diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1997-02-28 03:44:55 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1997-02-28 03:44:55 +0000 |
| commit | 49f58e78e8868b6b26ffef64c386021815e88a04 (patch) | |
| tree | 9e660903d82157b031f0dd6f73465bb4f502c9c4 /sys/netinet/in.h | |
| parent | 906f85e975fb8f8fd31019cd130c141942990611 (diff) | |
IPsec socket API hooks are in.
Diffstat (limited to 'sys/netinet/in.h')
| -rw-r--r-- | sys/netinet/in.h | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/sys/netinet/in.h b/sys/netinet/in.h index d69dbcef7c9..9fca4a44a4c 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in.h,v 1.7 1997/02/20 01:07:45 deraadt Exp $ */ +/* $OpenBSD: in.h,v 1.8 1997/02/28 03:44:52 angelos Exp $ */ /* $NetBSD: in.h,v 1.20 1996/02/13 23:41:47 christos Exp $ */ /* @@ -231,6 +231,27 @@ struct ip_opts { #define IP_DROP_MEMBERSHIP 13 /* ip_mreq; drop an IP group membership */ /* 14-17 left empty for future compatibility with FreeBSD */ #define IP_PORTRANGE 19 /* int; range to choose for unspec port */ +#define IP_AUTH_LEVEL 20 /* u_char; authentication used */ +#define IP_ESP_TRANS_LEVEL 21 /* u_char; transport encryption */ +#define IP_ESP_NETWORK_LEVEL 22 /* u_char; full-packet encryption */ + + +/* + * Security levels - IPsec, not IPSO + */ + +#define IPSEC_LEVEL_BYPASS 0x00 /* Bypass policy altogether */ +#define IPSEC_LEVEL_NONE 0x00 /* Send clear, accept any */ +#define IPSEC_LEVEL_AVAIL 0x01 /* Send secure if SA available */ +#define IPSEC_LEVEL_USE 0x02 /* Send secure, accept any */ +#define IPSEC_LEVEL_REQUIRE 0x03 /* Require secure inbound, also use */ +#define IPSEC_LEVEL_UNIQUE 0x04 /* Use outbound SA that is unique */ +#define IPSEC_LEVEL_DEFAULT IPSEC_LEVEL_NONE + +#define IPSEC_AUTH_LEVEL_DEFAULT IPSEC_LEVEL_DEFAULT +#define IPSEC_ESP_TRANS_LEVEL_DEFAULT IPSEC_LEVEL_DEFAULT +#define IPSEC_ESP_NETWORK_LEVEL_DEFAULT IPSEC_LEVEL_DEFAULT + /* * Defaults and limits for options |