root/include/uapi/linux/pfkeyv2.h

INCLUDED FROM

   1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
   2 /* PF_KEY user interface, this is defined by rfc2367 so
   3  * do not make arbitrary modifications or else this header
   4  * file will not be compliant.
   5  */
   6 
   7 #ifndef _LINUX_PFKEY2_H
   8 #define _LINUX_PFKEY2_H
   9 
  10 #include <linux/types.h>
  11 
  12 #define PF_KEY_V2               2
  13 #define PFKEYV2_REVISION        199806L
  14 
  15 struct sadb_msg {
  16         __u8            sadb_msg_version;
  17         __u8            sadb_msg_type;
  18         __u8            sadb_msg_errno;
  19         __u8            sadb_msg_satype;
  20         __u16   sadb_msg_len;
  21         __u16   sadb_msg_reserved;
  22         __u32   sadb_msg_seq;
  23         __u32   sadb_msg_pid;
  24 } __attribute__((packed));
  25 /* sizeof(struct sadb_msg) == 16 */
  26 
  27 struct sadb_ext {
  28         __u16   sadb_ext_len;
  29         __u16   sadb_ext_type;
  30 } __attribute__((packed));
  31 /* sizeof(struct sadb_ext) == 4 */
  32 
  33 struct sadb_sa {
  34         __u16   sadb_sa_len;
  35         __u16   sadb_sa_exttype;
  36         __be32          sadb_sa_spi;
  37         __u8            sadb_sa_replay;
  38         __u8            sadb_sa_state;
  39         __u8            sadb_sa_auth;
  40         __u8            sadb_sa_encrypt;
  41         __u32   sadb_sa_flags;
  42 } __attribute__((packed));
  43 /* sizeof(struct sadb_sa) == 16 */
  44 
  45 struct sadb_lifetime {
  46         __u16   sadb_lifetime_len;
  47         __u16   sadb_lifetime_exttype;
  48         __u32   sadb_lifetime_allocations;
  49         __u64   sadb_lifetime_bytes;
  50         __u64   sadb_lifetime_addtime;
  51         __u64   sadb_lifetime_usetime;
  52 } __attribute__((packed));
  53 /* sizeof(struct sadb_lifetime) == 32 */
  54 
  55 struct sadb_address {
  56         __u16   sadb_address_len;
  57         __u16   sadb_address_exttype;
  58         __u8            sadb_address_proto;
  59         __u8            sadb_address_prefixlen;
  60         __u16   sadb_address_reserved;
  61 } __attribute__((packed));
  62 /* sizeof(struct sadb_address) == 8 */
  63 
  64 struct sadb_key {
  65         __u16   sadb_key_len;
  66         __u16   sadb_key_exttype;
  67         __u16   sadb_key_bits;
  68         __u16   sadb_key_reserved;
  69 } __attribute__((packed));
  70 /* sizeof(struct sadb_key) == 8 */
  71 
  72 struct sadb_ident {
  73         __u16   sadb_ident_len;
  74         __u16   sadb_ident_exttype;
  75         __u16   sadb_ident_type;
  76         __u16   sadb_ident_reserved;
  77         __u64   sadb_ident_id;
  78 } __attribute__((packed));
  79 /* sizeof(struct sadb_ident) == 16 */
  80 
  81 struct sadb_sens {
  82         __u16   sadb_sens_len;
  83         __u16   sadb_sens_exttype;
  84         __u32   sadb_sens_dpd;
  85         __u8            sadb_sens_sens_level;
  86         __u8            sadb_sens_sens_len;
  87         __u8            sadb_sens_integ_level;
  88         __u8            sadb_sens_integ_len;
  89         __u32   sadb_sens_reserved;
  90 } __attribute__((packed));
  91 /* sizeof(struct sadb_sens) == 16 */
  92 
  93 /* followed by:
  94         __u64   sadb_sens_bitmap[sens_len];
  95         __u64   sadb_integ_bitmap[integ_len];  */
  96 
  97 struct sadb_prop {
  98         __u16   sadb_prop_len;
  99         __u16   sadb_prop_exttype;
 100         __u8            sadb_prop_replay;
 101         __u8            sadb_prop_reserved[3];
 102 } __attribute__((packed));
 103 /* sizeof(struct sadb_prop) == 8 */
 104 
 105 /* followed by:
 106         struct sadb_comb sadb_combs[(sadb_prop_len +
 107                 sizeof(__u64) - sizeof(struct sadb_prop)) /
 108                 sizeof(struct sadb_comb)]; */
 109 
 110 struct sadb_comb {
 111         __u8            sadb_comb_auth;
 112         __u8            sadb_comb_encrypt;
 113         __u16   sadb_comb_flags;
 114         __u16   sadb_comb_auth_minbits;
 115         __u16   sadb_comb_auth_maxbits;
 116         __u16   sadb_comb_encrypt_minbits;
 117         __u16   sadb_comb_encrypt_maxbits;
 118         __u32   sadb_comb_reserved;
 119         __u32   sadb_comb_soft_allocations;
 120         __u32   sadb_comb_hard_allocations;
 121         __u64   sadb_comb_soft_bytes;
 122         __u64   sadb_comb_hard_bytes;
 123         __u64   sadb_comb_soft_addtime;
 124         __u64   sadb_comb_hard_addtime;
 125         __u64   sadb_comb_soft_usetime;
 126         __u64   sadb_comb_hard_usetime;
 127 } __attribute__((packed));
 128 /* sizeof(struct sadb_comb) == 72 */
 129 
 130 struct sadb_supported {
 131         __u16   sadb_supported_len;
 132         __u16   sadb_supported_exttype;
 133         __u32   sadb_supported_reserved;
 134 } __attribute__((packed));
 135 /* sizeof(struct sadb_supported) == 8 */
 136 
 137 /* followed by:
 138         struct sadb_alg sadb_algs[(sadb_supported_len +
 139                 sizeof(__u64) - sizeof(struct sadb_supported)) /
 140                 sizeof(struct sadb_alg)]; */
 141 
 142 struct sadb_alg {
 143         __u8            sadb_alg_id;
 144         __u8            sadb_alg_ivlen;
 145         __u16   sadb_alg_minbits;
 146         __u16   sadb_alg_maxbits;
 147         __u16   sadb_alg_reserved;
 148 } __attribute__((packed));
 149 /* sizeof(struct sadb_alg) == 8 */
 150 
 151 struct sadb_spirange {
 152         __u16   sadb_spirange_len;
 153         __u16   sadb_spirange_exttype;
 154         __u32   sadb_spirange_min;
 155         __u32   sadb_spirange_max;
 156         __u32   sadb_spirange_reserved;
 157 } __attribute__((packed));
 158 /* sizeof(struct sadb_spirange) == 16 */
 159 
 160 struct sadb_x_kmprivate {
 161         __u16   sadb_x_kmprivate_len;
 162         __u16   sadb_x_kmprivate_exttype;
 163         __u32   sadb_x_kmprivate_reserved;
 164 } __attribute__((packed));
 165 /* sizeof(struct sadb_x_kmprivate) == 8 */
 166 
 167 struct sadb_x_sa2 {
 168         __u16   sadb_x_sa2_len;
 169         __u16   sadb_x_sa2_exttype;
 170         __u8            sadb_x_sa2_mode;
 171         __u8            sadb_x_sa2_reserved1;
 172         __u16   sadb_x_sa2_reserved2;
 173         __u32   sadb_x_sa2_sequence;
 174         __u32   sadb_x_sa2_reqid;
 175 } __attribute__((packed));
 176 /* sizeof(struct sadb_x_sa2) == 16 */
 177 
 178 struct sadb_x_policy {
 179         __u16   sadb_x_policy_len;
 180         __u16   sadb_x_policy_exttype;
 181         __u16   sadb_x_policy_type;
 182         __u8            sadb_x_policy_dir;
 183         __u8            sadb_x_policy_reserved;
 184         __u32   sadb_x_policy_id;
 185         __u32   sadb_x_policy_priority;
 186 } __attribute__((packed));
 187 /* sizeof(struct sadb_x_policy) == 16 */
 188 
 189 struct sadb_x_ipsecrequest {
 190         __u16   sadb_x_ipsecrequest_len;
 191         __u16   sadb_x_ipsecrequest_proto;
 192         __u8            sadb_x_ipsecrequest_mode;
 193         __u8            sadb_x_ipsecrequest_level;
 194         __u16   sadb_x_ipsecrequest_reserved1;
 195         __u32   sadb_x_ipsecrequest_reqid;
 196         __u32   sadb_x_ipsecrequest_reserved2;
 197 } __attribute__((packed));
 198 /* sizeof(struct sadb_x_ipsecrequest) == 16 */
 199 
 200 /* This defines the TYPE of Nat Traversal in use.  Currently only one
 201  * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06
 202  */
 203 struct sadb_x_nat_t_type {
 204         __u16   sadb_x_nat_t_type_len;
 205         __u16   sadb_x_nat_t_type_exttype;
 206         __u8            sadb_x_nat_t_type_type;
 207         __u8            sadb_x_nat_t_type_reserved[3];
 208 } __attribute__((packed));
 209 /* sizeof(struct sadb_x_nat_t_type) == 8 */
 210 
 211 /* Pass a NAT Traversal port (Source or Dest port) */
 212 struct sadb_x_nat_t_port {
 213         __u16   sadb_x_nat_t_port_len;
 214         __u16   sadb_x_nat_t_port_exttype;
 215         __be16          sadb_x_nat_t_port_port;
 216         __u16   sadb_x_nat_t_port_reserved;
 217 } __attribute__((packed));
 218 /* sizeof(struct sadb_x_nat_t_port) == 8 */
 219 
 220 /* Generic LSM security context */
 221 struct sadb_x_sec_ctx {
 222         __u16   sadb_x_sec_len;
 223         __u16   sadb_x_sec_exttype;
 224         __u8            sadb_x_ctx_alg;  /* LSMs: e.g., selinux == 1 */
 225         __u8            sadb_x_ctx_doi;
 226         __u16   sadb_x_ctx_len;
 227 } __attribute__((packed));
 228 /* sizeof(struct sadb_sec_ctx) = 8 */
 229 
 230 /* Used by MIGRATE to pass addresses IKE will use to perform
 231  * negotiation with the peer */
 232 struct sadb_x_kmaddress {
 233         __u16   sadb_x_kmaddress_len;
 234         __u16   sadb_x_kmaddress_exttype;
 235         __u32   sadb_x_kmaddress_reserved;
 236 } __attribute__((packed));
 237 /* sizeof(struct sadb_x_kmaddress) == 8 */
 238 
 239 /* To specify the SA dump filter */
 240 struct sadb_x_filter {
 241         __u16   sadb_x_filter_len;
 242         __u16   sadb_x_filter_exttype;
 243         __u32   sadb_x_filter_saddr[4];
 244         __u32   sadb_x_filter_daddr[4];
 245         __u16   sadb_x_filter_family;
 246         __u8    sadb_x_filter_splen;
 247         __u8    sadb_x_filter_dplen;
 248 } __attribute__((packed));
 249 /* sizeof(struct sadb_x_filter) == 40 */
 250 
 251 /* Message types */
 252 #define SADB_RESERVED           0
 253 #define SADB_GETSPI             1
 254 #define SADB_UPDATE             2
 255 #define SADB_ADD                3
 256 #define SADB_DELETE             4
 257 #define SADB_GET                5
 258 #define SADB_ACQUIRE            6
 259 #define SADB_REGISTER           7
 260 #define SADB_EXPIRE             8
 261 #define SADB_FLUSH              9
 262 #define SADB_DUMP               10
 263 #define SADB_X_PROMISC          11
 264 #define SADB_X_PCHANGE          12
 265 #define SADB_X_SPDUPDATE        13
 266 #define SADB_X_SPDADD           14
 267 #define SADB_X_SPDDELETE        15
 268 #define SADB_X_SPDGET           16
 269 #define SADB_X_SPDACQUIRE       17
 270 #define SADB_X_SPDDUMP          18
 271 #define SADB_X_SPDFLUSH         19
 272 #define SADB_X_SPDSETIDX        20
 273 #define SADB_X_SPDEXPIRE        21
 274 #define SADB_X_SPDDELETE2       22
 275 #define SADB_X_NAT_T_NEW_MAPPING        23
 276 #define SADB_X_MIGRATE          24
 277 #define SADB_MAX                24
 278 
 279 /* Security Association flags */
 280 #define SADB_SAFLAGS_PFS        1
 281 #define SADB_SAFLAGS_NOPMTUDISC 0x20000000
 282 #define SADB_SAFLAGS_DECAP_DSCP 0x40000000
 283 #define SADB_SAFLAGS_NOECN      0x80000000
 284 
 285 /* Security Association states */
 286 #define SADB_SASTATE_LARVAL     0
 287 #define SADB_SASTATE_MATURE     1
 288 #define SADB_SASTATE_DYING      2
 289 #define SADB_SASTATE_DEAD       3
 290 #define SADB_SASTATE_MAX        3
 291 
 292 /* Security Association types */
 293 #define SADB_SATYPE_UNSPEC      0
 294 #define SADB_SATYPE_AH          2
 295 #define SADB_SATYPE_ESP         3
 296 #define SADB_SATYPE_RSVP        5
 297 #define SADB_SATYPE_OSPFV2      6
 298 #define SADB_SATYPE_RIPV2       7
 299 #define SADB_SATYPE_MIP         8
 300 #define SADB_X_SATYPE_IPCOMP    9
 301 #define SADB_SATYPE_MAX         9
 302 
 303 /* Authentication algorithms */
 304 #define SADB_AALG_NONE                  0
 305 #define SADB_AALG_MD5HMAC               2
 306 #define SADB_AALG_SHA1HMAC              3
 307 #define SADB_X_AALG_SHA2_256HMAC        5
 308 #define SADB_X_AALG_SHA2_384HMAC        6
 309 #define SADB_X_AALG_SHA2_512HMAC        7
 310 #define SADB_X_AALG_RIPEMD160HMAC       8
 311 #define SADB_X_AALG_AES_XCBC_MAC        9
 312 #define SADB_X_AALG_NULL                251     /* kame */
 313 #define SADB_AALG_MAX                   251
 314 
 315 /* Encryption algorithms */
 316 #define SADB_EALG_NONE                  0
 317 #define SADB_EALG_DESCBC                2
 318 #define SADB_EALG_3DESCBC               3
 319 #define SADB_X_EALG_CASTCBC             6
 320 #define SADB_X_EALG_BLOWFISHCBC         7
 321 #define SADB_EALG_NULL                  11
 322 #define SADB_X_EALG_AESCBC              12
 323 #define SADB_X_EALG_AESCTR              13
 324 #define SADB_X_EALG_AES_CCM_ICV8        14
 325 #define SADB_X_EALG_AES_CCM_ICV12       15
 326 #define SADB_X_EALG_AES_CCM_ICV16       16
 327 #define SADB_X_EALG_AES_GCM_ICV8        18
 328 #define SADB_X_EALG_AES_GCM_ICV12       19
 329 #define SADB_X_EALG_AES_GCM_ICV16       20
 330 #define SADB_X_EALG_CAMELLIACBC         22
 331 #define SADB_X_EALG_NULL_AES_GMAC       23
 332 #define SADB_EALG_MAX                   253 /* last EALG */
 333 /* private allocations should use 249-255 (RFC2407) */
 334 #define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
 335 #define SADB_X_EALG_TWOFISHCBC  253     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
 336 
 337 /* Compression algorithms */
 338 #define SADB_X_CALG_NONE                0
 339 #define SADB_X_CALG_OUI                 1
 340 #define SADB_X_CALG_DEFLATE             2
 341 #define SADB_X_CALG_LZS                 3
 342 #define SADB_X_CALG_LZJH                4
 343 #define SADB_X_CALG_MAX                 4
 344 
 345 /* Extension Header values */
 346 #define SADB_EXT_RESERVED               0
 347 #define SADB_EXT_SA                     1
 348 #define SADB_EXT_LIFETIME_CURRENT       2
 349 #define SADB_EXT_LIFETIME_HARD          3
 350 #define SADB_EXT_LIFETIME_SOFT          4
 351 #define SADB_EXT_ADDRESS_SRC            5
 352 #define SADB_EXT_ADDRESS_DST            6
 353 #define SADB_EXT_ADDRESS_PROXY          7
 354 #define SADB_EXT_KEY_AUTH               8
 355 #define SADB_EXT_KEY_ENCRYPT            9
 356 #define SADB_EXT_IDENTITY_SRC           10
 357 #define SADB_EXT_IDENTITY_DST           11
 358 #define SADB_EXT_SENSITIVITY            12
 359 #define SADB_EXT_PROPOSAL               13
 360 #define SADB_EXT_SUPPORTED_AUTH         14
 361 #define SADB_EXT_SUPPORTED_ENCRYPT      15
 362 #define SADB_EXT_SPIRANGE               16
 363 #define SADB_X_EXT_KMPRIVATE            17
 364 #define SADB_X_EXT_POLICY               18
 365 #define SADB_X_EXT_SA2                  19
 366 /* The next four entries are for setting up NAT Traversal */
 367 #define SADB_X_EXT_NAT_T_TYPE           20
 368 #define SADB_X_EXT_NAT_T_SPORT          21
 369 #define SADB_X_EXT_NAT_T_DPORT          22
 370 #define SADB_X_EXT_NAT_T_OA             23
 371 #define SADB_X_EXT_SEC_CTX              24
 372 /* Used with MIGRATE to pass @ to IKE for negotiation */
 373 #define SADB_X_EXT_KMADDRESS            25
 374 #define SADB_X_EXT_FILTER               26
 375 #define SADB_EXT_MAX                    26
 376 
 377 /* Identity Extension values */
 378 #define SADB_IDENTTYPE_RESERVED 0
 379 #define SADB_IDENTTYPE_PREFIX   1
 380 #define SADB_IDENTTYPE_FQDN     2
 381 #define SADB_IDENTTYPE_USERFQDN 3
 382 #define SADB_IDENTTYPE_MAX      3
 383 
 384 #endif /* !(_LINUX_PFKEY2_H) */