search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit '508de9f313d4260d23954085ed866e727901964c'
[unleashed/lotheac.git] / include / inet / ipsec_info.h
blobc1bde9fcb732651596c347607aaf8df5db49aad9
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _INET_IPSEC_INFO_H
27 #define _INET_IPSEC_INFO_H
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 #include <sys/crypto/common.h>
34
35 /*
36 * IPsec informational messages. These are M_CTL STREAMS messages, which
37 * convey IPsec information between various IP and related modules. Most
38 * have been deprecated by the de-STREAMS-ing of TCP/IP. What remains is:
39 *
40 * * Keysock consumer interface - These messages are wrappers for
41 * PF_KEY messages. They flow between AH/ESP and keysock.
42 *
43 */
44
45 /*
46 * The IPsec M_CTL value MUST be something that will not be even close
47 * to an IPv4 or IPv6 header. This means the first byte must not be
48 * 0x40 - 0x4f or 0x60-0x6f. For big-endian machines, this is fixable with
49 * the IPSEC_M_CTL prefix. For little-endian machines, the actual M_CTL
50 * _type_ must not be in the aforementioned ranges.
51 *
52 * The reason for this avoidance is because M_CTL's with a real IPv4/IPv6
53 * datagram get sent from to TCP or UDP when an ICMP datagram affects a
54 * TCP/UDP session.
55 */
56 #define IPSEC_M_CTL 0x73706900
57
58 /*
59 * M_CTL types for IPsec messages. Remember, the values 0x40 - 0x4f and 0x60
60 * - 0x6f are not to be used because of potential little-endian confusion.
61 *
62 * Offsets 3-7 (decimal) are in use, spread through this file.
63 * Check for duplicates through the whole file before adding.
64 */
65
66 /*
67 * Keysock consumer interface.
68 *
69 * The driver/module keysock (which is a driver to PF_KEY sockets, but is
70 * a module to 'consumers' like AH and ESP) uses keysock consumer interface
71 * messages to pass on PF_KEY messages to consumers who process and act upon
72 * them.
73 */
74 #define KEYSOCK_IN (IPSEC_M_CTL + 3)
75 #define KEYSOCK_OUT (IPSEC_M_CTL + 4)
76 #define KEYSOCK_OUT_ERR (IPSEC_M_CTL + 5)
77 #define KEYSOCK_HELLO (IPSEC_M_CTL + 6)
78 #define KEYSOCK_HELLO_ACK (IPSEC_M_CTL + 7)
79
80 /*
81 * KEYSOCK_HELLO is sent by keysock to a consumer when it is pushed on top
82 * of one (i.e. opened as a module).
83 *
84 * NOTE: Keysock_hello is simply an ipsec_info_t
85 */
86
87 /*
88 * KEYSOCK_HELLO_ACK is sent by a consumer to acknowledge a KEYSOCK_HELLO.
89 * It contains the PF_KEYv2 sa_type, so keysock can redirect PF_KEY messages
90 * to the right consumer.
91 */
92 typedef struct keysock_hello_ack_s {
93 uint32_t ks_hello_type;
94 uint32_t ks_hello_len;
95 uint8_t ks_hello_satype; /* PF_KEYv2 sa_type of ks client */
96 } keysock_hello_ack_t;
97
98 #define KS_IN_ADDR_UNKNOWN 0
99 #define KS_IN_ADDR_NOTTHERE 1
100 #define KS_IN_ADDR_UNSPEC 2
101 #define KS_IN_ADDR_ME 3
102 #define KS_IN_ADDR_NOTME 4
103 #define KS_IN_ADDR_MBCAST 5
104 #define KS_IN_ADDR_DONTCARE 6
105
106 /*
107 * KEYSOCK_IN is a PF_KEY message from a PF_KEY socket destined for a consumer.
108 */
109 typedef struct keysock_in_s {
110 uint32_t ks_in_type;
111 uint32_t ks_in_len;
112 /*
113 * NOTE: These pointers MUST be into the M_DATA that follows
114 * this M_CTL message. If they aren't, weirdness
115 * results.
116 */
117 struct sadb_ext *ks_in_extv[SADB_EXT_MAX + 1];
118 int ks_in_srctype; /* Source address type. */
119 int ks_in_dsttype; /* Dest address type. */
120 minor_t ks_in_serial; /* Serial # of sending socket. */
121 } keysock_in_t;
122
123 /*
124 * KEYSOCK_OUT is a PF_KEY message from a consumer destined for a PF_KEY
125 * socket.
126 */
127 typedef struct keysock_out_s {
128 uint32_t ks_out_type;
129 uint32_t ks_out_len;
130 minor_t ks_out_serial; /* Serial # of sending socket. */
131 } keysock_out_t;
132
133 /*
134 * KEYSOCK_OUT_ERR is sent to a consumer from keysock if for some reason
135 * keysock could not find a PF_KEY socket to deliver a consumer-originated
136 * message (e.g. SADB_ACQUIRE).
137 */
138 typedef struct keysock_out_err_s {
139 uint32_t ks_err_type;
140 uint32_t ks_err_len;
141 minor_t ks_err_serial;
142 int ks_err_errno;
143 /*
144 * Other, richer error information may end up going here eventually.
145 */
146 } keysock_out_err_t;
147
148 /*
149 * All IPsec informational messages are placed into the ipsec_info_t
150 * union, so that allocation can be done once, and IPsec informational
151 * messages can be recycled.
152 */
153 typedef union ipsec_info_u {
154 struct {
155 uint32_t ipsec_allu_type;
156 uint32_t ipsec_allu_len; /* In bytes */
157 } ipsec_allu;
158 keysock_hello_ack_t keysock_hello_ack;
159 keysock_in_t keysock_in;
160 keysock_out_t keysock_out;
161 keysock_out_err_t keysock_out_err;
162 } ipsec_info_t;
163 #define ipsec_info_type ipsec_allu.ipsec_allu_type
164 #define ipsec_info_len ipsec_allu.ipsec_allu_len
165
166 #ifdef __cplusplus
167 }
168 #endif
169
170 #endif /* _INET_IPSEC_INFO_H */