branches/ErmaC/Trunk/i386/include/netinet6/ipsec.h - Chameleon Svn Source Tree - Chameleon open source boot loader project.

Root/branches/ErmaC/Trunk/i386/include/netinet6/ipsec.h

1	/␉$FreeBSD: src/sys/netinet6/ipsec.h,v 1.4.2.2 2001/07/03 11:01:54 ume Exp $␉/␊
2	/␉$KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $␉/␊
3	␊
4	/*␊
5	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.␊
6	* All rights reserved.␊
7	*␊
8	* Redistribution and use in source and binary forms, with or without␊
9	* modification, are permitted provided that the following conditions␊
10	* are met:␊
11	* 1. Redistributions of source code must retain the above copyright␊
12	* notice, this list of conditions and the following disclaimer.␊
13	* 2. Redistributions in binary form must reproduce the above copyright␊
14	* notice, this list of conditions and the following disclaimer in the␊
15	* documentation and/or other materials provided with the distribution.␊
16	* 3. Neither the name of the project nor the names of its contributors␊
17	* may be used to endorse or promote products derived from this software␊
18	* without specific prior written permission.␊
19	*␊
20	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND␊
21	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE␊
22	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE␊
23	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE␊
24	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL␊
25	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS␊
26	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)␊
27	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT␊
28	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY␊
29	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF␊
30	* SUCH DAMAGE.␊
31	*/␊
32	␊
33	/*␊
34	* IPsec controller part.␊
35	*/␊
36	␊
37	#ifndef _NETINET6_IPSEC_H_␊
38	#define _NETINET6_IPSEC_H_␊
39	#include <sys/cdefs.h>␊
40	#include <sys/appleapiopts.h>␊
41	␊
42	#include <net/pfkeyv2.h>␊
43	␊
44	/* according to IANA assignment, port 0x0000 and proto 0xff are reserved. */␊
45	#define IPSEC_PORT_ANY␉␉0␊
46	#define IPSEC_ULPROTO_ANY␉255␊
47	#define IPSEC_PROTO_ANY␉␉255␊
48	␊
49	/* mode of security protocol */␊
50	/* NOTE: DON'T use IPSEC_MODE_ANY at SPD. It's only use in SAD */␊
51	#define␉IPSEC_MODE_ANY␉␉0␉/* i.e. wildcard. */␊
52	#define␉IPSEC_MODE_TRANSPORT␉1␊
53	#define␉IPSEC_MODE_TUNNEL␉2␊
54	␊
55	/*␊
56	* Direction of security policy.␊
57	* NOTE: Since INVALID is used just as flag.␊
58	* The other are used for loop counter too.␊
59	*/␊
60	#define IPSEC_DIR_ANY␉␉0␊
61	#define IPSEC_DIR_INBOUND␉1␊
62	#define IPSEC_DIR_OUTBOUND␉2␊
63	#define IPSEC_DIR_MAX␉␉3␊
64	#define IPSEC_DIR_INVALID␉4␊
65	␊
66	/* Policy level */␊
67	/*␊
68	* IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB,␊
69	* DISCARD, IPSEC and NONE are allowed for setkey() in SPD.␊
70	* DISCARD and NONE are allowed for system default.␊
71	*/␊
72	#define IPSEC_POLICY_DISCARD␉0␉/* discarding packet */␊
73	#define IPSEC_POLICY_NONE␉1␉/* through IPsec engine */␊
74	#define IPSEC_POLICY_IPSEC␉2␉/* do IPsec */␊
75	#define IPSEC_POLICY_ENTRUST␉3␉/* consulting SPD if present. */␊
76	#define IPSEC_POLICY_BYPASS␉4␉/* only for privileged socket. */␊
77	#define IPSEC_POLICY_GENERATE 5 /* same as discard - IKE daemon can override with generated policy */␊
78	␊
79	/* Security protocol level */␊
80	#define␉IPSEC_LEVEL_DEFAULT␉0␉/* reference to system default */␊
81	#define␉IPSEC_LEVEL_USE␉␉1␉/* use SA if present. */␊
82	#define␉IPSEC_LEVEL_REQUIRE␉2␉/* require SA. */␊
83	#define␉IPSEC_LEVEL_UNIQUE␉3␉/* unique SA. */␊
84	␊
85	#define IPSEC_MANUAL_REQID_MAX␉0x3fff␊
86	␉␉␉␉/*␊
87	␉␉␉␉ * if security policy level == unique, this id␊
88	␉␉␉␉ * indicate to a relative SA for use, else is␊
89	␉␉␉␉ * zero.␊
90	␉␉␉␉ * 1 - 0x3fff are reserved for manual keying.␊
91	␉␉␉␉ * 0 are reserved for above reason. Others is␊
92	␉␉␉␉ * for kernel use.␊
93	␉␉␉␉ * Note that this id doesn't identify SA␊
94	␉␉␉␉ * by only itself.␊
95	␉␉␉␉ */␊
96	#define IPSEC_REPLAYWSIZE 32␊
97	␊
98	/* statistics for ipsec processing */␊
99	struct ipsecstat {␊
100	␉u_quad_t in_success; /* succeeded inbound process */␊
101	␉u_quad_t in_polvio;␊
102	␉␉␉/* security policy violation for inbound process */␊
103	␉u_quad_t in_nosa; /* inbound SA is unavailable */␊
104	␉u_quad_t in_inval; /* inbound processing failed due to EINVAL */␊
105	␉u_quad_t in_nomem; /* inbound processing failed due to ENOBUFS */␊
106	␉u_quad_t in_badspi; /* failed getting a SPI */␊
107	␉u_quad_t in_ahreplay; /* AH replay check failed */␊
108	␉u_quad_t in_espreplay; /* ESP replay check failed */␊
109	␉u_quad_t in_ahauthsucc; /* AH authentication success */␊
110	␉u_quad_t in_ahauthfail; /* AH authentication failure */␊
111	␉u_quad_t in_espauthsucc; /* ESP authentication success */␊
112	␉u_quad_t in_espauthfail; /* ESP authentication failure */␊
113	␉u_quad_t in_esphist[256];␊
114	␉u_quad_t in_ahhist[256];␊
115	␉u_quad_t in_comphist[256];␊
116	␉u_quad_t out_success; /* succeeded outbound process */␊
117	␉u_quad_t out_polvio;␊
118	␉␉␉/* security policy violation for outbound process */␊
119	␉u_quad_t out_nosa; /* outbound SA is unavailable */␊
120	␉u_quad_t out_inval; /* outbound process failed due to EINVAL */␊
121	␉u_quad_t out_nomem; /* inbound processing failed due to ENOBUFS */␊
122	␉u_quad_t out_noroute; /* there is no route */␊
123	␉u_quad_t out_esphist[256];␊
124	␉u_quad_t out_ahhist[256];␊
125	␉u_quad_t out_comphist[256];␊
126	};␊
127	␊
128	␊
129	__BEGIN_DECLS␊
130	extern caddr_t ipsec_set_policy(char *, int);␊
131	extern int ipsec_get_policylen(caddr_t);␊
132	extern char ipsec_dump_policy(caddr_t, char );␊
133	␊
134	extern const char *ipsec_strerror(void);␊
135	__END_DECLS␊
136	␊
137	#endif /* _NETINET6_IPSEC_H_ */␊
138

Download this file