3
* header file for FreeS/WAN library functions
4
* Copyright (C) 1998, 1999, 2000 Henry Spencer.
5
* Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
7
* This library is free software; you can redistribute it and/or modify it
8
* under the terms of the GNU Library General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or (at your
10
* option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
12
* This library is distributed in the hope that it will be useful, but
13
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
15
* License for more details.
17
* RCSID $Id: openswan.h,v 1.82 2003/12/10 01:20:01 mcr Exp $
19
#define _FREESWAN_H /* seen it, no need to see it again */
24
* We've just got to have some datatypes defined... And annoyingly, just
25
* where we get them depends on whether we're in userland or not.
29
# include <linux/types.h>
30
# include <linux/in.h>
32
#else /* __KERNEL__ */
35
# include <netinet/in.h>
37
# define uint8_t u_int8_t
38
# define uint16_t u_int16_t
39
# define uint32_t u_int32_t
40
# define uint64_t u_int64_t
42
# define DEBUG_NO_STATIC static
44
#endif /* __KERNEL__ */
46
#include <freeswan/ipsec_param.h>
50
* Grab the kernel version to see if we have NET_21, and therefore
51
* IPv6. Some of this is repeated from ipsec_kversions.h. Of course,
52
* we aren't really testing if the kernel has IPv6, but rather if the
53
* the include files do.
55
#include <linux/version.h>
56
#ifndef KERNEL_VERSION
57
#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
60
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
65
# define IPPROTO_COMP 108
66
#endif /* !IPPROTO_COMP */
69
# define IPPROTO_INT 61
70
#endif /* !IPPROTO_INT */
72
#ifdef CONFIG_IPSEC_DEBUG
73
# define DEBUG_NO_STATIC
74
#else /* CONFIG_IPSEC_DEBUG */
75
# define DEBUG_NO_STATIC static
76
#endif /* CONFIG_IPSEC_DEBUG */
78
#ifdef CONFIG_IPSEC_NAT_TRAVERSAL /* KERNEL ifdef */
84
#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
85
#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
89
* Basic data types for the address-handling functions.
90
* ip_address and ip_subnet are supposed to be opaque types; do not
91
* use their definitions directly, they are subject to change!
94
/* first, some quick fakes in case we're on an old system with no IPv6 */
103
#define s6_addr in6_u.u6_addr8
104
#define s6_addr16 in6_u.u6_addr16
105
#define s6_addr32 in6_u.u6_addr32
107
struct sockaddr_in6 {
108
unsigned short int sin6_family; /* AF_INET6 */
109
__u16 sin6_port; /* Transport layer port # */
110
__u32 sin6_flowinfo; /* IPv6 flow information */
111
struct in6_addr sin6_addr; /* IPv6 address */
112
__u32 sin6_scope_id; /* scope id (new in RFC2553) */
114
#endif /* !s6_addr16 */
116
/* then the main types */
119
struct sockaddr_in v4;
120
struct sockaddr_in6 v6;
128
/* and the SA ID stuff */
130
typedef __u32 ipsec_spi_t;
132
typedef u_int32_t ipsec_spi_t;
134
typedef struct { /* to identify an SA, we need: */
135
ip_address dst; /* A. destination host */
136
ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
137
# define SPI_PASS 256 /* magic values... */
138
# define SPI_DROP 257 /* ...for use... */
139
# define SPI_REJECT 258 /* ...with SA_INT */
140
# define SPI_HOLD 259
141
# define SPI_TRAP 260
142
# define SPI_TRAPSUBNET 261
143
int proto; /* C. protocol */
144
# define SA_ESP 50 /* IPPROTO_ESP */
145
# define SA_AH 51 /* IPPROTO_AH */
146
# define SA_IPIP 4 /* IPPROTO_IPIP */
147
# define SA_COMP 108 /* IPPROTO_COMP */
148
# define SA_INT 61 /* IANA reserved for internal use */
152
typedef const char *err_t; /* error message, or NULL for success */
153
struct prng { /* pseudo-random-number-generator guts */
154
unsigned char sbox[256];
161
* definitions for user space, taken from freeswan/ipsec_sa.h
163
typedef uint32_t IPsecSAref_t;
165
#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
167
#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
168
#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
170
#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
172
/* GCC magic for use in function definitions! */
174
# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
175
# define NEVER_RETURNS __attribute__ ((noreturn))
176
# define UNUSED __attribute__ ((unused))
177
# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
179
# define PRINTF_LIKE(n) /* ignore */
180
# define NEVER_RETURNS /* ignore */
181
# define UNUSED /* ignore */
182
# define BLANK_FORMAT ""
190
* new IPv6-compatible functions
193
/* text conversions */
194
err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
195
size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
196
#define ULTOT_BUF (22+1) /* holds 64 bits in octal */
197
err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
198
err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
199
size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
200
/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
201
#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
202
err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
203
size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
204
#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
205
size_t subnetporttot(const ip_subnet *src, int format, char *buf, size_t buflen);
206
#define SUBNETPROTOTOT_BUF (SUBNETTOTO_BUF + ULTOT_BUF)
207
err_t ttosa(const char *src, size_t srclen, ip_said *dst);
208
size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
209
#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
210
err_t ttodata(const char *src, size_t srclen, int base, char *buf,
211
size_t buflen, size_t *needed);
212
err_t ttodatav(const char *src, size_t srclen, int base,
213
char *buf, size_t buflen, size_t *needed,
214
char *errp, size_t errlen, unsigned int flags);
215
#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
216
#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
217
#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
219
size_t datatot(const char *src, size_t srclen, int format, char *buf,
221
size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst,
223
size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m,
224
size_t mlen, char *dst, size_t dstlen);
225
#define KEYID_BUF 10 /* up to 9 text digits plus NUL */
226
err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port);
228
/* initializations */
229
void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
230
err_t loopbackaddr(int af, ip_address *dst);
231
err_t unspecaddr(int af, ip_address *dst);
232
err_t anyaddr(int af, ip_address *dst);
233
err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
234
err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
235
err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
237
/* misc. conversions and related */
238
err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
239
int addrtypeof(const ip_address *src);
240
int subnettypeof(const ip_subnet *src);
241
size_t addrlenof(const ip_address *src);
242
size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
243
size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
244
int masktocount(const ip_address *src);
245
void networkof(const ip_subnet *src, ip_address *dst);
246
void maskof(const ip_subnet *src, ip_address *dst);
249
int sameaddr(const ip_address *a, const ip_address *b);
250
int addrcmp(const ip_address *a, const ip_address *b);
251
int samesubnet(const ip_subnet *a, const ip_subnet *b);
252
int addrinsubnet(const ip_address *a, const ip_subnet *s);
253
int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
254
int subnetishost(const ip_subnet *s);
255
int samesaid(const ip_said *a, const ip_said *b);
256
int sameaddrtype(const ip_address *a, const ip_address *b);
257
int samesubnettype(const ip_subnet *a, const ip_subnet *b);
258
int isanyaddr(const ip_address *src);
259
int isunspecaddr(const ip_address *src);
260
int isloopbackaddr(const ip_address *src);
263
int portof(const ip_address *src);
264
void setportof(int port, ip_address *dst);
265
struct sockaddr *sockaddrof(ip_address *src);
266
size_t sockaddrlenof(const ip_address *src);
269
void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
270
void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
271
unsigned long prng_count(struct prng *prng);
272
void prng_final(struct prng *prng);
275
const char *ipsec_version_code(void);
276
const char *ipsec_version_string(void);
277
const char **ipsec_copyright_notice(void);
279
const char *dns_string_rr(int rr, char *buf, int bufsize);
280
const char *dns_string_datetime(time_t seconds,
286
* old functions, to be deleted eventually
290
const char * /* NULL for success, else string literal */
293
size_t srclen, /* 0 means strlen(src) */
294
int base, /* 0 means figure it out */
295
unsigned long *resultp
297
size_t /* space needed for full conversion */
304
#define ULTOA_BUF 21 /* just large enough for largest result, */
305
/* assuming 64-bit unsigned long! */
307
/* Internet addresses */
308
const char * /* NULL for success, else string literal */
311
size_t srclen, /* 0 means strlen(src) */
314
size_t /* space needed for full conversion */
317
int format, /* character; 0 means default */
321
#define ADDRTOA_BUF 16 /* just large enough for largest result */
324
const char * /* NULL for success, else string literal */
327
size_t srclen, /* 0 means strlen(src) */
328
struct in_addr *addr,
331
size_t /* space needed for full conversion */
335
int format, /* character; 0 means default */
339
#define SUBNETTOA_BUF 32 /* large enough for worst case result */
342
const char * /* NULL for success, else string literal */
345
size_t srclen, /* 0 means strlen(src) */
346
char *type, /* 'a', 's', 'r' */
347
struct in_addr *addrs /* two-element array */
349
size_t /* space needed for full conversion */
351
struct in_addr *addrs, /* two-element array */
352
int format, /* character; 0 means default */
356
#define RANGETOA_BUF 34 /* large enough for worst case result */
358
/* data types for SA conversion functions */
360
/* generic data, e.g. keys */
361
const char * /* NULL for success, else string literal */
364
size_t srclen, /* 0 means strlen(src) */
367
size_t *lenp /* NULL means don't bother telling me */
369
size_t /* 0 failure, else true size */
373
int format, /* character; 0 means default */
378
/* old versions of generic-data functions; deprecated */
379
size_t /* 0 failure, else true size */
382
size_t srclen, /* 0 means strlen(src) */
386
size_t /* 0 failure, else true size */
390
int format, /* character; 0 means default */
395
/* part extraction and special addresses */
433
/* option pickup from files (userland only because of use of FILE) */
434
const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
435
int optind, FILE *errorreport);
437
/* sanitize a string */
438
extern size_t sanitize_string(char *buf, size_t size);
443
* Debugging levels for pfkey_lib_debug
445
#define PF_KEY_DEBUG_PARSE_NONE 0
446
#define PF_KEY_DEBUG_PARSE_PROBLEM 1
447
#define PF_KEY_DEBUG_PARSE_STRUCT 2
448
#define PF_KEY_DEBUG_PARSE_FLOW 4
449
#define PF_KEY_DEBUG_BUILD 8
450
#define PF_KEY_DEBUG_PARSE_MAX 15
452
extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
455
* pluto and lwdnsq need to know the maximum size of the commands to,
456
* and replies from lwdnsq.
459
#define LWDNSQ_CMDBUF_LEN 1024
460
#define LWDNSQ_RESULT_LEN_MAX 4096
462
#endif /* _FREESWAN_H */