diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-09-19 03:19:40 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-09-19 03:19:40 +0000 |
| commit | af73df8e49a73ae51c26612cdf39434cf2ae6a75 (patch) | |
| tree | 35973a72331245a21b88055374040b9758c65b7f /sys/net/pfkeyv2.h | |
| parent | 5534a5937914c47ce35c34ef3e6aeba61aa79e11 (diff) | |
SPD-driven IPsec.
Diffstat (limited to 'sys/net/pfkeyv2.h')
| -rw-r--r-- | sys/net/pfkeyv2.h | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 1952b82a05b..9a6fcb9a300 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -28,9 +28,7 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>. #define SADB_X_PROMISC 11 #define SADB_X_ADDFLOW 12 #define SADB_X_DELFLOW 13 -#define SADB_X_GRPSPIS 14 -#define SADB_X_BINDSA 15 -#define SADB_MAX 15 +#define SADB_MAX 13 struct sadb_msg { uint8_t sadb_msg_version; @@ -155,14 +153,13 @@ struct sadb_protocol { uint16_t sadb_protocol_len; uint16_t sadb_protocol_exttype; uint8_t sadb_protocol_proto; - uint8_t sadb_protocol_reserved1; + uint8_t sadb_protocol_direction; uint16_t sadb_protocol_reserved2; }; #define SADB_GETSPROTO(x) ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\ (x) == SADB_SATYPE_ESP ? IPPROTO_ESP :\ - (x) == SADB_X_SATYPE_BYPASS ? IPPROTO_IP :\ - IPPROTO_IPIP ) + IPPROTO_IPIP ) #define SADB_EXT_RESERVED 0 #define SADB_EXT_SA 1 @@ -183,11 +180,10 @@ struct sadb_protocol { #define SADB_X_EXT_SRC_MASK 16 #define SADB_X_EXT_DST_MASK 17 #define SADB_X_EXT_PROTOCOL 18 -#define SADB_X_EXT_SA2 19 +#define SADB_X_EXT_FLOW_TYPE 19 #define SADB_X_EXT_SRC_FLOW 20 #define SADB_X_EXT_DST_FLOW 21 -#define SADB_X_EXT_DST2 22 -#define SADB_EXT_MAX 22 +#define SADB_EXT_MAX 21 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */ #define SADB_SATYPE_UNSPEC 0 @@ -199,8 +195,7 @@ struct sadb_protocol { #define SADB_SATYPE_MIP 6 #define SADB_X_SATYPE_IPIP 7 #define SADB_X_SATYPE_TCPSIGNATURE 8 -#define SADB_X_SATYPE_BYPASS 9 -#define SADB_SATYPE_MAX 9 +#define SADB_SATYPE_MAX 8 #define SADB_SASTATE_LARVAL 0 #define SADB_SASTATE_MATURE 1 @@ -230,8 +225,6 @@ struct sadb_protocol { #define SADB_X_SAFLAGS_HALFIV 0x002 /* Used for ESP-old */ #define SADB_X_SAFLAGS_TUNNEL 0x004 /* Force tunneling */ #define SADB_X_SAFLAGS_CHAINDEL 0x008 /* Delete whole SA chain */ -#define SADB_X_SAFLAGS_REPLACEFLOW 0x020 /* Replace existing flow */ -#define SADB_X_SAFLAGS_INGRESS_FLOW 0x040 /* Ingress ACL entry */ #define SADB_X_SAFLAGS_RANDOMPADDING 0x080 /* Random ESP padding */ #define SADB_X_SAFLAGS_NOREPLAY 0x100 /* No replay counter */ @@ -261,6 +254,15 @@ struct sadb_protocol { #define PFKEYV2_SENDMESSAGE_REGISTERED 2 #define PFKEYV2_SENDMESSAGE_BROADCAST 3 +#define FLOW_X_TYPE_USE 1 +#define FLOW_X_TYPE_ACQUIRE 2 +#define FLOW_X_TYPE_REQUIRE 3 +#define FLOW_X_TYPE_BYPASS 4 +#define FLOW_X_TYPE_DENY 5 +#define FLOW_X_TYPE_DONTACQ 6 + +#define OPENBSD_IPSEC_API_VERSION 1 + #ifdef _KERNEL struct tdb; struct socket; @@ -293,7 +295,8 @@ int pfkeyv2_init(void); int pfkeyv2_cleanup(void); int pfkeyv2_parsemessage(void *, int, void **); int pfkeyv2_expire(struct tdb *, u_int16_t); -int pfkeyv2_acquire(struct tdb *, int); +int pfkeyv2_acquire(struct ipsec_policy *, union sockaddr_union *, + union sockaddr_union *); int pfkey_register(struct pfkey_version *version); int pfkey_unregister(struct pfkey_version *version); |