xfrm.h revision 351efcde4e62967362a10b29f3b701cfecd7cdfc
1589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian#ifndef _LINUX_XFRM_H 2589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian#define _LINUX_XFRM_H 3589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian 4589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian#include <linux/types.h> 5a4e19521ac4563f2ff6517bcfd63d9b8d33a6d0bMathias Agopian 6a4e19521ac4563f2ff6517bcfd63d9b8d33a6d0bMathias Agopian/* All of the structures in this file may not change size as they are 75cae0d0699a169e468fff3e21165f35db12f2cdeMathias Agopian * passed into the kernel from userspace via netlink sockets. 8289ade165e60b5f71734d30e535f16eb1f4313adDan Stoza */ 9392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis 106b091c53000c843211c218ce40287a7edca9bc63Daniel Lam/* Structure to encapsulate addresses. I do not want to use 11289ade165e60b5f71734d30e535f16eb1f4313adDan Stoza * "standard" structure. My apologies. 12289ade165e60b5f71734d30e535f16eb1f4313adDan Stoza */ 13289ade165e60b5f71734d30e535f16eb1f4313adDan Stozatypedef union 14289ade165e60b5f71734d30e535f16eb1f4313adDan Stoza{ 151a4d883dcc1725892bfb5c28dec255a233186524Jamie Gennis __u32 a4; 16392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis __u32 a6[4]; 17d0566bc26fcf6ca396118701fa11900b627f2c09Mathias Agopian} xfrm_address_t; 182adaf04fab35cf47c824d74d901b54094e01ccd3Andy McFadden 19392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis/* Ident of a specific xfrm_state. It is used on input to lookup 20392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis * the state by (spi,daddr,ah/esp) or to store information about 21d0566bc26fcf6ca396118701fa11900b627f2c09Mathias Agopian * spi, protocol and tunnel address on output. 22392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis */ 232adaf04fab35cf47c824d74d901b54094e01ccd3Andy McFaddenstruct xfrm_id 24f0eaf25e9247edf4d124bedaeb863f7abdf35a3eDan Stoza{ 25589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian xfrm_address_t daddr; 26589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian __u32 spi; 27392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis __u8 proto; 28392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis}; 29392edd88cb63d71a21a86a02cf9c56ac97637128Jamie Gennis 30589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian/* Selector, used as selector both on policy rules (SPD) and SAs. */ 31589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian 328ba32fade11abb73f3fd47ea0953c9528eb5b91fJamie Gennisstruct xfrm_selector 3399b18b447dec188bcec37b415603b9dd400fc7e1Dan Stoza{ 34d87f162026454f5a3e6437ed0c9ef51651a6b939Mathias Agopian xfrm_address_t daddr; 35e3c697fb929c856b59fa56a8e05a2a7eba187c3dMathias Agopian xfrm_address_t saddr; 36d87f162026454f5a3e6437ed0c9ef51651a6b939Mathias Agopian __u16 dport; 37ca08833d5ea99130797e10ad68a651b50e99da74Mathias Agopian __u16 dport_mask; 38589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian __u16 sport; 39589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian __u16 sport_mask; 40589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian __u16 family; 41ef19414bd8b77a26f5751f3845be79025a8263feJesse Hall __u8 prefixlen_d; 42ef19414bd8b77a26f5751f3845be79025a8263feJesse Hall __u8 prefixlen_s; 43ef19414bd8b77a26f5751f3845be79025a8263feJesse Hall __u8 proto; 44ef19414bd8b77a26f5751f3845be79025a8263feJesse Hall int ifindex; 458ba32fade11abb73f3fd47ea0953c9528eb5b91fJamie Gennis uid_t user; 46ef19414bd8b77a26f5751f3845be79025a8263feJesse Hall}; 478a0cb4ee0b6c351de82987efb472fa38dfaf608aYing Wang 488ba32fade11abb73f3fd47ea0953c9528eb5b91fJamie Gennis#define XFRM_INF (~(__u64)0) 49589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian 50589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopianstruct xfrm_lifetime_cfg 51589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian{ 52ca08833d5ea99130797e10ad68a651b50e99da74Mathias Agopian __u64 soft_byte_limit; 53ca08833d5ea99130797e10ad68a651b50e99da74Mathias Agopian __u64 hard_byte_limit; 54bff957f0bd0b7d4085dabaefb0852d428a807134Daniel Lam __u64 soft_packet_limit; 55ca08833d5ea99130797e10ad68a651b50e99da74Mathias Agopian __u64 hard_packet_limit; 56ca08833d5ea99130797e10ad68a651b50e99da74Mathias Agopian __u64 soft_add_expires_seconds; 5742223f6fdd582dc4e87ad94c212adaed3341f154Jeff Boody __u64 hard_add_expires_seconds; 5842223f6fdd582dc4e87ad94c212adaed3341f154Jeff Boody __u64 soft_use_expires_seconds; 59589ce85ee4174829cfedce91b6b2509d2a4002ebMathias Agopian __u64 hard_use_expires_seconds; 607fcb077c5522c56e266947e073c8750019e5a98aJamie Gennis}; 617fcb077c5522c56e266947e073c8750019e5a98aJamie Gennis 627fcb077c5522c56e266947e073c8750019e5a98aJamie Gennisstruct xfrm_lifetime_cur 637fcb077c5522c56e266947e073c8750019e5a98aJamie Gennis{ 64 __u64 bytes; 65 __u64 packets; 66 __u64 add_time; 67 __u64 use_time; 68}; 69 70struct xfrm_replay_state 71{ 72 __u32 oseq; 73 __u32 seq; 74 __u32 bitmap; 75}; 76 77struct xfrm_algo { 78 char alg_name[64]; 79 int alg_key_len; /* in bits */ 80 char alg_key[0]; 81}; 82 83struct xfrm_stats { 84 __u32 replay_window; 85 __u32 replay; 86 __u32 integrity_failed; 87}; 88 89enum 90{ 91 XFRM_POLICY_IN = 0, 92 XFRM_POLICY_OUT = 1, 93 XFRM_POLICY_FWD = 2, 94 XFRM_POLICY_MAX = 3 95}; 96 97enum 98{ 99 XFRM_SHARE_ANY, /* No limitations */ 100 XFRM_SHARE_SESSION, /* For this session only */ 101 XFRM_SHARE_USER, /* For this user only */ 102 XFRM_SHARE_UNIQUE /* Use once */ 103}; 104 105/* Netlink configuration messages. */ 106enum { 107 XFRM_MSG_BASE = 0x10, 108 109 XFRM_MSG_NEWSA = 0x10, 110#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA 111 XFRM_MSG_DELSA, 112#define XFRM_MSG_DELSA XFRM_MSG_DELSA 113 XFRM_MSG_GETSA, 114#define XFRM_MSG_GETSA XFRM_MSG_GETSA 115 116 XFRM_MSG_NEWPOLICY, 117#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY 118 XFRM_MSG_DELPOLICY, 119#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY 120 XFRM_MSG_GETPOLICY, 121#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY 122 123 XFRM_MSG_ALLOCSPI, 124#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI 125 XFRM_MSG_ACQUIRE, 126#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE 127 XFRM_MSG_EXPIRE, 128#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE 129 130 XFRM_MSG_UPDPOLICY, 131#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY 132 XFRM_MSG_UPDSA, 133#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA 134 135 XFRM_MSG_POLEXPIRE, 136#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE 137 138 XFRM_MSG_FLUSHSA, 139#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA 140 XFRM_MSG_FLUSHPOLICY, 141#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY 142 143 __XFRM_MSG_MAX 144}; 145#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) 146 147#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) 148 149struct xfrm_user_tmpl { 150 struct xfrm_id id; 151 __u16 family; 152 xfrm_address_t saddr; 153 __u32 reqid; 154 __u8 mode; 155 __u8 share; 156 __u8 optional; 157 __u32 aalgos; 158 __u32 ealgos; 159 __u32 calgos; 160}; 161 162struct xfrm_encap_tmpl { 163 __u16 encap_type; 164 __u16 encap_sport; 165 __u16 encap_dport; 166 xfrm_address_t encap_oa; 167}; 168 169/* Netlink message attributes. */ 170enum xfrm_attr_type_t { 171 XFRMA_UNSPEC, 172 XFRMA_ALG_AUTH, /* struct xfrm_algo */ 173 XFRMA_ALG_CRYPT, /* struct xfrm_algo */ 174 XFRMA_ALG_COMP, /* struct xfrm_algo */ 175 XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ 176 XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ 177 XFRMA_SA, 178 XFRMA_POLICY, 179 __XFRMA_MAX 180 181#define XFRMA_MAX (__XFRMA_MAX - 1) 182}; 183 184struct xfrm_usersa_info { 185 struct xfrm_selector sel; 186 struct xfrm_id id; 187 xfrm_address_t saddr; 188 struct xfrm_lifetime_cfg lft; 189 struct xfrm_lifetime_cur curlft; 190 struct xfrm_stats stats; 191 __u32 seq; 192 __u32 reqid; 193 __u16 family; 194 __u8 mode; /* 0=transport,1=tunnel */ 195 __u8 replay_window; 196 __u8 flags; 197#define XFRM_STATE_NOECN 1 198#define XFRM_STATE_DECAP_DSCP 2 199#define XFRM_STATE_NOPMTUDISC 4 200}; 201 202struct xfrm_usersa_id { 203 xfrm_address_t daddr; 204 __u32 spi; 205 __u16 family; 206 __u8 proto; 207}; 208 209struct xfrm_userspi_info { 210 struct xfrm_usersa_info info; 211 __u32 min; 212 __u32 max; 213}; 214 215struct xfrm_userpolicy_info { 216 struct xfrm_selector sel; 217 struct xfrm_lifetime_cfg lft; 218 struct xfrm_lifetime_cur curlft; 219 __u32 priority; 220 __u32 index; 221 __u8 dir; 222 __u8 action; 223#define XFRM_POLICY_ALLOW 0 224#define XFRM_POLICY_BLOCK 1 225 __u8 flags; 226#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ 227 __u8 share; 228}; 229 230struct xfrm_userpolicy_id { 231 struct xfrm_selector sel; 232 __u32 index; 233 __u8 dir; 234}; 235 236struct xfrm_user_acquire { 237 struct xfrm_id id; 238 xfrm_address_t saddr; 239 struct xfrm_selector sel; 240 struct xfrm_userpolicy_info policy; 241 __u32 aalgos; 242 __u32 ealgos; 243 __u32 calgos; 244 __u32 seq; 245}; 246 247struct xfrm_user_expire { 248 struct xfrm_usersa_info state; 249 __u8 hard; 250}; 251 252struct xfrm_user_polexpire { 253 struct xfrm_userpolicy_info pol; 254 __u8 hard; 255}; 256 257struct xfrm_usersa_flush { 258 __u8 proto; 259}; 260 261/* backwards compatibility for userspace */ 262#define XFRMGRP_ACQUIRE 1 263#define XFRMGRP_EXPIRE 2 264#define XFRMGRP_SA 4 265#define XFRMGRP_POLICY 8 266 267enum xfrm_nlgroups { 268 XFRMNLGRP_NONE, 269#define XFRMNLGRP_NONE XFRMNLGRP_NONE 270 XFRMNLGRP_ACQUIRE, 271#define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE 272 XFRMNLGRP_EXPIRE, 273#define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE 274 XFRMNLGRP_SA, 275#define XFRMNLGRP_SA XFRMNLGRP_SA 276 XFRMNLGRP_POLICY, 277#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY 278 __XFRMNLGRP_MAX 279}; 280#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) 281 282#endif /* _LINUX_XFRM_H */ 283