xfrm.h revision 3ea2fb985f3aa979a2b270d01fa651a5ef814464
15c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)#ifndef _LINUX_XFRM_H 2f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)#define _LINUX_XFRM_H 3926b001d589ce2f10facb93dd4b87578ea35a855Torne (Richard Coles) 45c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)#include <linux/types.h> 55c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 65c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)/* All of the structures in this file may not change size as they are 75c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) * passed into the kernel from userspace via netlink sockets. 85c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) */ 95c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 105c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)/* Structure to encapsulate addresses. I do not want to use 115c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) * "standard" structure. My apologies. 125c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) */ 135c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)typedef union 145c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles){ 155c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) __be32 a4; 165c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) __be32 a6[4]; 175c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)} xfrm_address_t; 185c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 195c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)/* Ident of a specific xfrm_state. It is used on input to lookup 205c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) * the state by (spi,daddr,ah/esp) or to store information about 215c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) * spi, protocol and tunnel address on output. 225c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) */ 235c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)struct xfrm_id 245c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles){ 255c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) xfrm_address_t daddr; 265c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) __be32 spi; 275c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) __u8 proto; 285c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)}; 295c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 305c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)struct xfrm_sec_ctx { 315c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) __u8 ctx_doi; 3206f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u8 ctx_alg; 3306f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u16 ctx_len; 34926b001d589ce2f10facb93dd4b87578ea35a855Torne (Richard Coles) __u32 ctx_sid; 3506f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) char ctx_str[0]; 36926b001d589ce2f10facb93dd4b87578ea35a855Torne (Richard Coles)}; 37c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) 389bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles)/* Security Context Domains of Interpretation */ 39f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)#define XFRM_SC_DOI_RESERVED 0 406f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch#define XFRM_SC_DOI_LSM 1 41f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) 42f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)/* Security Context Algorithms */ 436f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch#define XFRM_SC_ALG_RESERVED 0 44f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)#define XFRM_SC_ALG_SELINUX 1 45f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) 46f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)/* Selector, used as selector both on policy rules (SPD) and SAs. */ 476f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch 486f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdochstruct xfrm_selector 496f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch{ 50f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) xfrm_address_t daddr; 51f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) xfrm_address_t saddr; 52f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __be16 dport; 53f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __be16 dport_mask; 54f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __be16 sport; 55f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __be16 sport_mask; 56f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __u16 family; 57f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __u8 prefixlen_d; 58f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __u8 prefixlen_s; 59f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __u8 proto; 60f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) int ifindex; 61f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) uid_t user; 62f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)}; 63f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) 64f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)#define XFRM_INF (~(__u64)0) 65f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) 666f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdochstruct xfrm_lifetime_cfg 676f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch{ 6806f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u64 soft_byte_limit; 699bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles) __u64 hard_byte_limit; 706f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch __u64 soft_packet_limit; 716f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch __u64 hard_packet_limit; 726f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch __u64 soft_add_expires_seconds; 736f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch __u64 hard_add_expires_seconds; 746f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch __u64 soft_use_expires_seconds; 7506f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u64 hard_use_expires_seconds; 76f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)}; 775d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles) 785d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles)struct xfrm_lifetime_cur 799bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles){ 809bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles) __u64 bytes; 819bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles) __u64 packets; 826f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch __u64 add_time; 8306f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u64 use_time; 84f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)}; 85f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) 866f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdochstruct xfrm_replay_state 879bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles){ 889bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles) __u32 oseq; 8906f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u32 seq; 9006f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u32 bitmap; 9106f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles)}; 9209380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) 9309380295ba73501a205346becac22c6978e4671dTorne (Richard Coles)struct xfrm_algo { 9409380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) char alg_name[64]; 95d6cdb82654e8f3343a693ca752d5c4cee0324e17Torne (Richard Coles) unsigned int alg_key_len; /* in bits */ 9609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) char alg_key[0]; 9709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles)}; 9806f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) 9906f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles)struct xfrm_algo_aead { 100f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) char alg_name[64]; 1016f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch unsigned int alg_key_len; /* in bits */ 102f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) unsigned int alg_icv_len; /* in bits */ 1036f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch char alg_key[0]; 1046f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch}; 105f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) 1069bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles)struct xfrm_stats { 107f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles) __u32 replay_window; 1089bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles) __u32 replay; 10906f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) __u32 integrity_failed; 1106f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch}; 1116f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch 1126f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdochenum 1136f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch{ 1146f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch XFRM_POLICY_TYPE_MAIN = 0, 1156f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch XFRM_POLICY_TYPE_SUB = 1, 1166f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch XFRM_POLICY_TYPE_MAX = 2, 1176f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch XFRM_POLICY_TYPE_ANY = 255 1186f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch}; 1196f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch 12006f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles)enum 12106f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles){ 12206f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) XFRM_POLICY_IN = 0, 12306f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) XFRM_POLICY_OUT = 1, 12406f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) XFRM_POLICY_FWD = 2, 1259bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles) XFRM_POLICY_MASK = 3, 12606f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) XFRM_POLICY_MAX = 3 127f6b7aed3f7ce69aca0d7a032d144cbd088b04393Torne (Richard Coles)}; 1286f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch 1296f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdochenum 1305c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles){ 1319bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles) XFRM_SHARE_ANY, /* No limitations */ 13210f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch XFRM_SHARE_SESSION, /* For this session only */ 13306f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles) XFRM_SHARE_USER, /* For this user only */ 13410f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch XFRM_SHARE_UNIQUE /* Use once */ 13506f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles)}; 13610f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch 13706f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles)#define XFRM_MODE_TRANSPORT 0 13806f816c7c76bc45a15e452ade8a34e8af077693eTorne (Richard Coles)#define XFRM_MODE_TUNNEL 1 1399bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles)#define XFRM_MODE_ROUTEOPTIMIZATION 2 1409bbd2f5e390b01907d97ecffde80aa1b06113aacTorne (Richard Coles)#define XFRM_MODE_IN_TRIGGER 3 141#define XFRM_MODE_BEET 4 142#define XFRM_MODE_MAX 5 143 144/* Netlink configuration messages. */ 145enum { 146 XFRM_MSG_BASE = 0x10, 147 148 XFRM_MSG_NEWSA = 0x10, 149#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA 150 XFRM_MSG_DELSA, 151#define XFRM_MSG_DELSA XFRM_MSG_DELSA 152 XFRM_MSG_GETSA, 153#define XFRM_MSG_GETSA XFRM_MSG_GETSA 154 155 XFRM_MSG_NEWPOLICY, 156#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY 157 XFRM_MSG_DELPOLICY, 158#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY 159 XFRM_MSG_GETPOLICY, 160#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY 161 162 XFRM_MSG_ALLOCSPI, 163#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI 164 XFRM_MSG_ACQUIRE, 165#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE 166 XFRM_MSG_EXPIRE, 167#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE 168 169 XFRM_MSG_UPDPOLICY, 170#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY 171 XFRM_MSG_UPDSA, 172#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA 173 174 XFRM_MSG_POLEXPIRE, 175#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE 176 177 XFRM_MSG_FLUSHSA, 178#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA 179 XFRM_MSG_FLUSHPOLICY, 180#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY 181 182 XFRM_MSG_NEWAE, 183#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE 184 XFRM_MSG_GETAE, 185#define XFRM_MSG_GETAE XFRM_MSG_GETAE 186 187 XFRM_MSG_REPORT, 188#define XFRM_MSG_REPORT XFRM_MSG_REPORT 189 190 XFRM_MSG_MIGRATE, 191#define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE 192 193 XFRM_MSG_NEWSADINFO, 194#define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO 195 XFRM_MSG_GETSADINFO, 196#define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO 197 198 XFRM_MSG_NEWSPDINFO, 199#define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO 200 XFRM_MSG_GETSPDINFO, 201#define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO 202 __XFRM_MSG_MAX 203}; 204#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) 205 206#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) 207 208/* 209 * Generic LSM security context for comunicating to user space 210 * NOTE: Same format as sadb_x_sec_ctx 211 */ 212struct xfrm_user_sec_ctx { 213 __u16 len; 214 __u16 exttype; 215 __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */ 216 __u8 ctx_doi; 217 __u16 ctx_len; 218}; 219 220struct xfrm_user_tmpl { 221 struct xfrm_id id; 222 __u16 family; 223 xfrm_address_t saddr; 224 __u32 reqid; 225 __u8 mode; 226 __u8 share; 227 __u8 optional; 228 __u32 aalgos; 229 __u32 ealgos; 230 __u32 calgos; 231}; 232 233struct xfrm_encap_tmpl { 234 __u16 encap_type; 235 __be16 encap_sport; 236 __be16 encap_dport; 237 xfrm_address_t encap_oa; 238}; 239 240/* AEVENT flags */ 241enum xfrm_ae_ftype_t { 242 XFRM_AE_UNSPEC, 243 XFRM_AE_RTHR=1, /* replay threshold*/ 244 XFRM_AE_RVAL=2, /* replay value */ 245 XFRM_AE_LVAL=4, /* lifetime value */ 246 XFRM_AE_ETHR=8, /* expiry timer threshold */ 247 XFRM_AE_CR=16, /* Event cause is replay update */ 248 XFRM_AE_CE=32, /* Event cause is timer expiry */ 249 XFRM_AE_CU=64, /* Event cause is policy update */ 250 __XFRM_AE_MAX 251 252#define XFRM_AE_MAX (__XFRM_AE_MAX - 1) 253}; 254 255struct xfrm_userpolicy_type { 256 __u8 type; 257 __u16 reserved1; 258 __u8 reserved2; 259}; 260 261/* Netlink message attributes. */ 262enum xfrm_attr_type_t { 263 XFRMA_UNSPEC, 264 XFRMA_ALG_AUTH, /* struct xfrm_algo */ 265 XFRMA_ALG_CRYPT, /* struct xfrm_algo */ 266 XFRMA_ALG_COMP, /* struct xfrm_algo */ 267 XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ 268 XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ 269 XFRMA_SA, 270 XFRMA_POLICY, 271 XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ 272 XFRMA_LTIME_VAL, 273 XFRMA_REPLAY_VAL, 274 XFRMA_REPLAY_THRESH, 275 XFRMA_ETIMER_THRESH, 276 XFRMA_SRCADDR, /* xfrm_address_t */ 277 XFRMA_COADDR, /* xfrm_address_t */ 278 XFRMA_LASTUSED, 279 XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ 280 XFRMA_MIGRATE, 281 XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ 282 __XFRMA_MAX 283 284#define XFRMA_MAX (__XFRMA_MAX - 1) 285}; 286 287enum xfrm_sadattr_type_t { 288 XFRMA_SAD_UNSPEC, 289 XFRMA_SAD_CNT, 290 XFRMA_SAD_HINFO, 291 __XFRMA_SAD_MAX 292 293#define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1) 294}; 295 296struct xfrmu_sadhinfo { 297 __u32 sadhcnt; /* current hash bkts */ 298 __u32 sadhmcnt; /* max allowed hash bkts */ 299}; 300 301enum xfrm_spdattr_type_t { 302 XFRMA_SPD_UNSPEC, 303 XFRMA_SPD_INFO, 304 XFRMA_SPD_HINFO, 305 __XFRMA_SPD_MAX 306 307#define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1) 308}; 309 310struct xfrmu_spdinfo { 311 __u32 incnt; 312 __u32 outcnt; 313 __u32 fwdcnt; 314 __u32 inscnt; 315 __u32 outscnt; 316 __u32 fwdscnt; 317}; 318 319struct xfrmu_spdhinfo { 320 __u32 spdhcnt; 321 __u32 spdhmcnt; 322}; 323 324struct xfrm_usersa_info { 325 struct xfrm_selector sel; 326 struct xfrm_id id; 327 xfrm_address_t saddr; 328 struct xfrm_lifetime_cfg lft; 329 struct xfrm_lifetime_cur curlft; 330 struct xfrm_stats stats; 331 __u32 seq; 332 __u32 reqid; 333 __u16 family; 334 __u8 mode; /* XFRM_MODE_xxx */ 335 __u8 replay_window; 336 __u8 flags; 337#define XFRM_STATE_NOECN 1 338#define XFRM_STATE_DECAP_DSCP 2 339#define XFRM_STATE_NOPMTUDISC 4 340#define XFRM_STATE_WILDRECV 8 341#define XFRM_STATE_ICMP 16 342}; 343 344struct xfrm_usersa_id { 345 xfrm_address_t daddr; 346 __be32 spi; 347 __u16 family; 348 __u8 proto; 349}; 350 351struct xfrm_aevent_id { 352 struct xfrm_usersa_id sa_id; 353 xfrm_address_t saddr; 354 __u32 flags; 355 __u32 reqid; 356}; 357 358struct xfrm_userspi_info { 359 struct xfrm_usersa_info info; 360 __u32 min; 361 __u32 max; 362}; 363 364struct xfrm_userpolicy_info { 365 struct xfrm_selector sel; 366 struct xfrm_lifetime_cfg lft; 367 struct xfrm_lifetime_cur curlft; 368 __u32 priority; 369 __u32 index; 370 __u8 dir; 371 __u8 action; 372#define XFRM_POLICY_ALLOW 0 373#define XFRM_POLICY_BLOCK 1 374 __u8 flags; 375#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ 376 /* Automatically expand selector to include matching ICMP payloads. */ 377#define XFRM_POLICY_ICMP 2 378 __u8 share; 379}; 380 381struct xfrm_userpolicy_id { 382 struct xfrm_selector sel; 383 __u32 index; 384 __u8 dir; 385}; 386 387struct xfrm_user_acquire { 388 struct xfrm_id id; 389 xfrm_address_t saddr; 390 struct xfrm_selector sel; 391 struct xfrm_userpolicy_info policy; 392 __u32 aalgos; 393 __u32 ealgos; 394 __u32 calgos; 395 __u32 seq; 396}; 397 398struct xfrm_user_expire { 399 struct xfrm_usersa_info state; 400 __u8 hard; 401}; 402 403struct xfrm_user_polexpire { 404 struct xfrm_userpolicy_info pol; 405 __u8 hard; 406}; 407 408struct xfrm_usersa_flush { 409 __u8 proto; 410}; 411 412struct xfrm_user_report { 413 __u8 proto; 414 struct xfrm_selector sel; 415}; 416 417struct xfrm_user_migrate { 418 xfrm_address_t old_daddr; 419 xfrm_address_t old_saddr; 420 xfrm_address_t new_daddr; 421 xfrm_address_t new_saddr; 422 __u8 proto; 423 __u8 mode; 424 __u16 reserved; 425 __u32 reqid; 426 __u16 old_family; 427 __u16 new_family; 428}; 429 430/* backwards compatibility for userspace */ 431#define XFRMGRP_ACQUIRE 1 432#define XFRMGRP_EXPIRE 2 433#define XFRMGRP_SA 4 434#define XFRMGRP_POLICY 8 435#define XFRMGRP_REPORT 0x20 436 437enum xfrm_nlgroups { 438 XFRMNLGRP_NONE, 439#define XFRMNLGRP_NONE XFRMNLGRP_NONE 440 XFRMNLGRP_ACQUIRE, 441#define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE 442 XFRMNLGRP_EXPIRE, 443#define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE 444 XFRMNLGRP_SA, 445#define XFRMNLGRP_SA XFRMNLGRP_SA 446 XFRMNLGRP_POLICY, 447#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY 448 XFRMNLGRP_AEVENTS, 449#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS 450 XFRMNLGRP_REPORT, 451#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT 452 XFRMNLGRP_MIGRATE, 453#define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE 454 __XFRMNLGRP_MAX 455}; 456#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) 457 458#endif /* _LINUX_XFRM_H */ 459