]>
git.ipfire.org Git - people/ms/strongswan.git/blob - src/libfreeswan/freeswan.h
3 * header file for FreeS/WAN library functions
4 * Copyright (C) 1998, 1999, 2000 Henry Spencer.
5 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
7 * This library is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Library General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
15 * License for more details.
17 * RCSID $Id: freeswan.h,v 1.2 2004/03/22 21:53:17 as Exp $
19 #define _FREESWAN_H /* seen it, no need to see it again */
24 * We've just got to have some datatypes defined... And annoyingly, just
25 * where we get them depends on whether we're in userland or not.
29 # include <linux/types.h>
30 # include <linux/in.h>
32 #else /* __KERNEL__ */
35 # include <netinet/in.h>
37 # define uint8_t u_int8_t
38 # define uint16_t u_int16_t
39 # define uint32_t u_int32_t
40 # define uint64_t u_int64_t
42 # define DEBUG_NO_STATIC static
44 #endif /* __KERNEL__ */
46 #include <freeswan/ipsec_param.h>
50 * Grab the kernel version to see if we have NET_21, and therefore
51 * IPv6. Some of this is repeated from ipsec_kversions.h. Of course,
52 * we aren't really testing if the kernel has IPv6, but rather if the
53 * the include files do.
55 #include <linux/version.h>
56 #ifndef KERNEL_VERSION
57 #define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
60 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
65 # define IPPROTO_COMP 108
66 #endif /* !IPPROTO_COMP */
69 # define IPPROTO_INT 61
70 #endif /* !IPPROTO_INT */
72 #ifdef CONFIG_IPSEC_DEBUG
73 # define DEBUG_NO_STATIC
74 #else /* CONFIG_IPSEC_DEBUG */
75 # define DEBUG_NO_STATIC static
76 #endif /* CONFIG_IPSEC_DEBUG */
78 #ifdef CONFIG_IPSEC_NAT_TRAVERSAL /* KERNEL ifdef */
84 #define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
85 #define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
89 * Basic data types for the address-handling functions.
90 * ip_address and ip_subnet are supposed to be opaque types; do not
91 * use their definitions directly, they are subject to change!
94 /* first, some quick fakes in case we're on an old system with no IPv6 */
103 #define s6_addr in6_u.u6_addr8
104 #define s6_addr16 in6_u.u6_addr16
105 #define s6_addr32 in6_u.u6_addr32
107 struct sockaddr_in6
{
108 unsigned short int sin6_family
; /* AF_INET6 */
109 __u16 sin6_port
; /* Transport layer port # */
110 __u32 sin6_flowinfo
; /* IPv6 flow information */
111 struct in6_addr sin6_addr
; /* IPv6 address */
112 __u32 sin6_scope_id
; /* scope id (new in RFC2553) */
114 #endif /* !s6_addr16 */
116 /* then the main types */
119 struct sockaddr_in v4
;
120 struct sockaddr_in6 v6
;
128 /* and the SA ID stuff */
130 typedef __u32 ipsec_spi_t
;
132 typedef u_int32_t ipsec_spi_t
;
134 typedef struct { /* to identify an SA, we need: */
135 ip_address dst
; /* A. destination host */
136 ipsec_spi_t spi
; /* B. 32-bit SPI, assigned by dest. host */
137 # define SPI_PASS 256 /* magic values... */
138 # define SPI_DROP 257 /* ...for use... */
139 # define SPI_REJECT 258 /* ...with SA_INT */
140 # define SPI_HOLD 259
141 # define SPI_TRAP 260
142 # define SPI_TRAPSUBNET 261
143 int proto
; /* C. protocol */
144 # define SA_ESP 50 /* IPPROTO_ESP */
145 # define SA_AH 51 /* IPPROTO_AH */
146 # define SA_IPIP 4 /* IPPROTO_IPIP */
147 # define SA_COMP 108 /* IPPROTO_COMP */
148 # define SA_INT 61 /* IANA reserved for internal use */
150 struct sa_id
{ /* old v4-only version */
157 typedef const char *err_t
; /* error message, or NULL for success */
158 struct prng
{ /* pseudo-random-number-generator guts */
159 unsigned char sbox
[256];
166 * definitions for user space, taken from freeswan/ipsec_sa.h
168 typedef uint32_t IPsecSAref_t
;
170 #define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
172 #define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
173 #define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
175 #define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
177 /* GCC magic for use in function definitions! */
179 # define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
180 # define NEVER_RETURNS __attribute__ ((noreturn))
181 # define UNUSED __attribute__ ((unused))
182 # define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
184 # define PRINTF_LIKE(n) /* ignore */
185 # define NEVER_RETURNS /* ignore */
186 # define UNUSED /* ignore */
187 # define BLANK_FORMAT ""
195 * new IPv6-compatible functions
198 /* text conversions */
199 err_t
ttoul(const char *src
, size_t srclen
, int format
, unsigned long *dst
);
200 size_t ultot(unsigned long src
, int format
, char *buf
, size_t buflen
);
201 #define ULTOT_BUF (22+1) /* holds 64 bits in octal */
202 err_t
ttoaddr(const char *src
, size_t srclen
, int af
, ip_address
*dst
);
203 err_t
tnatoaddr(const char *src
, size_t srclen
, int af
, ip_address
*dst
);
204 size_t addrtot(const ip_address
*src
, int format
, char *buf
, size_t buflen
);
205 /* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
206 #define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
207 err_t
ttosubnet(const char *src
, size_t srclen
, int af
, ip_subnet
*dst
);
208 size_t subnettot(const ip_subnet
*src
, int format
, char *buf
, size_t buflen
);
209 #define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
210 err_t
ttosa(const char *src
, size_t srclen
, ip_said
*dst
);
211 size_t satot(const ip_said
*src
, int format
, char *bufptr
, size_t buflen
);
212 #define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
213 err_t
ttodata(const char *src
, size_t srclen
, int base
, char *buf
,
214 size_t buflen
, size_t *needed
);
215 err_t
ttodatav(const char *src
, size_t srclen
, int base
,
216 char *buf
, size_t buflen
, size_t *needed
,
217 char *errp
, size_t errlen
, unsigned int flags
);
218 #define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
219 #define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
220 #define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
222 size_t datatot(const char *src
, size_t srclen
, int format
, char *buf
,
224 size_t keyblobtoid(const unsigned char *src
, size_t srclen
, char *dst
,
226 size_t splitkeytoid(const unsigned char *e
, size_t elen
, const unsigned char *m
,
227 size_t mlen
, char *dst
, size_t dstlen
);
228 #define KEYID_BUF 10 /* up to 9 text digits plus NUL */
229 err_t
ttoprotoport(char *src
, size_t src_len
, u_int8_t
*proto
, u_int16_t
*port
,
230 int *has_port_wildcard
);
232 /* initializations */
233 void initsaid(const ip_address
*addr
, ipsec_spi_t spi
, int proto
, ip_said
*dst
);
234 err_t
loopbackaddr(int af
, ip_address
*dst
);
235 err_t
unspecaddr(int af
, ip_address
*dst
);
236 err_t
anyaddr(int af
, ip_address
*dst
);
237 err_t
initaddr(const unsigned char *src
, size_t srclen
, int af
, ip_address
*dst
);
238 err_t
initsubnet(const ip_address
*addr
, int maskbits
, int clash
, ip_subnet
*dst
);
239 err_t
addrtosubnet(const ip_address
*addr
, ip_subnet
*dst
);
241 /* misc. conversions and related */
242 err_t
rangetosubnet(const ip_address
*from
, const ip_address
*to
, ip_subnet
*dst
);
243 int addrtypeof(const ip_address
*src
);
244 int subnettypeof(const ip_subnet
*src
);
245 size_t addrlenof(const ip_address
*src
);
246 size_t addrbytesptr(const ip_address
*src
, const unsigned char **dst
);
247 size_t addrbytesof(const ip_address
*src
, unsigned char *dst
, size_t dstlen
);
248 int masktocount(const ip_address
*src
);
249 void networkof(const ip_subnet
*src
, ip_address
*dst
);
250 void maskof(const ip_subnet
*src
, ip_address
*dst
);
253 int sameaddr(const ip_address
*a
, const ip_address
*b
);
254 int addrcmp(const ip_address
*a
, const ip_address
*b
);
255 int samesubnet(const ip_subnet
*a
, const ip_subnet
*b
);
256 int addrinsubnet(const ip_address
*a
, const ip_subnet
*s
);
257 int subnetinsubnet(const ip_subnet
*a
, const ip_subnet
*b
);
258 int subnetishost(const ip_subnet
*s
);
259 int samesaid(const ip_said
*a
, const ip_said
*b
);
260 int sameaddrtype(const ip_address
*a
, const ip_address
*b
);
261 int samesubnettype(const ip_subnet
*a
, const ip_subnet
*b
);
262 int isanyaddr(const ip_address
*src
);
263 int isunspecaddr(const ip_address
*src
);
264 int isloopbackaddr(const ip_address
*src
);
267 int portof(const ip_address
*src
);
268 void setportof(int port
, ip_address
*dst
);
269 struct sockaddr
*sockaddrof(ip_address
*src
);
270 size_t sockaddrlenof(const ip_address
*src
);
273 void prng_init(struct prng
*prng
, const unsigned char *key
, size_t keylen
);
274 void prng_bytes(struct prng
*prng
, unsigned char *dst
, size_t dstlen
);
275 unsigned long prng_count(struct prng
*prng
);
276 void prng_final(struct prng
*prng
);
279 const char *ipsec_version_code(void);
280 const char *ipsec_version_string(void);
281 const char **ipsec_copyright_notice(void);
283 const char *dns_string_rr(int rr
, char *buf
, int bufsize
);
284 const char *dns_string_datetime(time_t seconds
,
290 * old functions, to be deleted eventually
294 const char * /* NULL for success, else string literal */
297 size_t srclen
, /* 0 means strlen(src) */
298 int base
, /* 0 means figure it out */
299 unsigned long *resultp
301 size_t /* space needed for full conversion */
308 #define ULTOA_BUF 21 /* just large enough for largest result, */
309 /* assuming 64-bit unsigned long! */
311 /* Internet addresses */
312 const char * /* NULL for success, else string literal */
315 size_t srclen
, /* 0 means strlen(src) */
318 size_t /* space needed for full conversion */
321 int format
, /* character; 0 means default */
325 #define ADDRTOA_BUF 16 /* just large enough for largest result */
328 const char * /* NULL for success, else string literal */
331 size_t srclen
, /* 0 means strlen(src) */
332 struct in_addr
*addr
,
335 size_t /* space needed for full conversion */
339 int format
, /* character; 0 means default */
343 #define SUBNETTOA_BUF 32 /* large enough for worst case result */
346 const char * /* NULL for success, else string literal */
349 size_t srclen
, /* 0 means strlen(src) */
350 char *type
, /* 'a', 's', 'r' */
351 struct in_addr
*addrs
/* two-element array */
353 size_t /* space needed for full conversion */
355 struct in_addr
*addrs
, /* two-element array */
356 int format
, /* character; 0 means default */
360 #define RANGETOA_BUF 34 /* large enough for worst case result */
362 /* data types for SA conversion functions */
365 const char * /* NULL for success, else string literal */
368 size_t srclen
, /* 0 means strlen(src) */
371 size_t /* space needed for full conversion */
374 int format
, /* character; 0 means default */
378 #define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF)
380 /* generic data, e.g. keys */
381 const char * /* NULL for success, else string literal */
384 size_t srclen
, /* 0 means strlen(src) */
387 size_t *lenp
/* NULL means don't bother telling me */
389 size_t /* 0 failure, else true size */
393 int format
, /* character; 0 means default */
398 /* old versions of generic-data functions; deprecated */
399 size_t /* 0 failure, else true size */
402 size_t srclen
, /* 0 means strlen(src) */
406 size_t /* 0 failure, else true size */
410 int format
, /* character; 0 means default */
415 /* part extraction and special addresses */
453 /* option pickup from files (userland only because of use of FILE) */
454 const char *optionsfrom(const char *filename
, int *argcp
, char ***argvp
,
455 int optind
, FILE *errorreport
);
459 * Debugging levels for pfkey_lib_debug
461 #define PF_KEY_DEBUG_PARSE_NONE 0
462 #define PF_KEY_DEBUG_PARSE_PROBLEM 1
463 #define PF_KEY_DEBUG_PARSE_STRUCT 2
464 #define PF_KEY_DEBUG_PARSE_FLOW 4
465 #define PF_KEY_DEBUG_PARSE_MAX 7
467 extern unsigned int pfkey_lib_debug
; /* bits selecting what to report */
470 * pluto and lwdnsq need to know the maximum size of the commands to,
471 * and replies from lwdnsq.
474 #define LWDNSQ_CMDBUF_LEN 1024
475 #define LWDNSQ_RESULT_LEN_MAX 4096
477 #endif /* _FREESWAN_H */