2 * FreeS/WAN specific PF_KEY headers
3 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: pfkey.h,v 1.36 2002/01/20 20:34:49 mcr Exp $
18 #ifndef __NET_IPSEC_PF_KEY_H
19 #define __NET_IPSEC_PF_KEY_H
21 extern void pfkey_proto_init(struct net_proto *pro);
22 extern struct proto_ops pfkey_proto_ops;
23 typedef struct sock pfkey_sock;
24 extern int debug_pfkey;
26 extern /* void */ int pfkey_init(void);
27 extern /* void */ int pfkey_cleanup(void);
29 extern struct sock *pfkey_sock_list;
32 struct socket *socketp;
33 struct socket_list *next;
35 extern int pfkey_list_insert_socket(struct socket*, struct socket_list**);
36 extern int pfkey_list_remove_socket(struct socket*, struct socket_list**);
37 extern struct socket_list *pfkey_open_sockets;
38 extern struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1];
41 * There is a field-by-field copy in klips/net/ipsec/ipsec_alg.h
42 * please keep in sync until we migrate all support stuff
43 * to ipsec_alg objects
47 uint16_t supported_alg_exttype;
48 uint8_t supported_alg_id;
49 uint8_t supported_alg_ivlen;
50 uint16_t supported_alg_minbits;
51 uint16_t supported_alg_maxbits;
53 extern struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
56 struct supported *supportedp;
57 struct supported_list *next;
59 extern int pfkey_list_insert_supported(struct supported*, struct supported_list**);
60 extern int pfkey_list_remove_supported(struct supported*, struct supported_list**);
63 #if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
67 uint16_t key_family; /* PF_KEY */
68 uint16_t key_pad; /* not used */
69 uint32_t key_pid; /* process ID */
72 #endif */ /* defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
75 struct pfkey_extracted_data
78 struct ipsec_sa* tdb2;
79 struct eroute *eroute;
82 extern int pfkey_register_reply(int satype, struct sadb_msg *);
83 extern int pfkey_upmsg(struct socket *, struct sadb_msg *);
84 extern int pfkey_expire(struct ipsec_sa *, int);
85 extern int pfkey_acquire(struct ipsec_sa *);
86 #endif /* __KERNEL__ */
88 extern uint8_t satype2proto(uint8_t satype);
89 extern uint8_t proto2satype(uint8_t proto);
90 extern char* satype2name(uint8_t satype);
91 extern char* proto2name(uint8_t proto);
95 uint32_t key_pid; /* process ID */
99 #define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid
101 #define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t))
102 #define BITS_PER_OCTET 8
105 #define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */
106 #define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */
108 #define PFKEYv2_MAX_MSGSIZE 4096
111 * PF_KEYv2 permitted and required extensions in and out bitmaps
113 struct pf_key_ext_parsers_def {
114 int (*parser)(struct sadb_ext*);
119 extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/];
120 #define EXT_BITS_IN 0
121 #define EXT_BITS_OUT 1
122 #define EXT_BITS_PERM 0
123 #define EXT_BITS_REQ 1
125 extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
126 extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
127 extern void pfkey_msg_free(struct sadb_msg **pfkey_msg);
129 extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg,
130 struct pf_key_ext_parsers_def *ext_parsers[],
131 struct sadb_ext **extensions,
135 * PF_KEYv2 build function prototypes
139 pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext,
147 pfkey_sa_build(struct sadb_ext ** pfkey_ext,
149 uint32_t spi, /* in network order */
150 uint8_t replay_window,
157 pfkey_lifetime_build(struct sadb_ext ** pfkey_ext,
159 uint32_t allocations,
166 pfkey_address_build(struct sadb_ext** pfkey_ext,
170 struct sockaddr* address);
173 pfkey_key_build(struct sadb_ext** pfkey_ext,
179 pfkey_ident_build(struct sadb_ext** pfkey_ext,
187 pfkey_sens_build(struct sadb_ext** pfkey_ext,
191 uint64_t* sens_bitmap,
194 uint64_t* integ_bitmap);
197 pfkey_prop_build(struct sadb_ext** pfkey_ext,
199 unsigned int comb_num,
200 struct sadb_comb* comb);
203 pfkey_supported_build(struct sadb_ext** pfkey_ext,
205 unsigned int alg_num,
206 struct sadb_alg* alg);
209 pfkey_spirange_build(struct sadb_ext** pfkey_ext,
215 pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext);
218 pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
222 pfkey_x_debug_build(struct sadb_ext** pfkey_ext,
238 extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16);
239 #endif /* __KERNEL__ */
241 pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext,
244 pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext,
250 pfkey_msg_build(struct sadb_msg** pfkey_msg,
251 struct sadb_ext* extensions[],
254 /* in pfkey_v2_debug.c - routines to decode numbers -> strings */
256 pfkey_v2_sadb_ext_string(int extnum);
259 pfkey_v2_sadb_type_string(int sadb_type);
261 /* This functions is in pfkey_v2_parse.c and is needed by AES */
263 pfkey_register_reply(int satype, struct sadb_msg *sadb_msg);
267 #endif /* __NET_IPSEC_PF_KEY_H */
271 * Revision 1.36 2002/01/20 20:34:49 mcr
272 * added pfkey_v2_sadb_type_string to decode sadb_type to string.
274 * Revision 1.35 2001/11/27 05:27:47 mcr
275 * pfkey parses are now maintained by a structure
276 * that includes their name for debug purposes.
278 * Revision 1.34 2001/11/26 09:23:53 rgb
279 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
281 * Revision 1.33 2001/11/06 19:47:47 rgb
282 * Added packet parameter to lifetime and comb structures.
284 * Revision 1.32 2001/09/08 21:13:34 rgb
285 * Added pfkey ident extension support for ISAKMPd. (NetCelo)
287 * Revision 1.31 2001/06/14 19:35:16 rgb
288 * Update copyright date.
290 * Revision 1.30 2001/02/27 07:04:52 rgb
291 * Added satype2name prototype.
293 * Revision 1.29 2001/02/26 19:59:33 rgb
294 * Ditch unused sadb_satype2proto[], replaced by satype2proto().
296 * Revision 1.28 2000/10/10 20:10:19 rgb
297 * Added support for debug_ipcomp and debug_verbose to klipsdebug.
299 * Revision 1.27 2000/09/21 04:20:45 rgb
300 * Fixed array size off-by-one error. (Thanks Svenning!)
302 * Revision 1.26 2000/09/12 03:26:05 rgb
303 * Added pfkey_acquire prototype.
305 * Revision 1.25 2000/09/08 19:21:28 rgb
306 * Fix pfkey_prop_build() parameter to be only single indirection.
308 * Revision 1.24 2000/09/01 18:46:42 rgb
309 * Added a supported algorithms array lists, one per satype and registered
310 * existing algorithms.
311 * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
314 * Revision 1.23 2000/08/27 01:55:26 rgb
315 * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
317 * Revision 1.22 2000/08/20 21:39:23 rgb
318 * Added kernel prototypes for kernel funcitions pfkey_upmsg() and
321 * Revision 1.21 2000/08/15 17:29:23 rgb
322 * Fixes from SZI to untested pfkey_prop_build().
324 * Revision 1.20 2000/05/10 20:14:19 rgb
325 * Fleshed out sensitivity, proposal and supported extensions.
327 * Revision 1.19 2000/03/16 14:07:23 rgb
328 * Renamed ALIGN macro to avoid fighting with others in kernel.
330 * Revision 1.18 2000/01/22 23:24:06 rgb
331 * Added prototypes for proto2satype(), satype2proto() and proto2name().
333 * Revision 1.17 2000/01/21 06:26:59 rgb
334 * Converted from double tdb arguments to one structure (extr)
335 * containing pointers to all temporary information structures.
336 * Added klipsdebug switching capability.
337 * Dropped unused argument to pfkey_x_satype_build().
339 * Revision 1.16 1999/12/29 21:17:41 rgb
340 * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
341 * parameter for cleaner manipulation of extensions[] and to guard
342 * against potential memory leaks.
343 * Changed the I/F to pfkey_msg_free() for the same reason.
345 * Revision 1.15 1999/12/09 23:12:54 rgb
346 * Added macro for BITS_PER_OCTET.
347 * Added argument to pfkey_sa_build() to do eroutes.
349 * Revision 1.14 1999/12/08 20:33:25 rgb
350 * Changed sa_family_t to uint16_t for 2.0.xx compatibility.
352 * Revision 1.13 1999/12/07 19:53:40 rgb
353 * Removed unused first argument from extension parsers.
354 * Changed __u* types to uint* to avoid use of asm/types.h and
355 * sys/types.h in userspace code.
356 * Added function prototypes for pfkey message and extensions
357 * initialisation and cleanup.
359 * Revision 1.12 1999/12/01 22:19:38 rgb
360 * Change pfkey_sa_build to accept an SPI in network byte order.
362 * Revision 1.11 1999/11/27 11:55:26 rgb
363 * Added extern sadb_satype2proto to enable moving protocol lookup table
364 * to lib/pfkey_v2_parse.c.
365 * Delete unused, moved typedefs.
366 * Add argument to pfkey_msg_parse() for direction.
367 * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
369 * Revision 1.10 1999/11/23 22:29:21 rgb
370 * This file has been moved in the distribution from klips/net/ipsec to
372 * Add macros for dealing with alignment and rounding up more opaquely.
373 * The uint<n>_t type defines have been moved to freeswan.h to avoid
374 * chicken-and-egg problems.
375 * Add macros for dealing with alignment and rounding up more opaque.
376 * Added prototypes for using extention header bitmaps.
377 * Added prototypes of all the build functions.
379 * Revision 1.9 1999/11/20 21:59:48 rgb
380 * Moved socketlist type declarations and prototypes for shared use.
381 * Slightly modified scope of sockaddr_key declaration.
383 * Revision 1.8 1999/11/17 14:34:25 rgb
384 * Protect sa_family_t from being used in userspace with GLIBC<2.
386 * Revision 1.7 1999/10/27 19:40:35 rgb
387 * Add a maximum PFKEY packet size macro.
389 * Revision 1.6 1999/10/26 16:58:58 rgb
390 * Created a sockaddr_key and key_opt socket extension structures.
392 * Revision 1.5 1999/06/10 05:24:41 rgb
393 * Renamed variables to reduce confusion.
395 * Revision 1.4 1999/04/29 15:21:11 rgb
396 * Add pfkey support to debugging.
397 * Add return values to init and cleanup functions.
399 * Revision 1.3 1999/04/15 17:58:07 rgb