds followings */ #define SADB_X_EXT_NONE 0x0000 /* i.e. new format. */ #define SADB_X_EXT_OLD 0x0001 /* old format. */ +#ifdef PRIVATE +#define SADB_X_EXT_NATT 0x0002 /* Use UDP encapsulation to traverse NAT */ +#define SADB_X_EXT_NATT_KEEPALIVE 0x0004 /* Local node is behind NAT, send keepalives */ + /* Should only be set for outbound SAs */ +#define SADB_X_EXT_NATT_MULTIPLEUSERS 0x0008 /* For use on VPN server - support multiple users */ + +#endif /* PRIVATE */ #define SADB_X_EXT_IV4B 0x0010 /* IV length of 4 bytes in use */ #define SADB_X_EXT_DERIV 0x0020 /* DES derived */ @@ -378,11 +470,26 @@ struct sadb_x_ipsecrequest { #define SADB_X_EXT_PZERO 0x0200 /* zero padding for ESP */ #define SADB_X_EXT_PMASK 0x0300 /* mask for padding flag */ +#ifdef PRIVATE +#define SADB_X_EXT_NATT_DETECTED_PEER 0x1000 +#define SADB_X_EXT_ESP_KEEPALIVE 0x2000 +#define SADB_X_EXT_PUNT_RX_KEEPALIVE 0x4000 +#define SADB_X_EXT_NATT_KEEPALIVE_OFFLOAD 0x8000 +#endif /* PRIVATE */ + +#ifdef PRIVATE +#define NATT_KEEPALIVE_OFFLOAD_INTERVAL 0x1 +#endif + #if 1 #define SADB_X_EXT_RAWCPI 0x0080 /* use well known CPI (IPComp) */ #endif -#define SADB_KEY_FLAGS_MAX 0x0fff +#define SADB_KEY_FLAGS_MAX 0x7fff + +#ifdef PRIVATE +#define SADB_X_EXT_SA2_DELETE_ON_DETACH 0x0001 +#endif /* SPI size for PF_KEYv2 */ #define PFKEY_SPI_SIZE sizeof(u_int32_t)