X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/c9d84d15c5c4dc8eca7594101fe5026080ed641e..54d17b22b10fe8c1a1cadb8c14c1900c1be33ef8:/ipsec_doi.h diff --git a/ipsec_doi.h b/ipsec_doi.h index 55392a4d..554a2586 100644 --- a/ipsec_doi.h +++ b/ipsec_doi.h @@ -1,7 +1,7 @@ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -13,7 +13,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* YIPS @(#)$Id: ipsec_doi.h,v 1.1 1999-10-30 05:11:09 itojun Exp $ */ +/* YIPS @(#)$Id: ipsec_doi.h,v 1.7 2002-12-11 07:13:53 guy Exp $ */ /* refer to RFC 2407 */ @@ -51,6 +51,9 @@ #define IPSECDOI_AH_MD5 2 #define IPSECDOI_AH_SHA 3 #define IPSECDOI_AH_DES 4 +#define IPSECDOI_AH_SHA2_256 5 +#define IPSECDOI_AH_SHA2_384 6 +#define IPSECDOI_AH_SHA2_512 7 /* 4.4.1 IPSEC Security Protocol Identifiers */ #define IPSECDOI_PROTO_IPSEC_ESP 3 @@ -66,6 +69,8 @@ #define IPSECDOI_ESP_DES_IV32 9 #define IPSECDOI_ESP_RC4 10 #define IPSECDOI_ESP_NULL 11 +#define IPSECDOI_ESP_RIJNDAEL 12 +#define IPSECDOI_ESP_AES 12 /* 4.4.1 IPSEC Security Protocol Identifiers */ #define IPSECDOI_PROTO_IPCOMP 4 @@ -73,7 +78,6 @@ #define IPSECDOI_IPCOMP_OUI 1 #define IPSECDOI_IPCOMP_DEFLATE 2 #define IPSECDOI_IPCOMP_LZS 3 -#define IPSECDOI_IPCOMP_V42BIS 4 /* 4.5 IPSEC Security Association Attributes */ #define IPSECDOI_ATTR_SA_LTYPE 1 /* B */ @@ -88,16 +92,17 @@ #define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1 #define IPSECDOI_ATTR_ENC_MODE_TRNS 2 #define IPSECDOI_ATTR_AUTH 5 /* B */ + /* 0 means not to use authentication. */ #define IPSECDOI_ATTR_AUTH_HMAC_MD5 1 #define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2 #define IPSECDOI_ATTR_AUTH_DES_MAC 3 -#define IPSECDOI_ATTR_AUTH_KPDK 4 +#define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/ /* - When negotiating ESP without authentication, the Auth - Algorithm attribute MUST NOT be included in the proposal. - When negotiating ESP without confidentiality, the Auth - Algorithm attribute MUST be included in the proposal and - the ESP transform ID must be ESP_NULL. + * When negotiating ESP without authentication, the Auth + * Algorithm attribute MUST NOT be included in the proposal. + * When negotiating ESP without confidentiality, the Auth + * Algorithm attribute MUST be included in the proposal and + * the ESP transform ID must be ESP_NULL. */ #define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */ #define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */ @@ -143,22 +148,4 @@ struct ipsecdoi_id { #define IPSECDOI_NTYPE_REPLAY_STATUS 24577 #define IPSECDOI_NTYPE_INITIAL_CONTACT 24578 -#if 0 -/* ipsec sa structure */ -struct ipsec_sa { - u_int8_t proto_id; /* Protocol id */ - vchar_t *spi; /* spi to receive, network byte order */ - vchar_t *spi_p; /* spi to send, network byte order */ - vchar_t *keymat; /* KEYMAT */ - u_int8_t t_id; /* transform id */ - u_int8_t enc_t; /* type of cipher */ - u_int8_t mode_t; /* tunnel or transport */ - u_int8_t hash_t; /* type of hash */ - u_int8_t life_t; /* type of duration of lifetime */ - u_int32_t ldur; /* life duration */ - u_int8_t dhgrp; /* DH; group */ - struct ipsec_sa *next; -}; -#endif - #endif /* !defined(_IPSEC_DOI_H_) */