xfrm.h revision d7384952fc627d39d64a3877764f7cbd6d149639
1#ifndef _LINUX_XFRM_H 2#define _LINUX_XFRM_H 3 4#include <linux/types.h> 5 6/* All of the structures in this file may not change size as they are 7 * passed into the kernel from userspace via netlink sockets. 8 */ 9 10/* Structure to encapsulate addresses. I do not want to use 11 * "standard" structure. My apologies. 12 */ 13typedef union 14{ 15 __u32 a4; 16 __u32 a6[4]; 17} xfrm_address_t; 18 19/* Ident of a specific xfrm_state. It is used on input to lookup 20 * the state by (spi,daddr,ah/esp) or to store information about 21 * spi, protocol and tunnel address on output. 22 */ 23struct xfrm_id 24{ 25 xfrm_address_t daddr; 26 __u32 spi; 27 __u8 proto; 28}; 29 30/* Selector, used as selector both on policy rules (SPD) and SAs. */ 31 32struct xfrm_selector 33{ 34 xfrm_address_t daddr; 35 xfrm_address_t saddr; 36 __u16 dport; 37 __u16 dport_mask; 38 __u16 sport; 39 __u16 sport_mask; 40 __u16 family; 41 __u8 prefixlen_d; 42 __u8 prefixlen_s; 43 __u8 proto; 44 int ifindex; 45 uid_t user; 46}; 47 48#define XFRM_INF (~(__u64)0) 49 50struct xfrm_lifetime_cfg 51{ 52 __u64 soft_byte_limit; 53 __u64 hard_byte_limit; 54 __u64 soft_packet_limit; 55 __u64 hard_packet_limit; 56 __u64 soft_add_expires_seconds; 57 __u64 hard_add_expires_seconds; 58 __u64 soft_use_expires_seconds; 59 __u64 hard_use_expires_seconds; 60}; 61 62struct xfrm_lifetime_cur 63{ 64 __u64 bytes; 65 __u64 packets; 66 __u64 add_time; 67 __u64 use_time; 68}; 69 70struct xfrm_replay_state 71{ 72 __u32 oseq; 73 __u32 seq; 74 __u32 bitmap; 75}; 76 77struct xfrm_algo { 78 char alg_name[64]; 79 int alg_key_len; /* in bits */ 80 char alg_key[0]; 81}; 82 83struct xfrm_stats { 84 __u32 replay_window; 85 __u32 replay; 86 __u32 integrity_failed; 87}; 88 89enum 90{ 91 XFRM_POLICY_IN = 0, 92 XFRM_POLICY_OUT = 1, 93 XFRM_POLICY_FWD = 2, 94 XFRM_POLICY_MAX = 3 95}; 96 97enum 98{ 99 XFRM_SHARE_ANY, /* No limitations */ 100 XFRM_SHARE_SESSION, /* For this session only */ 101 XFRM_SHARE_USER, /* For this user only */ 102 XFRM_SHARE_UNIQUE /* Use once */ 103}; 104 105/* Netlink configuration messages. */ 106enum { 107 XFRM_MSG_BASE = 0x10, 108 109 XFRM_MSG_NEWSA = 0x10, 110#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA 111 XFRM_MSG_DELSA, 112#define XFRM_MSG_DELSA XFRM_MSG_DELSA 113 XFRM_MSG_GETSA, 114#define XFRM_MSG_GETSA XFRM_MSG_GETSA 115 116 XFRM_MSG_NEWPOLICY, 117#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY 118 XFRM_MSG_DELPOLICY, 119#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY 120 XFRM_MSG_GETPOLICY, 121#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY 122 123 XFRM_MSG_ALLOCSPI, 124#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI 125 XFRM_MSG_ACQUIRE, 126#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE 127 XFRM_MSG_EXPIRE, 128#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE 129 130 XFRM_MSG_UPDPOLICY, 131#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY 132 XFRM_MSG_UPDSA, 133#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA 134 135 XFRM_MSG_POLEXPIRE, 136#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE 137 138 XFRM_MSG_FLUSHSA, 139#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA 140 XFRM_MSG_FLUSHPOLICY, 141#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY 142 143 XFRM_MSG_MAX 144}; 145 146struct xfrm_user_tmpl { 147 struct xfrm_id id; 148 __u16 family; 149 xfrm_address_t saddr; 150 __u32 reqid; 151 __u8 mode; 152 __u8 share; 153 __u8 optional; 154 __u32 aalgos; 155 __u32 ealgos; 156 __u32 calgos; 157}; 158 159struct xfrm_encap_tmpl { 160 __u16 encap_type; 161 __u16 encap_sport; 162 __u16 encap_dport; 163 xfrm_address_t encap_oa; 164}; 165 166/* Netlink message attributes. */ 167enum xfrm_attr_type_t { 168 XFRMA_UNSPEC, 169 XFRMA_ALG_AUTH, /* struct xfrm_algo */ 170 XFRMA_ALG_CRYPT, /* struct xfrm_algo */ 171 XFRMA_ALG_COMP, /* struct xfrm_algo */ 172 XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ 173 XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ 174 __XFRMA_MAX 175 176#define XFRMA_MAX (__XFRMA_MAX - 1) 177}; 178 179struct xfrm_usersa_info { 180 struct xfrm_selector sel; 181 struct xfrm_id id; 182 xfrm_address_t saddr; 183 struct xfrm_lifetime_cfg lft; 184 struct xfrm_lifetime_cur curlft; 185 struct xfrm_stats stats; 186 __u32 seq; 187 __u32 reqid; 188 __u16 family; 189 __u8 mode; /* 0=transport,1=tunnel */ 190 __u8 replay_window; 191 __u8 flags; 192#define XFRM_STATE_NOECN 1 193}; 194 195struct xfrm_usersa_id { 196 xfrm_address_t daddr; 197 __u32 spi; 198 __u16 family; 199 __u8 proto; 200}; 201 202struct xfrm_userspi_info { 203 struct xfrm_usersa_info info; 204 __u32 min; 205 __u32 max; 206}; 207 208struct xfrm_userpolicy_info { 209 struct xfrm_selector sel; 210 struct xfrm_lifetime_cfg lft; 211 struct xfrm_lifetime_cur curlft; 212 __u32 priority; 213 __u32 index; 214 __u8 dir; 215 __u8 action; 216#define XFRM_POLICY_ALLOW 0 217#define XFRM_POLICY_BLOCK 1 218 __u8 flags; 219#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ 220 __u8 share; 221}; 222 223struct xfrm_userpolicy_id { 224 struct xfrm_selector sel; 225 __u32 index; 226 __u8 dir; 227}; 228 229struct xfrm_user_acquire { 230 struct xfrm_id id; 231 xfrm_address_t saddr; 232 struct xfrm_selector sel; 233 struct xfrm_userpolicy_info policy; 234 __u32 aalgos; 235 __u32 ealgos; 236 __u32 calgos; 237 __u32 seq; 238}; 239 240struct xfrm_user_expire { 241 struct xfrm_usersa_info state; 242 __u8 hard; 243}; 244 245struct xfrm_user_polexpire { 246 struct xfrm_userpolicy_info pol; 247 __u8 hard; 248}; 249 250struct xfrm_usersa_flush { 251 __u8 proto; 252}; 253 254#define XFRMGRP_ACQUIRE 1 255#define XFRMGRP_EXPIRE 2 256 257#endif /* _LINUX_XFRM_H */ 258