search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch master
[unleashed.git] / include / net / pfpolicy.h
blob0e456cf8f37447acbe37e5c21ace119b972189d3
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _NET_PFPOLICY_H
27 #define _NET_PFPOLICY_H
28
29 /*
30 * Definitions and structures for PF_POLICY version 1.
31 *
32 * This local protocol provides an interface allowing utilities to
33 * manage a system's IPsec System Policy Database; see RFC2401 for a
34 * conceptual overview of the SPD.
35 * The basic encoding is modelled on PF_KEY version 2; see pfkeyv2.h
36 * and RFC2367 for more information.
37 */
38
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42
43 #define PF_POLICY_V1 1
44 #define PF_POLICY_REVISION 200304L
45
46 /*
47 * Base PF_POLICY message header. Each request/response starts with
48 * one of these, followed by some number of extensions. Each
49 * extension type appears at most once in a message. spd_msg_len
50 * contains the total length of the message including header.
51 */
52 typedef struct spd_msg
53 {
54 uint8_t spd_msg_version; /* PF_POLICY_V1 */
55 uint8_t spd_msg_type; /* ADD, DELETE, QUERY, ... */
56 uint8_t spd_msg_errno; /* Unix errno space; mbz on request */
57 uint8_t spd_msg_spdid; /* which policy db instance */
58 uint16_t spd_msg_len; /* in 64-bit words */
59 uint16_t spd_msg_diagnostic; /* additional error reason */
60 /* Union is for guaranteeing 64-bit alignment. */
61 union {
62 struct {
63 uint32_t spd_msg_useq; /* set by sender */
64 uint32_t spd_msg_upid; /* set by sender */
65 } spd_msg_actual;
66 uint64_t spd_msg_alignment;
67 } spd_msg_u;
68 #define spd_msg_seq spd_msg_u.spd_msg_actual.spd_msg_useq
69 #define spd_msg_pid spd_msg_u.spd_msg_actual.spd_msg_upid
70 } spd_msg_t;
71
72 /*
73 * Command numbers, found in spd_msg_type.
74 */
75 #define SPD_RESERVED 0
76 #define SPD_MIN 1
77 #define SPD_FLUSH 1
78 #define SPD_ADDRULE 2
79 #define SPD_DELETERULE 3
80 #define SPD_FLIP 4
81 #define SPD_LOOKUP 5
82 #define SPD_DUMP 6
83 #define SPD_CLONE 7
84 #define SPD_ALGLIST 8
85 #define SPD_DUMPALGS 9
86 #define SPD_UPDATEALGS 10
87 #define SPD_MAX 10
88
89 /*
90 * Well-known policy db instances, found in spd_msg_spdid
91 */
92 #define SPD_ACTIVE 0 /* The currently active instance */
93 #define SPD_STANDBY 1 /* "on deck" standby SPD */
94
95 /*
96 * The spd_msg_t is followed by extensions, which start with the
97 * following header; each extension structure includes the length and
98 * type fields internally as an overlay to simplify parsing and
99 * construction.
100 */
101 typedef struct spd_ext
102 {
103 /* Union is for guaranteeing 64-bit alignment. */
104 union {
105 struct {
106 uint16_t spd_ext_ulen; /* in 64-bit words */
107 uint16_t spd_ext_utype; /* 0 is reserved */
108 } spd_ext_actual;
109 uint64_t spd_ext_alignment;
110 } spd_ext_u;
111 #define spd_ext_len spd_ext_u.spd_ext_actual.spd_ext_ulen
112 #define spd_ext_type spd_ext_u.spd_ext_actual.spd_ext_utype
113 } spd_ext_t;
114
115 /*
116 * Extension numbers, found in spd_ext_type.
117 */
118
119 #define SPD_EXT_LCLPORT 1
120 #define SPD_EXT_REMPORT 2
121 #define SPD_EXT_PROTO 3
122 #define SPD_EXT_LCLADDR 4
123 #define SPD_EXT_REMADDR 5
124
125 #define SPD_EXT_ACTION 6
126 #define SPD_EXT_RULE 7
127 #define SPD_EXT_RULESET 8
128 #define SPD_EXT_ICMP_TYPECODE 9
129
130 #define SPD_EXT_TUN_NAME 10
131
132 #define SPD_EXT_MAX 10
133
134 /*
135 * base policy rule (attributes which every rule has)
136 *
137 * spd_rule_index MBZ on a SPD_ADD, and is assigned by the kernel.
138 * subsequent deletes can operate either by specifying selectors or by
139 * specifying a non-zero rule index.
140 */
141 struct spd_rule
142 {
143 uint16_t spd_rule_len;
144 uint16_t spd_rule_type; /* SPD_EXT_RULE */
145 uint32_t spd_rule_priority;
146 uint32_t spd_rule_flags; /* INBOUND, OUTBOUND, ... */
147 uint32_t spd_rule_unused;
148 uint64_t spd_rule_index; /* unique rule identifier. */
149 };
150
151 /*
152 * Flags for spd_rule.spd_rule_flags
153 */
154 #define SPD_RULE_FLAG_INBOUND 0x0001
155 #define SPD_RULE_FLAG_OUTBOUND 0x0002
156 /* Only applies to tunnel policy heads. */
157 #define SPD_RULE_FLAG_TUNNEL 0x0004
158
159 /*
160 * Address selectors. Different from PF_KEY because we want a
161 * more precise format for wildcards on ports/protocol.
162 */
163 typedef struct spd_address {
164 /* Union is for guaranteeing 64-bit alignment. */
165 union {
166 struct {
167 uint16_t spd_address_ulen;
168 uint16_t spd_address_uexttype; /* SRC, DST */
169 uint8_t spd_address_uaf; /* address family. */
170 uint8_t spd_address_uprefixlen; /* Prefix len (bits). */
171 uint16_t spd_address_ureserved2; /* Padding */
172 } spd_address_actual;
173 uint64_t spd_address_alignment;
174 } spd_address_u;
175 /*
176 * .. followed by 4 bytes of IPv4 or 16 bytes of IPv6 address,
177 * padded up to next uint64_t
178 */
179 #define spd_address_len \
180 spd_address_u.spd_address_actual.spd_address_ulen
181 #define spd_address_exttype \
182 spd_address_u.spd_address_actual.spd_address_uexttype
183 #define spd_address_af \
184 spd_address_u.spd_address_actual.spd_address_uaf
185 #define spd_address_prefixlen \
186 spd_address_u.spd_address_actual.spd_address_uprefixlen
187 #define spd_address_reserved2 \
188 spd_address_u.spd_address_actual.spd_address_ureserved2
189 } spd_address_t;
190
191 /*
192 * Protocol selector
193 */
194 struct spd_proto
195 {
196 /* Union is for guaranteeing 64-bit alignment. */
197 union {
198 struct {
199 uint16_t spd_proto_ulen;
200 uint16_t spd_proto_uexttype; /* PROTO */
201 uint8_t spd_proto_unumber; /* IPPROTO_* */
202 uint8_t spd_proto_ureserved1; /* pad */
203 uint16_t spd_proto_ureserved2; /* pad */
204 } spd_proto_actual;
205 uint64_t spd_proto_alignment;
206 } spd_proto_u;
207 #define spd_proto_len spd_proto_u.spd_proto_actual.spd_proto_ulen
208 #define spd_proto_exttype spd_proto_u.spd_proto_actual.spd_proto_uexttype
209 #define spd_proto_number spd_proto_u.spd_proto_actual.spd_proto_unumber
210 #define spd_proto_reserved1 spd_proto_u.spd_proto_actual.spd_proto_ureserved1
211 #define spd_proto_reserved2 spd_proto_u.spd_proto_actual.spd_proto_ureserved2
212 };
213
214 /*
215 * Port selector. We only support minport==maxport at present.
216 */
217 struct spd_portrange
218 {
219 /* Union is for guaranteeing 64-bit alignment. */
220 union {
221 struct {
222 uint16_t spd_ports_ulen;
223 uint16_t spd_ports_uexttype; /* LCLPORT, REMPORT */
224 uint16_t spd_ports_uminport; /* min port */
225 uint16_t spd_ports_umaxport; /* max port */
226 } spd_ports_actual;
227 uint64_t spd_ports_alignment;
228 } spd_ports_u;
229 #define spd_ports_len spd_ports_u.spd_ports_actual.spd_ports_ulen
230 #define spd_ports_exttype spd_ports_u.spd_ports_actual.spd_ports_uexttype
231 #define spd_ports_minport spd_ports_u.spd_ports_actual.spd_ports_uminport
232 #define spd_ports_maxport spd_ports_u.spd_ports_actual.spd_ports_umaxport
233 };
234
235 /*
236 * ICMP type selector.
237 */
238 struct spd_typecode
239 {
240 /* Union is for guaranteeing 64-bit alignment. */
241 union {
242 struct {
243 uint16_t spd_typecode_ulen;
244 uint16_t spd_typecode_uexttype; /* ICMP_TYPECODE */
245 uint8_t spd_typecode_utype;
246 uint8_t spd_typecode_utype_end;
247 uint8_t spd_typecode_ucode;
248 uint8_t spd_typecode_ucode_end;
249 } spd_typecode_actual;
250 uint64_t spd_typecode_alignment;
251 } spd_typecode_u;
252 #define spd_typecode_len \
253 spd_typecode_u.spd_typecode_actual.spd_typecode_ulen
254 #define spd_typecode_exttype \
255 spd_typecode_u.spd_typecode_actual.spd_typecode_uexttype
256 #define spd_typecode_type \
257 spd_typecode_u.spd_typecode_actual.spd_typecode_utype
258 #define spd_typecode_type_end \
259 spd_typecode_u.spd_typecode_actual.spd_typecode_utype_end
260 #define spd_typecode_code \
261 spd_typecode_u.spd_typecode_actual.spd_typecode_ucode
262 #define spd_typecode_code_end \
263 spd_typecode_u.spd_typecode_actual.spd_typecode_ucode_end
264 };
265
266
267 /*
268 * Actions, specifying what happens to packets which match selectors.
269 * This extension is followed by some number of spd_attribute tag-value pairs
270 * which encode one or more alternative policies; see below for
271 * the encoding used.
272 */
273 struct spd_ext_actions
274 {
275 /* Union is for guaranteeing 64-bit alignment. */
276 union {
277 struct {
278 uint16_t spd_actions_ulen;
279 uint16_t spd_actions_uexttype; /* ACTION */
280 uint16_t spd_actions_ucount; /* # of alternatives */
281 uint16_t spd_actions_ureserved;
282 } spd_actions_actual;
283 uint64_t spd_actions_alignment;
284 } spd_actions_u;
285 #define spd_actions_len \
286 spd_actions_u.spd_actions_actual.spd_actions_ulen
287 #define spd_actions_exttype \
288 spd_actions_u.spd_actions_actual.spd_actions_uexttype
289 #define spd_actions_count \
290 spd_actions_u.spd_actions_actual.spd_actions_ucount
291 #define spd_actions_reserved \
292 spd_actions_u.spd_actions_actual.spd_actions_ureserved
293 };
294
295 /*
296 * Extensible encoding for requested SA attributes.
297 * To allow additional attributes to be added, we use a simple-to-interpret
298 * (tag, value) encoding to fill in attributes in a list of alternatives.
299 *
300 * We fill in alternatives one at a time, starting with most-preferred,
301 * proceeding to least-preferred.
302 *
303 * Conceptually, we are filling in attributes of a "template", and
304 * then copying that template value into the list of alternatives when
305 * we see a SPD_ATTR_END or SPD_ATTR_NEXT.
306 *
307 * The template is not changed by SPD_ATTR_NEXT, so that attributes common to
308 * all alternatives need only be mentioned once.
309 *
310 * spd_actions_count is the maximum number of alternatives present; it
311 * should be one greater than the number of SPD_ATTR_NEXT opcodes
312 * present in the sequence.
313 */
314
315 struct spd_attribute
316 {
317 union {
318 struct {
319 uint32_t spd_attr_utag;
320 uint32_t spd_attr_uvalue;
321 } spd_attribute_actual;
322 uint64_t spd_attribute_alignment;
323 } spd_attribute_u;
324 #define spd_attr_tag spd_attribute_u.spd_attribute_actual.spd_attr_utag
325 #define spd_attr_value spd_attribute_u.spd_attribute_actual.spd_attr_uvalue
326 };
327
328 /*
329 * These flags are used by the kernel algorithm structures and by ipsecalgs(1m).
330 * ALG_FLAG_KERNELCHECKED is used by ipsecalgs(1m) to tag ipsecalgent_t as
331 * kernel verified. ALG_FLAG_VALID is only meaningful if set by the kernel.
332 */
333 #define ALG_FLAG_VALID 0x01
334 #define ALG_FLAG_COUNTERMODE 0x02
335 #define ALG_FLAG_COMBINED 0x04
336 #define ALG_FLAG_CCM 0x08
337 #define ALG_FLAG_GCM 0x10
338 #define ALG_FLAG_KERNELCHECKED 0x80000000
339
340 #define SPD_ATTR_NOP 0x00000000 /* space filler */
341 #define SPD_ATTR_END 0x00000001 /* end of description */
342 #define SPD_ATTR_EMPTY 0x00000002 /* reset template to default */
343 #define SPD_ATTR_NEXT 0x00000003 /* start filling next alternative */
344
345 #define SPD_ATTR_TYPE 0x00000100
346 #define SPD_ATTR_FLAGS 0x00000101
347 #define SPD_ATTR_AH_AUTH 0x00000102
348 #define SPD_ATTR_ESP_ENCR 0x00000103
349 #define SPD_ATTR_ESP_AUTH 0x00000104
350 #define SPD_ATTR_ENCR_MINBITS 0x00000105
351 #define SPD_ATTR_ENCR_MAXBITS 0x00000106
352 #define SPD_ATTR_AH_MINBITS 0x00000107
353 #define SPD_ATTR_AH_MAXBITS 0x00000108
354 #define SPD_ATTR_LIFE_SOFT_TIME 0x00000109
355 #define SPD_ATTR_LIFE_HARD_TIME 0x0000010a
356 #define SPD_ATTR_LIFE_SOFT_BYTES 0x0000010b
357 #define SPD_ATTR_LIFE_HARD_BYTES 0x0000010c
358 #define SPD_ATTR_KM_PROTO 0x0000010d
359 #define SPD_ATTR_KM_COOKIE 0x0000010e
360 #define SPD_ATTR_REPLAY_DEPTH 0x0000010f
361 #define SPD_ATTR_ESPA_MINBITS 0x00000110
362 #define SPD_ATTR_ESPA_MAXBITS 0x00000111
363 #define SPD_ATTR_ENCR_DEFBITS 0x00000112
364 #define SPD_ATTR_ENCR_INCRBITS 0x00000113
365 #define SPD_ATTR_AH_DEFBITS 0x00000114
366 #define SPD_ATTR_AH_INCRBITS 0x00000115
367 #define SPD_ATTR_ESPA_DEFBITS 0x00000116
368 #define SPD_ATTR_ESPA_INCRBITS 0x00000117
369 #define SPD_ATTR_ALG_ID 0x00000118
370 #define SPD_ATTR_ALG_PROTO 0x00000119
371 #define SPD_ATTR_ALG_INCRBITS 0x0000011a
372 #define SPD_ATTR_ALG_NKEYSIZES 0x0000011b
373 #define SPD_ATTR_ALG_KEYSIZE 0x0000011c
374 #define SPD_ATTR_ALG_NBLOCKSIZES 0x0000011d
375 #define SPD_ATTR_ALG_BLOCKSIZE 0x0000011e
376 #define SPD_ATTR_ALG_MECHNAME 0x0000011f
377 #define SPD_ATTR_PROTO_ID 0x00000120
378 #define SPD_ATTR_PROTO_EXEC_MODE 0x00000121
379 #define SPD_ATTR_ALG_NPARAMS 0x00000122
380 #define SPD_ATTR_ALG_PARAMS 0x00000123
381 #define SPD_ATTR_ALG_FLAGS 0x00000124
382
383 /*
384 * An interface extension identifies a network interface.
385 * It is used for configuring Tunnel Mode policies on a tunnelling
386 * interface for now.
387 */
388 typedef struct spd_if_s {
389 union {
390 struct {
391 uint16_t spd_if_ulen;
392 uint16_t spd_if_uexttype;
393 union {
394 uint8_t spd_if_iuname[4];
395 uint32_t spd_if_iuindex;
396 } spd_if_iu;
397 } spd_if_actual;
398 uint64_t spd_if_alignment;
399 } spd_if_u;
400 #define spd_if_len spd_if_u.spd_if_actual.spd_if_ulen
401 #define spd_if_exttype spd_if_u.spd_if_actual.spd_if_uexttype
402 #define spd_if_name spd_if_u.spd_if_actual.spd_if_iu.spd_if_iuname
403 #define spd_if_index spd_if_u.spd_if_actual.spd_if_iu.spd_if_iuindex
404 } spd_if_t;
405
406 /*
407 * Minimum, maximum key lengths in bits.
408 */
409 #define SPD_MIN_MINBITS 0x0000
410 #define SPD_MAX_MAXBITS 0xffff
411
412 /*
413 * IPsec action types (in SPD_ATTR_TYPE attribute)
414 */
415 #define SPD_ACTTYPE_DROP 0x0001
416 #define SPD_ACTTYPE_PASS 0x0002
417 #define SPD_ACTTYPE_IPSEC 0x0003
418
419 /*
420 * Action flags (in SPD_ATTR_FLAGS attribute)
421 */
422 #define SPD_APPLY_AH 0x0001
423 #define SPD_APPLY_ESP 0x0002
424 #define SPD_APPLY_SE 0x0004 /* self-encapsulation */
425 #define SPD_APPLY_COMP 0x0008 /* compression; NYI */
426 #define SPD_APPLY_UNIQUE 0x0010 /* unique per-flow SA */
427 #define SPD_APPLY_BYPASS 0x0020 /* bypass policy */
428 #define SPD_APPLY_ESPA 0x0040 /* ESP authentication */
429
430 /*
431 * SW crypto execution modes.
432 */
433 #define SPD_ALG_EXEC_MODE_SYNC 1 /* synchronous */
434 #define SPD_ALG_EXEC_MODE_ASYNC 2 /* asynchronous */
435
436 /*
437 * SPD_DUMP protocol:
438 *
439 * We do not want to force an stack to have to read-lock the entire
440 * SPD for the duration of the dump, but we want management apps to be
441 * able to get a consistent snapshot of the SPD.
442 *
443 * Therefore, we make optimistic locking assumptions.
444 *
445 * The response to a SPD_DUMP request consists of multiple spd_msg
446 * records, all with spd_msg_type == SPD_DUMP and spd_msg_{seq,pid}
447 * matching the request.
448 *
449 * There is one header, then a sequence of policy rule records (one
450 * rule per record), then a trailer.
451 *
452 * The header and trailer both contain a single SPD_EXT_RULESET
453 * containing a version number and rule count. The dump was "good" if
454 * header version == trailer version, and the number of rules read by
455 * the application matches the rule count in the trailer. The rule
456 * count in the header is unused and should be set to zero.
457 *
458 * In between, each rule record contains a set of extensions which, if
459 * used in an SPD_ADD request, would recreate an equivalent rule.
460 *
461 * If rules were added to the SPD during the dump, the dump may be
462 * truncated or otherwise incomplete; the management application
463 * should re-try the dump in this case.
464 */
465
466 /*
467 * Ruleset extension, used at the start and end of a SPD_DUMP.
468 */
469 typedef struct spd_ruleset_ext
470 {
471 uint16_t spd_ruleset_len; /* 2 x 64 bits */
472 uint16_t spd_ruleset_type; /* SPD_EXT_RULESET */
473 uint32_t spd_ruleset_count; /* only valid in trailer */
474 uint64_t spd_ruleset_version; /* version number */
475 } spd_ruleset_ext_t;
476
477 /*
478 * Diagnostic codes. These supplement error messages. Be sure to
479 * update libipsecutil's spdsock_diag() if you change any of these.
480 */
481 #define SPD_DIAGNOSTIC_NONE 0
482 #define SPD_DIAGNOSTIC_UNKNOWN_EXT 1
483 #define SPD_DIAGNOSTIC_BAD_EXTLEN 2
484 #define SPD_DIAGNOSTIC_NO_RULE_EXT 3
485 #define SPD_DIAGNOSTIC_BAD_ADDR_LEN 4
486 #define SPD_DIAGNOSTIC_MIXED_AF 5
487 #define SPD_DIAGNOSTIC_ADD_NO_MEM 6
488 #define SPD_DIAGNOSTIC_ADD_WRONG_ACT_COUNT 7
489 #define SPD_DIAGNOSTIC_ADD_BAD_TYPE 8
490 #define SPD_DIAGNOSTIC_ADD_BAD_FLAGS 9
491 #define SPD_DIAGNOSTIC_ADD_INCON_FLAGS 10
492 #define SPD_DIAGNOSTIC_MALFORMED_LCLPORT 11
493 #define SPD_DIAGNOSTIC_DUPLICATE_LCLPORT 12
494 #define SPD_DIAGNOSTIC_MALFORMED_REMPORT 13
495 #define SPD_DIAGNOSTIC_DUPLICATE_REMPORT 14
496 #define SPD_DIAGNOSTIC_MALFORMED_PROTO 15
497 #define SPD_DIAGNOSTIC_DUPLICATE_PROTO 16
498 #define SPD_DIAGNOSTIC_MALFORMED_LCLADDR 17
499 #define SPD_DIAGNOSTIC_DUPLICATE_LCLADDR 18
500 #define SPD_DIAGNOSTIC_MALFORMED_REMADDR 19
501 #define SPD_DIAGNOSTIC_DUPLICATE_REMADDR 20
502 #define SPD_DIAGNOSTIC_MALFORMED_ACTION 21
503 #define SPD_DIAGNOSTIC_DUPLICATE_ACTION 22
504 #define SPD_DIAGNOSTIC_MALFORMED_RULE 23
505 #define SPD_DIAGNOSTIC_DUPLICATE_RULE 24
506 #define SPD_DIAGNOSTIC_MALFORMED_RULESET 25
507 #define SPD_DIAGNOSTIC_DUPLICATE_RULESET 26
508 #define SPD_DIAGNOSTIC_INVALID_RULE_INDEX 27
509 #define SPD_DIAGNOSTIC_BAD_SPDID 28
510 #define SPD_DIAGNOSTIC_BAD_MSG_TYPE 29
511 #define SPD_DIAGNOSTIC_UNSUPP_AH_ALG 30
512 #define SPD_DIAGNOSTIC_UNSUPP_ESP_ENCR_ALG 31
513 #define SPD_DIAGNOSTIC_UNSUPP_ESP_AUTH_ALG 32
514 #define SPD_DIAGNOSTIC_UNSUPP_AH_KEYSIZE 33
515 #define SPD_DIAGNOSTIC_UNSUPP_ESP_ENCR_KEYSIZE 34
516 #define SPD_DIAGNOSTIC_UNSUPP_ESP_AUTH_KEYSIZE 35
517 #define SPD_DIAGNOSTIC_NO_ACTION_EXT 36
518 #define SPD_DIAGNOSTIC_ALG_ID_RANGE 37
519 #define SPD_DIAGNOSTIC_ALG_NUM_KEY_SIZES 38
520 #define SPD_DIAGNOSTIC_ALG_NUM_BLOCK_SIZES 39
521 #define SPD_DIAGNOSTIC_ALG_MECH_NAME_LEN 40
522 #define SPD_DIAGNOSTIC_ALG_IPSEC_NOT_LOADED 41
523 #define SPD_DIAGNOSTIC_MALFORMED_ICMP_TYPECODE 42
524 #define SPD_DIAGNOSTIC_DUPLICATE_ICMP_TYPECODE 43
525 #define SPD_DIAGNOSTIC_NOT_GLOBAL_OP 44
526 #define SPD_DIAGNOSTIC_NO_TUNNEL_SELECTORS 45
527
528 /*
529 * Helper macros.
530 */
531 #define SPD_64TO8(x) ((x) << 3)
532 #define SPD_8TO64(x) ((x) >> 3)
533 #define SPD_8TO1(x) ((x) << 3)
534 #define SPD_1TO8(x) ((x) >> 3)
535
536 #ifdef __cplusplus
537 }
538 #endif
539
540 #endif /* _NET_PFPOLICY_H */
Unleashed OS