Dr Andrew Scott G7VAV

My photo
 
June 2025
Mo Tu We Th Fr Sa Su
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 1 2 3 4 5 6


xfrm.h
001: #ifndef _LINUX_XFRM_H
002: #define _LINUX_XFRM_H
003: 
004: #include <linux/types.h>
005: 
006: /* All of the structures in this file may not change size as they are
007:  * passed into the kernel from userspace via netlink sockets.
008:  */
009: 
010: /* Structure to encapsulate addresses. I do not want to use
011:  * "standard" structure. My apologies.
012:  */
013: typedef union {
014:         __be32          a4;
015:         __be32          a6[4];
016: } xfrm_address_t;
017: 
018: /* Ident of a specific xfrm_state. It is used on input to lookup
019:  * the state by (spi,daddr,ah/esp) or to store information about
020:  * spi, protocol and tunnel address on output.
021:  */
022: struct xfrm_id {
023:         xfrm_address_t  daddr;
024:         __be32          spi;
025:         __u8            proto;
026: };
027: 
028: struct xfrm_sec_ctx {
029:         __u8    ctx_doi;
030:         __u8    ctx_alg;
031:         __u16   ctx_len;
032:         __u32   ctx_sid;
033:         char    ctx_str[0];
034: };
035: 
036: /* Security Context Domains of Interpretation */
037: #define XFRM_SC_DOI_RESERVED 0
038: #define XFRM_SC_DOI_LSM 1
039: 
040: /* Security Context Algorithms */
041: #define XFRM_SC_ALG_RESERVED 0
042: #define XFRM_SC_ALG_SELINUX 1
043: 
044: /* Selector, used as selector both on policy rules (SPD) and SAs. */
045: 
046: struct xfrm_selector {
047:         xfrm_address_t  daddr;
048:         xfrm_address_t  saddr;
049:         __be16  dport;
050:         __be16  dport_mask;
051:         __be16  sport;
052:         __be16  sport_mask;
053:         __u16   family;
054:         __u8    prefixlen_d;
055:         __u8    prefixlen_s;
056:         __u8    proto;
057:         int     ifindex;
058:         __kernel_uid32_t        user;
059: };
060: 
061: #define XFRM_INF (~(__u64)0)
062: 
063: struct xfrm_lifetime_cfg {
064:         __u64   soft_byte_limit;
065:         __u64   hard_byte_limit;
066:         __u64   soft_packet_limit;
067:         __u64   hard_packet_limit;
068:         __u64   soft_add_expires_seconds;
069:         __u64   hard_add_expires_seconds;
070:         __u64   soft_use_expires_seconds;
071:         __u64   hard_use_expires_seconds;
072: };
073: 
074: struct xfrm_lifetime_cur {
075:         __u64   bytes;
076:         __u64   packets;
077:         __u64   add_time;
078:         __u64   use_time;
079: };
080: 
081: struct xfrm_replay_state {
082:         __u32   oseq;
083:         __u32   seq;
084:         __u32   bitmap;
085: };
086: 
087: struct xfrm_replay_state_esn {
088:         unsigned int    bmp_len;
089:         __u32           oseq;
090:         __u32           seq;
091:         __u32           oseq_hi;
092:         __u32           seq_hi;
093:         __u32           replay_window;
094:         __u32           bmp[0];
095: };
096: 
097: struct xfrm_algo {
098:         char            alg_name[64];
099:         unsigned int    alg_key_len;    /* in bits */
100:         char            alg_key[0];
101: };
102: 
103: struct xfrm_algo_auth {
104:         char            alg_name[64];
105:         unsigned int    alg_key_len;    /* in bits */
106:         unsigned int    alg_trunc_len;  /* in bits */
107:         char            alg_key[0];
108: };
109: 
110: struct xfrm_algo_aead {
111:         char            alg_name[64];
112:         unsigned int    alg_key_len;    /* in bits */
113:         unsigned int    alg_icv_len;    /* in bits */
114:         char            alg_key[0];
115: };
116: 
117: struct xfrm_stats {
118:         __u32   replay_window;
119:         __u32   replay;
120:         __u32   integrity_failed;
121: };
122: 
123: enum {
124:         XFRM_POLICY_TYPE_MAIN   = 0,
125:         XFRM_POLICY_TYPE_SUB    = 1,
126:         XFRM_POLICY_TYPE_MAX    = 2,
127:         XFRM_POLICY_TYPE_ANY    = 255
128: };
129: 
130: enum {
131:         XFRM_POLICY_IN  = 0,
132:         XFRM_POLICY_OUT = 1,
133:         XFRM_POLICY_FWD = 2,
134:         XFRM_POLICY_MASK = 3,
135:         XFRM_POLICY_MAX = 3
136: };
137: 
138: enum {
139:         XFRM_SHARE_ANY,         /* No limitations */
140:         XFRM_SHARE_SESSION,     /* For this session only */
141:         XFRM_SHARE_USER,        /* For this user only */
142:         XFRM_SHARE_UNIQUE       /* Use once */
143: };
144: 
145: #define XFRM_MODE_TRANSPORT 0
146: #define XFRM_MODE_TUNNEL 1
147: #define XFRM_MODE_ROUTEOPTIMIZATION 2
148: #define XFRM_MODE_IN_TRIGGER 3
149: #define XFRM_MODE_BEET 4
150: #define XFRM_MODE_MAX 5
151: 
152: /* Netlink configuration messages.  */
153: enum {
154:         XFRM_MSG_BASE = 0x10,
155: 
156:         XFRM_MSG_NEWSA = 0x10,
157: #define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
158:         XFRM_MSG_DELSA,
159: #define XFRM_MSG_DELSA XFRM_MSG_DELSA
160:         XFRM_MSG_GETSA,
161: #define XFRM_MSG_GETSA XFRM_MSG_GETSA
162: 
163:         XFRM_MSG_NEWPOLICY,
164: #define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
165:         XFRM_MSG_DELPOLICY,
166: #define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
167:         XFRM_MSG_GETPOLICY,
168: #define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
169: 
170:         XFRM_MSG_ALLOCSPI,
171: #define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
172:         XFRM_MSG_ACQUIRE,
173: #define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
174:         XFRM_MSG_EXPIRE,
175: #define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
176: 
177:         XFRM_MSG_UPDPOLICY,
178: #define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
179:         XFRM_MSG_UPDSA,
180: #define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
181: 
182:         XFRM_MSG_POLEXPIRE,
183: #define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
184: 
185:         XFRM_MSG_FLUSHSA,
186: #define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
187:         XFRM_MSG_FLUSHPOLICY,
188: #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
189: 
190:         XFRM_MSG_NEWAE,
191: #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
192:         XFRM_MSG_GETAE,
193: #define XFRM_MSG_GETAE XFRM_MSG_GETAE
194: 
195:         XFRM_MSG_REPORT,
196: #define XFRM_MSG_REPORT XFRM_MSG_REPORT
197: 
198:         XFRM_MSG_MIGRATE,
199: #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE
200: 
201:         XFRM_MSG_NEWSADINFO,
202: #define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO
203:         XFRM_MSG_GETSADINFO,
204: #define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO
205: 
206:         XFRM_MSG_NEWSPDINFO,
207: #define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO
208:         XFRM_MSG_GETSPDINFO,
209: #define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO
210: 
211:         XFRM_MSG_MAPPING,
212: #define XFRM_MSG_MAPPING XFRM_MSG_MAPPING
213:         __XFRM_MSG_MAX
214: };
215: #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
216: 
217: #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
218: 
219: /*
220:  * Generic LSM security context for comunicating to user space
221:  * NOTE: Same format as sadb_x_sec_ctx
222:  */
223: struct xfrm_user_sec_ctx {
224:         __u16                   len;
225:         __u16                   exttype;
226:         __u8                    ctx_alg;  /* LSMs: e.g., selinux == 1 */
227:         __u8                    ctx_doi;
228:         __u16                   ctx_len;
229: };
230: 
231: struct xfrm_user_tmpl {
232:         struct xfrm_id          id;
233:         __u16                   family;
234:         xfrm_address_t          saddr;
235:         __u32                   reqid;
236:         __u8                    mode;
237:         __u8                    share;
238:         __u8                    optional;
239:         __u32                   aalgos;
240:         __u32                   ealgos;
241:         __u32                   calgos;
242: };
243: 
244: struct xfrm_encap_tmpl {
245:         __u16           encap_type;
246:         __be16          encap_sport;
247:         __be16          encap_dport;
248:         xfrm_address_t  encap_oa;
249: };
250: 
251: /* AEVENT flags  */
252: enum xfrm_ae_ftype_t {
253:         XFRM_AE_UNSPEC,
254:         XFRM_AE_RTHR=1, /* replay threshold*/
255:         XFRM_AE_RVAL=2, /* replay value */
256:         XFRM_AE_LVAL=4, /* lifetime value */
257:         XFRM_AE_ETHR=8, /* expiry timer threshold */
258:         XFRM_AE_CR=16, /* Event cause is replay update */
259:         XFRM_AE_CE=32, /* Event cause is timer expiry */
260:         XFRM_AE_CU=64, /* Event cause is policy update */
261:         __XFRM_AE_MAX
262: 
263: #define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
264: };
265: 
266: struct xfrm_userpolicy_type {
267:         __u8            type;
268:         __u16           reserved1;
269:         __u8            reserved2;
270: };
271: 
272: /* Netlink message attributes.  */
273: enum xfrm_attr_type_t {
274:         XFRMA_UNSPEC,
275:         XFRMA_ALG_AUTH,         /* struct xfrm_algo */
276:         XFRMA_ALG_CRYPT,        /* struct xfrm_algo */
277:         XFRMA_ALG_COMP,         /* struct xfrm_algo */
278:         XFRMA_ENCAP,            /* struct xfrm_algo + struct xfrm_encap_tmpl */
279:         XFRMA_TMPL,             /* 1 or more struct xfrm_user_tmpl */
280:         XFRMA_SA,               /* struct xfrm_usersa_info  */
281:         XFRMA_POLICY,           /*struct xfrm_userpolicy_info */
282:         XFRMA_SEC_CTX,          /* struct xfrm_sec_ctx */
283:         XFRMA_LTIME_VAL,
284:         XFRMA_REPLAY_VAL,
285:         XFRMA_REPLAY_THRESH,
286:         XFRMA_ETIMER_THRESH,
287:         XFRMA_SRCADDR,          /* xfrm_address_t */
288:         XFRMA_COADDR,           /* xfrm_address_t */
289:         XFRMA_LASTUSED,         /* unsigned long  */
290:         XFRMA_POLICY_TYPE,      /* struct xfrm_userpolicy_type */
291:         XFRMA_MIGRATE,
292:         XFRMA_ALG_AEAD,         /* struct xfrm_algo_aead */
293:         XFRMA_KMADDRESS,        /* struct xfrm_user_kmaddress */
294:         XFRMA_ALG_AUTH_TRUNC,   /* struct xfrm_algo_auth */
295:         XFRMA_MARK,             /* struct xfrm_mark */
296:         XFRMA_TFCPAD,           /* __u32 */
297:         XFRMA_REPLAY_ESN_VAL,   /* struct xfrm_replay_esn */
298:         __XFRMA_MAX
299: 
300: #define XFRMA_MAX (__XFRMA_MAX - 1)
301: };
302: 
303: struct xfrm_mark {
304:         __u32           v; /* value */
305:         __u32           m; /* mask */
306: };
307: 
308: enum xfrm_sadattr_type_t {
309:         XFRMA_SAD_UNSPEC,
310:         XFRMA_SAD_CNT,
311:         XFRMA_SAD_HINFO,
312:         __XFRMA_SAD_MAX
313: 
314: #define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1)
315: };
316: 
317: struct xfrmu_sadhinfo {
318:         __u32 sadhcnt; /* current hash bkts */
319:         __u32 sadhmcnt; /* max allowed hash bkts */
320: };
321: 
322: enum xfrm_spdattr_type_t {
323:         XFRMA_SPD_UNSPEC,
324:         XFRMA_SPD_INFO,
325:         XFRMA_SPD_HINFO,
326:         __XFRMA_SPD_MAX
327: 
328: #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1)
329: };
330: 
331: struct xfrmu_spdinfo {
332:         __u32 incnt;
333:         __u32 outcnt;
334:         __u32 fwdcnt;
335:         __u32 inscnt;
336:         __u32 outscnt;
337:         __u32 fwdscnt;
338: };
339: 
340: struct xfrmu_spdhinfo {
341:         __u32 spdhcnt;
342:         __u32 spdhmcnt;
343: };
344: 
345: struct xfrm_usersa_info {
346:         struct xfrm_selector            sel;
347:         struct xfrm_id                  id;
348:         xfrm_address_t                  saddr;
349:         struct xfrm_lifetime_cfg        lft;
350:         struct xfrm_lifetime_cur        curlft;
351:         struct xfrm_stats               stats;
352:         __u32                           seq;
353:         __u32                           reqid;
354:         __u16                           family;
355:         __u8                            mode;           /* XFRM_MODE_xxx */
356:         __u8                            replay_window;
357:         __u8                            flags;
358: #define XFRM_STATE_NOECN        1
359: #define XFRM_STATE_DECAP_DSCP   2
360: #define XFRM_STATE_NOPMTUDISC   4
361: #define XFRM_STATE_WILDRECV     8
362: #define XFRM_STATE_ICMP         16
363: #define XFRM_STATE_AF_UNSPEC    32
364: #define XFRM_STATE_ALIGN4       64
365: #define XFRM_STATE_ESN          128
366: };
367: 
368: struct xfrm_usersa_id {
369:         xfrm_address_t                  daddr;
370:         __be32                          spi;
371:         __u16                           family;
372:         __u8                            proto;
373: };
374: 
375: struct xfrm_aevent_id {
376:         struct xfrm_usersa_id           sa_id;
377:         xfrm_address_t                  saddr;
378:         __u32                           flags;
379:         __u32                           reqid;
380: };
381: 
382: struct xfrm_userspi_info {
383:         struct xfrm_usersa_info         info;
384:         __u32                           min;
385:         __u32                           max;
386: };
387: 
388: struct xfrm_userpolicy_info {
389:         struct xfrm_selector            sel;
390:         struct xfrm_lifetime_cfg        lft;
391:         struct xfrm_lifetime_cur        curlft;
392:         __u32                           priority;
393:         __u32                           index;
394:         __u8                            dir;
395:         __u8                            action;
396: #define XFRM_POLICY_ALLOW       0
397: #define XFRM_POLICY_BLOCK       1
398:         __u8                            flags;
399: #define XFRM_POLICY_LOCALOK     1       /* Allow user to override global policy */
400:         /* Automatically expand selector to include matching ICMP payloads. */
401: #define XFRM_POLICY_ICMP        2
402:         __u8                            share;
403: };
404: 
405: struct xfrm_userpolicy_id {
406:         struct xfrm_selector            sel;
407:         __u32                           index;
408:         __u8                            dir;
409: };
410: 
411: struct xfrm_user_acquire {
412:         struct xfrm_id                  id;
413:         xfrm_address_t                  saddr;
414:         struct xfrm_selector            sel;
415:         struct xfrm_userpolicy_info     policy;
416:         __u32                           aalgos;
417:         __u32                           ealgos;
418:         __u32                           calgos;
419:         __u32                           seq;
420: };
421: 
422: struct xfrm_user_expire {
423:         struct xfrm_usersa_info         state;
424:         __u8                            hard;
425: };
426: 
427: struct xfrm_user_polexpire {
428:         struct xfrm_userpolicy_info     pol;
429:         __u8                            hard;
430: };
431: 
432: struct xfrm_usersa_flush {
433:         __u8                            proto;
434: };
435: 
436: struct xfrm_user_report {
437:         __u8                            proto;
438:         struct xfrm_selector            sel;
439: };
440: 
441: /* Used by MIGRATE to pass addresses IKE should use to perform
442:  * SA negotiation with the peer */
443: struct xfrm_user_kmaddress {
444:         xfrm_address_t                  local;
445:         xfrm_address_t                  remote;
446:         __u32                           reserved;
447:         __u16                           family;
448: };
449: 
450: struct xfrm_user_migrate {
451:         xfrm_address_t                  old_daddr;
452:         xfrm_address_t                  old_saddr;
453:         xfrm_address_t                  new_daddr;
454:         xfrm_address_t                  new_saddr;
455:         __u8                            proto;
456:         __u8                            mode;
457:         __u16                           reserved;
458:         __u32                           reqid;
459:         __u16                           old_family;
460:         __u16                           new_family;
461: };
462: 
463: struct xfrm_user_mapping {
464:         struct xfrm_usersa_id           id;
465:         __u32                           reqid;
466:         xfrm_address_t                  old_saddr;
467:         xfrm_address_t                  new_saddr;
468:         __be16                          old_sport;
469:         __be16                          new_sport;
470: };
471: 
472: /* backwards compatibility for userspace */
473: #define XFRMGRP_ACQUIRE         1
474: #define XFRMGRP_EXPIRE          2
475: #define XFRMGRP_SA              4
476: #define XFRMGRP_POLICY          8
477: #define XFRMGRP_REPORT          0x20
478: 
479: enum xfrm_nlgroups {
480:         XFRMNLGRP_NONE,
481: #define XFRMNLGRP_NONE          XFRMNLGRP_NONE
482:         XFRMNLGRP_ACQUIRE,
483: #define XFRMNLGRP_ACQUIRE       XFRMNLGRP_ACQUIRE
484:         XFRMNLGRP_EXPIRE,
485: #define XFRMNLGRP_EXPIRE        XFRMNLGRP_EXPIRE
486:         XFRMNLGRP_SA,
487: #define XFRMNLGRP_SA            XFRMNLGRP_SA
488:         XFRMNLGRP_POLICY,
489: #define XFRMNLGRP_POLICY        XFRMNLGRP_POLICY
490:         XFRMNLGRP_AEVENTS,
491: #define XFRMNLGRP_AEVENTS       XFRMNLGRP_AEVENTS
492:         XFRMNLGRP_REPORT,
493: #define XFRMNLGRP_REPORT        XFRMNLGRP_REPORT
494:         XFRMNLGRP_MIGRATE,
495: #define XFRMNLGRP_MIGRATE       XFRMNLGRP_MIGRATE
496:         XFRMNLGRP_MAPPING,
497: #define XFRMNLGRP_MAPPING       XFRMNLGRP_MAPPING
498:         __XFRMNLGRP_MAX
499: };
500: #define XFRMNLGRP_MAX   (__XFRMNLGRP_MAX - 1)
501: 
502: #endif /* _LINUX_XFRM_H */
503: 


for client (none)
© Andrew Scott 2006 - 2025,
All Rights Reserved
http://www.andrew-scott.uk/
Andrew Scott
http://www.andrew-scott.co.uk/