Root/
Source at commit 1900 created 12 years 4 months ago. By ifabio, Update GFX IDs list. | |
---|---|
1 | /*␉$FreeBSD: src/sys/netinet6/ipsec.h,v 1.4.2.2 2001/07/03 11:01:54 ume Exp $␉*/␊ |
2 | /*␉$KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $␉*/␊ |
3 | ␊ |
4 | /*␊ |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.␊ |
6 | * All rights reserved.␊ |
7 | *␊ |
8 | * Redistribution and use in source and binary forms, with or without␊ |
9 | * modification, are permitted provided that the following conditions␊ |
10 | * are met:␊ |
11 | * 1. Redistributions of source code must retain the above copyright␊ |
12 | * notice, this list of conditions and the following disclaimer.␊ |
13 | * 2. Redistributions in binary form must reproduce the above copyright␊ |
14 | * notice, this list of conditions and the following disclaimer in the␊ |
15 | * documentation and/or other materials provided with the distribution.␊ |
16 | * 3. Neither the name of the project nor the names of its contributors␊ |
17 | * may be used to endorse or promote products derived from this software␊ |
18 | * without specific prior written permission.␊ |
19 | *␊ |
20 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND␊ |
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE␊ |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE␊ |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE␊ |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL␊ |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS␊ |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)␊ |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT␊ |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY␊ |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF␊ |
30 | * SUCH DAMAGE.␊ |
31 | */␊ |
32 | ␊ |
33 | /*␊ |
34 | * IPsec controller part.␊ |
35 | */␊ |
36 | ␊ |
37 | #ifndef _NETINET6_IPSEC_H_␊ |
38 | #define _NETINET6_IPSEC_H_␊ |
39 | #include <sys/cdefs.h>␊ |
40 | #include <sys/appleapiopts.h>␊ |
41 | ␊ |
42 | #include <net/pfkeyv2.h>␊ |
43 | ␊ |
44 | /* according to IANA assignment, port 0x0000 and proto 0xff are reserved. */␊ |
45 | #define IPSEC_PORT_ANY␉␉0␊ |
46 | #define IPSEC_ULPROTO_ANY␉255␊ |
47 | #define IPSEC_PROTO_ANY␉␉255␊ |
48 | ␊ |
49 | /* mode of security protocol */␊ |
50 | /* NOTE: DON'T use IPSEC_MODE_ANY at SPD. It's only use in SAD */␊ |
51 | #define␉IPSEC_MODE_ANY␉␉0␉/* i.e. wildcard. */␊ |
52 | #define␉IPSEC_MODE_TRANSPORT␉1␊ |
53 | #define␉IPSEC_MODE_TUNNEL␉2␊ |
54 | ␊ |
55 | /*␊ |
56 | * Direction of security policy.␊ |
57 | * NOTE: Since INVALID is used just as flag.␊ |
58 | * The other are used for loop counter too.␊ |
59 | */␊ |
60 | #define IPSEC_DIR_ANY␉␉0␊ |
61 | #define IPSEC_DIR_INBOUND␉1␊ |
62 | #define IPSEC_DIR_OUTBOUND␉2␊ |
63 | #define IPSEC_DIR_MAX␉␉3␊ |
64 | #define IPSEC_DIR_INVALID␉4␊ |
65 | ␊ |
66 | /* Policy level */␊ |
67 | /*␊ |
68 | * IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB,␊ |
69 | * DISCARD, IPSEC and NONE are allowed for setkey() in SPD.␊ |
70 | * DISCARD and NONE are allowed for system default.␊ |
71 | */␊ |
72 | #define IPSEC_POLICY_DISCARD␉0␉/* discarding packet */␊ |
73 | #define IPSEC_POLICY_NONE␉1␉/* through IPsec engine */␊ |
74 | #define IPSEC_POLICY_IPSEC␉2␉/* do IPsec */␊ |
75 | #define IPSEC_POLICY_ENTRUST␉3␉/* consulting SPD if present. */␊ |
76 | #define IPSEC_POLICY_BYPASS␉4␉/* only for privileged socket. */␊ |
77 | #define IPSEC_POLICY_GENERATE 5 /* same as discard - IKE daemon can override with generated policy */␊ |
78 | ␊ |
79 | /* Security protocol level */␊ |
80 | #define␉IPSEC_LEVEL_DEFAULT␉0␉/* reference to system default */␊ |
81 | #define␉IPSEC_LEVEL_USE␉␉1␉/* use SA if present. */␊ |
82 | #define␉IPSEC_LEVEL_REQUIRE␉2␉/* require SA. */␊ |
83 | #define␉IPSEC_LEVEL_UNIQUE␉3␉/* unique SA. */␊ |
84 | ␊ |
85 | #define IPSEC_MANUAL_REQID_MAX␉0x3fff␊ |
86 | ␉␉␉␉/*␊ |
87 | ␉␉␉␉ * if security policy level == unique, this id␊ |
88 | ␉␉␉␉ * indicate to a relative SA for use, else is␊ |
89 | ␉␉␉␉ * zero.␊ |
90 | ␉␉␉␉ * 1 - 0x3fff are reserved for manual keying.␊ |
91 | ␉␉␉␉ * 0 are reserved for above reason. Others is␊ |
92 | ␉␉␉␉ * for kernel use.␊ |
93 | ␉␉␉␉ * Note that this id doesn't identify SA␊ |
94 | ␉␉␉␉ * by only itself.␊ |
95 | ␉␉␉␉ */␊ |
96 | #define IPSEC_REPLAYWSIZE 32␊ |
97 | ␊ |
98 | /* statistics for ipsec processing */␊ |
99 | struct ipsecstat {␊ |
100 | ␉u_quad_t in_success; /* succeeded inbound process */␊ |
101 | ␉u_quad_t in_polvio;␊ |
102 | ␉␉␉/* security policy violation for inbound process */␊ |
103 | ␉u_quad_t in_nosa; /* inbound SA is unavailable */␊ |
104 | ␉u_quad_t in_inval; /* inbound processing failed due to EINVAL */␊ |
105 | ␉u_quad_t in_nomem; /* inbound processing failed due to ENOBUFS */␊ |
106 | ␉u_quad_t in_badspi; /* failed getting a SPI */␊ |
107 | ␉u_quad_t in_ahreplay; /* AH replay check failed */␊ |
108 | ␉u_quad_t in_espreplay; /* ESP replay check failed */␊ |
109 | ␉u_quad_t in_ahauthsucc; /* AH authentication success */␊ |
110 | ␉u_quad_t in_ahauthfail; /* AH authentication failure */␊ |
111 | ␉u_quad_t in_espauthsucc; /* ESP authentication success */␊ |
112 | ␉u_quad_t in_espauthfail; /* ESP authentication failure */␊ |
113 | ␉u_quad_t in_esphist[256];␊ |
114 | ␉u_quad_t in_ahhist[256];␊ |
115 | ␉u_quad_t in_comphist[256];␊ |
116 | ␉u_quad_t out_success; /* succeeded outbound process */␊ |
117 | ␉u_quad_t out_polvio;␊ |
118 | ␉␉␉/* security policy violation for outbound process */␊ |
119 | ␉u_quad_t out_nosa; /* outbound SA is unavailable */␊ |
120 | ␉u_quad_t out_inval; /* outbound process failed due to EINVAL */␊ |
121 | ␉u_quad_t out_nomem; /* inbound processing failed due to ENOBUFS */␊ |
122 | ␉u_quad_t out_noroute; /* there is no route */␊ |
123 | ␉u_quad_t out_esphist[256];␊ |
124 | ␉u_quad_t out_ahhist[256];␊ |
125 | ␉u_quad_t out_comphist[256];␊ |
126 | };␊ |
127 | ␊ |
128 | ␊ |
129 | __BEGIN_DECLS␊ |
130 | extern caddr_t ipsec_set_policy(char *, int);␊ |
131 | extern int ipsec_get_policylen(caddr_t);␊ |
132 | extern char *ipsec_dump_policy(caddr_t, char *);␊ |
133 | ␊ |
134 | extern const char *ipsec_strerror(void);␊ |
135 | __END_DECLS␊ |
136 | ␊ |
137 | #endif /* _NETINET6_IPSEC_H_ */␊ |
138 |