2 * RCSID $Id: pfkeyv2.h,v 1.18 2001/11/06 19:47:47 rgb Exp $
6 RFC 2367 PF_KEY Key Management API July 1998
9 Appendix D: Sample Header File
11 This file defines structures and symbols for the PF_KEY Version 2
12 key management interface. It was written at the U.S. Naval Research
13 Laboratory. This file is in the public domain. The authors ask that
14 you leave this credit intact on any copies of this file.
17 #define __PFKEY_V2_H 1
20 #define PFKEYV2_REVISION 199806L
22 #define SADB_RESERVED 0
28 #define SADB_ACQUIRE 6
29 #define SADB_REGISTER 7
33 #define SADB_X_PROMISC 11
34 #define SADB_X_PCHANGE 12
35 #define SADB_X_GRPSA 13
36 #define SADB_X_ADDFLOW 14
37 #define SADB_X_DELFLOW 15
38 #define SADB_X_DEBUG 16
40 #define SADB_X_NAT_T_NEW_MAPPING 17
47 uint8_t sadb_msg_version;
48 uint8_t sadb_msg_type;
49 uint8_t sadb_msg_errno;
50 uint8_t sadb_msg_satype;
51 uint16_t sadb_msg_len;
52 uint16_t sadb_msg_reserved;
53 uint32_t sadb_msg_seq;
54 uint32_t sadb_msg_pid;
58 uint16_t sadb_ext_len;
59 uint16_t sadb_ext_type;
64 uint16_t sadb_sa_exttype;
66 uint8_t sadb_sa_replay;
67 uint8_t sadb_sa_state;
69 uint8_t sadb_sa_encrypt;
70 uint32_t sadb_sa_flags;
73 struct sadb_lifetime {
74 uint16_t sadb_lifetime_len;
75 uint16_t sadb_lifetime_exttype;
76 uint32_t sadb_lifetime_allocations;
77 uint64_t sadb_lifetime_bytes;
78 uint64_t sadb_lifetime_addtime;
79 uint64_t sadb_lifetime_usetime;
80 uint32_t sadb_x_lifetime_packets;
81 uint32_t sadb_x_lifetime_reserved;
85 uint16_t sadb_address_len;
86 uint16_t sadb_address_exttype;
87 uint8_t sadb_address_proto;
88 uint8_t sadb_address_prefixlen;
89 uint16_t sadb_address_reserved;
93 uint16_t sadb_key_len;
94 uint16_t sadb_key_exttype;
95 uint16_t sadb_key_bits;
96 uint16_t sadb_key_reserved;
100 uint16_t sadb_ident_len;
101 uint16_t sadb_ident_exttype;
102 uint16_t sadb_ident_type;
103 uint16_t sadb_ident_reserved;
104 uint64_t sadb_ident_id;
108 uint16_t sadb_sens_len;
109 uint16_t sadb_sens_exttype;
110 uint32_t sadb_sens_dpd;
111 uint8_t sadb_sens_sens_level;
112 uint8_t sadb_sens_sens_len;
113 uint8_t sadb_sens_integ_level;
114 uint8_t sadb_sens_integ_len;
115 uint32_t sadb_sens_reserved;
119 uint16_t sadb_prop_len;
120 uint16_t sadb_prop_exttype;
121 uint8_t sadb_prop_replay;
122 uint8_t sadb_prop_reserved[3];
126 uint8_t sadb_comb_auth;
127 uint8_t sadb_comb_encrypt;
128 uint16_t sadb_comb_flags;
129 uint16_t sadb_comb_auth_minbits;
130 uint16_t sadb_comb_auth_maxbits;
131 uint16_t sadb_comb_encrypt_minbits;
132 uint16_t sadb_comb_encrypt_maxbits;
133 uint32_t sadb_comb_reserved;
134 uint32_t sadb_comb_soft_allocations;
135 uint32_t sadb_comb_hard_allocations;
136 uint64_t sadb_comb_soft_bytes;
137 uint64_t sadb_comb_hard_bytes;
138 uint64_t sadb_comb_soft_addtime;
139 uint64_t sadb_comb_hard_addtime;
140 uint64_t sadb_comb_soft_usetime;
141 uint64_t sadb_comb_hard_usetime;
142 uint32_t sadb_x_comb_soft_packets;
143 uint32_t sadb_x_comb_hard_packets;
146 struct sadb_supported {
147 uint16_t sadb_supported_len;
148 uint16_t sadb_supported_exttype;
149 uint32_t sadb_supported_reserved;
154 uint8_t sadb_alg_ivlen;
155 uint16_t sadb_alg_minbits;
156 uint16_t sadb_alg_maxbits;
157 uint16_t sadb_alg_reserved;
160 struct sadb_spirange {
161 uint16_t sadb_spirange_len;
162 uint16_t sadb_spirange_exttype;
163 uint32_t sadb_spirange_min;
164 uint32_t sadb_spirange_max;
165 uint32_t sadb_spirange_reserved;
168 struct sadb_x_kmprivate {
169 uint16_t sadb_x_kmprivate_len;
170 uint16_t sadb_x_kmprivate_exttype;
171 uint32_t sadb_x_kmprivate_reserved;
174 struct sadb_x_satype {
175 uint16_t sadb_x_satype_len;
176 uint16_t sadb_x_satype_exttype;
177 uint8_t sadb_x_satype_satype;
178 uint8_t sadb_x_satype_reserved[3];
181 struct sadb_x_debug {
182 uint16_t sadb_x_debug_len;
183 uint16_t sadb_x_debug_exttype;
184 uint32_t sadb_x_debug_tunnel;
185 uint32_t sadb_x_debug_netlink;
186 uint32_t sadb_x_debug_xform;
187 uint32_t sadb_x_debug_eroute;
188 uint32_t sadb_x_debug_spi;
189 uint32_t sadb_x_debug_radij;
190 uint32_t sadb_x_debug_esp;
191 uint32_t sadb_x_debug_ah;
192 uint32_t sadb_x_debug_rcv;
193 uint32_t sadb_x_debug_pfkey;
194 uint32_t sadb_x_debug_ipcomp;
195 uint32_t sadb_x_debug_verbose;
196 uint8_t sadb_x_debug_reserved[4];
200 struct sadb_x_nat_t_type {
201 uint16_t sadb_x_nat_t_type_len;
202 uint16_t sadb_x_nat_t_type_exttype;
203 uint8_t sadb_x_nat_t_type_type;
204 uint8_t sadb_x_nat_t_type_reserved[3];
206 struct sadb_x_nat_t_port {
207 uint16_t sadb_x_nat_t_port_len;
208 uint16_t sadb_x_nat_t_port_exttype;
209 uint16_t sadb_x_nat_t_port_port;
210 uint16_t sadb_x_nat_t_port_reserved;
214 #define SADB_EXT_RESERVED 0
215 #define SADB_EXT_SA 1
216 #define SADB_EXT_LIFETIME_CURRENT 2
217 #define SADB_EXT_LIFETIME_HARD 3
218 #define SADB_EXT_LIFETIME_SOFT 4
219 #define SADB_EXT_ADDRESS_SRC 5
220 #define SADB_EXT_ADDRESS_DST 6
221 #define SADB_EXT_ADDRESS_PROXY 7
222 #define SADB_EXT_KEY_AUTH 8
223 #define SADB_EXT_KEY_ENCRYPT 9
224 #define SADB_EXT_IDENTITY_SRC 10
225 #define SADB_EXT_IDENTITY_DST 11
226 #define SADB_EXT_SENSITIVITY 12
227 #define SADB_EXT_PROPOSAL 13
228 #define SADB_EXT_SUPPORTED_AUTH 14
229 #define SADB_EXT_SUPPORTED_ENCRYPT 15
230 #define SADB_EXT_SPIRANGE 16
231 #define SADB_X_EXT_KMPRIVATE 17
232 #define SADB_X_EXT_SATYPE2 18
233 #define SADB_X_EXT_SA2 19
234 #define SADB_X_EXT_ADDRESS_DST2 20
235 #define SADB_X_EXT_ADDRESS_SRC_FLOW 21
236 #define SADB_X_EXT_ADDRESS_DST_FLOW 22
237 #define SADB_X_EXT_ADDRESS_SRC_MASK 23
238 #define SADB_X_EXT_ADDRESS_DST_MASK 24
239 #define SADB_X_EXT_DEBUG 25
241 #define SADB_X_EXT_NAT_T_TYPE 26
242 #define SADB_X_EXT_NAT_T_SPORT 27
243 #define SADB_X_EXT_NAT_T_DPORT 28
244 #define SADB_X_EXT_NAT_T_OA 29
245 #define SADB_EXT_MAX 29
247 #define SADB_EXT_MAX 25
250 /* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */
251 #define SADB_X_EXT_ADDRESS_DELFLOW \
252 ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \
253 | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \
254 | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \
255 | (1<<SADB_X_EXT_ADDRESS_DST_MASK))
257 #define SADB_SATYPE_UNSPEC 0
258 #define SADB_SATYPE_AH 2
259 #define SADB_SATYPE_ESP 3
260 #define SADB_SATYPE_RSVP 5
261 #define SADB_SATYPE_OSPFV2 6
262 #define SADB_SATYPE_RIPV2 7
263 #define SADB_SATYPE_MIP 8
264 #define SADB_X_SATYPE_IPIP 9
265 #define SADB_X_SATYPE_COMP 10
266 #define SADB_X_SATYPE_INT 11
267 #define SADB_SATYPE_MAX 11
269 #define SADB_SASTATE_LARVAL 0
270 #define SADB_SASTATE_MATURE 1
271 #define SADB_SASTATE_DYING 2
272 #define SADB_SASTATE_DEAD 3
273 #define SADB_SASTATE_MAX 3
275 #define SADB_SAFLAGS_PFS 1
276 #define SADB_X_SAFLAGS_REPLACEFLOW 2
277 #define SADB_X_SAFLAGS_CLEARFLOW 4
278 #define SADB_X_SAFLAGS_INFLOW 8
280 #define SADB_AALG_NONE 0
281 #define SADB_AALG_MD5HMAC 2
282 #define SADB_AALG_SHA1HMAC 3
283 #define SADB_AALG_SHA256_HMAC 5
284 #define SADB_AALG_SHA384_HMAC 6
285 #define SADB_AALG_SHA512_HMAC 7
286 #define SADB_AALG_RIPEMD160HMAC 8
287 #define SADB_AALG_MAX 15
289 #define SADB_EALG_NONE 0
290 #define SADB_EALG_DESCBC 2
291 #define SADB_EALG_3DESCBC 3
292 #define SADB_EALG_BFCBC 7
293 #define SADB_EALG_NULL 11
294 #define SADB_EALG_AESCBC 12
295 #define SADB_EALG_MAX 255
297 #define SADB_X_CALG_NONE 0
298 #define SADB_X_CALG_OUI 1
299 #define SADB_X_CALG_DEFLATE 2
300 #define SADB_X_CALG_LZS 3
301 #define SADB_X_CALG_V42BIS 4
302 #define SADB_X_CALG_MAX 4
304 #define SADB_X_TALG_NONE 0
305 #define SADB_X_TALG_IPv4_in_IPv4 1
306 #define SADB_X_TALG_IPv6_in_IPv4 2
307 #define SADB_X_TALG_IPv4_in_IPv6 3
308 #define SADB_X_TALG_IPv6_in_IPv6 4
309 #define SADB_X_TALG_MAX 4
312 #define SADB_IDENTTYPE_RESERVED 0
313 #define SADB_IDENTTYPE_PREFIX 1
314 #define SADB_IDENTTYPE_FQDN 2
315 #define SADB_IDENTTYPE_USERFQDN 3
316 #define SADB_X_IDENTTYPE_CONNECTION 4
317 #define SADB_IDENTTYPE_MAX 4
319 #define SADB_KEY_FLAGS_MAX 0
320 #endif /* __PFKEY_V2_H */
323 * $Log: pfkeyv2.h,v $
324 * Revision 1.18 2001/11/06 19:47:47 rgb
325 * Added packet parameter to lifetime and comb structures.
327 * Revision 1.17 2001/09/08 21:13:35 rgb
328 * Added pfkey ident extension support for ISAKMPd. (NetCelo)
330 * Revision 1.16 2001/07/06 19:49:46 rgb
331 * Added SADB_X_SAFLAGS_INFLOW for supporting incoming policy checks.
333 * Revision 1.15 2001/02/26 20:00:43 rgb
334 * Added internal IP protocol 61 for magic SAs.
336 * Revision 1.14 2001/02/08 18:51:05 rgb
337 * Include RFC document title and appendix subsection title.
339 * Revision 1.13 2000/10/10 20:10:20 rgb
340 * Added support for debug_ipcomp and debug_verbose to klipsdebug.
342 * Revision 1.12 2000/09/15 06:41:50 rgb
343 * Added V42BIS constant.
345 * Revision 1.11 2000/09/12 22:35:37 rgb
346 * Restructured to remove unused extensions from CLEARFLOW messages.
348 * Revision 1.10 2000/09/12 18:50:09 rgb
349 * Added IPIP tunnel types as algo support.
351 * Revision 1.9 2000/08/21 16:47:19 rgb
352 * Added SADB_X_CALG_* macros for IPCOMP.
354 * Revision 1.8 2000/08/09 20:43:34 rgb
355 * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE.
357 * Revision 1.7 2000/01/21 06:28:37 rgb
358 * Added flow add/delete message type macros.
359 * Added flow address extension type macros.
361 * Added klipsdebug switching capability.
363 * Revision 1.6 1999/11/27 11:56:08 rgb
364 * Add SADB_X_SATYPE_COMP for compression, eventually.
366 * Revision 1.5 1999/11/23 22:23:16 rgb
367 * This file has been moved in the distribution from klips/net/ipsec to
370 * Revision 1.4 1999/04/29 15:23:29 rgb
372 * Add support for a second SATYPE, SA and DST_ADDRESS.
373 * Add IPPROTO_IPIP support.
375 * Revision 1.3 1999/04/15 17:58:08 rgb