]>
The Tcpdump Group git mirrors - tcpdump/blob - ipsec_doi.h
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 /* YIPS @(#)$Id: ipsec_doi.h,v 1.1 1999-10-30 05:11:09 itojun Exp $ */
31 /* refer to RFC 2407 */
33 #if !defined(_IPSEC_DOI_H_)
38 /* 4.2 IPSEC Situation Definition */
39 #define IPSECDOI_SIT_IDENTITY_ONLY 0x00000001
40 #define IPSECDOI_SIT_SECRECY 0x00000002
41 #define IPSECDOI_SIT_INTEGRITY 0x00000004
43 /* 4.4.1 IPSEC Security Protocol Identifiers */
44 /* 4.4.2 IPSEC ISAKMP Transform Values */
45 #define IPSECDOI_PROTO_ISAKMP 1
46 #define IPSECDOI_KEY_IKE 1
48 /* 4.4.1 IPSEC Security Protocol Identifiers */
49 #define IPSECDOI_PROTO_IPSEC_AH 2
50 /* 4.4.3 IPSEC AH Transform Values */
51 #define IPSECDOI_AH_MD5 2
52 #define IPSECDOI_AH_SHA 3
53 #define IPSECDOI_AH_DES 4
55 /* 4.4.1 IPSEC Security Protocol Identifiers */
56 #define IPSECDOI_PROTO_IPSEC_ESP 3
57 /* 4.4.4 IPSEC ESP Transform Identifiers */
58 #define IPSECDOI_ESP_DES_IV64 1
59 #define IPSECDOI_ESP_DES 2
60 #define IPSECDOI_ESP_3DES 3
61 #define IPSECDOI_ESP_RC5 4
62 #define IPSECDOI_ESP_IDEA 5
63 #define IPSECDOI_ESP_CAST 6
64 #define IPSECDOI_ESP_BLOWFISH 7
65 #define IPSECDOI_ESP_3IDEA 8
66 #define IPSECDOI_ESP_DES_IV32 9
67 #define IPSECDOI_ESP_RC4 10
68 #define IPSECDOI_ESP_NULL 11
70 /* 4.4.1 IPSEC Security Protocol Identifiers */
71 #define IPSECDOI_PROTO_IPCOMP 4
72 /* 4.4.5 IPSEC IPCOMP Transform Identifiers */
73 #define IPSECDOI_IPCOMP_OUI 1
74 #define IPSECDOI_IPCOMP_DEFLATE 2
75 #define IPSECDOI_IPCOMP_LZS 3
76 #define IPSECDOI_IPCOMP_V42BIS 4
78 /* 4.5 IPSEC Security Association Attributes */
79 #define IPSECDOI_ATTR_SA_LTYPE 1 /* B */
80 #define IPSECDOI_ATTR_SA_LTYPE_DEFAULT 1
81 #define IPSECDOI_ATTR_SA_LTYPE_SEC 1
82 #define IPSECDOI_ATTR_SA_LTYPE_KB 2
83 #define IPSECDOI_ATTR_SA_LDUR 2 /* V */
84 #define IPSECDOI_ATTR_SA_LDUR_DEFAULT 28800 /* 8 hours */
85 #define IPSECDOI_ATTR_GRP_DESC 3 /* B */
86 #define IPSECDOI_ATTR_ENC_MODE 4 /* B */
87 /* default value: host dependent */
88 #define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1
89 #define IPSECDOI_ATTR_ENC_MODE_TRNS 2
90 #define IPSECDOI_ATTR_AUTH 5 /* B */
91 #define IPSECDOI_ATTR_AUTH_HMAC_MD5 1
92 #define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2
93 #define IPSECDOI_ATTR_AUTH_DES_MAC 3
94 #define IPSECDOI_ATTR_AUTH_KPDK 4
96 When negotiating ESP without authentication, the Auth
97 Algorithm attribute MUST NOT be included in the proposal.
98 When negotiating ESP without confidentiality, the Auth
99 Algorithm attribute MUST be included in the proposal and
100 the ESP transform ID must be ESP_NULL.
102 #define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */
103 #define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */
104 #define IPSECDOI_ATTR_COMP_DICT_SIZE 8 /* B */
105 #define IPSECDOI_ATTR_COMP_PRIVALG 9 /* V */
107 /* 4.6.1 Security Association Payload */
110 u_int32_t doi
; /* Domain of Interpretation */
111 u_int32_t sit
; /* Situation */
114 struct ipsecdoi_secrecy_h
{
119 /* 4.6.2.1 Identification Type Values */
122 u_int8_t type
; /* ID Type */
123 u_int8_t proto_id
; /* Protocol ID */
124 u_int16_t port
; /* Port */
125 /* Identification Data */
128 #define IPSECDOI_ID_IPV4_ADDR 1
129 #define IPSECDOI_ID_FQDN 2
130 #define IPSECDOI_ID_USER_FQDN 3
131 #define IPSECDOI_ID_IPV4_ADDR_SUBNET 4
132 #define IPSECDOI_ID_IPV6_ADDR 5
133 #define IPSECDOI_ID_IPV6_ADDR_SUBNET 6
134 #define IPSECDOI_ID_IPV4_ADDR_RANGE 7
135 #define IPSECDOI_ID_IPV6_ADDR_RANGE 8
136 #define IPSECDOI_ID_DER_ASN1_DN 9
137 #define IPSECDOI_ID_DER_ASN1_GN 10
138 #define IPSECDOI_ID_KEY_ID 11
140 /* 4.6.3 IPSEC DOI Notify Message Types */
141 /* Notify Messages - Status Types */
142 #define IPSECDOI_NTYPE_RESPONDER_LIFETIME 24576
143 #define IPSECDOI_NTYPE_REPLAY_STATUS 24577
144 #define IPSECDOI_NTYPE_INITIAL_CONTACT 24578
147 /* ipsec sa structure */
149 u_int8_t proto_id
; /* Protocol id */
150 vchar_t
*spi
; /* spi to receive, network byte order */
151 vchar_t
*spi_p
; /* spi to send, network byte order */
152 vchar_t
*keymat
; /* KEYMAT */
153 u_int8_t t_id
; /* transform id */
154 u_int8_t enc_t
; /* type of cipher */
155 u_int8_t mode_t
; /* tunnel or transport */
156 u_int8_t hash_t
; /* type of hash */
157 u_int8_t life_t
; /* type of duration of lifetime */
158 u_int32_t ldur
; /* life duration */
159 u_int8_t dhgrp
; /* DH; group */
160 struct ipsec_sa
*next
;
164 #endif /* !defined(_IPSEC_DOI_H_) */
projects / tcpdump / blob