aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/xfrm.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/xfrm.h')
-rw-r--r--include/linux/xfrm.h258
1 files changed, 258 insertions, 0 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
new file mode 100644
index 000000000000..f0df02ae68a4
--- /dev/null
+++ b/include/linux/xfrm.h
@@ -0,0 +1,258 @@
1#ifndef _LINUX_XFRM_H
2#define _LINUX_XFRM_H
3
4#include <linux/types.h>
5
6/* All of the structures in this file may not change size as they are
7 * passed into the kernel from userspace via netlink sockets.
8 */
9
10/* Structure to encapsulate addresses. I do not want to use
11 * "standard" structure. My apologies.
12 */
13typedef union
14{
15 __u32 a4;
16 __u32 a6[4];
17} xfrm_address_t;
18
19/* Ident of a specific xfrm_state. It is used on input to lookup
20 * the state by (spi,daddr,ah/esp) or to store information about
21 * spi, protocol and tunnel address on output.
22 */
23struct xfrm_id
24{
25 xfrm_address_t daddr;
26 __u32 spi;
27 __u8 proto;
28};
29
30/* Selector, used as selector both on policy rules (SPD) and SAs. */
31
32struct xfrm_selector
33{
34 xfrm_address_t daddr;
35 xfrm_address_t saddr;
36 __u16 dport;
37 __u16 dport_mask;
38 __u16 sport;
39 __u16 sport_mask;
40 __u16 family;
41 __u8 prefixlen_d;
42 __u8 prefixlen_s;
43 __u8 proto;
44 int ifindex;
45 uid_t user;
46};
47
48#define XFRM_INF (~(__u64)0)
49
50struct xfrm_lifetime_cfg
51{
52 __u64 soft_byte_limit;
53 __u64 hard_byte_limit;
54 __u64 soft_packet_limit;
55 __u64 hard_packet_limit;
56 __u64 soft_add_expires_seconds;
57 __u64 hard_add_expires_seconds;
58 __u64 soft_use_expires_seconds;
59 __u64 hard_use_expires_seconds;
60};
61
62struct xfrm_lifetime_cur
63{
64 __u64 bytes;
65 __u64 packets;
66 __u64 add_time;
67 __u64 use_time;
68};
69
70struct xfrm_replay_state
71{
72 __u32 oseq;
73 __u32 seq;
74 __u32 bitmap;
75};
76
77struct xfrm_algo {
78 char alg_name[64];
79 int alg_key_len; /* in bits */
80 char alg_key[0];
81};
82
83struct xfrm_stats {
84 __u32 replay_window;
85 __u32 replay;
86 __u32 integrity_failed;
87};
88
89enum
90{
91 XFRM_POLICY_IN = 0,
92 XFRM_POLICY_OUT = 1,
93 XFRM_POLICY_FWD = 2,
94 XFRM_POLICY_MAX = 3
95};
96
97enum
98{
99 XFRM_SHARE_ANY, /* No limitations */
100 XFRM_SHARE_SESSION, /* For this session only */
101 XFRM_SHARE_USER, /* For this user only */
102 XFRM_SHARE_UNIQUE /* Use once */
103};
104
105/* Netlink configuration messages. */
106enum {
107 XFRM_MSG_BASE = 0x10,
108
109 XFRM_MSG_NEWSA = 0x10,
110#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
111 XFRM_MSG_DELSA,
112#define XFRM_MSG_DELSA XFRM_MSG_DELSA
113 XFRM_MSG_GETSA,
114#define XFRM_MSG_GETSA XFRM_MSG_GETSA
115
116 XFRM_MSG_NEWPOLICY,
117#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
118 XFRM_MSG_DELPOLICY,
119#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
120 XFRM_MSG_GETPOLICY,
121#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
122
123 XFRM_MSG_ALLOCSPI,
124#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
125 XFRM_MSG_ACQUIRE,
126#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
127 XFRM_MSG_EXPIRE,
128#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
129
130 XFRM_MSG_UPDPOLICY,
131#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
132 XFRM_MSG_UPDSA,
133#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
134
135 XFRM_MSG_POLEXPIRE,
136#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
137
138 XFRM_MSG_FLUSHSA,
139#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
140 XFRM_MSG_FLUSHPOLICY,
141#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
142
143 XFRM_MSG_MAX
144};
145
146struct xfrm_user_tmpl {
147 struct xfrm_id id;
148 __u16 family;
149 xfrm_address_t saddr;
150 __u32 reqid;
151 __u8 mode;
152 __u8 share;
153 __u8 optional;
154 __u32 aalgos;
155 __u32 ealgos;
156 __u32 calgos;
157};
158
159struct xfrm_encap_tmpl {
160 __u16 encap_type;
161 __u16 encap_sport;
162 __u16 encap_dport;
163 xfrm_address_t encap_oa;
164};
165
166/* Netlink message attributes. */
167enum xfrm_attr_type_t {
168 XFRMA_UNSPEC,
169 XFRMA_ALG_AUTH, /* struct xfrm_algo */
170 XFRMA_ALG_CRYPT, /* struct xfrm_algo */
171 XFRMA_ALG_COMP, /* struct xfrm_algo */
172 XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */
173 XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
174 __XFRMA_MAX
175
176#define XFRMA_MAX (__XFRMA_MAX - 1)
177};
178
179struct xfrm_usersa_info {
180 struct xfrm_selector sel;
181 struct xfrm_id id;
182 xfrm_address_t saddr;
183 struct xfrm_lifetime_cfg lft;
184 struct xfrm_lifetime_cur curlft;
185 struct xfrm_stats stats;
186 __u32 seq;
187 __u32 reqid;
188 __u16 family;
189 __u8 mode; /* 0=transport,1=tunnel */
190 __u8 replay_window;
191 __u8 flags;
192#define XFRM_STATE_NOECN 1
193#define XFRM_STATE_DECAP_DSCP 2
194};
195
196struct xfrm_usersa_id {
197 xfrm_address_t daddr;
198 __u32 spi;
199 __u16 family;
200 __u8 proto;
201};
202
203struct xfrm_userspi_info {
204 struct xfrm_usersa_info info;
205 __u32 min;
206 __u32 max;
207};
208
209struct xfrm_userpolicy_info {
210 struct xfrm_selector sel;
211 struct xfrm_lifetime_cfg lft;
212 struct xfrm_lifetime_cur curlft;
213 __u32 priority;
214 __u32 index;
215 __u8 dir;
216 __u8 action;
217#define XFRM_POLICY_ALLOW 0
218#define XFRM_POLICY_BLOCK 1
219 __u8 flags;
220#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */
221 __u8 share;
222};
223
224struct xfrm_userpolicy_id {
225 struct xfrm_selector sel;
226 __u32 index;
227 __u8 dir;
228};
229
230struct xfrm_user_acquire {
231 struct xfrm_id id;
232 xfrm_address_t saddr;
233 struct xfrm_selector sel;
234 struct xfrm_userpolicy_info policy;
235 __u32 aalgos;
236 __u32 ealgos;
237 __u32 calgos;
238 __u32 seq;
239};
240
241struct xfrm_user_expire {
242 struct xfrm_usersa_info state;
243 __u8 hard;
244};
245
246struct xfrm_user_polexpire {
247 struct xfrm_userpolicy_info pol;
248 __u8 hard;
249};
250
251struct xfrm_usersa_flush {
252 __u8 proto;
253};
254
255#define XFRMGRP_ACQUIRE 1
256#define XFRMGRP_EXPIRE 2
257
258#endif /* _LINUX_XFRM_H */