[people/ms/strongswan.git] / src / libfreeswan / freeswan.h

#ifndef _FREESWAN_H
/*
 * header file for FreeS/WAN library functions
 * Copyright (C) 1998, 1999, 2000  Henry Spencer.
 * Copyright (C) 1999, 2000, 2001  Richard Guy Briggs
 * 
 * This library is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Library General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/lgpl.txt>.
 * 
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Library General Public
 * License for more details.
 *
 * RCSID $Id: freeswan.h,v 1.2 2004/03/22 21:53:17 as Exp $
 */
#define	_FREESWAN_H	/* seen it, no need to see it again */


/*
 * We've just got to have some datatypes defined...  And annoyingly, just
 * where we get them depends on whether we're in userland or not.
 */
#ifdef __KERNEL__

#  include <linux/types.h>
#  include <linux/in.h>

#else /* __KERNEL__ */

#  include <stdio.h>
#  include <netinet/in.h>

#  define uint8_t u_int8_t
#  define uint16_t u_int16_t 
#  define uint32_t u_int32_t 
#  define uint64_t u_int64_t 

#  define DEBUG_NO_STATIC static

#endif /* __KERNEL__ */

#include <freeswan/ipsec_param.h>


/*
 * Grab the kernel version to see if we have NET_21, and therefore 
 * IPv6. Some of this is repeated from ipsec_kversions.h. Of course, 
 * we aren't really testing if the kernel has IPv6, but rather if the
 * the include files do.
 */
#include <linux/version.h>
#ifndef KERNEL_VERSION
#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
#endif

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
#define NET_21
#endif

#ifndef IPPROTO_COMP
#  define IPPROTO_COMP 108
#endif /* !IPPROTO_COMP */

#ifndef IPPROTO_INT
#  define IPPROTO_INT 61
#endif /* !IPPROTO_INT */

#ifdef CONFIG_IPSEC_DEBUG
#  define DEBUG_NO_STATIC
#else /* CONFIG_IPSEC_DEBUG */
#  define DEBUG_NO_STATIC static
#endif /* CONFIG_IPSEC_DEBUG */

#ifdef CONFIG_IPSEC_NAT_TRAVERSAL /* KERNEL ifdef */
#ifndef NAT_TRAVERSAL
#define NAT_TRAVERSAL
#endif
#endif
#ifdef NAT_TRAVERSAL
#define ESPINUDP_WITH_NON_IKE   1  /* draft-ietf-ipsec-nat-t-ike-00/01 */
#define ESPINUDP_WITH_NON_ESP   2  /* draft-ietf-ipsec-nat-t-ike-02    */
#endif

/*
 * Basic data types for the address-handling functions.
 * ip_address and ip_subnet are supposed to be opaque types; do not
 * use their definitions directly, they are subject to change!
 */

/* first, some quick fakes in case we're on an old system with no IPv6 */
#ifndef s6_addr16
struct in6_addr {
	union 
	{
		__u8		u6_addr8[16];
		__u16		u6_addr16[8];
		__u32		u6_addr32[4];
	} in6_u;
#define s6_addr			in6_u.u6_addr8
#define s6_addr16		in6_u.u6_addr16
#define s6_addr32		in6_u.u6_addr32
};
struct sockaddr_in6 {
	unsigned short int	sin6_family;    /* AF_INET6 */
	__u16			sin6_port;      /* Transport layer port # */
	__u32			sin6_flowinfo;  /* IPv6 flow information */
	struct in6_addr		sin6_addr;      /* IPv6 address */
	__u32			sin6_scope_id;  /* scope id (new in RFC2553) */
};
#endif	/* !s6_addr16 */

/* then the main types */
typedef struct {
	union {
		struct sockaddr_in v4;
		struct sockaddr_in6 v6;
	} u;
} ip_address;
typedef struct {
	ip_address addr;
	int maskbits;
} ip_subnet;

/* and the SA ID stuff */
#ifdef __KERNEL__
typedef __u32 ipsec_spi_t;
#else
typedef u_int32_t ipsec_spi_t;
#endif
typedef struct {		/* to identify an SA, we need: */
        ip_address dst;		/* A. destination host */
        ipsec_spi_t spi;	/* B. 32-bit SPI, assigned by dest. host */
#		define	SPI_PASS	256	/* magic values... */
#		define	SPI_DROP	257	/* ...for use... */
#		define	SPI_REJECT	258	/* ...with SA_INT */
#		define	SPI_HOLD	259
#		define	SPI_TRAP	260
#		define  SPI_TRAPSUBNET  261
	int proto;		/* C. protocol */
#		define	SA_ESP	50	/* IPPROTO_ESP */
#		define	SA_AH	51	/* IPPROTO_AH */
#		define	SA_IPIP	4	/* IPPROTO_IPIP */
#		define	SA_COMP	108	/* IPPROTO_COMP */
#		define	SA_INT	61	/* IANA reserved for internal use */
} ip_said;
struct sa_id {			/* old v4-only version */
        struct in_addr dst;
        ipsec_spi_t spi;
	int proto;
};

/* misc */
typedef const char *err_t;	/* error message, or NULL for success */
struct prng {			/* pseudo-random-number-generator guts */
	unsigned char sbox[256];
	int i, j;
	unsigned long count;
};


/*
 * definitions for user space, taken from freeswan/ipsec_sa.h
 */
typedef uint32_t IPsecSAref_t;

#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))

#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))

#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))

/* GCC magic for use in function definitions! */
#ifdef GCC_LINT
# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
# define NEVER_RETURNS __attribute__ ((noreturn))
# define UNUSED __attribute__ ((unused))
# define BLANK_FORMAT " "	/* GCC_LINT whines about empty formats */
#else
# define PRINTF_LIKE(n)	/* ignore */
# define NEVER_RETURNS /* ignore */
# define UNUSED /* ignore */
# define BLANK_FORMAT ""
#endif


/*
 * new IPv6-compatible functions
 */

/* text conversions */
err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
#define	ULTOT_BUF	(22+1)	/* holds 64 bits in octal */
err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
#define	ADDRTOT_BUF	(32*2 + 3 + 1 + 3 + 1 + 1)
err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
#define	SUBNETTOT_BUF	(ADDRTOT_BUF + 1 + 3)
err_t ttosa(const char *src, size_t srclen, ip_said *dst);
size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
#define	SATOT_BUF	(5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
err_t ttodata(const char *src, size_t srclen, int base, char *buf,
						size_t buflen, size_t *needed);
err_t ttodatav(const char *src, size_t srclen, int base,
	       char *buf,  size_t buflen, size_t *needed,
	       char *errp, size_t errlen, unsigned int flags);
#define	TTODATAV_BUF	40	/* ttodatav's largest non-literal message */
#define TTODATAV_IGNORESPACE  (1<<1)  /* ignore spaces in base64 encodings*/
#define TTODATAV_SPACECOUNTS  0       /* do not ignore spaces in base64   */

size_t datatot(const char *src, size_t srclen, int format, char *buf,
								size_t buflen);
size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst,
								size_t dstlen);
size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m,
					size_t mlen, char *dst, size_t dstlen);
#define	KEYID_BUF		10	/* up to 9 text digits plus NUL */
err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port,
							int *has_port_wildcard);

/* initializations */
void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
err_t loopbackaddr(int af, ip_address *dst);
err_t unspecaddr(int af, ip_address *dst);
err_t anyaddr(int af, ip_address *dst);
err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);

/* misc. conversions and related */
err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
int addrtypeof(const ip_address *src);
int subnettypeof(const ip_subnet *src);
size_t addrlenof(const ip_address *src);
size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
int masktocount(const ip_address *src);
void networkof(const ip_subnet *src, ip_address *dst);
void maskof(const ip_subnet *src, ip_address *dst);

/* tests */
int sameaddr(const ip_address *a, const ip_address *b);
int addrcmp(const ip_address *a, const ip_address *b);
int samesubnet(const ip_subnet *a, const ip_subnet *b);
int addrinsubnet(const ip_address *a, const ip_subnet *s);
int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
int subnetishost(const ip_subnet *s);
int samesaid(const ip_said *a, const ip_said *b);
int sameaddrtype(const ip_address *a, const ip_address *b);
int samesubnettype(const ip_subnet *a, const ip_subnet *b);
int isanyaddr(const ip_address *src);
int isunspecaddr(const ip_address *src);
int isloopbackaddr(const ip_address *src);

/* low-level grot */
int portof(const ip_address *src);
void setportof(int port, ip_address *dst);
struct sockaddr *sockaddrof(ip_address *src);
size_t sockaddrlenof(const ip_address *src);

/* PRNG */
void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
unsigned long prng_count(struct prng *prng);
void prng_final(struct prng *prng);

/* odds and ends */
const char *ipsec_version_code(void);
const char *ipsec_version_string(void);
const char **ipsec_copyright_notice(void);

const char *dns_string_rr(int rr, char *buf, int bufsize);
const char *dns_string_datetime(time_t seconds,
				char *buf,
				int bufsize);


/*
 * old functions, to be deleted eventually
 */

/* unsigned long */
const char *			/* NULL for success, else string literal */
atoul(
	const char *src,
	size_t srclen,		/* 0 means strlen(src) */
	int base,		/* 0 means figure it out */
	unsigned long *resultp
);
size_t				/* space needed for full conversion */
ultoa(
	unsigned long n,
	int base,
	char *dst,
	size_t dstlen
);
#define	ULTOA_BUF	21	/* just large enough for largest result, */
				/* assuming 64-bit unsigned long! */

/* Internet addresses */
const char *			/* NULL for success, else string literal */
atoaddr(
	const char *src,
	size_t srclen,		/* 0 means strlen(src) */
	struct in_addr *addr
);
size_t				/* space needed for full conversion */
addrtoa(
	struct in_addr addr,
	int format,		/* character; 0 means default */
	char *dst,
	size_t dstlen
);
#define	ADDRTOA_BUF	16	/* just large enough for largest result */

/* subnets */
const char *			/* NULL for success, else string literal */
atosubnet(
	const char *src,
	size_t srclen,		/* 0 means strlen(src) */
	struct in_addr *addr,
	struct in_addr *mask
);
size_t				/* space needed for full conversion */
subnettoa(
	struct in_addr addr,
	struct in_addr mask,
	int format,		/* character; 0 means default */
	char *dst,
	size_t dstlen
);
#define	SUBNETTOA_BUF	32	/* large enough for worst case result */

/* ranges */
const char *			/* NULL for success, else string literal */
atoasr(
	const char *src,
	size_t srclen,		/* 0 means strlen(src) */
	char *type,		/* 'a', 's', 'r' */
	struct in_addr *addrs	/* two-element array */
);
size_t				/* space needed for full conversion */
rangetoa(
	struct in_addr *addrs,	/* two-element array */
	int format,		/* character; 0 means default */
	char *dst,
	size_t dstlen
);
#define	RANGETOA_BUF	34	/* large enough for worst case result */

/* data types for SA conversion functions */

/* SAs */
const char *			/* NULL for success, else string literal */
atosa(
	const char *src,
	size_t srclen,		/* 0 means strlen(src) */
	struct sa_id *sa
);
size_t				/* space needed for full conversion */
satoa(
	struct sa_id sa,
	int format,		/* character; 0 means default */
	char *dst,
	size_t dstlen
);
#define	SATOA_BUF	(3+ULTOA_BUF+ADDRTOA_BUF)

/* generic data, e.g. keys */
const char *			/* NULL for success, else string literal */
atobytes(
	const char *src,
	size_t srclen,		/* 0 means strlen(src) */
	char *dst,
	size_t dstlen,
	size_t *lenp		/* NULL means don't bother telling me */
);
size_t				/* 0 failure, else true size */
bytestoa(
	const char *src,
	size_t srclen,
	int format,		/* character; 0 means default */
	char *dst,
	size_t dstlen
);

/* old versions of generic-data functions; deprecated */
size_t				/* 0 failure, else true size */
atodata(
	const char *src,
	size_t srclen,		/* 0 means strlen(src) */
	char *dst,
	size_t dstlen
);
size_t				/* 0 failure, else true size */
datatoa(
	const char *src,
	size_t srclen,
	int format,		/* character; 0 means default */
	char *dst,
	size_t dstlen
);

/* part extraction and special addresses */
struct in_addr
subnetof(
	struct in_addr addr,
	struct in_addr mask
);
struct in_addr
hostof(
	struct in_addr addr,
	struct in_addr mask
);
struct in_addr
broadcastof(
	struct in_addr addr,
	struct in_addr mask
);

/* mask handling */
int
goodmask(
	struct in_addr mask
);
int
masktobits(
	struct in_addr mask
);
struct in_addr
bitstomask(
	int n
);


/*
 * general utilities
 */

#ifndef __KERNEL__
/* option pickup from files (userland only because of use of FILE) */
const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
						int optind, FILE *errorreport);
#endif

/*
 * Debugging levels for pfkey_lib_debug
 */
#define PF_KEY_DEBUG_PARSE_NONE    0
#define PF_KEY_DEBUG_PARSE_PROBLEM 1
#define PF_KEY_DEBUG_PARSE_STRUCT  2
#define PF_KEY_DEBUG_PARSE_FLOW    4
#define PF_KEY_DEBUG_PARSE_MAX     7

extern unsigned int pfkey_lib_debug;  /* bits selecting what to report */

/*
 * pluto and lwdnsq need to know the maximum size of the commands to,
 * and replies from lwdnsq. 
 */

#define LWDNSQ_CMDBUF_LEN      1024
#define LWDNSQ_RESULT_LEN_MAX  4096

#endif /* _FREESWAN_H */
Commit	Line	Data
0fecac98 MW	1	#ifndef _FREESWAN_H
	2	/*
	3	* header file for FreeS/WAN library functions
	4	* Copyright (C) 1998, 1999, 2000 Henry Spencer.
	5	* Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
	6	*
	7	* This library is free software; you can redistribute it and/or modify it
	8	* under the terms of the GNU Library General Public License as published by
	9	* the Free Software Foundation; either version 2 of the License, or (at your
	10	* option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
	11	*
	12	* This library is distributed in the hope that it will be useful, but
	13	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	14	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
	15	* License for more details.
	16	*
	17	* RCSID $Id: freeswan.h,v 1.2 2004/03/22 21:53:17 as Exp $
	18	*/
	19	#define _FREESWAN_H /* seen it, no need to see it again */
	20
	21
	22
	23	/*
	24	* We've just got to have some datatypes defined... And annoyingly, just
	25	* where we get them depends on whether we're in userland or not.
	26	*/
	27	#ifdef __KERNEL__
	28
	29	# include <linux/types.h>
	30	# include <linux/in.h>
	31
	32	#else /* __KERNEL__ */
	33
	34	# include <stdio.h>
	35	# include <netinet/in.h>
	36
	37	# define uint8_t u_int8_t
	38	# define uint16_t u_int16_t
	39	# define uint32_t u_int32_t
	40	# define uint64_t u_int64_t
	41
	42	# define DEBUG_NO_STATIC static
	43
	44	#endif /* __KERNEL__ */
	45
	46	#include <freeswan/ipsec_param.h>
	47
	48
	49	/*
	50	* Grab the kernel version to see if we have NET_21, and therefore
	51	* IPv6. Some of this is repeated from ipsec_kversions.h. Of course,
	52	* we aren't really testing if the kernel has IPv6, but rather if the
	53	* the include files do.
	54	*/
	55	#include <linux/version.h>
	56	#ifndef KERNEL_VERSION
	57	#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
	58	#endif
	59
	60	#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
	61	#define NET_21
	62	#endif
	63
	64	#ifndef IPPROTO_COMP
65	# define IPPROTO_COMP 108
66	#endif /* !IPPROTO_COMP */
67
68	#ifndef IPPROTO_INT
69	# define IPPROTO_INT 61
70	#endif /* !IPPROTO_INT */
71
72	#ifdef CONFIG_IPSEC_DEBUG
73	# define DEBUG_NO_STATIC
74	#else /* CONFIG_IPSEC_DEBUG */
75	# define DEBUG_NO_STATIC static
76	#endif /* CONFIG_IPSEC_DEBUG */
77
78	#ifdef CONFIG_IPSEC_NAT_TRAVERSAL /* KERNEL ifdef */
79	#ifndef NAT_TRAVERSAL
80	#define NAT_TRAVERSAL
81	#endif
82	#endif
83	#ifdef NAT_TRAVERSAL
84	#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
85	#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
86	#endif
87
88	/*
89	* Basic data types for the address-handling functions.
90	* ip_address and ip_subnet are supposed to be opaque types; do not
91	* use their definitions directly, they are subject to change!
92	*/
93
94	/* first, some quick fakes in case we're on an old system with no IPv6 */
95	#ifndef s6_addr16
96	struct in6_addr {
97	union
98	{
99	__u8 u6_addr8[16];
100	__u16 u6_addr16[8];
101	__u32 u6_addr32[4];
102	} in6_u;
103	#define s6_addr in6_u.u6_addr8
104	#define s6_addr16 in6_u.u6_addr16
105	#define s6_addr32 in6_u.u6_addr32
106	};
107	struct sockaddr_in6 {
108	unsigned short int sin6_family; /* AF_INET6 */
109	__u16 sin6_port; /* Transport layer port # */
110	__u32 sin6_flowinfo; /* IPv6 flow information */
111	struct in6_addr sin6_addr; /* IPv6 address */
112	__u32 sin6_scope_id; /* scope id (new in RFC2553) */
113	};
114	#endif /* !s6_addr16 */
115
116	/* then the main types */
117	typedef struct {
118	union {
119	struct sockaddr_in v4;
120	struct sockaddr_in6 v6;
121	} u;
122	} ip_address;
123	typedef struct {
124	ip_address addr;
125	int maskbits;
126	} ip_subnet;
127
128	/* and the SA ID stuff */
129	#ifdef __KERNEL__
130	typedef __u32 ipsec_spi_t;
131	#else
132	typedef u_int32_t ipsec_spi_t;
133	#endif
134	typedef struct { /* to identify an SA, we need: */
135	ip_address dst; /* A. destination host */
136	ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
137	# define SPI_PASS 256 /* magic values... */
138	# define SPI_DROP 257 /* ...for use... */
139	# define SPI_REJECT 258 /* ...with SA_INT */
140	# define SPI_HOLD 259
141	# define SPI_TRAP 260
142	# define SPI_TRAPSUBNET 261
143	int proto; /* C. protocol */
144	# define SA_ESP 50 /* IPPROTO_ESP */
145	# define SA_AH 51 /* IPPROTO_AH */
146	# define SA_IPIP 4 /* IPPROTO_IPIP */
147	# define SA_COMP 108 /* IPPROTO_COMP */
148	# define SA_INT 61 /* IANA reserved for internal use */
149	} ip_said;
150	struct sa_id { /* old v4-only version */
151	struct in_addr dst;
152	ipsec_spi_t spi;
153	int proto;
154	};
155
156	/* misc */
157	typedef const char err_t; / error message, or NULL for success */
158	struct prng { /* pseudo-random-number-generator guts */
159	unsigned char sbox[256];
160	int i, j;
161	unsigned long count;
162	};
163
164
165	/*
166	* definitions for user space, taken from freeswan/ipsec_sa.h
167	*/
168	typedef uint32_t IPsecSAref_t;
169
170	#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
171
172	#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
173	#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
174
175	#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
176
177	/* GCC magic for use in function definitions! */
178	#ifdef GCC_LINT
179	# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
180	# define NEVER_RETURNS __attribute__ ((noreturn))
181	# define UNUSED __attribute__ ((unused))
182	# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
183	#else
184	# define PRINTF_LIKE(n) /* ignore */
185	# define NEVER_RETURNS /* ignore */
186	# define UNUSED /* ignore */
187	# define BLANK_FORMAT ""
188	#endif
189
190
191
192
193
194	/*
195	* new IPv6-compatible functions
196	*/
197
198	/* text conversions */
199	err_t ttoul(const char src, size_t srclen, int format, unsigned long dst);
200	size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
201	#define ULTOT_BUF (22+1) /* holds 64 bits in octal */
202	err_t ttoaddr(const char src, size_t srclen, int af, ip_address dst);
203	err_t tnatoaddr(const char src, size_t srclen, int af, ip_address dst);
204	size_t addrtot(const ip_address src, int format, char buf, size_t buflen);
205	/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
206	#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
207	err_t ttosubnet(const char src, size_t srclen, int af, ip_subnet dst);
208	size_t subnettot(const ip_subnet src, int format, char buf, size_t buflen);
209	#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
210	err_t ttosa(const char src, size_t srclen, ip_said dst);
211	size_t satot(const ip_said src, int format, char bufptr, size_t buflen);
212	#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
213	err_t ttodata(const char src, size_t srclen, int base, char buf,
214	size_t buflen, size_t *needed);
215	err_t ttodatav(const char *src, size_t srclen, int base,
216	char buf, size_t buflen, size_t needed,
217	char *errp, size_t errlen, unsigned int flags);
218	#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
219	#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
220	#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
221
222	size_t datatot(const char src, size_t srclen, int format, char buf,
223	size_t buflen);
224	size_t keyblobtoid(const unsigned char src, size_t srclen, char dst,
225	size_t dstlen);
226	size_t splitkeytoid(const unsigned char e, size_t elen, const unsigned char m,
227	size_t mlen, char *dst, size_t dstlen);
228	#define KEYID_BUF 10 /* up to 9 text digits plus NUL */
229	err_t ttoprotoport(char src, size_t src_len, u_int8_t proto, u_int16_t *port,
230	int *has_port_wildcard);
231
232	/* initializations */
233	void initsaid(const ip_address addr, ipsec_spi_t spi, int proto, ip_said dst);
234	err_t loopbackaddr(int af, ip_address *dst);
235	err_t unspecaddr(int af, ip_address *dst);
236	err_t anyaddr(int af, ip_address *dst);
237	err_t initaddr(const unsigned char src, size_t srclen, int af, ip_address dst);
238	err_t initsubnet(const ip_address addr, int maskbits, int clash, ip_subnet dst);
239	err_t addrtosubnet(const ip_address addr, ip_subnet dst);
240
241	/* misc. conversions and related */
242	err_t rangetosubnet(const ip_address from, const ip_address to, ip_subnet *dst);
243	int addrtypeof(const ip_address *src);
244	int subnettypeof(const ip_subnet *src);
245	size_t addrlenof(const ip_address *src);
246	size_t addrbytesptr(const ip_address src, const unsigned char *dst);
247	size_t addrbytesof(const ip_address src, unsigned char dst, size_t dstlen);
248	int masktocount(const ip_address *src);
249	void networkof(const ip_subnet src, ip_address dst);
250	void maskof(const ip_subnet src, ip_address dst);
251
252	/* tests */
253	int sameaddr(const ip_address a, const ip_address b);
254	int addrcmp(const ip_address a, const ip_address b);
255	int samesubnet(const ip_subnet a, const ip_subnet b);
256	int addrinsubnet(const ip_address a, const ip_subnet s);
257	int subnetinsubnet(const ip_subnet a, const ip_subnet b);
258	int subnetishost(const ip_subnet *s);
259	int samesaid(const ip_said a, const ip_said b);
260	int sameaddrtype(const ip_address a, const ip_address b);
261	int samesubnettype(const ip_subnet a, const ip_subnet b);
262	int isanyaddr(const ip_address *src);
263	int isunspecaddr(const ip_address *src);
264	int isloopbackaddr(const ip_address *src);
265
266	/* low-level grot */
267	int portof(const ip_address *src);
268	void setportof(int port, ip_address *dst);
269	struct sockaddr sockaddrof(ip_address src);
270	size_t sockaddrlenof(const ip_address *src);
271
272	/* PRNG */
273	void prng_init(struct prng prng, const unsigned char key, size_t keylen);
274	void prng_bytes(struct prng prng, unsigned char dst, size_t dstlen);
275	unsigned long prng_count(struct prng *prng);
276	void prng_final(struct prng *prng);
277
278	/* odds and ends */
279	const char *ipsec_version_code(void);
280	const char *ipsec_version_string(void);
281	const char **ipsec_copyright_notice(void);
282
283	const char dns_string_rr(int rr, char buf, int bufsize);
284	const char *dns_string_datetime(time_t seconds,
285	char *buf,
286	int bufsize);
287
288
289	/*
290	* old functions, to be deleted eventually
291	*/
292
293	/* unsigned long */
294	const char * /* NULL for success, else string literal */
295	atoul(
296	const char *src,
297	size_t srclen, /* 0 means strlen(src) */
298	int base, /* 0 means figure it out */
299	unsigned long *resultp
300	);
301	size_t /* space needed for full conversion */
302	ultoa(
303	unsigned long n,
304	int base,
305	char *dst,
306	size_t dstlen
307	);
308	#define ULTOA_BUF 21 /* just large enough for largest result, */
309	/* assuming 64-bit unsigned long! */
310
311	/* Internet addresses */
312	const char * /* NULL for success, else string literal */
313	atoaddr(
314	const char *src,
315	size_t srclen, /* 0 means strlen(src) */
316	struct in_addr *addr
317	);
318	size_t /* space needed for full conversion */
319	addrtoa(
320	struct in_addr addr,
321	int format, /* character; 0 means default */
322	char *dst,
323	size_t dstlen
324	);
325	#define ADDRTOA_BUF 16 /* just large enough for largest result */
326
327	/* subnets */
328	const char * /* NULL for success, else string literal */
329	atosubnet(
330	const char *src,
331	size_t srclen, /* 0 means strlen(src) */
332	struct in_addr *addr,
333	struct in_addr *mask
334	);
335	size_t /* space needed for full conversion */
336	subnettoa(
337	struct in_addr addr,
338	struct in_addr mask,
339	int format, /* character; 0 means default */
340	char *dst,
341	size_t dstlen
342	);
343	#define SUBNETTOA_BUF 32 /* large enough for worst case result */
344
345	/* ranges */
346	const char * /* NULL for success, else string literal */
347	atoasr(
348	const char *src,
349	size_t srclen, /* 0 means strlen(src) */
350	char type, / 'a', 's', 'r' */
351	struct in_addr addrs / two-element array */
352	);
353	size_t /* space needed for full conversion */
354	rangetoa(
355	struct in_addr addrs, / two-element array */
356	int format, /* character; 0 means default */
357	char *dst,
358	size_t dstlen
359	);
360	#define RANGETOA_BUF 34 /* large enough for worst case result */
361
362	/* data types for SA conversion functions */
363
364	/* SAs */
365	const char * /* NULL for success, else string literal */
366	atosa(
367	const char *src,
368	size_t srclen, /* 0 means strlen(src) */
369	struct sa_id *sa
370	);
371	size_t /* space needed for full conversion */
372	satoa(
373	struct sa_id sa,
374	int format, /* character; 0 means default */
375	char *dst,
376	size_t dstlen
377	);
378	#define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF)
379
380	/* generic data, e.g. keys */
381	const char * /* NULL for success, else string literal */
382	atobytes(
383	const char *src,
384	size_t srclen, /* 0 means strlen(src) */
385	char *dst,
386	size_t dstlen,
387	size_t lenp / NULL means don't bother telling me */
388	);
389	size_t /* 0 failure, else true size */
390	bytestoa(
391	const char *src,
392	size_t srclen,
393	int format, /* character; 0 means default */
394	char *dst,
395	size_t dstlen
396	);
397
398	/* old versions of generic-data functions; deprecated */
399	size_t /* 0 failure, else true size */
400	atodata(
401	const char *src,
402	size_t srclen, /* 0 means strlen(src) */
403	char *dst,
404	size_t dstlen
405	);
406	size_t /* 0 failure, else true size */
407	datatoa(
408	const char *src,
409	size_t srclen,
410	int format, /* character; 0 means default */
411	char *dst,
412	size_t dstlen
413	);
414
415	/* part extraction and special addresses */
416	struct in_addr
417	subnetof(
418	struct in_addr addr,
419	struct in_addr mask
420	);
421	struct in_addr
422	hostof(
423	struct in_addr addr,
424	struct in_addr mask
425	);
426	struct in_addr
427	broadcastof(
428	struct in_addr addr,
429	struct in_addr mask
430	);
431
432	/* mask handling */
433	int
434	goodmask(
435	struct in_addr mask
436	);
437	int
438	masktobits(
439	struct in_addr mask
440	);
441	struct in_addr
442	bitstomask(
443	int n
444	);
445
446
447
448	/*
449	* general utilities
450	*/
451
452	#ifndef __KERNEL__
453	/* option pickup from files (userland only because of use of FILE) */
454	const char optionsfrom(const char filename, int argcp, char **argvp,
455	int optind, FILE *errorreport);
456	#endif
457
458	/*
459	* Debugging levels for pfkey_lib_debug
460	*/
461	#define PF_KEY_DEBUG_PARSE_NONE 0
462	#define PF_KEY_DEBUG_PARSE_PROBLEM 1
463	#define PF_KEY_DEBUG_PARSE_STRUCT 2
464	#define PF_KEY_DEBUG_PARSE_FLOW 4
465	#define PF_KEY_DEBUG_PARSE_MAX 7
466
467	extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
468
469	/*
470	* pluto and lwdnsq need to know the maximum size of the commands to,
471	* and replies from lwdnsq.
472	*/
473
474	#define LWDNSQ_CMDBUF_LEN 1024
475	#define LWDNSQ_RESULT_LEN_MAX 4096
476
477	#endif /* _FREESWAN_H */