Root/
1 | #ifndef _LINUX_XFRM_H |
2 | #define _LINUX_XFRM_H |
3 | |
4 | #include <linux/types.h> |
5 | |
6 | /* All of the structures in this file may not change size as they are |
7 | * passed into the kernel from userspace via netlink sockets. |
8 | */ |
9 | |
10 | /* Structure to encapsulate addresses. I do not want to use |
11 | * "standard" structure. My apologies. |
12 | */ |
13 | typedef union { |
14 | __be32 a4; |
15 | __be32 a6[4]; |
16 | } xfrm_address_t; |
17 | |
18 | /* Ident of a specific xfrm_state. It is used on input to lookup |
19 | * the state by (spi,daddr,ah/esp) or to store information about |
20 | * spi, protocol and tunnel address on output. |
21 | */ |
22 | struct xfrm_id { |
23 | xfrm_address_t daddr; |
24 | __be32 spi; |
25 | __u8 proto; |
26 | }; |
27 | |
28 | struct xfrm_sec_ctx { |
29 | __u8 ctx_doi; |
30 | __u8 ctx_alg; |
31 | __u16 ctx_len; |
32 | __u32 ctx_sid; |
33 | char ctx_str[0]; |
34 | }; |
35 | |
36 | /* Security Context Domains of Interpretation */ |
37 | #define XFRM_SC_DOI_RESERVED 0 |
38 | #define XFRM_SC_DOI_LSM 1 |
39 | |
40 | /* Security Context Algorithms */ |
41 | #define XFRM_SC_ALG_RESERVED 0 |
42 | #define XFRM_SC_ALG_SELINUX 1 |
43 | |
44 | /* Selector, used as selector both on policy rules (SPD) and SAs. */ |
45 | |
46 | struct xfrm_selector { |
47 | xfrm_address_t daddr; |
48 | xfrm_address_t saddr; |
49 | __be16 dport; |
50 | __be16 dport_mask; |
51 | __be16 sport; |
52 | __be16 sport_mask; |
53 | __u16 family; |
54 | __u8 prefixlen_d; |
55 | __u8 prefixlen_s; |
56 | __u8 proto; |
57 | int ifindex; |
58 | __kernel_uid32_t user; |
59 | }; |
60 | |
61 | #define XFRM_INF (~(__u64)0) |
62 | |
63 | struct xfrm_lifetime_cfg { |
64 | __u64 soft_byte_limit; |
65 | __u64 hard_byte_limit; |
66 | __u64 soft_packet_limit; |
67 | __u64 hard_packet_limit; |
68 | __u64 soft_add_expires_seconds; |
69 | __u64 hard_add_expires_seconds; |
70 | __u64 soft_use_expires_seconds; |
71 | __u64 hard_use_expires_seconds; |
72 | }; |
73 | |
74 | struct xfrm_lifetime_cur { |
75 | __u64 bytes; |
76 | __u64 packets; |
77 | __u64 add_time; |
78 | __u64 use_time; |
79 | }; |
80 | |
81 | struct xfrm_replay_state { |
82 | __u32 oseq; |
83 | __u32 seq; |
84 | __u32 bitmap; |
85 | }; |
86 | |
87 | struct xfrm_algo { |
88 | char alg_name[64]; |
89 | unsigned int alg_key_len; /* in bits */ |
90 | char alg_key[0]; |
91 | }; |
92 | |
93 | struct xfrm_algo_auth { |
94 | char alg_name[64]; |
95 | unsigned int alg_key_len; /* in bits */ |
96 | unsigned int alg_trunc_len; /* in bits */ |
97 | char alg_key[0]; |
98 | }; |
99 | |
100 | struct xfrm_algo_aead { |
101 | char alg_name[64]; |
102 | unsigned int alg_key_len; /* in bits */ |
103 | unsigned int alg_icv_len; /* in bits */ |
104 | char alg_key[0]; |
105 | }; |
106 | |
107 | struct xfrm_stats { |
108 | __u32 replay_window; |
109 | __u32 replay; |
110 | __u32 integrity_failed; |
111 | }; |
112 | |
113 | enum { |
114 | XFRM_POLICY_TYPE_MAIN = 0, |
115 | XFRM_POLICY_TYPE_SUB = 1, |
116 | XFRM_POLICY_TYPE_MAX = 2, |
117 | XFRM_POLICY_TYPE_ANY = 255 |
118 | }; |
119 | |
120 | enum { |
121 | XFRM_POLICY_IN = 0, |
122 | XFRM_POLICY_OUT = 1, |
123 | XFRM_POLICY_FWD = 2, |
124 | XFRM_POLICY_MASK = 3, |
125 | XFRM_POLICY_MAX = 3 |
126 | }; |
127 | |
128 | enum { |
129 | XFRM_SHARE_ANY, /* No limitations */ |
130 | XFRM_SHARE_SESSION, /* For this session only */ |
131 | XFRM_SHARE_USER, /* For this user only */ |
132 | XFRM_SHARE_UNIQUE /* Use once */ |
133 | }; |
134 | |
135 | #define XFRM_MODE_TRANSPORT 0 |
136 | #define XFRM_MODE_TUNNEL 1 |
137 | #define XFRM_MODE_ROUTEOPTIMIZATION 2 |
138 | #define XFRM_MODE_IN_TRIGGER 3 |
139 | #define XFRM_MODE_BEET 4 |
140 | #define XFRM_MODE_MAX 5 |
141 | |
142 | /* Netlink configuration messages. */ |
143 | enum { |
144 | XFRM_MSG_BASE = 0x10, |
145 | |
146 | XFRM_MSG_NEWSA = 0x10, |
147 | #define XFRM_MSG_NEWSA XFRM_MSG_NEWSA |
148 | XFRM_MSG_DELSA, |
149 | #define XFRM_MSG_DELSA XFRM_MSG_DELSA |
150 | XFRM_MSG_GETSA, |
151 | #define XFRM_MSG_GETSA XFRM_MSG_GETSA |
152 | |
153 | XFRM_MSG_NEWPOLICY, |
154 | #define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY |
155 | XFRM_MSG_DELPOLICY, |
156 | #define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY |
157 | XFRM_MSG_GETPOLICY, |
158 | #define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY |
159 | |
160 | XFRM_MSG_ALLOCSPI, |
161 | #define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI |
162 | XFRM_MSG_ACQUIRE, |
163 | #define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE |
164 | XFRM_MSG_EXPIRE, |
165 | #define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE |
166 | |
167 | XFRM_MSG_UPDPOLICY, |
168 | #define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY |
169 | XFRM_MSG_UPDSA, |
170 | #define XFRM_MSG_UPDSA XFRM_MSG_UPDSA |
171 | |
172 | XFRM_MSG_POLEXPIRE, |
173 | #define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE |
174 | |
175 | XFRM_MSG_FLUSHSA, |
176 | #define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA |
177 | XFRM_MSG_FLUSHPOLICY, |
178 | #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY |
179 | |
180 | XFRM_MSG_NEWAE, |
181 | #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE |
182 | XFRM_MSG_GETAE, |
183 | #define XFRM_MSG_GETAE XFRM_MSG_GETAE |
184 | |
185 | XFRM_MSG_REPORT, |
186 | #define XFRM_MSG_REPORT XFRM_MSG_REPORT |
187 | |
188 | XFRM_MSG_MIGRATE, |
189 | #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE |
190 | |
191 | XFRM_MSG_NEWSADINFO, |
192 | #define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO |
193 | XFRM_MSG_GETSADINFO, |
194 | #define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO |
195 | |
196 | XFRM_MSG_NEWSPDINFO, |
197 | #define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO |
198 | XFRM_MSG_GETSPDINFO, |
199 | #define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO |
200 | |
201 | XFRM_MSG_MAPPING, |
202 | #define XFRM_MSG_MAPPING XFRM_MSG_MAPPING |
203 | __XFRM_MSG_MAX |
204 | }; |
205 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) |
206 | |
207 | #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) |
208 | |
209 | /* |
210 | * Generic LSM security context for comunicating to user space |
211 | * NOTE: Same format as sadb_x_sec_ctx |
212 | */ |
213 | struct xfrm_user_sec_ctx { |
214 | __u16 len; |
215 | __u16 exttype; |
216 | __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */ |
217 | __u8 ctx_doi; |
218 | __u16 ctx_len; |
219 | }; |
220 | |
221 | struct xfrm_user_tmpl { |
222 | struct xfrm_id id; |
223 | __u16 family; |
224 | xfrm_address_t saddr; |
225 | __u32 reqid; |
226 | __u8 mode; |
227 | __u8 share; |
228 | __u8 optional; |
229 | __u32 aalgos; |
230 | __u32 ealgos; |
231 | __u32 calgos; |
232 | }; |
233 | |
234 | struct xfrm_encap_tmpl { |
235 | __u16 encap_type; |
236 | __be16 encap_sport; |
237 | __be16 encap_dport; |
238 | xfrm_address_t encap_oa; |
239 | }; |
240 | |
241 | /* AEVENT flags */ |
242 | enum xfrm_ae_ftype_t { |
243 | XFRM_AE_UNSPEC, |
244 | XFRM_AE_RTHR=1, /* replay threshold*/ |
245 | XFRM_AE_RVAL=2, /* replay value */ |
246 | XFRM_AE_LVAL=4, /* lifetime value */ |
247 | XFRM_AE_ETHR=8, /* expiry timer threshold */ |
248 | XFRM_AE_CR=16, /* Event cause is replay update */ |
249 | XFRM_AE_CE=32, /* Event cause is timer expiry */ |
250 | XFRM_AE_CU=64, /* Event cause is policy update */ |
251 | __XFRM_AE_MAX |
252 | |
253 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) |
254 | }; |
255 | |
256 | struct xfrm_userpolicy_type { |
257 | __u8 type; |
258 | __u16 reserved1; |
259 | __u8 reserved2; |
260 | }; |
261 | |
262 | /* Netlink message attributes. */ |
263 | enum xfrm_attr_type_t { |
264 | XFRMA_UNSPEC, |
265 | XFRMA_ALG_AUTH, /* struct xfrm_algo */ |
266 | XFRMA_ALG_CRYPT, /* struct xfrm_algo */ |
267 | XFRMA_ALG_COMP, /* struct xfrm_algo */ |
268 | XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ |
269 | XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ |
270 | XFRMA_SA, /* struct xfrm_usersa_info */ |
271 | XFRMA_POLICY, /*struct xfrm_userpolicy_info */ |
272 | XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ |
273 | XFRMA_LTIME_VAL, |
274 | XFRMA_REPLAY_VAL, |
275 | XFRMA_REPLAY_THRESH, |
276 | XFRMA_ETIMER_THRESH, |
277 | XFRMA_SRCADDR, /* xfrm_address_t */ |
278 | XFRMA_COADDR, /* xfrm_address_t */ |
279 | XFRMA_LASTUSED, /* unsigned long */ |
280 | XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ |
281 | XFRMA_MIGRATE, |
282 | XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ |
283 | XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ |
284 | XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ |
285 | XFRMA_MARK, /* struct xfrm_mark */ |
286 | __XFRMA_MAX |
287 | |
288 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
289 | }; |
290 | |
291 | struct xfrm_mark { |
292 | __u32 v; /* value */ |
293 | __u32 m; /* mask */ |
294 | }; |
295 | |
296 | enum xfrm_sadattr_type_t { |
297 | XFRMA_SAD_UNSPEC, |
298 | XFRMA_SAD_CNT, |
299 | XFRMA_SAD_HINFO, |
300 | __XFRMA_SAD_MAX |
301 | |
302 | #define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1) |
303 | }; |
304 | |
305 | struct xfrmu_sadhinfo { |
306 | __u32 sadhcnt; /* current hash bkts */ |
307 | __u32 sadhmcnt; /* max allowed hash bkts */ |
308 | }; |
309 | |
310 | enum xfrm_spdattr_type_t { |
311 | XFRMA_SPD_UNSPEC, |
312 | XFRMA_SPD_INFO, |
313 | XFRMA_SPD_HINFO, |
314 | __XFRMA_SPD_MAX |
315 | |
316 | #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1) |
317 | }; |
318 | |
319 | struct xfrmu_spdinfo { |
320 | __u32 incnt; |
321 | __u32 outcnt; |
322 | __u32 fwdcnt; |
323 | __u32 inscnt; |
324 | __u32 outscnt; |
325 | __u32 fwdscnt; |
326 | }; |
327 | |
328 | struct xfrmu_spdhinfo { |
329 | __u32 spdhcnt; |
330 | __u32 spdhmcnt; |
331 | }; |
332 | |
333 | struct xfrm_usersa_info { |
334 | struct xfrm_selector sel; |
335 | struct xfrm_id id; |
336 | xfrm_address_t saddr; |
337 | struct xfrm_lifetime_cfg lft; |
338 | struct xfrm_lifetime_cur curlft; |
339 | struct xfrm_stats stats; |
340 | __u32 seq; |
341 | __u32 reqid; |
342 | __u16 family; |
343 | __u8 mode; /* XFRM_MODE_xxx */ |
344 | __u8 replay_window; |
345 | __u8 flags; |
346 | #define XFRM_STATE_NOECN 1 |
347 | #define XFRM_STATE_DECAP_DSCP 2 |
348 | #define XFRM_STATE_NOPMTUDISC 4 |
349 | #define XFRM_STATE_WILDRECV 8 |
350 | #define XFRM_STATE_ICMP 16 |
351 | #define XFRM_STATE_AF_UNSPEC 32 |
352 | }; |
353 | |
354 | struct xfrm_usersa_id { |
355 | xfrm_address_t daddr; |
356 | __be32 spi; |
357 | __u16 family; |
358 | __u8 proto; |
359 | }; |
360 | |
361 | struct xfrm_aevent_id { |
362 | struct xfrm_usersa_id sa_id; |
363 | xfrm_address_t saddr; |
364 | __u32 flags; |
365 | __u32 reqid; |
366 | }; |
367 | |
368 | struct xfrm_userspi_info { |
369 | struct xfrm_usersa_info info; |
370 | __u32 min; |
371 | __u32 max; |
372 | }; |
373 | |
374 | struct xfrm_userpolicy_info { |
375 | struct xfrm_selector sel; |
376 | struct xfrm_lifetime_cfg lft; |
377 | struct xfrm_lifetime_cur curlft; |
378 | __u32 priority; |
379 | __u32 index; |
380 | __u8 dir; |
381 | __u8 action; |
382 | #define XFRM_POLICY_ALLOW 0 |
383 | #define XFRM_POLICY_BLOCK 1 |
384 | __u8 flags; |
385 | #define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ |
386 | /* Automatically expand selector to include matching ICMP payloads. */ |
387 | #define XFRM_POLICY_ICMP 2 |
388 | __u8 share; |
389 | }; |
390 | |
391 | struct xfrm_userpolicy_id { |
392 | struct xfrm_selector sel; |
393 | __u32 index; |
394 | __u8 dir; |
395 | }; |
396 | |
397 | struct xfrm_user_acquire { |
398 | struct xfrm_id id; |
399 | xfrm_address_t saddr; |
400 | struct xfrm_selector sel; |
401 | struct xfrm_userpolicy_info policy; |
402 | __u32 aalgos; |
403 | __u32 ealgos; |
404 | __u32 calgos; |
405 | __u32 seq; |
406 | }; |
407 | |
408 | struct xfrm_user_expire { |
409 | struct xfrm_usersa_info state; |
410 | __u8 hard; |
411 | }; |
412 | |
413 | struct xfrm_user_polexpire { |
414 | struct xfrm_userpolicy_info pol; |
415 | __u8 hard; |
416 | }; |
417 | |
418 | struct xfrm_usersa_flush { |
419 | __u8 proto; |
420 | }; |
421 | |
422 | struct xfrm_user_report { |
423 | __u8 proto; |
424 | struct xfrm_selector sel; |
425 | }; |
426 | |
427 | /* Used by MIGRATE to pass addresses IKE should use to perform |
428 | * SA negotiation with the peer */ |
429 | struct xfrm_user_kmaddress { |
430 | xfrm_address_t local; |
431 | xfrm_address_t remote; |
432 | __u32 reserved; |
433 | __u16 family; |
434 | }; |
435 | |
436 | struct xfrm_user_migrate { |
437 | xfrm_address_t old_daddr; |
438 | xfrm_address_t old_saddr; |
439 | xfrm_address_t new_daddr; |
440 | xfrm_address_t new_saddr; |
441 | __u8 proto; |
442 | __u8 mode; |
443 | __u16 reserved; |
444 | __u32 reqid; |
445 | __u16 old_family; |
446 | __u16 new_family; |
447 | }; |
448 | |
449 | struct xfrm_user_mapping { |
450 | struct xfrm_usersa_id id; |
451 | __u32 reqid; |
452 | xfrm_address_t old_saddr; |
453 | xfrm_address_t new_saddr; |
454 | __be16 old_sport; |
455 | __be16 new_sport; |
456 | }; |
457 | |
458 | #ifndef __KERNEL__ |
459 | /* backwards compatibility for userspace */ |
460 | #define XFRMGRP_ACQUIRE 1 |
461 | #define XFRMGRP_EXPIRE 2 |
462 | #define XFRMGRP_SA 4 |
463 | #define XFRMGRP_POLICY 8 |
464 | #define XFRMGRP_REPORT 0x20 |
465 | #endif |
466 | |
467 | enum xfrm_nlgroups { |
468 | XFRMNLGRP_NONE, |
469 | #define XFRMNLGRP_NONE XFRMNLGRP_NONE |
470 | XFRMNLGRP_ACQUIRE, |
471 | #define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE |
472 | XFRMNLGRP_EXPIRE, |
473 | #define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE |
474 | XFRMNLGRP_SA, |
475 | #define XFRMNLGRP_SA XFRMNLGRP_SA |
476 | XFRMNLGRP_POLICY, |
477 | #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY |
478 | XFRMNLGRP_AEVENTS, |
479 | #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS |
480 | XFRMNLGRP_REPORT, |
481 | #define XFRMNLGRP_REPORT XFRMNLGRP_REPORT |
482 | XFRMNLGRP_MIGRATE, |
483 | #define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE |
484 | XFRMNLGRP_MAPPING, |
485 | #define XFRMNLGRP_MAPPING XFRMNLGRP_MAPPING |
486 | __XFRMNLGRP_MAX |
487 | }; |
488 | #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) |
489 | |
490 | #endif /* _LINUX_XFRM_H */ |
491 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9