Root/
1 | #ifndef _LINUX_XFRM_H |
2 | #define _LINUX_XFRM_H |
3 | |
4 | #include <linux/types.h> |
5 | |
6 | /* All of the structures in this file may not change size as they are |
7 | * passed into the kernel from userspace via netlink sockets. |
8 | */ |
9 | |
10 | /* Structure to encapsulate addresses. I do not want to use |
11 | * "standard" structure. My apologies. |
12 | */ |
13 | typedef union { |
14 | __be32 a4; |
15 | __be32 a6[4]; |
16 | } xfrm_address_t; |
17 | |
18 | /* Ident of a specific xfrm_state. It is used on input to lookup |
19 | * the state by (spi,daddr,ah/esp) or to store information about |
20 | * spi, protocol and tunnel address on output. |
21 | */ |
22 | struct xfrm_id { |
23 | xfrm_address_t daddr; |
24 | __be32 spi; |
25 | __u8 proto; |
26 | }; |
27 | |
28 | struct xfrm_sec_ctx { |
29 | __u8 ctx_doi; |
30 | __u8 ctx_alg; |
31 | __u16 ctx_len; |
32 | __u32 ctx_sid; |
33 | char ctx_str[0]; |
34 | }; |
35 | |
36 | /* Security Context Domains of Interpretation */ |
37 | #define XFRM_SC_DOI_RESERVED 0 |
38 | #define XFRM_SC_DOI_LSM 1 |
39 | |
40 | /* Security Context Algorithms */ |
41 | #define XFRM_SC_ALG_RESERVED 0 |
42 | #define XFRM_SC_ALG_SELINUX 1 |
43 | |
44 | /* Selector, used as selector both on policy rules (SPD) and SAs. */ |
45 | |
46 | struct xfrm_selector { |
47 | xfrm_address_t daddr; |
48 | xfrm_address_t saddr; |
49 | __be16 dport; |
50 | __be16 dport_mask; |
51 | __be16 sport; |
52 | __be16 sport_mask; |
53 | __u16 family; |
54 | __u8 prefixlen_d; |
55 | __u8 prefixlen_s; |
56 | __u8 proto; |
57 | int ifindex; |
58 | __kernel_uid32_t user; |
59 | }; |
60 | |
61 | #define XFRM_INF (~(__u64)0) |
62 | |
63 | struct xfrm_lifetime_cfg { |
64 | __u64 soft_byte_limit; |
65 | __u64 hard_byte_limit; |
66 | __u64 soft_packet_limit; |
67 | __u64 hard_packet_limit; |
68 | __u64 soft_add_expires_seconds; |
69 | __u64 hard_add_expires_seconds; |
70 | __u64 soft_use_expires_seconds; |
71 | __u64 hard_use_expires_seconds; |
72 | }; |
73 | |
74 | struct xfrm_lifetime_cur { |
75 | __u64 bytes; |
76 | __u64 packets; |
77 | __u64 add_time; |
78 | __u64 use_time; |
79 | }; |
80 | |
81 | struct xfrm_replay_state { |
82 | __u32 oseq; |
83 | __u32 seq; |
84 | __u32 bitmap; |
85 | }; |
86 | |
87 | struct xfrm_replay_state_esn { |
88 | unsigned int bmp_len; |
89 | __u32 oseq; |
90 | __u32 seq; |
91 | __u32 oseq_hi; |
92 | __u32 seq_hi; |
93 | __u32 replay_window; |
94 | __u32 bmp[0]; |
95 | }; |
96 | |
97 | struct xfrm_algo { |
98 | char alg_name[64]; |
99 | unsigned int alg_key_len; /* in bits */ |
100 | char alg_key[0]; |
101 | }; |
102 | |
103 | struct xfrm_algo_auth { |
104 | char alg_name[64]; |
105 | unsigned int alg_key_len; /* in bits */ |
106 | unsigned int alg_trunc_len; /* in bits */ |
107 | char alg_key[0]; |
108 | }; |
109 | |
110 | struct xfrm_algo_aead { |
111 | char alg_name[64]; |
112 | unsigned int alg_key_len; /* in bits */ |
113 | unsigned int alg_icv_len; /* in bits */ |
114 | char alg_key[0]; |
115 | }; |
116 | |
117 | struct xfrm_stats { |
118 | __u32 replay_window; |
119 | __u32 replay; |
120 | __u32 integrity_failed; |
121 | }; |
122 | |
123 | enum { |
124 | XFRM_POLICY_TYPE_MAIN = 0, |
125 | XFRM_POLICY_TYPE_SUB = 1, |
126 | XFRM_POLICY_TYPE_MAX = 2, |
127 | XFRM_POLICY_TYPE_ANY = 255 |
128 | }; |
129 | |
130 | enum { |
131 | XFRM_POLICY_IN = 0, |
132 | XFRM_POLICY_OUT = 1, |
133 | XFRM_POLICY_FWD = 2, |
134 | XFRM_POLICY_MASK = 3, |
135 | XFRM_POLICY_MAX = 3 |
136 | }; |
137 | |
138 | enum { |
139 | XFRM_SHARE_ANY, /* No limitations */ |
140 | XFRM_SHARE_SESSION, /* For this session only */ |
141 | XFRM_SHARE_USER, /* For this user only */ |
142 | XFRM_SHARE_UNIQUE /* Use once */ |
143 | }; |
144 | |
145 | #define XFRM_MODE_TRANSPORT 0 |
146 | #define XFRM_MODE_TUNNEL 1 |
147 | #define XFRM_MODE_ROUTEOPTIMIZATION 2 |
148 | #define XFRM_MODE_IN_TRIGGER 3 |
149 | #define XFRM_MODE_BEET 4 |
150 | #define XFRM_MODE_MAX 5 |
151 | |
152 | /* Netlink configuration messages. */ |
153 | enum { |
154 | XFRM_MSG_BASE = 0x10, |
155 | |
156 | XFRM_MSG_NEWSA = 0x10, |
157 | #define XFRM_MSG_NEWSA XFRM_MSG_NEWSA |
158 | XFRM_MSG_DELSA, |
159 | #define XFRM_MSG_DELSA XFRM_MSG_DELSA |
160 | XFRM_MSG_GETSA, |
161 | #define XFRM_MSG_GETSA XFRM_MSG_GETSA |
162 | |
163 | XFRM_MSG_NEWPOLICY, |
164 | #define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY |
165 | XFRM_MSG_DELPOLICY, |
166 | #define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY |
167 | XFRM_MSG_GETPOLICY, |
168 | #define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY |
169 | |
170 | XFRM_MSG_ALLOCSPI, |
171 | #define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI |
172 | XFRM_MSG_ACQUIRE, |
173 | #define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE |
174 | XFRM_MSG_EXPIRE, |
175 | #define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE |
176 | |
177 | XFRM_MSG_UPDPOLICY, |
178 | #define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY |
179 | XFRM_MSG_UPDSA, |
180 | #define XFRM_MSG_UPDSA XFRM_MSG_UPDSA |
181 | |
182 | XFRM_MSG_POLEXPIRE, |
183 | #define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE |
184 | |
185 | XFRM_MSG_FLUSHSA, |
186 | #define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA |
187 | XFRM_MSG_FLUSHPOLICY, |
188 | #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY |
189 | |
190 | XFRM_MSG_NEWAE, |
191 | #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE |
192 | XFRM_MSG_GETAE, |
193 | #define XFRM_MSG_GETAE XFRM_MSG_GETAE |
194 | |
195 | XFRM_MSG_REPORT, |
196 | #define XFRM_MSG_REPORT XFRM_MSG_REPORT |
197 | |
198 | XFRM_MSG_MIGRATE, |
199 | #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE |
200 | |
201 | XFRM_MSG_NEWSADINFO, |
202 | #define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO |
203 | XFRM_MSG_GETSADINFO, |
204 | #define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO |
205 | |
206 | XFRM_MSG_NEWSPDINFO, |
207 | #define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO |
208 | XFRM_MSG_GETSPDINFO, |
209 | #define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO |
210 | |
211 | XFRM_MSG_MAPPING, |
212 | #define XFRM_MSG_MAPPING XFRM_MSG_MAPPING |
213 | __XFRM_MSG_MAX |
214 | }; |
215 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) |
216 | |
217 | #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) |
218 | |
219 | /* |
220 | * Generic LSM security context for comunicating to user space |
221 | * NOTE: Same format as sadb_x_sec_ctx |
222 | */ |
223 | struct xfrm_user_sec_ctx { |
224 | __u16 len; |
225 | __u16 exttype; |
226 | __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */ |
227 | __u8 ctx_doi; |
228 | __u16 ctx_len; |
229 | }; |
230 | |
231 | struct xfrm_user_tmpl { |
232 | struct xfrm_id id; |
233 | __u16 family; |
234 | xfrm_address_t saddr; |
235 | __u32 reqid; |
236 | __u8 mode; |
237 | __u8 share; |
238 | __u8 optional; |
239 | __u32 aalgos; |
240 | __u32 ealgos; |
241 | __u32 calgos; |
242 | }; |
243 | |
244 | struct xfrm_encap_tmpl { |
245 | __u16 encap_type; |
246 | __be16 encap_sport; |
247 | __be16 encap_dport; |
248 | xfrm_address_t encap_oa; |
249 | }; |
250 | |
251 | /* AEVENT flags */ |
252 | enum xfrm_ae_ftype_t { |
253 | XFRM_AE_UNSPEC, |
254 | XFRM_AE_RTHR=1, /* replay threshold*/ |
255 | XFRM_AE_RVAL=2, /* replay value */ |
256 | XFRM_AE_LVAL=4, /* lifetime value */ |
257 | XFRM_AE_ETHR=8, /* expiry timer threshold */ |
258 | XFRM_AE_CR=16, /* Event cause is replay update */ |
259 | XFRM_AE_CE=32, /* Event cause is timer expiry */ |
260 | XFRM_AE_CU=64, /* Event cause is policy update */ |
261 | __XFRM_AE_MAX |
262 | |
263 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) |
264 | }; |
265 | |
266 | struct xfrm_userpolicy_type { |
267 | __u8 type; |
268 | __u16 reserved1; |
269 | __u8 reserved2; |
270 | }; |
271 | |
272 | /* Netlink message attributes. */ |
273 | enum xfrm_attr_type_t { |
274 | XFRMA_UNSPEC, |
275 | XFRMA_ALG_AUTH, /* struct xfrm_algo */ |
276 | XFRMA_ALG_CRYPT, /* struct xfrm_algo */ |
277 | XFRMA_ALG_COMP, /* struct xfrm_algo */ |
278 | XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ |
279 | XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ |
280 | XFRMA_SA, /* struct xfrm_usersa_info */ |
281 | XFRMA_POLICY, /*struct xfrm_userpolicy_info */ |
282 | XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ |
283 | XFRMA_LTIME_VAL, |
284 | XFRMA_REPLAY_VAL, |
285 | XFRMA_REPLAY_THRESH, |
286 | XFRMA_ETIMER_THRESH, |
287 | XFRMA_SRCADDR, /* xfrm_address_t */ |
288 | XFRMA_COADDR, /* xfrm_address_t */ |
289 | XFRMA_LASTUSED, /* unsigned long */ |
290 | XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ |
291 | XFRMA_MIGRATE, |
292 | XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ |
293 | XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ |
294 | XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ |
295 | XFRMA_MARK, /* struct xfrm_mark */ |
296 | XFRMA_TFCPAD, /* __u32 */ |
297 | XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */ |
298 | __XFRMA_MAX |
299 | |
300 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
301 | }; |
302 | |
303 | struct xfrm_mark { |
304 | __u32 v; /* value */ |
305 | __u32 m; /* mask */ |
306 | }; |
307 | |
308 | enum xfrm_sadattr_type_t { |
309 | XFRMA_SAD_UNSPEC, |
310 | XFRMA_SAD_CNT, |
311 | XFRMA_SAD_HINFO, |
312 | __XFRMA_SAD_MAX |
313 | |
314 | #define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1) |
315 | }; |
316 | |
317 | struct xfrmu_sadhinfo { |
318 | __u32 sadhcnt; /* current hash bkts */ |
319 | __u32 sadhmcnt; /* max allowed hash bkts */ |
320 | }; |
321 | |
322 | enum xfrm_spdattr_type_t { |
323 | XFRMA_SPD_UNSPEC, |
324 | XFRMA_SPD_INFO, |
325 | XFRMA_SPD_HINFO, |
326 | __XFRMA_SPD_MAX |
327 | |
328 | #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1) |
329 | }; |
330 | |
331 | struct xfrmu_spdinfo { |
332 | __u32 incnt; |
333 | __u32 outcnt; |
334 | __u32 fwdcnt; |
335 | __u32 inscnt; |
336 | __u32 outscnt; |
337 | __u32 fwdscnt; |
338 | }; |
339 | |
340 | struct xfrmu_spdhinfo { |
341 | __u32 spdhcnt; |
342 | __u32 spdhmcnt; |
343 | }; |
344 | |
345 | struct xfrm_usersa_info { |
346 | struct xfrm_selector sel; |
347 | struct xfrm_id id; |
348 | xfrm_address_t saddr; |
349 | struct xfrm_lifetime_cfg lft; |
350 | struct xfrm_lifetime_cur curlft; |
351 | struct xfrm_stats stats; |
352 | __u32 seq; |
353 | __u32 reqid; |
354 | __u16 family; |
355 | __u8 mode; /* XFRM_MODE_xxx */ |
356 | __u8 replay_window; |
357 | __u8 flags; |
358 | #define XFRM_STATE_NOECN 1 |
359 | #define XFRM_STATE_DECAP_DSCP 2 |
360 | #define XFRM_STATE_NOPMTUDISC 4 |
361 | #define XFRM_STATE_WILDRECV 8 |
362 | #define XFRM_STATE_ICMP 16 |
363 | #define XFRM_STATE_AF_UNSPEC 32 |
364 | #define XFRM_STATE_ALIGN4 64 |
365 | #define XFRM_STATE_ESN 128 |
366 | }; |
367 | |
368 | struct xfrm_usersa_id { |
369 | xfrm_address_t daddr; |
370 | __be32 spi; |
371 | __u16 family; |
372 | __u8 proto; |
373 | }; |
374 | |
375 | struct xfrm_aevent_id { |
376 | struct xfrm_usersa_id sa_id; |
377 | xfrm_address_t saddr; |
378 | __u32 flags; |
379 | __u32 reqid; |
380 | }; |
381 | |
382 | struct xfrm_userspi_info { |
383 | struct xfrm_usersa_info info; |
384 | __u32 min; |
385 | __u32 max; |
386 | }; |
387 | |
388 | struct xfrm_userpolicy_info { |
389 | struct xfrm_selector sel; |
390 | struct xfrm_lifetime_cfg lft; |
391 | struct xfrm_lifetime_cur curlft; |
392 | __u32 priority; |
393 | __u32 index; |
394 | __u8 dir; |
395 | __u8 action; |
396 | #define XFRM_POLICY_ALLOW 0 |
397 | #define XFRM_POLICY_BLOCK 1 |
398 | __u8 flags; |
399 | #define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ |
400 | /* Automatically expand selector to include matching ICMP payloads. */ |
401 | #define XFRM_POLICY_ICMP 2 |
402 | __u8 share; |
403 | }; |
404 | |
405 | struct xfrm_userpolicy_id { |
406 | struct xfrm_selector sel; |
407 | __u32 index; |
408 | __u8 dir; |
409 | }; |
410 | |
411 | struct xfrm_user_acquire { |
412 | struct xfrm_id id; |
413 | xfrm_address_t saddr; |
414 | struct xfrm_selector sel; |
415 | struct xfrm_userpolicy_info policy; |
416 | __u32 aalgos; |
417 | __u32 ealgos; |
418 | __u32 calgos; |
419 | __u32 seq; |
420 | }; |
421 | |
422 | struct xfrm_user_expire { |
423 | struct xfrm_usersa_info state; |
424 | __u8 hard; |
425 | }; |
426 | |
427 | struct xfrm_user_polexpire { |
428 | struct xfrm_userpolicy_info pol; |
429 | __u8 hard; |
430 | }; |
431 | |
432 | struct xfrm_usersa_flush { |
433 | __u8 proto; |
434 | }; |
435 | |
436 | struct xfrm_user_report { |
437 | __u8 proto; |
438 | struct xfrm_selector sel; |
439 | }; |
440 | |
441 | /* Used by MIGRATE to pass addresses IKE should use to perform |
442 | * SA negotiation with the peer */ |
443 | struct xfrm_user_kmaddress { |
444 | xfrm_address_t local; |
445 | xfrm_address_t remote; |
446 | __u32 reserved; |
447 | __u16 family; |
448 | }; |
449 | |
450 | struct xfrm_user_migrate { |
451 | xfrm_address_t old_daddr; |
452 | xfrm_address_t old_saddr; |
453 | xfrm_address_t new_daddr; |
454 | xfrm_address_t new_saddr; |
455 | __u8 proto; |
456 | __u8 mode; |
457 | __u16 reserved; |
458 | __u32 reqid; |
459 | __u16 old_family; |
460 | __u16 new_family; |
461 | }; |
462 | |
463 | struct xfrm_user_mapping { |
464 | struct xfrm_usersa_id id; |
465 | __u32 reqid; |
466 | xfrm_address_t old_saddr; |
467 | xfrm_address_t new_saddr; |
468 | __be16 old_sport; |
469 | __be16 new_sport; |
470 | }; |
471 | |
472 | #ifndef __KERNEL__ |
473 | /* backwards compatibility for userspace */ |
474 | #define XFRMGRP_ACQUIRE 1 |
475 | #define XFRMGRP_EXPIRE 2 |
476 | #define XFRMGRP_SA 4 |
477 | #define XFRMGRP_POLICY 8 |
478 | #define XFRMGRP_REPORT 0x20 |
479 | #endif |
480 | |
481 | enum xfrm_nlgroups { |
482 | XFRMNLGRP_NONE, |
483 | #define XFRMNLGRP_NONE XFRMNLGRP_NONE |
484 | XFRMNLGRP_ACQUIRE, |
485 | #define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE |
486 | XFRMNLGRP_EXPIRE, |
487 | #define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE |
488 | XFRMNLGRP_SA, |
489 | #define XFRMNLGRP_SA XFRMNLGRP_SA |
490 | XFRMNLGRP_POLICY, |
491 | #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY |
492 | XFRMNLGRP_AEVENTS, |
493 | #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS |
494 | XFRMNLGRP_REPORT, |
495 | #define XFRMNLGRP_REPORT XFRMNLGRP_REPORT |
496 | XFRMNLGRP_MIGRATE, |
497 | #define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE |
498 | XFRMNLGRP_MAPPING, |
499 | #define XFRMNLGRP_MAPPING XFRMNLGRP_MAPPING |
500 | __XFRMNLGRP_MAX |
501 | }; |
502 | #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) |
503 | |
504 | #endif /* _LINUX_XFRM_H */ |
505 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9