summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ipsecctl.h
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/ipsecctl/ipsecctl.h')
-rw-r--r--sbin/ipsecctl/ipsecctl.h88
1 files changed, 88 insertions, 0 deletions
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
new file mode 100644
index 00000000000..f11a862a730
--- /dev/null
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -0,0 +1,88 @@
+/* $Id: ipsecctl.h,v 1.1 2005/04/04 22:19:50 hshoexer Exp $ */
+/*
+ * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _IPSECCTL_H_
+#define _IPSECCTL_H_
+
+#define IPSECCTL_OPT_DISABLE 0x0001
+#define IPSECCTL_OPT_ENABLE 0x0002
+#define IPSECCTL_OPT_NOACTION 0x0004
+#define IPSECCTL_OPT_VERBOSE 0x0010
+#define IPSECCTL_OPT_VERBOSE2 0x0020
+#define IPSECCTL_OPT_SHOW 0x0040
+#define IPSECCTL_OPT_FLUSH 0x0100
+
+enum {
+ DIRECTION_UNKNOWN, IPSEC_IN, IPSEC_OUT, IPSEC_INOUT
+};
+enum {
+ PROTO_UNKNWON, IPSEC_ESP, IPSEC_AH, IPSEC_COMP
+};
+enum {
+ AUTH_UNKNOWN, AUTH_PSK, AUTH_RSA
+};
+enum {
+ ID_UNKNOWN, ID_PREFIX, ID_FQDN, ID_UFQDN
+};
+
+struct ipsec_addr {
+ struct in_addr v4;
+ union {
+ struct in_addr mask;
+ u_int32_t mask32;
+ } v4mask;
+ int netaddress;
+ sa_family_t af;
+};
+
+struct ipsec_auth {
+ char *srcid;
+ char *dstid;
+ u_int8_t idtype;
+ u_int16_t type;
+};
+
+/* Complete state of one rule. */
+struct ipsec_rule {
+ struct ipsec_addr *src;
+ struct ipsec_addr *dst;
+ struct ipsec_addr *peer;
+ struct ipsec_auth auth;
+
+ u_int8_t proto;
+ u_int8_t direction;
+ u_int32_t nr;
+
+ TAILQ_ENTRY(ipsec_rule) entries;
+};
+
+TAILQ_HEAD(ipsec_rule_queue, ipsec_rule);
+
+struct ipsecctl {
+ u_int32_t rule_nr;
+ int opts;
+ struct ipsec_rule_queue rule_queue;
+};
+
+int parse_rules(FILE *, struct ipsecctl *);
+int ipsecctl_add_rule(struct ipsecctl * ipsec, struct ipsec_rule *);
+void ipsecctl_get_rules(struct ipsecctl *);
+int pfkey_ipsec_establish(struct ipsec_rule *);
+int pfkey_ipsec_flush(void);
+int pfkey_init(void);
+
+#endif /* _IPSECCTL_H_ */