3 * header file for FreeS/WAN library functions
4 * Copyright (C) 1998, 1999, 2000 Henry Spencer.
5 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
7 * This library is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Library General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
15 * License for more details.
17 * RCSID $Id: freeswan.h,v 1.70 2002/03/26 00:50:03 henry Exp $
19 #define _FREESWAN_H /* seen it, no need to see it again */
24 * We've just got to have some datatypes defined... And annoyingly, just
25 * where we get them depends on whether we're in userland or not.
29 # include <linux/version.h>
30 # include <linux/types.h>
31 # include <linux/in.h>
33 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
34 # include <linux/in6.h>
37 #else /* __KERNEL__ */
40 # include <netinet/in.h>
42 # define uint8_t u_int8_t
43 # define uint16_t u_int16_t
44 # define uint32_t u_int32_t
45 # define uint64_t u_int64_t
47 #endif /* __KERNEL__ */
50 * Grab the kernel version to see if we have NET_21, and therefore
51 * IPv6. Some of this is repeated from ipsec_kversions.h. Of course,
52 * we aren't really testing if the kernel has IPv6, but rather if the
53 * the include files do.
55 #include <linux/version.h>
56 #include <linux/autoconf.h> /* get the nat traversal settings */
58 #ifndef KERNEL_VERSION
59 #define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
62 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
67 # define IPPROTO_COMP 108
68 #endif /* !IPPROTO_COMP */
71 # define IPPROTO_INT 61
72 #endif /* !IPPROTO_INT */
74 #ifdef CONFIG_IPSEC_DEBUG
75 # define DEBUG_NO_STATIC
76 #else /* CONFIG_IPSEC_DEBUG */
77 # define DEBUG_NO_STATIC static
78 #endif /* CONFIG_IPSEC_DEBUG */
80 #ifdef CONFIG_IPSEC_NAT_TRAVERSAL /* KERNEL ifdef */
86 #define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
87 #define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
91 * Basic data types for the address-handling functions.
92 * ip_address and ip_subnet are supposed to be opaque types; do not
93 * use their definitions directly, they are subject to change!
96 /* first, some quick fakes in case we're on an old system with no IPv6 */
98 #define AF_INET6 10 /* 2.0 systemdon't have this one */
101 /* then the main types */
104 struct sockaddr_in v4;
105 struct sockaddr_in6 v6;
113 /* and the SA ID stuff */
115 typedef __u32 ipsec_spi_t;
117 typedef u_int32_t ipsec_spi_t;
119 typedef struct { /* to identify an SA, we need: */
120 ip_address dst; /* A. destination host */
121 ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
122 # define SPI_PASS 256 /* magic values... */
123 # define SPI_DROP 257 /* ...for use... */
124 # define SPI_REJECT 258 /* ...with SA_INT */
125 # define SPI_HOLD 259
126 # define SPI_TRAP 260
127 # define SPI_TRAPSUBNET 261
128 int proto; /* C. protocol */
129 # define SA_ESP 50 /* IPPROTO_ESP */
130 # define SA_AH 51 /* IPPROTO_AH */
131 # define SA_IPIP 4 /* IPPROTO_IPIP */
132 # define SA_COMP 108 /* IPPROTO_COMP */
133 # define SA_INT 61 /* IANA reserved for internal use */
135 struct sa_id { /* old v4-only version */
142 typedef const char *err_t; /* error message, or NULL for success */
143 struct prng { /* pseudo-random-number-generator guts */
144 unsigned char sbox[256];
152 * new IPv6-compatible functions
155 /* text conversions */
156 err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
157 size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
158 #define ULTOT_BUF (22+1) /* holds 64 bits in octal */
159 err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
160 err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
161 size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
162 /* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
163 #define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
164 err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
165 size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
166 #define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
167 err_t ttosa(const char *src, size_t srclen, ip_said *dst);
168 size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
169 #define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
170 err_t ttodata(const char *src, size_t srclen, int base, char *buf,
171 size_t buflen, size_t *needed);
172 err_t ttodatav(const char *src, size_t srclen, int base, char *buf,
173 size_t buflen, size_t *needed, char *errp, size_t errlen);
174 #define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
175 size_t datatot(const char *src, size_t srclen, int format, char *buf,
177 size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst,
179 size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m,
180 size_t mlen, char *dst, size_t dstlen);
181 #define KEYID_BUF 10 /* up to 9 text digits plus NUL */
182 err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port);
184 /* initializations */
185 void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
186 err_t loopbackaddr(int af, ip_address *dst);
187 err_t unspecaddr(int af, ip_address *dst);
188 err_t anyaddr(int af, ip_address *dst);
189 err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
190 err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
191 err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
193 /* misc. conversions and related */
194 err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
195 int addrtypeof(const ip_address *src);
196 int subnettypeof(const ip_subnet *src);
197 size_t addrlenof(const ip_address *src);
198 size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
199 size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
200 int masktocount(const ip_address *src);
201 void networkof(const ip_subnet *src, ip_address *dst);
202 void maskof(const ip_subnet *src, ip_address *dst);
205 int sameaddr(const ip_address *a, const ip_address *b);
206 int addrcmp(const ip_address *a, const ip_address *b);
207 int samesubnet(const ip_subnet *a, const ip_subnet *b);
208 int addrinsubnet(const ip_address *a, const ip_subnet *s);
209 int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
210 int subnetishost(const ip_subnet *s);
211 int samesaid(const ip_said *a, const ip_said *b);
212 int sameaddrtype(const ip_address *a, const ip_address *b);
213 int samesubnettype(const ip_subnet *a, const ip_subnet *b);
214 int isanyaddr(const ip_address *src);
215 int isunspecaddr(const ip_address *src);
216 int isloopbackaddr(const ip_address *src);
219 int portof(const ip_address *src);
220 void setportof(int port, ip_address *dst);
221 struct sockaddr *sockaddrof(ip_address *src);
222 size_t sockaddrlenof(const ip_address *src);
225 void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
226 void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
227 unsigned long prng_count(struct prng *prng);
228 void prng_final(struct prng *prng);
231 const char *ipsec_version_code(void);
232 const char *ipsec_version_string(void);
233 const char **ipsec_copyright_notice(void);
238 * old functions, to be deleted eventually
242 const char * /* NULL for success, else string literal */
245 size_t srclen, /* 0 means strlen(src) */
246 int base, /* 0 means figure it out */
247 unsigned long *resultp
249 size_t /* space needed for full conversion */
256 #define ULTOA_BUF 21 /* just large enough for largest result, */
257 /* assuming 64-bit unsigned long! */
259 /* Internet addresses */
260 const char * /* NULL for success, else string literal */
263 size_t srclen, /* 0 means strlen(src) */
266 size_t /* space needed for full conversion */
269 int format, /* character; 0 means default */
273 #define ADDRTOA_BUF 16 /* just large enough for largest result */
276 const char * /* NULL for success, else string literal */
279 size_t srclen, /* 0 means strlen(src) */
280 struct in_addr *addr,
283 size_t /* space needed for full conversion */
287 int format, /* character; 0 means default */
291 #define SUBNETTOA_BUF 32 /* large enough for worst case result */
294 const char * /* NULL for success, else string literal */
297 size_t srclen, /* 0 means strlen(src) */
298 char *type, /* 'a', 's', 'r' */
299 struct in_addr *addrs /* two-element array */
301 size_t /* space needed for full conversion */
303 struct in_addr *addrs, /* two-element array */
304 int format, /* character; 0 means default */
308 #define RANGETOA_BUF 34 /* large enough for worst case result */
310 /* data types for SA conversion functions */
313 const char * /* NULL for success, else string literal */
316 size_t srclen, /* 0 means strlen(src) */
319 size_t /* space needed for full conversion */
322 int format, /* character; 0 means default */
326 #define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF)
328 /* generic data, e.g. keys */
329 const char * /* NULL for success, else string literal */
332 size_t srclen, /* 0 means strlen(src) */
335 size_t *lenp /* NULL means don't bother telling me */
337 size_t /* 0 failure, else true size */
341 int format, /* character; 0 means default */
346 /* old versions of generic-data functions; deprecated */
347 size_t /* 0 failure, else true size */
350 size_t srclen, /* 0 means strlen(src) */
354 size_t /* 0 failure, else true size */
358 int format, /* character; 0 means default */
363 /* part extraction and special addresses */
401 /* option pickup from files (userland only because of use of FILE) */
402 const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
403 int optind, FILE *errorreport);
407 * Debugging levels for pfkey_parse.c
409 #define PF_KEY_DEBUG_PARSE_PROBLEM 1
410 #define PF_KEY_DEBUG_PARSE_STRUCT 3
411 #define PF_KEY_DEBUG_PARSE_FLOW 4
414 #endif /* _FREESWAN_H */