search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / ipsec-tools / src / libipsec / libpfkey.h
blob8f9fb7268aaffa2a98b9eaeaa53d95194267c5b9
1 /* $NetBSD: libpfkey.h,v 1.16 2009/07/03 06:40:10 tteras Exp $ */
2
3 /* Id: libpfkey.h,v 1.13 2005/12/04 20:26:43 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifndef _LIBPFKEY_H
35 #define _LIBPFKEY_H
36
37 #ifndef KAME_LIBPFKEY_H
38 #define KAME_LIBPFKEY_H
39
40 #define PRIORITY_LOW 0xC0000000
41 #define PRIORITY_DEFAULT 0x80000000
42 #define PRIORITY_HIGH 0x40000000
43
44 #define PRIORITY_OFFSET_POSITIVE_MAX 0x3fffffff
45 #define PRIORITY_OFFSET_NEGATIVE_MAX 0x40000000
46
47 struct sadb_msg;
48 extern void pfkey_sadump __P((struct sadb_msg *));
49 extern void pfkey_sadump_withports __P((struct sadb_msg *));
50 extern void pfkey_spdump __P((struct sadb_msg *));
51 extern void pfkey_spdump_withports __P((struct sadb_msg *));
52
53 struct sockaddr;
54 struct sadb_alg;
55
56 /* Accomodate different prototypes in <netinet6/ipsec.h> */
57 #include <sys/types.h>
58 #include PATH_IPSEC_H
59
60 #ifndef HAVE_IPSEC_POLICY_T
61 typedef caddr_t ipsec_policy_t;
62 #define __ipsec_const
63 #else
64 #define __ipsec_const const
65 #endif
66
67 struct pfkey_send_sa_args {
68 int so; /* socket */
69 u_int type;
70 u_int satype;
71 u_int mode;
72 struct sockaddr *src; /* IP src address for SA */
73 struct sockaddr *dst; /* IP dst address for SA */
74 u_int32_t spi; /* SA's spi */
75 u_int32_t reqid;
76 u_int wsize;
77 caddr_t keymat;
78 u_int e_type, e_keylen; /* Encryption alg and keylen */
79 u_int a_type, a_keylen; /* Authentication alg and key */
80 u_int flags;
81 u_int32_t l_alloc;
82 u_int32_t l_bytes;
83 u_int32_t l_addtime;
84 u_int32_t l_usetime;
85 u_int32_t seq;
86 u_int8_t l_natt_type;
87 u_int16_t l_natt_sport, l_natt_dport;
88 struct sockaddr *l_natt_oa;
89 u_int16_t l_natt_frag;
90 u_int8_t ctxdoi, ctxalg; /* Security context DOI and algorithm */
91 caddr_t ctxstr; /* Security context string */
92 u_int16_t ctxstrlen; /* length of security context string */
93 };
94
95 /* The options built into libipsec */
96 extern int libipsec_opt;
97 #define LIBIPSEC_OPT_NATT 0x01
98 #define LIBIPSEC_OPT_FRAG 0x02
99 #define LIBIPSEC_OPT_SEC_CTX 0x04
100
101 /* IPsec Library Routines */
102
103 int ipsec_check_keylen __P((u_int, u_int, u_int));
104 int ipsec_check_keylen2 __P((u_int, u_int, u_int));
105 int ipsec_get_keylen __P((u_int, u_int, struct sadb_alg *));
106 char *ipsec_dump_policy_withports __P((void *, const char *));
107 void ipsec_hexdump __P((const void *, int));
108 const char *ipsec_strerror __P((void));
109 void kdebug_sadb __P((struct sadb_msg *));
110 ipsec_policy_t ipsec_set_policy __P((__ipsec_const char *, int));
111 int ipsec_get_policylen __P((ipsec_policy_t));
112 char *ipsec_dump_policy __P((ipsec_policy_t, __ipsec_const char *));
113
114 /* PFKey Routines */
115
116 u_int pfkey_set_softrate __P((u_int, u_int));
117 u_int pfkey_get_softrate __P((u_int));
118 int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
119 struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
120 int pfkey_send_getspi_nat __P((int, u_int, u_int,
121 struct sockaddr *, struct sockaddr *, u_int8_t, u_int16_t, u_int16_t,
122 u_int32_t, u_int32_t, u_int32_t, u_int32_t));
123
124 int pfkey_send_update2 __P((struct pfkey_send_sa_args *));
125 int pfkey_send_add2 __P((struct pfkey_send_sa_args *));
126 int pfkey_send_delete __P((int, u_int, u_int,
127 struct sockaddr *, struct sockaddr *, u_int32_t));
128 int pfkey_send_delete_all __P((int, u_int, u_int,
129 struct sockaddr *, struct sockaddr *));
130 int pfkey_send_get __P((int, u_int, u_int,
131 struct sockaddr *, struct sockaddr *, u_int32_t));
132 int pfkey_send_register __P((int, u_int));
133 int pfkey_recv_register __P((int));
134 int pfkey_set_supported __P((struct sadb_msg *, int));
135 int pfkey_send_flush __P((int, u_int));
136 int pfkey_send_dump __P((int, u_int));
137 int pfkey_send_promisc_toggle __P((int, int));
138 int pfkey_send_spdadd __P((int, struct sockaddr *, u_int,
139 struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
140 int pfkey_send_spdadd2 __P((int, struct sockaddr *, u_int,
141 struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
142 caddr_t, int, u_int32_t));
143 int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int,
144 struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
145 int pfkey_send_spdupdate2 __P((int, struct sockaddr *, u_int,
146 struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
147 caddr_t, int, u_int32_t));
148 int pfkey_send_spddelete __P((int, struct sockaddr *, u_int,
149 struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
150 int pfkey_send_spddelete2 __P((int, u_int32_t));
151 int pfkey_send_spdget __P((int, u_int32_t));
152 int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int,
153 struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
154 int pfkey_send_spdflush __P((int));
155 int pfkey_send_spddump __P((int));
156 #ifdef SADB_X_MIGRATE
157 int pfkey_send_migrate __P((int, struct sockaddr *, struct sockaddr *,
158 struct sockaddr *, u_int, struct sockaddr *, u_int, u_int,
159 caddr_t, int, u_int32_t));
160 #endif
161
162 /* XXX should be somewhere else !!!
163 */
164 #ifdef SADB_X_EXT_NAT_T_TYPE
165 #define PFKEY_ADDR_X_PORT(ext) (ntohs(((struct sadb_x_nat_t_port *)ext)->sadb_x_nat_t_port_port))
166 #define PFKEY_ADDR_X_NATTYPE(ext) ( ext != NULL && ((struct sadb_x_nat_t_type *)ext)->sadb_x_nat_t_type_type )
167 #endif
168
169
170 int pfkey_open __P((void));
171 void pfkey_close __P((int));
172 int pfkey_set_buffer_size __P((int, int));
173 struct sadb_msg *pfkey_recv __P((int));
174 int pfkey_send __P((int, struct sadb_msg *, int));
175 int pfkey_align __P((struct sadb_msg *, caddr_t *));
176 int pfkey_check __P((caddr_t *));
177
178 /*
179 * Deprecated, available for backward compatibility with third party
180 * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead
181 */
182 int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
183 struct sockaddr *, u_int32_t, u_int32_t, u_int,
184 caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
185 u_int64_t, u_int64_t, u_int32_t));
186 int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *,
187 struct sockaddr *, u_int32_t, u_int32_t, u_int,
188 caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
189 u_int64_t, u_int64_t, u_int32_t,
190 u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
191 int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
192 struct sockaddr *, u_int32_t, u_int32_t, u_int,
193 caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
194 u_int64_t, u_int64_t, u_int32_t));
195 int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *,
196 struct sockaddr *, u_int32_t, u_int32_t, u_int,
197 caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
198 u_int64_t, u_int64_t, u_int32_t,
199 u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
200
201 #ifndef __SYSDEP_SA_LEN__
202 #define __SYSDEP_SA_LEN__
203 #include <netinet/in.h>
204
205 #ifndef IPPROTO_IPV4
206 #define IPPROTO_IPV4 IPPROTO_IPIP
207 #endif
208
209 #ifndef IPPROTO_IPCOMP
210 #define IPPROTO_IPCOMP IPPROTO_COMP
211 #endif
212
213 static __inline u_int8_t
214 sysdep_sa_len (const struct sockaddr *sa)
215 {
216 #ifdef __linux__
217 switch (sa->sa_family)
218 {
219 case AF_INET:
220 return sizeof (struct sockaddr_in);
221 case AF_INET6:
222 return sizeof (struct sockaddr_in6);
223 }
224 // log_print ("sysdep_sa_len: unknown sa family %d", sa->sa_family);
225 return sizeof (struct sockaddr_in);
226 #else
227 return sa->sa_len;
228 #endif
229 }
230 #endif
231
232 #endif /* KAME_LIBPFKEY_H */
233
234 #endif /* _LIBPFKEY_H */
NetBSD on the FriendlyARM MINI2440