/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _LINUX_XFRM_H #define _LINUX_XFRM_H #include <linux/in6.h> #include <linux/types.h> #include <linux/stddef.h> /* All of the structures in this file may not change size as they are * passed into the kernel from userspace via netlink sockets. */ /* Structure to encapsulate addresses. I do not want to use * "standard" structure. My apologies. */ xfrm_address_t; /* Ident of a specific xfrm_state. It is used on input to lookup * the state by (spi,daddr,ah/esp) or to store information about * spi, protocol and tunnel address on output. */ struct xfrm_id { … }; struct xfrm_sec_ctx { … }; /* Security Context Domains of Interpretation */ #define XFRM_SC_DOI_RESERVED … #define XFRM_SC_DOI_LSM … /* Security Context Algorithms */ #define XFRM_SC_ALG_RESERVED … #define XFRM_SC_ALG_SELINUX … /* Selector, used as selector both on policy rules (SPD) and SAs. */ struct xfrm_selector { … }; #define XFRM_INF … struct xfrm_lifetime_cfg { … }; struct xfrm_lifetime_cur { … }; struct xfrm_replay_state { … }; #define XFRMA_REPLAY_ESN_MAX … struct xfrm_replay_state_esn { … }; struct xfrm_algo { … }; struct xfrm_algo_auth { … }; struct xfrm_algo_aead { … }; struct xfrm_stats { … }; enum { … }; enum { … }; enum xfrm_sa_dir { … }; enum { … }; #define XFRM_MODE_TRANSPORT … #define XFRM_MODE_TUNNEL … #define XFRM_MODE_ROUTEOPTIMIZATION … #define XFRM_MODE_IN_TRIGGER … #define XFRM_MODE_BEET … #define XFRM_MODE_MAX … /* Netlink configuration messages. */ enum { … }; #define XFRM_MSG_MAX … #define XFRM_NR_MSGTYPES … /* * Generic LSM security context for communicating to user space * NOTE: Same format as sadb_x_sec_ctx */ struct xfrm_user_sec_ctx { … }; struct xfrm_user_tmpl { … }; struct xfrm_encap_tmpl { … }; /* AEVENT flags */ enum xfrm_ae_ftype_t { … }; struct xfrm_userpolicy_type { … }; /* Netlink message attributes. */ enum xfrm_attr_type_t { … }; struct xfrm_mark { … }; enum xfrm_sadattr_type_t { … }; struct xfrmu_sadhinfo { … }; enum xfrm_spdattr_type_t { … }; struct xfrmu_spdinfo { … }; struct xfrmu_spdhinfo { … }; struct xfrmu_spdhthresh { … }; struct xfrm_usersa_info { … }; #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP … #define XFRM_SA_XFLAG_OSEQ_MAY_WRAP … struct xfrm_usersa_id { … }; struct xfrm_aevent_id { … }; struct xfrm_userspi_info { … }; struct xfrm_userpolicy_info { … }; struct xfrm_userpolicy_id { … }; struct xfrm_user_acquire { … }; struct xfrm_user_expire { … }; struct xfrm_user_polexpire { … }; struct xfrm_usersa_flush { … }; struct xfrm_user_report { … }; /* Used by MIGRATE to pass addresses IKE should use to perform * SA negotiation with the peer */ struct xfrm_user_kmaddress { … }; struct xfrm_user_migrate { … }; struct xfrm_user_mapping { … }; struct xfrm_address_filter { … }; struct xfrm_user_offload { … }; /* This flag was exposed without any kernel code that supports it. * Unfortunately, strongswan has the code that sets this flag, * which makes it impossible to reuse this bit. * * So leave it here to make sure that it won't be reused by mistake. */ #define XFRM_OFFLOAD_IPV6 … #define XFRM_OFFLOAD_INBOUND … /* Two bits above are relevant for state path only, while * offload is used for both policy and state flows. * * In policy offload mode, they are free and can be safely reused. */ #define XFRM_OFFLOAD_PACKET … struct xfrm_userpolicy_default { … }; #ifndef __KERNEL__ /* backwards compatibility for userspace */ #define XFRMGRP_ACQUIRE … #define XFRMGRP_EXPIRE … #define XFRMGRP_SA … #define XFRMGRP_POLICY … #define XFRMGRP_REPORT … #endif enum xfrm_nlgroups { … }; #define XFRMNLGRP_MAX … #endif /* _LINUX_XFRM_H */
Codebase Browser
linux