master
1/* SPDX-License-Identifier: GPL-2.0-or-later WITH Linux-syscall-note */
2/* Types and definitions for AF_RXRPC.
3 *
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8#ifndef _LINUX_RXRPC_H
9#define _LINUX_RXRPC_H
10
11#include <linux/types.h>
12#include <linux/in.h>
13#include <linux/in6.h>
14
15/*
16 * RxRPC socket address
17 */
18struct sockaddr_rxrpc {
19 __kernel_sa_family_t srx_family; /* address family */
20 __u16 srx_service; /* service desired */
21 __u16 transport_type; /* type of transport socket (SOCK_DGRAM) */
22 __u16 transport_len; /* length of transport address */
23 union {
24 __kernel_sa_family_t family; /* transport address family */
25 struct sockaddr_in sin; /* IPv4 transport address */
26 struct sockaddr_in6 sin6; /* IPv6 transport address */
27 } transport;
28};
29
30/*
31 * RxRPC socket options
32 */
33#define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key */
34#define RXRPC_SECURITY_KEYRING 2 /* [srvr] set ring of server security keys */
35#define RXRPC_EXCLUSIVE_CONNECTION 3 /* Deprecated; use RXRPC_EXCLUSIVE_CALL instead */
36#define RXRPC_MIN_SECURITY_LEVEL 4 /* minimum security level */
37#define RXRPC_UPGRADEABLE_SERVICE 5 /* Upgrade service[0] -> service[1] */
38#define RXRPC_SUPPORTED_CMSG 6 /* Get highest supported control message type */
39#define RXRPC_MANAGE_RESPONSE 7 /* [clnt] Want to manage RESPONSE packets */
40
41/*
42 * RxRPC control messages
43 * - If neither abort or accept are specified, the message is a data message.
44 * - terminal messages mean that a user call ID tag can be recycled
45 * - C/S/- indicate whether these are applicable to client, server or both
46 * - s/r/- indicate whether these are applicable to sendmsg() and/or recvmsg()
47 */
48enum rxrpc_cmsg_type {
49 RXRPC_USER_CALL_ID = 1, /* -sr: User call ID specifier */
50 RXRPC_ABORT = 2, /* -sr: Abort request / notification [terminal] */
51 RXRPC_ACK = 3, /* S-r: RPC op final ACK received [terminal] */
52 RXRPC_NET_ERROR = 5, /* --r: Network error received [terminal] */
53 RXRPC_BUSY = 6, /* C-r: Server busy received [terminal] */
54 RXRPC_LOCAL_ERROR = 7, /* --r: Local error generated [terminal] */
55 RXRPC_NEW_CALL = 8, /* S-r: New incoming call notification */
56 RXRPC_EXCLUSIVE_CALL = 10, /* Cs-: Call should be on exclusive connection */
57 RXRPC_UPGRADE_SERVICE = 11, /* Cs-: Request service upgrade for client call */
58 RXRPC_TX_LENGTH = 12, /* -s-: Total length of Tx data */
59 RXRPC_SET_CALL_TIMEOUT = 13, /* -s-: Set one or more call timeouts */
60 RXRPC_CHARGE_ACCEPT = 14, /* Ss-: Charge the accept pool with a user call ID */
61 RXRPC_OOB_ID = 15, /* -sr: OOB message ID */
62 RXRPC_CHALLENGED = 16, /* C-r: Info on a received CHALLENGE */
63 RXRPC_RESPOND = 17, /* Cs-: Respond to a challenge */
64 RXRPC_RESPONDED = 18, /* S-r: Data received in RESPONSE */
65 RXRPC_RESP_RXGK_APPDATA = 19, /* Cs-: RESPONSE: RxGK app data to include */
66 RXRPC__SUPPORTED
67};
68
69/*
70 * RxRPC security levels
71 */
72#define RXRPC_SECURITY_PLAIN 0 /* plain secure-checksummed packets only */
73#define RXRPC_SECURITY_AUTH 1 /* authenticated packets */
74#define RXRPC_SECURITY_ENCRYPT 2 /* encrypted packets */
75
76/*
77 * RxRPC security indices
78 */
79#define RXRPC_SECURITY_NONE 0 /* no security protocol */
80#define RXRPC_SECURITY_RXKAD 2 /* kaserver or kerberos 4 */
81#define RXRPC_SECURITY_RXGK 4 /* gssapi-based */
82#define RXRPC_SECURITY_RXK5 5 /* kerberos 5 */
83#define RXRPC_SECURITY_YFS_RXGK 6 /* YFS gssapi-based */
84
85/*
86 * RxRPC-level abort codes
87 */
88#define RX_CALL_DEAD -1 /* call/conn has been inactive and is shut down */
89#define RX_INVALID_OPERATION -2 /* invalid operation requested / attempted */
90#define RX_CALL_TIMEOUT -3 /* call timeout exceeded */
91#define RX_EOF -4 /* unexpected end of data on read op */
92#define RX_PROTOCOL_ERROR -5 /* low-level protocol error */
93#define RX_USER_ABORT -6 /* generic user abort */
94#define RX_ADDRINUSE -7 /* UDP port in use */
95#define RX_DEBUGI_BADTYPE -8 /* bad debugging packet type */
96
97/*
98 * (un)marshalling abort codes (rxgen)
99 */
100#define RXGEN_CC_MARSHAL -450
101#define RXGEN_CC_UNMARSHAL -451
102#define RXGEN_SS_MARSHAL -452
103#define RXGEN_SS_UNMARSHAL -453
104#define RXGEN_DECODE -454
105#define RXGEN_OPCODE -455
106#define RXGEN_SS_XDRFREE -456
107#define RXGEN_CC_XDRFREE -457
108
109/*
110 * Rx kerberos security abort codes
111 * - unfortunately we have no generalised security abort codes to say things
112 * like "unsupported security", so we have to use these instead and hope the
113 * other side understands
114 */
115#define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */
116#define RXKADPACKETSHORT 19270401 /* packet too short for security challenge */
117#define RXKADLEVELFAIL 19270402 /* security level negotiation failed */
118#define RXKADTICKETLEN 19270403 /* ticket length too short or too long */
119#define RXKADOUTOFSEQUENCE 19270404 /* packet had bad sequence number */
120#define RXKADNOAUTH 19270405 /* caller not authorised */
121#define RXKADBADKEY 19270406 /* illegal key: bad parity or weak */
122#define RXKADBADTICKET 19270407 /* security object was passed a bad ticket */
123#define RXKADUNKNOWNKEY 19270408 /* ticket contained unknown key version number */
124#define RXKADEXPIRED 19270409 /* authentication expired */
125#define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */
126#define RXKADDATALEN 19270411 /* user data too long */
127#define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */
128
129/*
130 * RxGK GSSAPI security abort codes.
131 */
132#if 0 /* Original standard abort codes (used by OpenAFS) */
133#define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */
134#define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */
135#define RXGK_BADCHALLENGE 1233242882 /* Invalid security challenge */
136#define RXGK_BADETYPE 1233242883 /* Invalid or impermissible encryption type */
137#define RXGK_BADLEVEL 1233242884 /* Invalid or impermissible security level */
138#define RXGK_BADKEYNO 1233242885 /* Key version number not found */
139#define RXGK_EXPIRED 1233242886 /* Token has expired */
140#define RXGK_NOTAUTH 1233242887 /* Caller not authorized */
141#define RXGK_BAD_TOKEN 1233242888 /* Security object was passed a bad token */
142#define RXGK_SEALED_INCON 1233242889 /* Sealed data inconsistent */
143#define RXGK_DATA_LEN 1233242890 /* User data too long */
144#define RXGK_BAD_QOP 1233242891 /* Inadequate quality of protection available */
145#else /* Revised standard abort codes (used by YFS) */
146#define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */
147#define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */
148#define RXGK_BADCHALLENGE 1233242882 /* Security challenge/response failed */
149#define RXGK_SEALEDINCON 1233242883 /* Sealed data is inconsistent */
150#define RXGK_NOTAUTH 1233242884 /* Caller not authorised */
151#define RXGK_EXPIRED 1233242885 /* Authentication expired */
152#define RXGK_BADLEVEL 1233242886 /* Unsupported or not permitted security level */
153#define RXGK_BADKEYNO 1233242887 /* Bad transport key number */
154#define RXGK_NOTRXGK 1233242888 /* Security layer is not rxgk */
155#define RXGK_UNSUPPORTED 1233242889 /* Endpoint does not support rxgk */
156#define RXGK_GSSERROR 1233242890 /* GSSAPI mechanism error */
157#endif
158
159/*
160 * Challenge information in the RXRPC_CHALLENGED control message.
161 */
162struct rxrpc_challenge {
163 __u16 service_id; /* The service ID of the connection (may be upgraded) */
164 __u8 security_index; /* The security index of the connection */
165 __u8 pad; /* Round out to a multiple of 4 bytes. */
166 /* ... The security class gets to append extra information ... */
167};
168
169struct rxgk_challenge {
170 struct rxrpc_challenge base;
171 __u32 enctype; /* Krb5 encoding type */
172};
173
174#endif /* _LINUX_RXRPC_H */