xfrm.h revision d7384952fc627d39d64a3877764f7cbd6d149639 
1#ifndef _LINUX_XFRM_H
2#define _LINUX_XFRM_H
3
4#include <linux/types.h>
5
6/* All of the structures in this file may not change size as they are
7 * passed into the kernel from userspace via netlink sockets.
8 */
9
10/* Structure to encapsulate addresses. I do not want to use
11 * "standard" structure. My apologies.
12 */
13typedef union
14{
15	__u32		a4;
16	__u32		a6[4];
17} xfrm_address_t;
18
19/* Ident of a specific xfrm_state. It is used on input to lookup
20 * the state by (spi,daddr,ah/esp) or to store information about
21 * spi, protocol and tunnel address on output.
22 */
23struct xfrm_id
24{
25	xfrm_address_t	daddr;
26	__u32		spi;
27	__u8		proto;
28};
29
30/* Selector, used as selector both on policy rules (SPD) and SAs. */
31
32struct xfrm_selector
33{
34	xfrm_address_t	daddr;
35	xfrm_address_t	saddr;
36	__u16	dport;
37	__u16	dport_mask;
38	__u16	sport;
39	__u16	sport_mask;
40	__u16	family;
41	__u8	prefixlen_d;
42	__u8	prefixlen_s;
43	__u8	proto;
44	int	ifindex;
45	uid_t	user;
46};
47
48#define XFRM_INF (~(__u64)0)
49
50struct xfrm_lifetime_cfg
51{
52	__u64	soft_byte_limit;
53	__u64	hard_byte_limit;
54	__u64	soft_packet_limit;
55	__u64	hard_packet_limit;
56	__u64	soft_add_expires_seconds;
57	__u64	hard_add_expires_seconds;
58	__u64	soft_use_expires_seconds;
59	__u64	hard_use_expires_seconds;
60};
61
62struct xfrm_lifetime_cur
63{
64	__u64	bytes;
65	__u64	packets;
66	__u64	add_time;
67	__u64	use_time;
68};
69
70struct xfrm_replay_state
71{
72	__u32	oseq;
73	__u32	seq;
74	__u32	bitmap;
75};
76
77struct xfrm_algo {
78	char	alg_name[64];
79	int	alg_key_len;    /* in bits */
80	char	alg_key[0];
81};
82
83struct xfrm_stats {
84	__u32	replay_window;
85	__u32	replay;
86	__u32	integrity_failed;
87};
88
89enum
90{
91	XFRM_POLICY_IN	= 0,
92	XFRM_POLICY_OUT	= 1,
93	XFRM_POLICY_FWD	= 2,
94	XFRM_POLICY_MAX	= 3
95};
96
97enum
98{
99	XFRM_SHARE_ANY,		/* No limitations */
100	XFRM_SHARE_SESSION,	/* For this session only */
101	XFRM_SHARE_USER,	/* For this user only */
102	XFRM_SHARE_UNIQUE	/* Use once */
103};
104
105/* Netlink configuration messages.  */
106enum {
107	XFRM_MSG_BASE = 0x10,
108
109	XFRM_MSG_NEWSA = 0x10,
110#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
111	XFRM_MSG_DELSA,
112#define XFRM_MSG_DELSA XFRM_MSG_DELSA
113	XFRM_MSG_GETSA,
114#define XFRM_MSG_GETSA XFRM_MSG_GETSA
115
116	XFRM_MSG_NEWPOLICY,
117#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
118	XFRM_MSG_DELPOLICY,
119#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
120	XFRM_MSG_GETPOLICY,
121#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
122
123	XFRM_MSG_ALLOCSPI,
124#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
125	XFRM_MSG_ACQUIRE,
126#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
127	XFRM_MSG_EXPIRE,
128#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
129
130	XFRM_MSG_UPDPOLICY,
131#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
132	XFRM_MSG_UPDSA,
133#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
134
135	XFRM_MSG_POLEXPIRE,
136#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
137
138	XFRM_MSG_FLUSHSA,
139#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
140	XFRM_MSG_FLUSHPOLICY,
141#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
142
143	XFRM_MSG_MAX
144};
145
146struct xfrm_user_tmpl {
147	struct xfrm_id		id;
148	__u16			family;
149	xfrm_address_t		saddr;
150	__u32			reqid;
151	__u8			mode;
152	__u8			share;
153	__u8			optional;
154	__u32			aalgos;
155	__u32			ealgos;
156	__u32			calgos;
157};
158
159struct xfrm_encap_tmpl {
160	__u16		encap_type;
161	__u16		encap_sport;
162	__u16		encap_dport;
163	xfrm_address_t	encap_oa;
164};
165
166/* Netlink message attributes.  */
167enum xfrm_attr_type_t {
168	XFRMA_UNSPEC,
169	XFRMA_ALG_AUTH,		/* struct xfrm_algo */
170	XFRMA_ALG_CRYPT,	/* struct xfrm_algo */
171	XFRMA_ALG_COMP,		/* struct xfrm_algo */
172	XFRMA_ENCAP,		/* struct xfrm_algo + struct xfrm_encap_tmpl */
173	XFRMA_TMPL,		/* 1 or more struct xfrm_user_tmpl */
174	__XFRMA_MAX
175
176#define XFRMA_MAX (__XFRMA_MAX - 1)
177};
178
179struct xfrm_usersa_info {
180	struct xfrm_selector		sel;
181	struct xfrm_id			id;
182	xfrm_address_t			saddr;
183	struct xfrm_lifetime_cfg	lft;
184	struct xfrm_lifetime_cur	curlft;
185	struct xfrm_stats		stats;
186	__u32				seq;
187	__u32				reqid;
188	__u16				family;
189	__u8				mode; /* 0=transport,1=tunnel */
190	__u8				replay_window;
191	__u8				flags;
192#define XFRM_STATE_NOECN	1
193};
194
195struct xfrm_usersa_id {
196	xfrm_address_t			daddr;
197	__u32				spi;
198	__u16				family;
199	__u8				proto;
200};
201
202struct xfrm_userspi_info {
203	struct xfrm_usersa_info		info;
204	__u32				min;
205	__u32				max;
206};
207
208struct xfrm_userpolicy_info {
209	struct xfrm_selector		sel;
210	struct xfrm_lifetime_cfg	lft;
211	struct xfrm_lifetime_cur	curlft;
212	__u32				priority;
213	__u32				index;
214	__u8				dir;
215	__u8				action;
216#define XFRM_POLICY_ALLOW	0
217#define XFRM_POLICY_BLOCK	1
218	__u8				flags;
219#define XFRM_POLICY_LOCALOK	1	/* Allow user to override global policy */
220	__u8				share;
221};
222
223struct xfrm_userpolicy_id {
224	struct xfrm_selector		sel;
225	__u32				index;
226	__u8				dir;
227};
228
229struct xfrm_user_acquire {
230	struct xfrm_id			id;
231	xfrm_address_t			saddr;
232	struct xfrm_selector		sel;
233	struct xfrm_userpolicy_info	policy;
234	__u32				aalgos;
235	__u32				ealgos;
236	__u32				calgos;
237	__u32				seq;
238};
239
240struct xfrm_user_expire {
241	struct xfrm_usersa_info		state;
242	__u8				hard;
243};
244
245struct xfrm_user_polexpire {
246	struct xfrm_userpolicy_info	pol;
247	__u8				hard;
248};
249
250struct xfrm_usersa_flush {
251	__u8				proto;
252};
253
254#define XFRMGRP_ACQUIRE		1
255#define XFRMGRP_EXPIRE		2
256
257#endif /* _LINUX_XFRM_H */
258