diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-04-04 22:19:51 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-04-04 22:19:51 +0000 |
| commit | 6baa13ce4e00828df38532fce0ad100016b95f2e (patch) | |
| tree | c001874f17dc6c5d8621d3970f5256bf64ed838d /sbin/ipsecctl/ipsecctl.h | |
| parent | 7bc1c4c87aa82ab5c718ae2d2489d6779d3865c3 (diff) | |
Add ipsecctl utility, work in progress
ok deraadt
Diffstat (limited to 'sbin/ipsecctl/ipsecctl.h')
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h new file mode 100644 index 00000000000..f11a862a730 --- /dev/null +++ b/sbin/ipsecctl/ipsecctl.h @@ -0,0 +1,88 @@ +/* $Id: ipsecctl.h,v 1.1 2005/04/04 22:19:50 hshoexer Exp $ */ +/* + * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _IPSECCTL_H_ +#define _IPSECCTL_H_ + +#define IPSECCTL_OPT_DISABLE 0x0001 +#define IPSECCTL_OPT_ENABLE 0x0002 +#define IPSECCTL_OPT_NOACTION 0x0004 +#define IPSECCTL_OPT_VERBOSE 0x0010 +#define IPSECCTL_OPT_VERBOSE2 0x0020 +#define IPSECCTL_OPT_SHOW 0x0040 +#define IPSECCTL_OPT_FLUSH 0x0100 + +enum { + DIRECTION_UNKNOWN, IPSEC_IN, IPSEC_OUT, IPSEC_INOUT +}; +enum { + PROTO_UNKNWON, IPSEC_ESP, IPSEC_AH, IPSEC_COMP +}; +enum { + AUTH_UNKNOWN, AUTH_PSK, AUTH_RSA +}; +enum { + ID_UNKNOWN, ID_PREFIX, ID_FQDN, ID_UFQDN +}; + +struct ipsec_addr { + struct in_addr v4; + union { + struct in_addr mask; + u_int32_t mask32; + } v4mask; + int netaddress; + sa_family_t af; +}; + +struct ipsec_auth { + char *srcid; + char *dstid; + u_int8_t idtype; + u_int16_t type; +}; + +/* Complete state of one rule. */ +struct ipsec_rule { + struct ipsec_addr *src; + struct ipsec_addr *dst; + struct ipsec_addr *peer; + struct ipsec_auth auth; + + u_int8_t proto; + u_int8_t direction; + u_int32_t nr; + + TAILQ_ENTRY(ipsec_rule) entries; +}; + +TAILQ_HEAD(ipsec_rule_queue, ipsec_rule); + +struct ipsecctl { + u_int32_t rule_nr; + int opts; + struct ipsec_rule_queue rule_queue; +}; + +int parse_rules(FILE *, struct ipsecctl *); +int ipsecctl_add_rule(struct ipsecctl * ipsec, struct ipsec_rule *); +void ipsecctl_get_rules(struct ipsecctl *); +int pfkey_ipsec_establish(struct ipsec_rule *); +int pfkey_ipsec_flush(void); +int pfkey_init(void); + +#endif /* _IPSECCTL_H_ */ |