2 * IPSEC <> netlink interface
3 * Copyright (C) 1996, 1997 John Ioannidis.
4 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * RCSID $Id: ipsec_netlink.h,v 1.31 2001/11/26 09:23:48 rgb Exp $
19 #include <linux/stddef.h>
22 #define NETLINK_IPSEC 10 /* IPSEC */
23 #endif /* !NETLINK_IPSEC */
25 #define EM_MAXRELSPIS 4 /* at most five chained xforms */
26 #define EM_MAGIC 0x5377616e /* "Swan" */
28 #define EMT_IFADDR 1 /* set enc if addr */
29 #define EMT_SETSPI 2 /* Set SPI properties */
30 #define EMT_DELSPI 3 /* Delete an SPI */
31 #define EMT_GRPSPIS 4 /* Group SPIs (output order) */
32 #define EMT_SETEROUTE 5 /* set an extended route */
33 #define EMT_DELEROUTE 6 /* del an extended route */
34 #define EMT_TESTROUTE 7 /* try to find route, print to console */
35 #define EMT_SETDEBUG 8 /* set debug level if active */
36 #define EMT_UNGRPSPIS 9 /* UnGroup SPIs (output order) */
37 #define EMT_CLREROUTE 10 /* clear the extended route table */
38 #define EMT_CLRSPIS 11 /* clear the spi table */
39 #define EMT_REPLACEROUTE 12 /* set an extended route */
40 #define EMT_GETDEBUG 13 /* get debug level if active */
41 #define EMT_INEROUTE 14 /* set incoming policy for IPIP on a chain */
43 #ifdef CONFIG_IPSEC_DEBUG
44 #define DB_NL_TDBCB 0x0001
45 #endif /* CONFIG_IPSEC_DEBUG */
47 /* em_flags constants */
48 /* be mindful that this flag conflicts with SADB_SAFLAGS_PFS in pfkeyv2 */
49 /* perhaps it should be moved... */
50 #define EMT_INBOUND 0x01 /* SA direction, 1=inbound */
54 __u32 em_magic; /* EM_MAGIC */
56 __u16 em_msglen; /* message length */
58 __u8 em_msglen; /* message length */
59 __u8 em_flags; /* message flags */
60 __u8 em_version; /* for future expansion */
61 __u8 em_type; /* message type */
64 __u8 C; /* Free-text */
68 struct sa_id Said; /* SA ID */
69 struct sockaddr_encap Eaddr;
70 struct sockaddr_encap Emask;
77 __u8 xxx[3]; /* makes life a lot easier */
82 struct sa_id Said; /* SA ID */
83 int If; /* enc i/f for input */
84 int Alg; /* Algorithm to use */
86 /* The following union is a surrogate for
87 * algorithm-specific data. To insure
88 * proper alignment, worst-case fields
89 * should be included. It would be even
90 * better to include the types that will
91 * actually be used, but they may not be
92 * defined for each use of this header.
93 * The actual length is expected to be longer
94 * than is declared here. References are normally
95 * made using the em_dat macro, as if it were a
100 __u64 Datq[1]; /* maximal alignment (?) */
106 struct sa_id emr_said; /* SA ID */
107 struct ipsec_sa * emr_tdb; /* used internally! */
109 } Rel[EM_MAXRELSPIS];
111 #ifdef CONFIG_IPSEC_DEBUG
127 #endif /* CONFIG_IPSEC_DEBUG */
131 #define EM_MINLEN offsetof(struct encap_msghdr, Eu)
132 #define EMT_SETSPI_FLEN offsetof(struct encap_msghdr, em_dat)
133 #define EMT_GRPSPIS_FLEN offsetof(struct encap_msghdr, Eu.Rel)
134 #define EMT_SETDEBUG_FLEN (offsetof(struct encap_msghdr, Eu.Dbg + \
135 sizeof(((struct encap_msghdr*)0)->Eu.Dbg)))
138 #define em_eaddr Eu.Ert.Eaddr
139 #define em_emask Eu.Ert.Emask
140 #define em_ersaid Eu.Ert.Said
141 #define em_erdst Eu.Ert.Said.dst
142 #define em_erspi Eu.Ert.Said.spi
143 #define em_erproto Eu.Ert.Said.proto
145 #define em_ifa Eu.Ifa.Ia
146 #define em_ifn Eu.Ifa.Ifn
148 #define em_said Eu.Xfm.Said
149 #define em_spi Eu.Xfm.Said.spi
150 #define em_dst Eu.Xfm.Said.dst
151 #define em_proto Eu.Xfm.Said.proto
152 #define em_if Eu.Xfm.If
153 #define em_alg Eu.Xfm.Alg
154 #define em_dat Eu.Xfm.u.Dat
156 #define em_rel Eu.Rel
157 #define emr_dst emr_said.dst
158 #define emr_spi emr_said.spi
159 #define emr_proto emr_said.proto
161 #ifdef CONFIG_IPSEC_DEBUG
162 #define em_db_tn Eu.Dbg.debug_tunnel
163 #define em_db_nl Eu.Dbg.debug_netlink
164 #define em_db_xf Eu.Dbg.debug_xform
165 #define em_db_er Eu.Dbg.debug_eroute
166 #define em_db_sp Eu.Dbg.debug_spi
167 #define em_db_rj Eu.Dbg.debug_radij
168 #define em_db_es Eu.Dbg.debug_esp
169 #define em_db_ah Eu.Dbg.debug_ah
170 #define em_db_rx Eu.Dbg.debug_rcv
171 #define em_db_ky Eu.Dbg.debug_pfkey
172 #define em_db_gz Eu.Dbg.debug_ipcomp
173 #define em_db_vb Eu.Dbg.debug_verbose
174 #endif /* CONFIG_IPSEC_DEBUG */
177 extern char ipsec_netlink_c_version[];
178 #ifndef KERNEL_VERSION
179 # include <linux/version.h>
182 extern int ipsec_callback(int proto, struct sk_buff *skb);
183 #else /* NETLINK_SOCK */
184 extern int ipsec_callback(struct sk_buff *skb);
185 #endif /* NETLINK_SOCK */
186 extern void ipsec_print_ip(struct iphdr *ip);
188 #ifdef CONFIG_IPSEC_DEBUG
189 #define KLIPS_PRINT(flag, format, args...) \
190 ((flag) ? printk(KERN_INFO format , ## args) : 0)
191 #define KLIPS_PRINTMORE(flag, format, args...) \
192 ((flag) ? printk(format , ## args) : 0)
193 #define KLIPS_IP_PRINT(flag, ip) \
194 ((flag) ? ipsec_print_ip(ip) : 0)
195 #else /* CONFIG_IPSEC_DEBUG */
196 #define KLIPS_PRINT(flag, format, args...) do ; while(0)
197 #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0)
198 #define KLIPS_IP_PRINT(flag, ip) do ; while(0)
199 #endif /* CONFIG_IPSEC_DEBUG */
201 #ifdef CONFIG_IPSEC_DEBUG
202 extern int debug_netlink;
203 #endif /* CONFIG_IPSEC_DEBUG */
204 #endif /* __KERNEL__ */
207 * $Log: ipsec_netlink.h,v $
208 * Revision 1.31 2001/11/26 09:23:48 rgb
209 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
211 * Revision 1.30 2001/07/06 19:49:16 rgb
212 * Renamed EMT_RPLACEROUTE to EMT_REPLACEROUTE for clarity and logical text
214 * Added EMT_INEROUTE for supporting incoming policy checks.
216 * Revision 1.29 2001/06/14 19:35:09 rgb
217 * Update copyright date.
219 * Revision 1.28 2000/10/10 20:10:18 rgb
220 * Added support for debug_ipcomp and debug_verbose to klipsdebug.
222 * Revision 1.27 2000/09/12 03:20:28 rgb
223 * Cleared out now unused pfkeyv2 switch.
225 * Revision 1.26 2000/09/08 19:16:50 rgb
226 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
227 * Removed all references to CONFIG_IPSEC_PFKEYv2.
229 * Revision 1.25 2000/08/24 16:51:59 rgb
230 * Added KLIPS_PRINTMORE macro to continue lines without KERN_INFO level
233 * Revision 1.24 2000/08/09 20:43:34 rgb
234 * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE.
236 * Revision 1.23 2000/03/16 14:01:48 rgb
237 * Hardwired CONFIG_IPSEC_PFKEYv2 on.
239 * Revision 1.22 1999/12/08 20:31:32 rgb
240 * Moved IPPROTO_COMP to lib/freeswan.h to simplify userspace includes.
242 * Revision 1.21 1999/11/18 18:47:41 rgb
243 * Added "#define NETLINK_IPSEC" in case kernel was not compiled with it.
245 * Revision 1.20 1999/11/18 04:09:18 rgb
246 * Replaced all kernel version macros to shorter, readable form.
248 * Revision 1.19 1999/08/28 08:27:05 rgb
249 * Add a temporary kludge for 2.0.37-38 to compile even if one patch failed.
251 * Revision 1.18 1999/08/03 17:09:33 rgb
252 * Tidy up debug output, use KERN_INFO macro in printk's.
254 * Revision 1.17 1999/05/25 01:45:37 rgb
255 * Fix version macros for 2.0.x as a module.
257 * Revision 1.16 1999/05/05 22:02:31 rgb
258 * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
260 * Revision 1.15 1999/04/29 15:16:55 rgb
261 * Add pfkey support to debugging.
263 * Revision 1.14 1999/04/15 15:37:24 rgb
264 * Forward check changes from POST1_00 branch.
266 * Revision 1.13 1999/04/11 00:28:58 henry
269 * Revision 1.12 1999/04/06 04:54:26 rgb
270 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
273 * Revision 1.11 1999/02/12 21:13:17 rgb
274 * Moved KLIPS_PRINT into a more accessible place.
276 * Revision 1.10 1999/01/28 23:20:49 rgb
277 * Replace hard-coded numbers in macros and code with meaningful values
278 * automatically generated from sizeof() and offsetof() to further the
279 * goal of platform independance.
281 * Revision 1.9 1999/01/22 06:21:23 rgb
282 * Added algorithm switch code.
286 * Revision 1.8 1998/12/01 05:57:42 rgb
287 * Add support for printing debug version info.
289 * Revision 1.7 1998/11/10 05:37:35 rgb
290 * Add support for SA direction flag.
292 * Revision 1.6 1998/10/25 02:40:45 rgb
293 * Fix bug in size of stucture passed in from user space for grpspi command.
295 * Revision 1.5 1998/10/19 14:44:29 rgb
296 * Added inclusion of freeswan.h.
297 * sa_id structure implemented and used: now includes protocol.
299 * Revision 1.4 1998/10/09 04:30:11 rgb
300 * Added support for '-replace' option to eroute.
302 * Revision 1.3 1998/07/27 21:54:22 rgb
303 * Rearrange structures for consistent alignment within a union.
304 * Add an option for clearing SA table.
306 * Revision 1.2 1998/07/14 18:05:51 rgb
307 * Added #ifdef __KERNEL__ directives to restrict scope of header.
309 * Revision 1.1 1998/06/18 21:27:49 henry
310 * move sources from klips/src to klips/net/ipsec, to keep stupid
311 * kernel-build scripts happier in the presence of symlinks
313 * Revision 1.4 1998/05/18 21:48:24 rgb
314 * Added switch for ungrouping spi's.
316 * Revision 1.3 1998/04/23 21:01:50 rgb
317 * Added a macro for userspace access to klips kernel debugging switches.
319 * Revision 1.2 1998/04/21 21:29:09 rgb
320 * Rearrange debug switches to change on the fly debug output from user
321 * space. Only kernel changes checked in at this time. radij.c was also
322 * changed to temporarily remove buggy debugging code in rj_delete causing
323 * an OOPS and hence, netlink device open errors.
325 * Revision 1.1 1998/04/09 03:06:09 henry
326 * sources moved up from linux/net/ipsec
328 * Revision 1.1.1.1 1998/04/08 05:35:03 henry
329 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
331 * Revision 0.4 1997/01/15 01:28:15 ji
334 * Revision 0.3 1996/11/20 14:39:04 ji
336 * Rationalized debugging code.
338 * Revision 0.2 1996/11/02 00:18:33 ji
339 * First limited release.