include/linux/xfrm.h at v2.6.16-rc5

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / include / linux / xfrm.h
at v2.6.16-rc5 313 lines 6.3 kB view raw
wrap content
  1#ifndef _LINUX_XFRM_H
  2#define _LINUX_XFRM_H
  3
  4#include <linux/types.h>
  5
  6/* All of the structures in this file may not change size as they are
  7 * passed into the kernel from userspace via netlink sockets.
  8 */
  9
 10/* Structure to encapsulate addresses. I do not want to use
 11 * "standard" structure. My apologies.
 12 */
 13typedef union
 14{
 15	__u32		a4;
 16	__u32		a6[4];
 17} xfrm_address_t;
 18
 19/* Ident of a specific xfrm_state. It is used on input to lookup
 20 * the state by (spi,daddr,ah/esp) or to store information about
 21 * spi, protocol and tunnel address on output.
 22 */
 23struct xfrm_id
 24{
 25	xfrm_address_t	daddr;
 26	__u32		spi;
 27	__u8		proto;
 28};
 29
 30struct xfrm_sec_ctx {
 31	__u8	ctx_doi;
 32	__u8	ctx_alg;
 33	__u16	ctx_len;
 34	__u32	ctx_sid;
 35	char	ctx_str[0];
 36};
 37
 38/* Security Context Domains of Interpretation */
 39#define XFRM_SC_DOI_RESERVED 0
 40#define XFRM_SC_DOI_LSM 1
 41
 42/* Security Context Algorithms */
 43#define XFRM_SC_ALG_RESERVED 0
 44#define XFRM_SC_ALG_SELINUX 1
 45
 46/* Selector, used as selector both on policy rules (SPD) and SAs. */
 47
 48struct xfrm_selector
 49{
 50	xfrm_address_t	daddr;
 51	xfrm_address_t	saddr;
 52	__u16	dport;
 53	__u16	dport_mask;
 54	__u16	sport;
 55	__u16	sport_mask;
 56	__u16	family;
 57	__u8	prefixlen_d;
 58	__u8	prefixlen_s;
 59	__u8	proto;
 60	int	ifindex;
 61	uid_t	user;
 62};
 63
 64#define XFRM_INF (~(__u64)0)
 65
 66struct xfrm_lifetime_cfg
 67{
 68	__u64	soft_byte_limit;
 69	__u64	hard_byte_limit;
 70	__u64	soft_packet_limit;
 71	__u64	hard_packet_limit;
 72	__u64	soft_add_expires_seconds;
 73	__u64	hard_add_expires_seconds;
 74	__u64	soft_use_expires_seconds;
 75	__u64	hard_use_expires_seconds;
 76};
 77
 78struct xfrm_lifetime_cur
 79{
 80	__u64	bytes;
 81	__u64	packets;
 82	__u64	add_time;
 83	__u64	use_time;
 84};
 85
 86struct xfrm_replay_state
 87{
 88	__u32	oseq;
 89	__u32	seq;
 90	__u32	bitmap;
 91};
 92
 93struct xfrm_algo {
 94	char	alg_name[64];
 95	int	alg_key_len;    /* in bits */
 96	char	alg_key[0];
 97};
 98
 99struct xfrm_stats {
100	__u32	replay_window;
101	__u32	replay;
102	__u32	integrity_failed;
103};
104
105enum
106{
107	XFRM_POLICY_IN	= 0,
108	XFRM_POLICY_OUT	= 1,
109	XFRM_POLICY_FWD	= 2,
110	XFRM_POLICY_MAX	= 3
111};
112
113enum
114{
115	XFRM_SHARE_ANY,		/* No limitations */
116	XFRM_SHARE_SESSION,	/* For this session only */
117	XFRM_SHARE_USER,	/* For this user only */
118	XFRM_SHARE_UNIQUE	/* Use once */
119};
120
121/* Netlink configuration messages.  */
122enum {
123	XFRM_MSG_BASE = 0x10,
124
125	XFRM_MSG_NEWSA = 0x10,
126#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
127	XFRM_MSG_DELSA,
128#define XFRM_MSG_DELSA XFRM_MSG_DELSA
129	XFRM_MSG_GETSA,
130#define XFRM_MSG_GETSA XFRM_MSG_GETSA
131
132	XFRM_MSG_NEWPOLICY,
133#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
134	XFRM_MSG_DELPOLICY,
135#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
136	XFRM_MSG_GETPOLICY,
137#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
138
139	XFRM_MSG_ALLOCSPI,
140#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
141	XFRM_MSG_ACQUIRE,
142#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
143	XFRM_MSG_EXPIRE,
144#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
145
146	XFRM_MSG_UPDPOLICY,
147#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
148	XFRM_MSG_UPDSA,
149#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
150
151	XFRM_MSG_POLEXPIRE,
152#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
153
154	XFRM_MSG_FLUSHSA,
155#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
156	XFRM_MSG_FLUSHPOLICY,
157#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
158
159	__XFRM_MSG_MAX
160};
161#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
162
163#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
164
165/*
166 * Generic LSM security context for comunicating to user space
167 * NOTE: Same format as sadb_x_sec_ctx
168 */
169struct xfrm_user_sec_ctx {
170	__u16			len;
171	__u16			exttype;
172	__u8			ctx_alg;  /* LSMs: e.g., selinux == 1 */
173	__u8			ctx_doi;
174	__u16			ctx_len;
175};
176
177struct xfrm_user_tmpl {
178	struct xfrm_id		id;
179	__u16			family;
180	xfrm_address_t		saddr;
181	__u32			reqid;
182	__u8			mode;
183	__u8			share;
184	__u8			optional;
185	__u32			aalgos;
186	__u32			ealgos;
187	__u32			calgos;
188};
189
190struct xfrm_encap_tmpl {
191	__u16		encap_type;
192	__u16		encap_sport;
193	__u16		encap_dport;
194	xfrm_address_t	encap_oa;
195};
196
197/* Netlink message attributes.  */
198enum xfrm_attr_type_t {
199	XFRMA_UNSPEC,
200	XFRMA_ALG_AUTH,		/* struct xfrm_algo */
201	XFRMA_ALG_CRYPT,	/* struct xfrm_algo */
202	XFRMA_ALG_COMP,		/* struct xfrm_algo */
203	XFRMA_ENCAP,		/* struct xfrm_algo + struct xfrm_encap_tmpl */
204	XFRMA_TMPL,		/* 1 or more struct xfrm_user_tmpl */
205	XFRMA_SA,
206	XFRMA_POLICY,
207	XFRMA_SEC_CTX,		/* struct xfrm_sec_ctx */
208	__XFRMA_MAX
209
210#define XFRMA_MAX (__XFRMA_MAX - 1)
211};
212
213struct xfrm_usersa_info {
214	struct xfrm_selector		sel;
215	struct xfrm_id			id;
216	xfrm_address_t			saddr;
217	struct xfrm_lifetime_cfg	lft;
218	struct xfrm_lifetime_cur	curlft;
219	struct xfrm_stats		stats;
220	__u32				seq;
221	__u32				reqid;
222	__u16				family;
223	__u8				mode; /* 0=transport,1=tunnel */
224	__u8				replay_window;
225	__u8				flags;
226#define XFRM_STATE_NOECN	1
227#define XFRM_STATE_DECAP_DSCP	2
228#define XFRM_STATE_NOPMTUDISC	4
229};
230
231struct xfrm_usersa_id {
232	xfrm_address_t			daddr;
233	__u32				spi;
234	__u16				family;
235	__u8				proto;
236};
237
238struct xfrm_userspi_info {
239	struct xfrm_usersa_info		info;
240	__u32				min;
241	__u32				max;
242};
243
244struct xfrm_userpolicy_info {
245	struct xfrm_selector		sel;
246	struct xfrm_lifetime_cfg	lft;
247	struct xfrm_lifetime_cur	curlft;
248	__u32				priority;
249	__u32				index;
250	__u8				dir;
251	__u8				action;
252#define XFRM_POLICY_ALLOW	0
253#define XFRM_POLICY_BLOCK	1
254	__u8				flags;
255#define XFRM_POLICY_LOCALOK	1	/* Allow user to override global policy */
256	__u8				share;
257};
258
259struct xfrm_userpolicy_id {
260	struct xfrm_selector		sel;
261	__u32				index;
262	__u8				dir;
263};
264
265struct xfrm_user_acquire {
266	struct xfrm_id			id;
267	xfrm_address_t			saddr;
268	struct xfrm_selector		sel;
269	struct xfrm_userpolicy_info	policy;
270	__u32				aalgos;
271	__u32				ealgos;
272	__u32				calgos;
273	__u32				seq;
274};
275
276struct xfrm_user_expire {
277	struct xfrm_usersa_info		state;
278	__u8				hard;
279};
280
281struct xfrm_user_polexpire {
282	struct xfrm_userpolicy_info	pol;
283	__u8				hard;
284};
285
286struct xfrm_usersa_flush {
287	__u8				proto;
288};
289
290#ifndef __KERNEL__
291/* backwards compatibility for userspace */
292#define XFRMGRP_ACQUIRE		1
293#define XFRMGRP_EXPIRE		2
294#define XFRMGRP_SA		4
295#define XFRMGRP_POLICY		8
296#endif
297
298enum xfrm_nlgroups {
299	XFRMNLGRP_NONE,
300#define XFRMNLGRP_NONE		XFRMNLGRP_NONE
301	XFRMNLGRP_ACQUIRE,
302#define XFRMNLGRP_ACQUIRE	XFRMNLGRP_ACQUIRE
303	XFRMNLGRP_EXPIRE,
304#define XFRMNLGRP_EXPIRE	XFRMNLGRP_EXPIRE
305	XFRMNLGRP_SA,
306#define XFRMNLGRP_SA		XFRMNLGRP_SA
307	XFRMNLGRP_POLICY,
308#define XFRMNLGRP_POLICY	XFRMNLGRP_POLICY
309	__XFRMNLGRP_MAX
310};
311#define XFRMNLGRP_MAX	(__XFRMNLGRP_MAX - 1)
312
313#endif /* _LINUX_XFRM_H */
Configure Feed

Configure Feed
