Root/
| Source at commit 1808 created 12 years 4 months ago. By blackosx, Revise layout of package installer 'Welcome' file so it looks cleaner. Change the copyright notice to begin from 2009 as seen in the Chameleon 2.0 r431 installer. Should this date be set earlier? | |
|---|---|
| 1 | /*␉$FreeBSD: src/sys/netinet6/ipsec.h,v 1.4.2.2 2001/07/03 11:01:54 ume Exp $␉*/␊ |
| 2 | /*␉$KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $␉*/␊ |
| 3 | ␊ |
| 4 | /*␊ |
| 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.␊ |
| 6 | * All rights reserved.␊ |
| 7 | *␊ |
| 8 | * Redistribution and use in source and binary forms, with or without␊ |
| 9 | * modification, are permitted provided that the following conditions␊ |
| 10 | * are met:␊ |
| 11 | * 1. Redistributions of source code must retain the above copyright␊ |
| 12 | * notice, this list of conditions and the following disclaimer.␊ |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright␊ |
| 14 | * notice, this list of conditions and the following disclaimer in the␊ |
| 15 | * documentation and/or other materials provided with the distribution.␊ |
| 16 | * 3. Neither the name of the project nor the names of its contributors␊ |
| 17 | * may be used to endorse or promote products derived from this software␊ |
| 18 | * without specific prior written permission.␊ |
| 19 | *␊ |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND␊ |
| 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE␊ |
| 22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE␊ |
| 23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE␊ |
| 24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL␊ |
| 25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS␊ |
| 26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)␊ |
| 27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT␊ |
| 28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY␊ |
| 29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF␊ |
| 30 | * SUCH DAMAGE.␊ |
| 31 | */␊ |
| 32 | ␊ |
| 33 | /*␊ |
| 34 | * IPsec controller part.␊ |
| 35 | */␊ |
| 36 | ␊ |
| 37 | #ifndef _NETINET6_IPSEC_H_␊ |
| 38 | #define _NETINET6_IPSEC_H_␊ |
| 39 | #include <sys/cdefs.h>␊ |
| 40 | #include <sys/appleapiopts.h>␊ |
| 41 | ␊ |
| 42 | #include <net/pfkeyv2.h>␊ |
| 43 | ␊ |
| 44 | /* according to IANA assignment, port 0x0000 and proto 0xff are reserved. */␊ |
| 45 | #define IPSEC_PORT_ANY␉␉0␊ |
| 46 | #define IPSEC_ULPROTO_ANY␉255␊ |
| 47 | #define IPSEC_PROTO_ANY␉␉255␊ |
| 48 | ␊ |
| 49 | /* mode of security protocol */␊ |
| 50 | /* NOTE: DON'T use IPSEC_MODE_ANY at SPD. It's only use in SAD */␊ |
| 51 | #define␉IPSEC_MODE_ANY␉␉0␉/* i.e. wildcard. */␊ |
| 52 | #define␉IPSEC_MODE_TRANSPORT␉1␊ |
| 53 | #define␉IPSEC_MODE_TUNNEL␉2␊ |
| 54 | ␊ |
| 55 | /*␊ |
| 56 | * Direction of security policy.␊ |
| 57 | * NOTE: Since INVALID is used just as flag.␊ |
| 58 | * The other are used for loop counter too.␊ |
| 59 | */␊ |
| 60 | #define IPSEC_DIR_ANY␉␉0␊ |
| 61 | #define IPSEC_DIR_INBOUND␉1␊ |
| 62 | #define IPSEC_DIR_OUTBOUND␉2␊ |
| 63 | #define IPSEC_DIR_MAX␉␉3␊ |
| 64 | #define IPSEC_DIR_INVALID␉4␊ |
| 65 | ␊ |
| 66 | /* Policy level */␊ |
| 67 | /*␊ |
| 68 | * IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB,␊ |
| 69 | * DISCARD, IPSEC and NONE are allowed for setkey() in SPD.␊ |
| 70 | * DISCARD and NONE are allowed for system default.␊ |
| 71 | */␊ |
| 72 | #define IPSEC_POLICY_DISCARD␉0␉/* discarding packet */␊ |
| 73 | #define IPSEC_POLICY_NONE␉1␉/* through IPsec engine */␊ |
| 74 | #define IPSEC_POLICY_IPSEC␉2␉/* do IPsec */␊ |
| 75 | #define IPSEC_POLICY_ENTRUST␉3␉/* consulting SPD if present. */␊ |
| 76 | #define IPSEC_POLICY_BYPASS␉4␉/* only for privileged socket. */␊ |
| 77 | #define IPSEC_POLICY_GENERATE 5 /* same as discard - IKE daemon can override with generated policy */␊ |
| 78 | ␊ |
| 79 | /* Security protocol level */␊ |
| 80 | #define␉IPSEC_LEVEL_DEFAULT␉0␉/* reference to system default */␊ |
| 81 | #define␉IPSEC_LEVEL_USE␉␉1␉/* use SA if present. */␊ |
| 82 | #define␉IPSEC_LEVEL_REQUIRE␉2␉/* require SA. */␊ |
| 83 | #define␉IPSEC_LEVEL_UNIQUE␉3␉/* unique SA. */␊ |
| 84 | ␊ |
| 85 | #define IPSEC_MANUAL_REQID_MAX␉0x3fff␊ |
| 86 | ␉␉␉␉/*␊ |
| 87 | ␉␉␉␉ * if security policy level == unique, this id␊ |
| 88 | ␉␉␉␉ * indicate to a relative SA for use, else is␊ |
| 89 | ␉␉␉␉ * zero.␊ |
| 90 | ␉␉␉␉ * 1 - 0x3fff are reserved for manual keying.␊ |
| 91 | ␉␉␉␉ * 0 are reserved for above reason. Others is␊ |
| 92 | ␉␉␉␉ * for kernel use.␊ |
| 93 | ␉␉␉␉ * Note that this id doesn't identify SA␊ |
| 94 | ␉␉␉␉ * by only itself.␊ |
| 95 | ␉␉␉␉ */␊ |
| 96 | #define IPSEC_REPLAYWSIZE 32␊ |
| 97 | ␊ |
| 98 | /* statistics for ipsec processing */␊ |
| 99 | struct ipsecstat {␊ |
| 100 | ␉u_quad_t in_success; /* succeeded inbound process */␊ |
| 101 | ␉u_quad_t in_polvio;␊ |
| 102 | ␉␉␉/* security policy violation for inbound process */␊ |
| 103 | ␉u_quad_t in_nosa; /* inbound SA is unavailable */␊ |
| 104 | ␉u_quad_t in_inval; /* inbound processing failed due to EINVAL */␊ |
| 105 | ␉u_quad_t in_nomem; /* inbound processing failed due to ENOBUFS */␊ |
| 106 | ␉u_quad_t in_badspi; /* failed getting a SPI */␊ |
| 107 | ␉u_quad_t in_ahreplay; /* AH replay check failed */␊ |
| 108 | ␉u_quad_t in_espreplay; /* ESP replay check failed */␊ |
| 109 | ␉u_quad_t in_ahauthsucc; /* AH authentication success */␊ |
| 110 | ␉u_quad_t in_ahauthfail; /* AH authentication failure */␊ |
| 111 | ␉u_quad_t in_espauthsucc; /* ESP authentication success */␊ |
| 112 | ␉u_quad_t in_espauthfail; /* ESP authentication failure */␊ |
| 113 | ␉u_quad_t in_esphist[256];␊ |
| 114 | ␉u_quad_t in_ahhist[256];␊ |
| 115 | ␉u_quad_t in_comphist[256];␊ |
| 116 | ␉u_quad_t out_success; /* succeeded outbound process */␊ |
| 117 | ␉u_quad_t out_polvio;␊ |
| 118 | ␉␉␉/* security policy violation for outbound process */␊ |
| 119 | ␉u_quad_t out_nosa; /* outbound SA is unavailable */␊ |
| 120 | ␉u_quad_t out_inval; /* outbound process failed due to EINVAL */␊ |
| 121 | ␉u_quad_t out_nomem; /* inbound processing failed due to ENOBUFS */␊ |
| 122 | ␉u_quad_t out_noroute; /* there is no route */␊ |
| 123 | ␉u_quad_t out_esphist[256];␊ |
| 124 | ␉u_quad_t out_ahhist[256];␊ |
| 125 | ␉u_quad_t out_comphist[256];␊ |
| 126 | };␊ |
| 127 | ␊ |
| 128 | ␊ |
| 129 | __BEGIN_DECLS␊ |
| 130 | extern caddr_t ipsec_set_policy(char *, int);␊ |
| 131 | extern int ipsec_get_policylen(caddr_t);␊ |
| 132 | extern char *ipsec_dump_policy(caddr_t, char *);␊ |
| 133 | ␊ |
| 134 | extern const char *ipsec_strerror(void);␊ |
| 135 | __END_DECLS␊ |
| 136 | ␊ |
| 137 | #endif /* _NETINET6_IPSEC_H_ */␊ |
| 138 | |
