uapi/linux/pfkeyv2.h

0001 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
0002 /* PF_KEY user interface, this is defined by rfc2367 so
0003  * do not make arbitrary modifications or else this header
0004  * file will not be compliant.
0005  */
0006
0007 #ifndef _LINUX_PFKEY2_H
0008 #define _LINUX_PFKEY2_H
0009
0010 #include <linux/types.h>
0011
0012 #define PF_KEY_V2       2
0013 #define PFKEYV2_REVISION    199806L
0014
0015 struct sadb_msg {
0016     __u8        sadb_msg_version;
0017     __u8        sadb_msg_type;
0018     __u8        sadb_msg_errno;
0019     __u8        sadb_msg_satype;
0020     __u16   sadb_msg_len;
0021     __u16   sadb_msg_reserved;
0022     __u32   sadb_msg_seq;
0023     __u32   sadb_msg_pid;
0024 } __attribute__((packed));
0025 /* sizeof(struct sadb_msg) == 16 */
0026
0027 struct sadb_ext {
0028     __u16   sadb_ext_len;
0029     __u16   sadb_ext_type;
0030 } __attribute__((packed));
0031 /* sizeof(struct sadb_ext) == 4 */
0032
0033 struct sadb_sa {
0034     __u16   sadb_sa_len;
0035     __u16   sadb_sa_exttype;
0036     __be32      sadb_sa_spi;
0037     __u8        sadb_sa_replay;
0038     __u8        sadb_sa_state;
0039     __u8        sadb_sa_auth;
0040     __u8        sadb_sa_encrypt;
0041     __u32   sadb_sa_flags;
0042 } __attribute__((packed));
0043 /* sizeof(struct sadb_sa) == 16 */
0044
0045 struct sadb_lifetime {
0046     __u16   sadb_lifetime_len;
0047     __u16   sadb_lifetime_exttype;
0048     __u32   sadb_lifetime_allocations;
0049     __u64   sadb_lifetime_bytes;
0050     __u64   sadb_lifetime_addtime;
0051     __u64   sadb_lifetime_usetime;
0052 } __attribute__((packed));
0053 /* sizeof(struct sadb_lifetime) == 32 */
0054
0055 struct sadb_address {
0056     __u16   sadb_address_len;
0057     __u16   sadb_address_exttype;
0058     __u8        sadb_address_proto;
0059     __u8        sadb_address_prefixlen;
0060     __u16   sadb_address_reserved;
0061 } __attribute__((packed));
0062 /* sizeof(struct sadb_address) == 8 */
0063
0064 struct sadb_key {
0065     __u16   sadb_key_len;
0066     __u16   sadb_key_exttype;
0067     __u16   sadb_key_bits;
0068     __u16   sadb_key_reserved;
0069 } __attribute__((packed));
0070 /* sizeof(struct sadb_key) == 8 */
0071
0072 struct sadb_ident {
0073     __u16   sadb_ident_len;
0074     __u16   sadb_ident_exttype;
0075     __u16   sadb_ident_type;
0076     __u16   sadb_ident_reserved;
0077     __u64   sadb_ident_id;
0078 } __attribute__((packed));
0079 /* sizeof(struct sadb_ident) == 16 */
0080
0081 struct sadb_sens {
0082     __u16   sadb_sens_len;
0083     __u16   sadb_sens_exttype;
0084     __u32   sadb_sens_dpd;
0085     __u8        sadb_sens_sens_level;
0086     __u8        sadb_sens_sens_len;
0087     __u8        sadb_sens_integ_level;
0088     __u8        sadb_sens_integ_len;
0089     __u32   sadb_sens_reserved;
0090 } __attribute__((packed));
0091 /* sizeof(struct sadb_sens) == 16 */
0092
0093 /* followed by:
0094     __u64   sadb_sens_bitmap[sens_len];
0095     __u64   sadb_integ_bitmap[integ_len];  */
0096
0097 struct sadb_prop {
0098     __u16   sadb_prop_len;
0099     __u16   sadb_prop_exttype;
0100     __u8        sadb_prop_replay;
0101     __u8        sadb_prop_reserved[3];
0102 } __attribute__((packed));
0103 /* sizeof(struct sadb_prop) == 8 */
0104
0105 /* followed by:
0106     struct sadb_comb sadb_combs[(sadb_prop_len +
0107         sizeof(__u64) - sizeof(struct sadb_prop)) /
0108         sizeof(struct sadb_comb)]; */
0109
0110 struct sadb_comb {
0111     __u8        sadb_comb_auth;
0112     __u8        sadb_comb_encrypt;
0113     __u16   sadb_comb_flags;
0114     __u16   sadb_comb_auth_minbits;
0115     __u16   sadb_comb_auth_maxbits;
0116     __u16   sadb_comb_encrypt_minbits;
0117     __u16   sadb_comb_encrypt_maxbits;
0118     __u32   sadb_comb_reserved;
0119     __u32   sadb_comb_soft_allocations;
0120     __u32   sadb_comb_hard_allocations;
0121     __u64   sadb_comb_soft_bytes;
0122     __u64   sadb_comb_hard_bytes;
0123     __u64   sadb_comb_soft_addtime;
0124     __u64   sadb_comb_hard_addtime;
0125     __u64   sadb_comb_soft_usetime;
0126     __u64   sadb_comb_hard_usetime;
0127 } __attribute__((packed));
0128 /* sizeof(struct sadb_comb) == 72 */
0129
0130 struct sadb_supported {
0131     __u16   sadb_supported_len;
0132     __u16   sadb_supported_exttype;
0133     __u32   sadb_supported_reserved;
0134 } __attribute__((packed));
0135 /* sizeof(struct sadb_supported) == 8 */
0136
0137 /* followed by:
0138     struct sadb_alg sadb_algs[(sadb_supported_len +
0139         sizeof(__u64) - sizeof(struct sadb_supported)) /
0140         sizeof(struct sadb_alg)]; */
0141
0142 struct sadb_alg {
0143     __u8        sadb_alg_id;
0144     __u8        sadb_alg_ivlen;
0145     __u16   sadb_alg_minbits;
0146     __u16   sadb_alg_maxbits;
0147     __u16   sadb_alg_reserved;
0148 } __attribute__((packed));
0149 /* sizeof(struct sadb_alg) == 8 */
0150
0151 struct sadb_spirange {
0152     __u16   sadb_spirange_len;
0153     __u16   sadb_spirange_exttype;
0154     __u32   sadb_spirange_min;
0155     __u32   sadb_spirange_max;
0156     __u32   sadb_spirange_reserved;
0157 } __attribute__((packed));
0158 /* sizeof(struct sadb_spirange) == 16 */
0159
0160 struct sadb_x_kmprivate {
0161     __u16   sadb_x_kmprivate_len;
0162     __u16   sadb_x_kmprivate_exttype;
0163     __u32   sadb_x_kmprivate_reserved;
0164 } __attribute__((packed));
0165 /* sizeof(struct sadb_x_kmprivate) == 8 */
0166
0167 struct sadb_x_sa2 {
0168     __u16   sadb_x_sa2_len;
0169     __u16   sadb_x_sa2_exttype;
0170     __u8        sadb_x_sa2_mode;
0171     __u8        sadb_x_sa2_reserved1;
0172     __u16   sadb_x_sa2_reserved2;
0173     __u32   sadb_x_sa2_sequence;
0174     __u32   sadb_x_sa2_reqid;
0175 } __attribute__((packed));
0176 /* sizeof(struct sadb_x_sa2) == 16 */
0177
0178 struct sadb_x_policy {
0179     __u16   sadb_x_policy_len;
0180     __u16   sadb_x_policy_exttype;
0181     __u16   sadb_x_policy_type;
0182     __u8        sadb_x_policy_dir;
0183     __u8        sadb_x_policy_reserved;
0184     __u32   sadb_x_policy_id;
0185     __u32   sadb_x_policy_priority;
0186 } __attribute__((packed));
0187 /* sizeof(struct sadb_x_policy) == 16 */
0188
0189 struct sadb_x_ipsecrequest {
0190     __u16   sadb_x_ipsecrequest_len;
0191     __u16   sadb_x_ipsecrequest_proto;
0192     __u8        sadb_x_ipsecrequest_mode;
0193     __u8        sadb_x_ipsecrequest_level;
0194     __u16   sadb_x_ipsecrequest_reserved1;
0195     __u32   sadb_x_ipsecrequest_reqid;
0196     __u32   sadb_x_ipsecrequest_reserved2;
0197 } __attribute__((packed));
0198 /* sizeof(struct sadb_x_ipsecrequest) == 16 */
0199
0200 /* This defines the TYPE of Nat Traversal in use.  Currently only one
0201  * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06
0202  */
0203 struct sadb_x_nat_t_type {
0204     __u16   sadb_x_nat_t_type_len;
0205     __u16   sadb_x_nat_t_type_exttype;
0206     __u8        sadb_x_nat_t_type_type;
0207     __u8        sadb_x_nat_t_type_reserved[3];
0208 } __attribute__((packed));
0209 /* sizeof(struct sadb_x_nat_t_type) == 8 */
0210
0211 /* Pass a NAT Traversal port (Source or Dest port) */
0212 struct sadb_x_nat_t_port {
0213     __u16   sadb_x_nat_t_port_len;
0214     __u16   sadb_x_nat_t_port_exttype;
0215     __be16      sadb_x_nat_t_port_port;
0216     __u16   sadb_x_nat_t_port_reserved;
0217 } __attribute__((packed));
0218 /* sizeof(struct sadb_x_nat_t_port) == 8 */
0219
0220 /* Generic LSM security context */
0221 struct sadb_x_sec_ctx {
0222     __u16   sadb_x_sec_len;
0223     __u16   sadb_x_sec_exttype;
0224     __u8        sadb_x_ctx_alg;  /* LSMs: e.g., selinux == 1 */
0225     __u8        sadb_x_ctx_doi;
0226     __u16   sadb_x_ctx_len;
0227 } __attribute__((packed));
0228 /* sizeof(struct sadb_sec_ctx) = 8 */
0229
0230 /* Used by MIGRATE to pass addresses IKE will use to perform
0231  * negotiation with the peer */
0232 struct sadb_x_kmaddress {
0233     __u16   sadb_x_kmaddress_len;
0234     __u16   sadb_x_kmaddress_exttype;
0235     __u32   sadb_x_kmaddress_reserved;
0236 } __attribute__((packed));
0237 /* sizeof(struct sadb_x_kmaddress) == 8 */
0238
0239 /* To specify the SA dump filter */
0240 struct sadb_x_filter {
0241     __u16   sadb_x_filter_len;
0242     __u16   sadb_x_filter_exttype;
0243     __u32   sadb_x_filter_saddr[4];
0244     __u32   sadb_x_filter_daddr[4];
0245     __u16   sadb_x_filter_family;
0246     __u8    sadb_x_filter_splen;
0247     __u8    sadb_x_filter_dplen;
0248 } __attribute__((packed));
0249 /* sizeof(struct sadb_x_filter) == 40 */
0250
0251 /* Message types */
0252 #define SADB_RESERVED       0
0253 #define SADB_GETSPI     1
0254 #define SADB_UPDATE     2
0255 #define SADB_ADD        3
0256 #define SADB_DELETE     4
0257 #define SADB_GET        5
0258 #define SADB_ACQUIRE        6
0259 #define SADB_REGISTER       7
0260 #define SADB_EXPIRE     8
0261 #define SADB_FLUSH      9
0262 #define SADB_DUMP       10
0263 #define SADB_X_PROMISC      11
0264 #define SADB_X_PCHANGE      12
0265 #define SADB_X_SPDUPDATE    13
0266 #define SADB_X_SPDADD       14
0267 #define SADB_X_SPDDELETE    15
0268 #define SADB_X_SPDGET       16
0269 #define SADB_X_SPDACQUIRE   17
0270 #define SADB_X_SPDDUMP      18
0271 #define SADB_X_SPDFLUSH     19
0272 #define SADB_X_SPDSETIDX    20
0273 #define SADB_X_SPDEXPIRE    21
0274 #define SADB_X_SPDDELETE2   22
0275 #define SADB_X_NAT_T_NEW_MAPPING    23
0276 #define SADB_X_MIGRATE      24
0277 #define SADB_MAX        24
0278
0279 /* Security Association flags */
0280 #define SADB_SAFLAGS_PFS    1
0281 #define SADB_SAFLAGS_NOPMTUDISC 0x20000000
0282 #define SADB_SAFLAGS_DECAP_DSCP 0x40000000
0283 #define SADB_SAFLAGS_NOECN  0x80000000
0284
0285 /* Security Association states */
0286 #define SADB_SASTATE_LARVAL 0
0287 #define SADB_SASTATE_MATURE 1
0288 #define SADB_SASTATE_DYING  2
0289 #define SADB_SASTATE_DEAD   3
0290 #define SADB_SASTATE_MAX    3
0291
0292 /* Security Association types */
0293 #define SADB_SATYPE_UNSPEC  0
0294 #define SADB_SATYPE_AH      2
0295 #define SADB_SATYPE_ESP     3
0296 #define SADB_SATYPE_RSVP    5
0297 #define SADB_SATYPE_OSPFV2  6
0298 #define SADB_SATYPE_RIPV2   7
0299 #define SADB_SATYPE_MIP     8
0300 #define SADB_X_SATYPE_IPCOMP    9
0301 #define SADB_SATYPE_MAX     9
0302
0303 /* Authentication algorithms */
0304 #define SADB_AALG_NONE          0
0305 #define SADB_AALG_MD5HMAC       2
0306 #define SADB_AALG_SHA1HMAC      3
0307 #define SADB_X_AALG_SHA2_256HMAC    5
0308 #define SADB_X_AALG_SHA2_384HMAC    6
0309 #define SADB_X_AALG_SHA2_512HMAC    7
0310 #define SADB_X_AALG_RIPEMD160HMAC   8
0311 #define SADB_X_AALG_AES_XCBC_MAC    9
0312 #define SADB_X_AALG_SM3_256HMAC     10
0313 #define SADB_X_AALG_NULL        251 /* kame */
0314 #define SADB_AALG_MAX           251
0315
0316 /* Encryption algorithms */
0317 #define SADB_EALG_NONE          0
0318 #define SADB_EALG_DESCBC        2
0319 #define SADB_EALG_3DESCBC       3
0320 #define SADB_X_EALG_CASTCBC     6
0321 #define SADB_X_EALG_BLOWFISHCBC     7
0322 #define SADB_EALG_NULL          11
0323 #define SADB_X_EALG_AESCBC      12
0324 #define SADB_X_EALG_AESCTR      13
0325 #define SADB_X_EALG_AES_CCM_ICV8    14
0326 #define SADB_X_EALG_AES_CCM_ICV12   15
0327 #define SADB_X_EALG_AES_CCM_ICV16   16
0328 #define SADB_X_EALG_AES_GCM_ICV8    18
0329 #define SADB_X_EALG_AES_GCM_ICV12   19
0330 #define SADB_X_EALG_AES_GCM_ICV16   20
0331 #define SADB_X_EALG_CAMELLIACBC     22
0332 #define SADB_X_EALG_NULL_AES_GMAC   23
0333 #define SADB_X_EALG_SM4CBC      24
0334 #define SADB_EALG_MAX                   253 /* last EALG */
0335 /* private allocations should use 249-255 (RFC2407) */
0336 #define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
0337 #define SADB_X_EALG_TWOFISHCBC  253     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
0338
0339 /* Compression algorithms */
0340 #define SADB_X_CALG_NONE        0
0341 #define SADB_X_CALG_OUI         1
0342 #define SADB_X_CALG_DEFLATE     2
0343 #define SADB_X_CALG_LZS         3
0344 #define SADB_X_CALG_LZJH        4
0345 #define SADB_X_CALG_MAX         4
0346
0347 /* Extension Header values */
0348 #define SADB_EXT_RESERVED       0
0349 #define SADB_EXT_SA         1
0350 #define SADB_EXT_LIFETIME_CURRENT   2
0351 #define SADB_EXT_LIFETIME_HARD      3
0352 #define SADB_EXT_LIFETIME_SOFT      4
0353 #define SADB_EXT_ADDRESS_SRC        5
0354 #define SADB_EXT_ADDRESS_DST        6
0355 #define SADB_EXT_ADDRESS_PROXY      7
0356 #define SADB_EXT_KEY_AUTH       8
0357 #define SADB_EXT_KEY_ENCRYPT        9
0358 #define SADB_EXT_IDENTITY_SRC       10
0359 #define SADB_EXT_IDENTITY_DST       11
0360 #define SADB_EXT_SENSITIVITY        12
0361 #define SADB_EXT_PROPOSAL       13
0362 #define SADB_EXT_SUPPORTED_AUTH     14
0363 #define SADB_EXT_SUPPORTED_ENCRYPT  15
0364 #define SADB_EXT_SPIRANGE       16
0365 #define SADB_X_EXT_KMPRIVATE        17
0366 #define SADB_X_EXT_POLICY       18
0367 #define SADB_X_EXT_SA2          19
0368 /* The next four entries are for setting up NAT Traversal */
0369 #define SADB_X_EXT_NAT_T_TYPE       20
0370 #define SADB_X_EXT_NAT_T_SPORT      21
0371 #define SADB_X_EXT_NAT_T_DPORT      22
0372 #define SADB_X_EXT_NAT_T_OA     23
0373 #define SADB_X_EXT_SEC_CTX      24
0374 /* Used with MIGRATE to pass @ to IKE for negotiation */
0375 #define SADB_X_EXT_KMADDRESS        25
0376 #define SADB_X_EXT_FILTER       26
0377 #define SADB_EXT_MAX            26
0378
0379 /* Identity Extension values */
0380 #define SADB_IDENTTYPE_RESERVED 0
0381 #define SADB_IDENTTYPE_PREFIX   1
0382 #define SADB_IDENTTYPE_FQDN 2
0383 #define SADB_IDENTTYPE_USERFQDN 3
0384 #define SADB_IDENTTYPE_MAX  3
0385
0386 #endif /* !(_LINUX_PFKEY2_H) */