1*de1e4e89SAndroid Build Coastguard Worker /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2*de1e4e89SAndroid Build Coastguard Worker #ifndef _LINUX_XFRM_H 3*de1e4e89SAndroid Build Coastguard Worker #define _LINUX_XFRM_H 4*de1e4e89SAndroid Build Coastguard Worker 5*de1e4e89SAndroid Build Coastguard Worker #include <linux/in6.h> 6*de1e4e89SAndroid Build Coastguard Worker #include <linux/types.h> 7*de1e4e89SAndroid Build Coastguard Worker 8*de1e4e89SAndroid Build Coastguard Worker /* All of the structures in this file may not change size as they are 9*de1e4e89SAndroid Build Coastguard Worker * passed into the kernel from userspace via netlink sockets. 10*de1e4e89SAndroid Build Coastguard Worker */ 11*de1e4e89SAndroid Build Coastguard Worker 12*de1e4e89SAndroid Build Coastguard Worker /* Structure to encapsulate addresses. I do not want to use 13*de1e4e89SAndroid Build Coastguard Worker * "standard" structure. My apologies. 14*de1e4e89SAndroid Build Coastguard Worker */ 15*de1e4e89SAndroid Build Coastguard Worker typedef union { 16*de1e4e89SAndroid Build Coastguard Worker __be32 a4; 17*de1e4e89SAndroid Build Coastguard Worker __be32 a6[4]; 18*de1e4e89SAndroid Build Coastguard Worker struct in6_addr in6; 19*de1e4e89SAndroid Build Coastguard Worker } xfrm_address_t; 20*de1e4e89SAndroid Build Coastguard Worker 21*de1e4e89SAndroid Build Coastguard Worker /* Ident of a specific xfrm_state. It is used on input to lookup 22*de1e4e89SAndroid Build Coastguard Worker * the state by (spi,daddr,ah/esp) or to store information about 23*de1e4e89SAndroid Build Coastguard Worker * spi, protocol and tunnel address on output. 24*de1e4e89SAndroid Build Coastguard Worker */ 25*de1e4e89SAndroid Build Coastguard Worker struct xfrm_id { 26*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t daddr; 27*de1e4e89SAndroid Build Coastguard Worker __be32 spi; 28*de1e4e89SAndroid Build Coastguard Worker __u8 proto; 29*de1e4e89SAndroid Build Coastguard Worker }; 30*de1e4e89SAndroid Build Coastguard Worker 31*de1e4e89SAndroid Build Coastguard Worker struct xfrm_sec_ctx { 32*de1e4e89SAndroid Build Coastguard Worker __u8 ctx_doi; 33*de1e4e89SAndroid Build Coastguard Worker __u8 ctx_alg; 34*de1e4e89SAndroid Build Coastguard Worker __u16 ctx_len; 35*de1e4e89SAndroid Build Coastguard Worker __u32 ctx_sid; 36*de1e4e89SAndroid Build Coastguard Worker char ctx_str[0]; 37*de1e4e89SAndroid Build Coastguard Worker }; 38*de1e4e89SAndroid Build Coastguard Worker 39*de1e4e89SAndroid Build Coastguard Worker /* Security Context Domains of Interpretation */ 40*de1e4e89SAndroid Build Coastguard Worker #define XFRM_SC_DOI_RESERVED 0 41*de1e4e89SAndroid Build Coastguard Worker #define XFRM_SC_DOI_LSM 1 42*de1e4e89SAndroid Build Coastguard Worker 43*de1e4e89SAndroid Build Coastguard Worker /* Security Context Algorithms */ 44*de1e4e89SAndroid Build Coastguard Worker #define XFRM_SC_ALG_RESERVED 0 45*de1e4e89SAndroid Build Coastguard Worker #define XFRM_SC_ALG_SELINUX 1 46*de1e4e89SAndroid Build Coastguard Worker 47*de1e4e89SAndroid Build Coastguard Worker /* Selector, used as selector both on policy rules (SPD) and SAs. */ 48*de1e4e89SAndroid Build Coastguard Worker 49*de1e4e89SAndroid Build Coastguard Worker struct xfrm_selector { 50*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t daddr; 51*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t saddr; 52*de1e4e89SAndroid Build Coastguard Worker __be16 dport; 53*de1e4e89SAndroid Build Coastguard Worker __be16 dport_mask; 54*de1e4e89SAndroid Build Coastguard Worker __be16 sport; 55*de1e4e89SAndroid Build Coastguard Worker __be16 sport_mask; 56*de1e4e89SAndroid Build Coastguard Worker __u16 family; 57*de1e4e89SAndroid Build Coastguard Worker __u8 prefixlen_d; 58*de1e4e89SAndroid Build Coastguard Worker __u8 prefixlen_s; 59*de1e4e89SAndroid Build Coastguard Worker __u8 proto; 60*de1e4e89SAndroid Build Coastguard Worker int ifindex; 61*de1e4e89SAndroid Build Coastguard Worker __kernel_uid32_t user; 62*de1e4e89SAndroid Build Coastguard Worker }; 63*de1e4e89SAndroid Build Coastguard Worker 64*de1e4e89SAndroid Build Coastguard Worker #define XFRM_INF (~(__u64)0) 65*de1e4e89SAndroid Build Coastguard Worker 66*de1e4e89SAndroid Build Coastguard Worker struct xfrm_lifetime_cfg { 67*de1e4e89SAndroid Build Coastguard Worker __u64 soft_byte_limit; 68*de1e4e89SAndroid Build Coastguard Worker __u64 hard_byte_limit; 69*de1e4e89SAndroid Build Coastguard Worker __u64 soft_packet_limit; 70*de1e4e89SAndroid Build Coastguard Worker __u64 hard_packet_limit; 71*de1e4e89SAndroid Build Coastguard Worker __u64 soft_add_expires_seconds; 72*de1e4e89SAndroid Build Coastguard Worker __u64 hard_add_expires_seconds; 73*de1e4e89SAndroid Build Coastguard Worker __u64 soft_use_expires_seconds; 74*de1e4e89SAndroid Build Coastguard Worker __u64 hard_use_expires_seconds; 75*de1e4e89SAndroid Build Coastguard Worker }; 76*de1e4e89SAndroid Build Coastguard Worker 77*de1e4e89SAndroid Build Coastguard Worker struct xfrm_lifetime_cur { 78*de1e4e89SAndroid Build Coastguard Worker __u64 bytes; 79*de1e4e89SAndroid Build Coastguard Worker __u64 packets; 80*de1e4e89SAndroid Build Coastguard Worker __u64 add_time; 81*de1e4e89SAndroid Build Coastguard Worker __u64 use_time; 82*de1e4e89SAndroid Build Coastguard Worker }; 83*de1e4e89SAndroid Build Coastguard Worker 84*de1e4e89SAndroid Build Coastguard Worker struct xfrm_replay_state { 85*de1e4e89SAndroid Build Coastguard Worker __u32 oseq; 86*de1e4e89SAndroid Build Coastguard Worker __u32 seq; 87*de1e4e89SAndroid Build Coastguard Worker __u32 bitmap; 88*de1e4e89SAndroid Build Coastguard Worker }; 89*de1e4e89SAndroid Build Coastguard Worker 90*de1e4e89SAndroid Build Coastguard Worker #define XFRMA_REPLAY_ESN_MAX 4096 91*de1e4e89SAndroid Build Coastguard Worker 92*de1e4e89SAndroid Build Coastguard Worker struct xfrm_replay_state_esn { 93*de1e4e89SAndroid Build Coastguard Worker unsigned int bmp_len; 94*de1e4e89SAndroid Build Coastguard Worker __u32 oseq; 95*de1e4e89SAndroid Build Coastguard Worker __u32 seq; 96*de1e4e89SAndroid Build Coastguard Worker __u32 oseq_hi; 97*de1e4e89SAndroid Build Coastguard Worker __u32 seq_hi; 98*de1e4e89SAndroid Build Coastguard Worker __u32 replay_window; 99*de1e4e89SAndroid Build Coastguard Worker __u32 bmp[0]; 100*de1e4e89SAndroid Build Coastguard Worker }; 101*de1e4e89SAndroid Build Coastguard Worker 102*de1e4e89SAndroid Build Coastguard Worker struct xfrm_algo { 103*de1e4e89SAndroid Build Coastguard Worker char alg_name[64]; 104*de1e4e89SAndroid Build Coastguard Worker unsigned int alg_key_len; /* in bits */ 105*de1e4e89SAndroid Build Coastguard Worker char alg_key[0]; 106*de1e4e89SAndroid Build Coastguard Worker }; 107*de1e4e89SAndroid Build Coastguard Worker 108*de1e4e89SAndroid Build Coastguard Worker struct xfrm_algo_auth { 109*de1e4e89SAndroid Build Coastguard Worker char alg_name[64]; 110*de1e4e89SAndroid Build Coastguard Worker unsigned int alg_key_len; /* in bits */ 111*de1e4e89SAndroid Build Coastguard Worker unsigned int alg_trunc_len; /* in bits */ 112*de1e4e89SAndroid Build Coastguard Worker char alg_key[0]; 113*de1e4e89SAndroid Build Coastguard Worker }; 114*de1e4e89SAndroid Build Coastguard Worker 115*de1e4e89SAndroid Build Coastguard Worker struct xfrm_algo_aead { 116*de1e4e89SAndroid Build Coastguard Worker char alg_name[64]; 117*de1e4e89SAndroid Build Coastguard Worker unsigned int alg_key_len; /* in bits */ 118*de1e4e89SAndroid Build Coastguard Worker unsigned int alg_icv_len; /* in bits */ 119*de1e4e89SAndroid Build Coastguard Worker char alg_key[0]; 120*de1e4e89SAndroid Build Coastguard Worker }; 121*de1e4e89SAndroid Build Coastguard Worker 122*de1e4e89SAndroid Build Coastguard Worker struct xfrm_stats { 123*de1e4e89SAndroid Build Coastguard Worker __u32 replay_window; 124*de1e4e89SAndroid Build Coastguard Worker __u32 replay; 125*de1e4e89SAndroid Build Coastguard Worker __u32 integrity_failed; 126*de1e4e89SAndroid Build Coastguard Worker }; 127*de1e4e89SAndroid Build Coastguard Worker 128*de1e4e89SAndroid Build Coastguard Worker enum { 129*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_TYPE_MAIN = 0, 130*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_TYPE_SUB = 1, 131*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_TYPE_MAX = 2, 132*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_TYPE_ANY = 255 133*de1e4e89SAndroid Build Coastguard Worker }; 134*de1e4e89SAndroid Build Coastguard Worker 135*de1e4e89SAndroid Build Coastguard Worker enum { 136*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_IN = 0, 137*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_OUT = 1, 138*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_FWD = 2, 139*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_MASK = 3, 140*de1e4e89SAndroid Build Coastguard Worker XFRM_POLICY_MAX = 3 141*de1e4e89SAndroid Build Coastguard Worker }; 142*de1e4e89SAndroid Build Coastguard Worker 143*de1e4e89SAndroid Build Coastguard Worker enum { 144*de1e4e89SAndroid Build Coastguard Worker XFRM_SHARE_ANY, /* No limitations */ 145*de1e4e89SAndroid Build Coastguard Worker XFRM_SHARE_SESSION, /* For this session only */ 146*de1e4e89SAndroid Build Coastguard Worker XFRM_SHARE_USER, /* For this user only */ 147*de1e4e89SAndroid Build Coastguard Worker XFRM_SHARE_UNIQUE /* Use once */ 148*de1e4e89SAndroid Build Coastguard Worker }; 149*de1e4e89SAndroid Build Coastguard Worker 150*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MODE_TRANSPORT 0 151*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MODE_TUNNEL 1 152*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MODE_ROUTEOPTIMIZATION 2 153*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MODE_IN_TRIGGER 3 154*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MODE_BEET 4 155*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MODE_MAX 5 156*de1e4e89SAndroid Build Coastguard Worker 157*de1e4e89SAndroid Build Coastguard Worker /* Netlink configuration messages. */ 158*de1e4e89SAndroid Build Coastguard Worker enum { 159*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_BASE = 0x10, 160*de1e4e89SAndroid Build Coastguard Worker 161*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_NEWSA = 0x10, 162*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_NEWSA XFRM_MSG_NEWSA 163*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_DELSA, 164*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_DELSA XFRM_MSG_DELSA 165*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_GETSA, 166*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_GETSA XFRM_MSG_GETSA 167*de1e4e89SAndroid Build Coastguard Worker 168*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_NEWPOLICY, 169*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY 170*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_DELPOLICY, 171*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY 172*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_GETPOLICY, 173*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY 174*de1e4e89SAndroid Build Coastguard Worker 175*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_ALLOCSPI, 176*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI 177*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_ACQUIRE, 178*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE 179*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_EXPIRE, 180*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE 181*de1e4e89SAndroid Build Coastguard Worker 182*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_UPDPOLICY, 183*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY 184*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_UPDSA, 185*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_UPDSA XFRM_MSG_UPDSA 186*de1e4e89SAndroid Build Coastguard Worker 187*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_POLEXPIRE, 188*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE 189*de1e4e89SAndroid Build Coastguard Worker 190*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_FLUSHSA, 191*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA 192*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_FLUSHPOLICY, 193*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY 194*de1e4e89SAndroid Build Coastguard Worker 195*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_NEWAE, 196*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE 197*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_GETAE, 198*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_GETAE XFRM_MSG_GETAE 199*de1e4e89SAndroid Build Coastguard Worker 200*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_REPORT, 201*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_REPORT XFRM_MSG_REPORT 202*de1e4e89SAndroid Build Coastguard Worker 203*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_MIGRATE, 204*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE 205*de1e4e89SAndroid Build Coastguard Worker 206*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_NEWSADINFO, 207*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO 208*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_GETSADINFO, 209*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO 210*de1e4e89SAndroid Build Coastguard Worker 211*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_NEWSPDINFO, 212*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO 213*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_GETSPDINFO, 214*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO 215*de1e4e89SAndroid Build Coastguard Worker 216*de1e4e89SAndroid Build Coastguard Worker XFRM_MSG_MAPPING, 217*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_MAPPING XFRM_MSG_MAPPING 218*de1e4e89SAndroid Build Coastguard Worker __XFRM_MSG_MAX 219*de1e4e89SAndroid Build Coastguard Worker }; 220*de1e4e89SAndroid Build Coastguard Worker #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) 221*de1e4e89SAndroid Build Coastguard Worker 222*de1e4e89SAndroid Build Coastguard Worker #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) 223*de1e4e89SAndroid Build Coastguard Worker 224*de1e4e89SAndroid Build Coastguard Worker /* 225*de1e4e89SAndroid Build Coastguard Worker * Generic LSM security context for comunicating to user space 226*de1e4e89SAndroid Build Coastguard Worker * NOTE: Same format as sadb_x_sec_ctx 227*de1e4e89SAndroid Build Coastguard Worker */ 228*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_sec_ctx { 229*de1e4e89SAndroid Build Coastguard Worker __u16 len; 230*de1e4e89SAndroid Build Coastguard Worker __u16 exttype; 231*de1e4e89SAndroid Build Coastguard Worker __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */ 232*de1e4e89SAndroid Build Coastguard Worker __u8 ctx_doi; 233*de1e4e89SAndroid Build Coastguard Worker __u16 ctx_len; 234*de1e4e89SAndroid Build Coastguard Worker }; 235*de1e4e89SAndroid Build Coastguard Worker 236*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_tmpl { 237*de1e4e89SAndroid Build Coastguard Worker struct xfrm_id id; 238*de1e4e89SAndroid Build Coastguard Worker __u16 family; 239*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t saddr; 240*de1e4e89SAndroid Build Coastguard Worker __u32 reqid; 241*de1e4e89SAndroid Build Coastguard Worker __u8 mode; 242*de1e4e89SAndroid Build Coastguard Worker __u8 share; 243*de1e4e89SAndroid Build Coastguard Worker __u8 optional; 244*de1e4e89SAndroid Build Coastguard Worker __u32 aalgos; 245*de1e4e89SAndroid Build Coastguard Worker __u32 ealgos; 246*de1e4e89SAndroid Build Coastguard Worker __u32 calgos; 247*de1e4e89SAndroid Build Coastguard Worker }; 248*de1e4e89SAndroid Build Coastguard Worker 249*de1e4e89SAndroid Build Coastguard Worker struct xfrm_encap_tmpl { 250*de1e4e89SAndroid Build Coastguard Worker __u16 encap_type; 251*de1e4e89SAndroid Build Coastguard Worker __be16 encap_sport; 252*de1e4e89SAndroid Build Coastguard Worker __be16 encap_dport; 253*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t encap_oa; 254*de1e4e89SAndroid Build Coastguard Worker }; 255*de1e4e89SAndroid Build Coastguard Worker 256*de1e4e89SAndroid Build Coastguard Worker /* AEVENT flags */ 257*de1e4e89SAndroid Build Coastguard Worker enum xfrm_ae_ftype_t { 258*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_UNSPEC, 259*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_RTHR=1, /* replay threshold*/ 260*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_RVAL=2, /* replay value */ 261*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_LVAL=4, /* lifetime value */ 262*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_ETHR=8, /* expiry timer threshold */ 263*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_CR=16, /* Event cause is replay update */ 264*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_CE=32, /* Event cause is timer expiry */ 265*de1e4e89SAndroid Build Coastguard Worker XFRM_AE_CU=64, /* Event cause is policy update */ 266*de1e4e89SAndroid Build Coastguard Worker __XFRM_AE_MAX 267*de1e4e89SAndroid Build Coastguard Worker 268*de1e4e89SAndroid Build Coastguard Worker #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) 269*de1e4e89SAndroid Build Coastguard Worker }; 270*de1e4e89SAndroid Build Coastguard Worker 271*de1e4e89SAndroid Build Coastguard Worker struct xfrm_userpolicy_type { 272*de1e4e89SAndroid Build Coastguard Worker __u8 type; 273*de1e4e89SAndroid Build Coastguard Worker __u16 reserved1; 274*de1e4e89SAndroid Build Coastguard Worker __u8 reserved2; 275*de1e4e89SAndroid Build Coastguard Worker }; 276*de1e4e89SAndroid Build Coastguard Worker 277*de1e4e89SAndroid Build Coastguard Worker /* Netlink message attributes. */ 278*de1e4e89SAndroid Build Coastguard Worker enum xfrm_attr_type_t { 279*de1e4e89SAndroid Build Coastguard Worker XFRMA_UNSPEC, 280*de1e4e89SAndroid Build Coastguard Worker XFRMA_ALG_AUTH, /* struct xfrm_algo */ 281*de1e4e89SAndroid Build Coastguard Worker XFRMA_ALG_CRYPT, /* struct xfrm_algo */ 282*de1e4e89SAndroid Build Coastguard Worker XFRMA_ALG_COMP, /* struct xfrm_algo */ 283*de1e4e89SAndroid Build Coastguard Worker XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ 284*de1e4e89SAndroid Build Coastguard Worker XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ 285*de1e4e89SAndroid Build Coastguard Worker XFRMA_SA, /* struct xfrm_usersa_info */ 286*de1e4e89SAndroid Build Coastguard Worker XFRMA_POLICY, /*struct xfrm_userpolicy_info */ 287*de1e4e89SAndroid Build Coastguard Worker XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ 288*de1e4e89SAndroid Build Coastguard Worker XFRMA_LTIME_VAL, 289*de1e4e89SAndroid Build Coastguard Worker XFRMA_REPLAY_VAL, 290*de1e4e89SAndroid Build Coastguard Worker XFRMA_REPLAY_THRESH, 291*de1e4e89SAndroid Build Coastguard Worker XFRMA_ETIMER_THRESH, 292*de1e4e89SAndroid Build Coastguard Worker XFRMA_SRCADDR, /* xfrm_address_t */ 293*de1e4e89SAndroid Build Coastguard Worker XFRMA_COADDR, /* xfrm_address_t */ 294*de1e4e89SAndroid Build Coastguard Worker XFRMA_LASTUSED, /* unsigned long */ 295*de1e4e89SAndroid Build Coastguard Worker XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ 296*de1e4e89SAndroid Build Coastguard Worker XFRMA_MIGRATE, 297*de1e4e89SAndroid Build Coastguard Worker XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ 298*de1e4e89SAndroid Build Coastguard Worker XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ 299*de1e4e89SAndroid Build Coastguard Worker XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ 300*de1e4e89SAndroid Build Coastguard Worker XFRMA_MARK, /* struct xfrm_mark */ 301*de1e4e89SAndroid Build Coastguard Worker XFRMA_TFCPAD, /* __u32 */ 302*de1e4e89SAndroid Build Coastguard Worker XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_state_esn */ 303*de1e4e89SAndroid Build Coastguard Worker XFRMA_SA_EXTRA_FLAGS, /* __u32 */ 304*de1e4e89SAndroid Build Coastguard Worker XFRMA_PROTO, /* __u8 */ 305*de1e4e89SAndroid Build Coastguard Worker XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */ 306*de1e4e89SAndroid Build Coastguard Worker XFRMA_PAD, 307*de1e4e89SAndroid Build Coastguard Worker XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */ 308*de1e4e89SAndroid Build Coastguard Worker XFRMA_OUTPUT_MARK, /* __u32 */ 309*de1e4e89SAndroid Build Coastguard Worker __XFRMA_MAX 310*de1e4e89SAndroid Build Coastguard Worker 311*de1e4e89SAndroid Build Coastguard Worker #define XFRMA_MAX (__XFRMA_MAX - 1) 312*de1e4e89SAndroid Build Coastguard Worker }; 313*de1e4e89SAndroid Build Coastguard Worker 314*de1e4e89SAndroid Build Coastguard Worker struct xfrm_mark { 315*de1e4e89SAndroid Build Coastguard Worker __u32 v; /* value */ 316*de1e4e89SAndroid Build Coastguard Worker __u32 m; /* mask */ 317*de1e4e89SAndroid Build Coastguard Worker }; 318*de1e4e89SAndroid Build Coastguard Worker 319*de1e4e89SAndroid Build Coastguard Worker enum xfrm_sadattr_type_t { 320*de1e4e89SAndroid Build Coastguard Worker XFRMA_SAD_UNSPEC, 321*de1e4e89SAndroid Build Coastguard Worker XFRMA_SAD_CNT, 322*de1e4e89SAndroid Build Coastguard Worker XFRMA_SAD_HINFO, 323*de1e4e89SAndroid Build Coastguard Worker __XFRMA_SAD_MAX 324*de1e4e89SAndroid Build Coastguard Worker 325*de1e4e89SAndroid Build Coastguard Worker #define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1) 326*de1e4e89SAndroid Build Coastguard Worker }; 327*de1e4e89SAndroid Build Coastguard Worker 328*de1e4e89SAndroid Build Coastguard Worker struct xfrmu_sadhinfo { 329*de1e4e89SAndroid Build Coastguard Worker __u32 sadhcnt; /* current hash bkts */ 330*de1e4e89SAndroid Build Coastguard Worker __u32 sadhmcnt; /* max allowed hash bkts */ 331*de1e4e89SAndroid Build Coastguard Worker }; 332*de1e4e89SAndroid Build Coastguard Worker 333*de1e4e89SAndroid Build Coastguard Worker enum xfrm_spdattr_type_t { 334*de1e4e89SAndroid Build Coastguard Worker XFRMA_SPD_UNSPEC, 335*de1e4e89SAndroid Build Coastguard Worker XFRMA_SPD_INFO, 336*de1e4e89SAndroid Build Coastguard Worker XFRMA_SPD_HINFO, 337*de1e4e89SAndroid Build Coastguard Worker XFRMA_SPD_IPV4_HTHRESH, 338*de1e4e89SAndroid Build Coastguard Worker XFRMA_SPD_IPV6_HTHRESH, 339*de1e4e89SAndroid Build Coastguard Worker __XFRMA_SPD_MAX 340*de1e4e89SAndroid Build Coastguard Worker 341*de1e4e89SAndroid Build Coastguard Worker #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1) 342*de1e4e89SAndroid Build Coastguard Worker }; 343*de1e4e89SAndroid Build Coastguard Worker 344*de1e4e89SAndroid Build Coastguard Worker struct xfrmu_spdinfo { 345*de1e4e89SAndroid Build Coastguard Worker __u32 incnt; 346*de1e4e89SAndroid Build Coastguard Worker __u32 outcnt; 347*de1e4e89SAndroid Build Coastguard Worker __u32 fwdcnt; 348*de1e4e89SAndroid Build Coastguard Worker __u32 inscnt; 349*de1e4e89SAndroid Build Coastguard Worker __u32 outscnt; 350*de1e4e89SAndroid Build Coastguard Worker __u32 fwdscnt; 351*de1e4e89SAndroid Build Coastguard Worker }; 352*de1e4e89SAndroid Build Coastguard Worker 353*de1e4e89SAndroid Build Coastguard Worker struct xfrmu_spdhinfo { 354*de1e4e89SAndroid Build Coastguard Worker __u32 spdhcnt; 355*de1e4e89SAndroid Build Coastguard Worker __u32 spdhmcnt; 356*de1e4e89SAndroid Build Coastguard Worker }; 357*de1e4e89SAndroid Build Coastguard Worker 358*de1e4e89SAndroid Build Coastguard Worker struct xfrmu_spdhthresh { 359*de1e4e89SAndroid Build Coastguard Worker __u8 lbits; 360*de1e4e89SAndroid Build Coastguard Worker __u8 rbits; 361*de1e4e89SAndroid Build Coastguard Worker }; 362*de1e4e89SAndroid Build Coastguard Worker 363*de1e4e89SAndroid Build Coastguard Worker struct xfrm_usersa_info { 364*de1e4e89SAndroid Build Coastguard Worker struct xfrm_selector sel; 365*de1e4e89SAndroid Build Coastguard Worker struct xfrm_id id; 366*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t saddr; 367*de1e4e89SAndroid Build Coastguard Worker struct xfrm_lifetime_cfg lft; 368*de1e4e89SAndroid Build Coastguard Worker struct xfrm_lifetime_cur curlft; 369*de1e4e89SAndroid Build Coastguard Worker struct xfrm_stats stats; 370*de1e4e89SAndroid Build Coastguard Worker __u32 seq; 371*de1e4e89SAndroid Build Coastguard Worker __u32 reqid; 372*de1e4e89SAndroid Build Coastguard Worker __u16 family; 373*de1e4e89SAndroid Build Coastguard Worker __u8 mode; /* XFRM_MODE_xxx */ 374*de1e4e89SAndroid Build Coastguard Worker __u8 replay_window; 375*de1e4e89SAndroid Build Coastguard Worker __u8 flags; 376*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_NOECN 1 377*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_DECAP_DSCP 2 378*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_NOPMTUDISC 4 379*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_WILDRECV 8 380*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_ICMP 16 381*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_AF_UNSPEC 32 382*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_ALIGN4 64 383*de1e4e89SAndroid Build Coastguard Worker #define XFRM_STATE_ESN 128 384*de1e4e89SAndroid Build Coastguard Worker } 385*de1e4e89SAndroid Build Coastguard Worker #ifdef __i386__ 386*de1e4e89SAndroid Build Coastguard Worker __attribute__((aligned(8))) /* b/138147164 */ 387*de1e4e89SAndroid Build Coastguard Worker #endif 388*de1e4e89SAndroid Build Coastguard Worker ; 389*de1e4e89SAndroid Build Coastguard Worker 390*de1e4e89SAndroid Build Coastguard Worker #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1 391*de1e4e89SAndroid Build Coastguard Worker 392*de1e4e89SAndroid Build Coastguard Worker struct xfrm_usersa_id { 393*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t daddr; 394*de1e4e89SAndroid Build Coastguard Worker __be32 spi; 395*de1e4e89SAndroid Build Coastguard Worker __u16 family; 396*de1e4e89SAndroid Build Coastguard Worker __u8 proto; 397*de1e4e89SAndroid Build Coastguard Worker }; 398*de1e4e89SAndroid Build Coastguard Worker 399*de1e4e89SAndroid Build Coastguard Worker struct xfrm_aevent_id { 400*de1e4e89SAndroid Build Coastguard Worker struct xfrm_usersa_id sa_id; 401*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t saddr; 402*de1e4e89SAndroid Build Coastguard Worker __u32 flags; 403*de1e4e89SAndroid Build Coastguard Worker __u32 reqid; 404*de1e4e89SAndroid Build Coastguard Worker }; 405*de1e4e89SAndroid Build Coastguard Worker 406*de1e4e89SAndroid Build Coastguard Worker struct xfrm_userspi_info { 407*de1e4e89SAndroid Build Coastguard Worker struct xfrm_usersa_info info; 408*de1e4e89SAndroid Build Coastguard Worker __u32 min; 409*de1e4e89SAndroid Build Coastguard Worker __u32 max; 410*de1e4e89SAndroid Build Coastguard Worker }; 411*de1e4e89SAndroid Build Coastguard Worker 412*de1e4e89SAndroid Build Coastguard Worker struct xfrm_userpolicy_info { 413*de1e4e89SAndroid Build Coastguard Worker struct xfrm_selector sel; 414*de1e4e89SAndroid Build Coastguard Worker struct xfrm_lifetime_cfg lft; 415*de1e4e89SAndroid Build Coastguard Worker struct xfrm_lifetime_cur curlft; 416*de1e4e89SAndroid Build Coastguard Worker __u32 priority; 417*de1e4e89SAndroid Build Coastguard Worker __u32 index; 418*de1e4e89SAndroid Build Coastguard Worker __u8 dir; 419*de1e4e89SAndroid Build Coastguard Worker __u8 action; 420*de1e4e89SAndroid Build Coastguard Worker #define XFRM_POLICY_ALLOW 0 421*de1e4e89SAndroid Build Coastguard Worker #define XFRM_POLICY_BLOCK 1 422*de1e4e89SAndroid Build Coastguard Worker __u8 flags; 423*de1e4e89SAndroid Build Coastguard Worker #define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ 424*de1e4e89SAndroid Build Coastguard Worker /* Automatically expand selector to include matching ICMP payloads. */ 425*de1e4e89SAndroid Build Coastguard Worker #define XFRM_POLICY_ICMP 2 426*de1e4e89SAndroid Build Coastguard Worker __u8 share; 427*de1e4e89SAndroid Build Coastguard Worker } 428*de1e4e89SAndroid Build Coastguard Worker #ifdef __i386__ 429*de1e4e89SAndroid Build Coastguard Worker __attribute__((aligned(8))) /* b/138147164 */ 430*de1e4e89SAndroid Build Coastguard Worker #endif 431*de1e4e89SAndroid Build Coastguard Worker ; 432*de1e4e89SAndroid Build Coastguard Worker 433*de1e4e89SAndroid Build Coastguard Worker struct xfrm_userpolicy_id { 434*de1e4e89SAndroid Build Coastguard Worker struct xfrm_selector sel; 435*de1e4e89SAndroid Build Coastguard Worker __u32 index; 436*de1e4e89SAndroid Build Coastguard Worker __u8 dir; 437*de1e4e89SAndroid Build Coastguard Worker }; 438*de1e4e89SAndroid Build Coastguard Worker 439*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_acquire { 440*de1e4e89SAndroid Build Coastguard Worker struct xfrm_id id; 441*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t saddr; 442*de1e4e89SAndroid Build Coastguard Worker struct xfrm_selector sel; 443*de1e4e89SAndroid Build Coastguard Worker struct xfrm_userpolicy_info policy; 444*de1e4e89SAndroid Build Coastguard Worker __u32 aalgos; 445*de1e4e89SAndroid Build Coastguard Worker __u32 ealgos; 446*de1e4e89SAndroid Build Coastguard Worker __u32 calgos; 447*de1e4e89SAndroid Build Coastguard Worker __u32 seq; 448*de1e4e89SAndroid Build Coastguard Worker }; 449*de1e4e89SAndroid Build Coastguard Worker 450*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_expire { 451*de1e4e89SAndroid Build Coastguard Worker struct xfrm_usersa_info state; 452*de1e4e89SAndroid Build Coastguard Worker __u8 hard; 453*de1e4e89SAndroid Build Coastguard Worker }; 454*de1e4e89SAndroid Build Coastguard Worker 455*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_polexpire { 456*de1e4e89SAndroid Build Coastguard Worker struct xfrm_userpolicy_info pol; 457*de1e4e89SAndroid Build Coastguard Worker __u8 hard; 458*de1e4e89SAndroid Build Coastguard Worker }; 459*de1e4e89SAndroid Build Coastguard Worker 460*de1e4e89SAndroid Build Coastguard Worker struct xfrm_usersa_flush { 461*de1e4e89SAndroid Build Coastguard Worker __u8 proto; 462*de1e4e89SAndroid Build Coastguard Worker }; 463*de1e4e89SAndroid Build Coastguard Worker 464*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_report { 465*de1e4e89SAndroid Build Coastguard Worker __u8 proto; 466*de1e4e89SAndroid Build Coastguard Worker struct xfrm_selector sel; 467*de1e4e89SAndroid Build Coastguard Worker }; 468*de1e4e89SAndroid Build Coastguard Worker 469*de1e4e89SAndroid Build Coastguard Worker /* Used by MIGRATE to pass addresses IKE should use to perform 470*de1e4e89SAndroid Build Coastguard Worker * SA negotiation with the peer */ 471*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_kmaddress { 472*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t local; 473*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t remote; 474*de1e4e89SAndroid Build Coastguard Worker __u32 reserved; 475*de1e4e89SAndroid Build Coastguard Worker __u16 family; 476*de1e4e89SAndroid Build Coastguard Worker }; 477*de1e4e89SAndroid Build Coastguard Worker 478*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_migrate { 479*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t old_daddr; 480*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t old_saddr; 481*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t new_daddr; 482*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t new_saddr; 483*de1e4e89SAndroid Build Coastguard Worker __u8 proto; 484*de1e4e89SAndroid Build Coastguard Worker __u8 mode; 485*de1e4e89SAndroid Build Coastguard Worker __u16 reserved; 486*de1e4e89SAndroid Build Coastguard Worker __u32 reqid; 487*de1e4e89SAndroid Build Coastguard Worker __u16 old_family; 488*de1e4e89SAndroid Build Coastguard Worker __u16 new_family; 489*de1e4e89SAndroid Build Coastguard Worker }; 490*de1e4e89SAndroid Build Coastguard Worker 491*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_mapping { 492*de1e4e89SAndroid Build Coastguard Worker struct xfrm_usersa_id id; 493*de1e4e89SAndroid Build Coastguard Worker __u32 reqid; 494*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t old_saddr; 495*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t new_saddr; 496*de1e4e89SAndroid Build Coastguard Worker __be16 old_sport; 497*de1e4e89SAndroid Build Coastguard Worker __be16 new_sport; 498*de1e4e89SAndroid Build Coastguard Worker }; 499*de1e4e89SAndroid Build Coastguard Worker 500*de1e4e89SAndroid Build Coastguard Worker struct xfrm_address_filter { 501*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t saddr; 502*de1e4e89SAndroid Build Coastguard Worker xfrm_address_t daddr; 503*de1e4e89SAndroid Build Coastguard Worker __u16 family; 504*de1e4e89SAndroid Build Coastguard Worker __u8 splen; 505*de1e4e89SAndroid Build Coastguard Worker __u8 dplen; 506*de1e4e89SAndroid Build Coastguard Worker }; 507*de1e4e89SAndroid Build Coastguard Worker 508*de1e4e89SAndroid Build Coastguard Worker struct xfrm_user_offload { 509*de1e4e89SAndroid Build Coastguard Worker int ifindex; 510*de1e4e89SAndroid Build Coastguard Worker __u8 flags; 511*de1e4e89SAndroid Build Coastguard Worker }; 512*de1e4e89SAndroid Build Coastguard Worker #define XFRM_OFFLOAD_IPV6 1 513*de1e4e89SAndroid Build Coastguard Worker #define XFRM_OFFLOAD_INBOUND 2 514*de1e4e89SAndroid Build Coastguard Worker 515*de1e4e89SAndroid Build Coastguard Worker /* backwards compatibility for userspace */ 516*de1e4e89SAndroid Build Coastguard Worker #define XFRMGRP_ACQUIRE 1 517*de1e4e89SAndroid Build Coastguard Worker #define XFRMGRP_EXPIRE 2 518*de1e4e89SAndroid Build Coastguard Worker #define XFRMGRP_SA 4 519*de1e4e89SAndroid Build Coastguard Worker #define XFRMGRP_POLICY 8 520*de1e4e89SAndroid Build Coastguard Worker #define XFRMGRP_REPORT 0x20 521*de1e4e89SAndroid Build Coastguard Worker 522*de1e4e89SAndroid Build Coastguard Worker enum xfrm_nlgroups { 523*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_NONE, 524*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_NONE XFRMNLGRP_NONE 525*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_ACQUIRE, 526*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE 527*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_EXPIRE, 528*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE 529*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_SA, 530*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_SA XFRMNLGRP_SA 531*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_POLICY, 532*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY 533*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_AEVENTS, 534*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS 535*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_REPORT, 536*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_REPORT XFRMNLGRP_REPORT 537*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_MIGRATE, 538*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE 539*de1e4e89SAndroid Build Coastguard Worker XFRMNLGRP_MAPPING, 540*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_MAPPING XFRMNLGRP_MAPPING 541*de1e4e89SAndroid Build Coastguard Worker __XFRMNLGRP_MAX 542*de1e4e89SAndroid Build Coastguard Worker }; 543*de1e4e89SAndroid Build Coastguard Worker #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) 544*de1e4e89SAndroid Build Coastguard Worker 545*de1e4e89SAndroid Build Coastguard Worker #endif /* _LINUX_XFRM_H */ 546