/* SPDX-License-Identifier: GPL-2.0-or-later WITH Linux-syscall-note */ /* Types and definitions for AF_RXRPC. * * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) */ #ifndef _UAPI_LINUX_RXRPC_H #define _UAPI_LINUX_RXRPC_H #include #include #include /* * RxRPC socket address */ struct sockaddr_rxrpc { __kernel_sa_family_t srx_family; /* address family */ __u16 srx_service; /* service desired */ __u16 transport_type; /* type of transport socket (SOCK_DGRAM) */ __u16 transport_len; /* length of transport address */ union { __kernel_sa_family_t family; /* transport address family */ struct sockaddr_in sin; /* IPv4 transport address */ struct sockaddr_in6 sin6; /* IPv6 transport address */ } transport; }; /* * RxRPC socket options */ #define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key */ #define RXRPC_SECURITY_KEYRING 2 /* [srvr] set ring of server security keys */ #define RXRPC_EXCLUSIVE_CONNECTION 3 /* Deprecated; use RXRPC_EXCLUSIVE_CALL instead */ #define RXRPC_MIN_SECURITY_LEVEL 4 /* minimum security level */ #define RXRPC_UPGRADEABLE_SERVICE 5 /* Upgrade service[0] -> service[1] */ #define RXRPC_SUPPORTED_CMSG 6 /* Get highest supported control message type */ #define RXRPC_MANAGE_RESPONSE 7 /* [clnt] Want to manage RESPONSE packets */ /* * RxRPC control messages * - If neither abort or accept are specified, the message is a data message. * - terminal messages mean that a user call ID tag can be recycled * - C/S/- indicate whether these are applicable to client, server or both * - s/r/- indicate whether these are applicable to sendmsg() and/or recvmsg() */ enum rxrpc_cmsg_type { RXRPC_USER_CALL_ID = 1, /* -sr: User call ID specifier */ RXRPC_ABORT = 2, /* -sr: Abort request / notification [terminal] */ RXRPC_ACK = 3, /* S-r: RPC op final ACK received [terminal] */ RXRPC_NET_ERROR = 5, /* --r: Network error received [terminal] */ RXRPC_BUSY = 6, /* C-r: Server busy received [terminal] */ RXRPC_LOCAL_ERROR = 7, /* --r: Local error generated [terminal] */ RXRPC_NEW_CALL = 8, /* S-r: New incoming call notification */ RXRPC_EXCLUSIVE_CALL = 10, /* Cs-: Call should be on exclusive connection */ RXRPC_UPGRADE_SERVICE = 11, /* Cs-: Request service upgrade for client call */ RXRPC_TX_LENGTH = 12, /* -s-: Total length of Tx data */ RXRPC_SET_CALL_TIMEOUT = 13, /* -s-: Set one or more call timeouts */ RXRPC_CHARGE_ACCEPT = 14, /* Ss-: Charge the accept pool with a user call ID */ RXRPC_OOB_ID = 15, /* -sr: OOB message ID */ RXRPC_CHALLENGED = 16, /* C-r: Info on a received CHALLENGE */ RXRPC_RESPOND = 17, /* Cs-: Respond to a challenge */ RXRPC_RESPONDED = 18, /* S-r: Data received in RESPONSE */ RXRPC_RESP_RXGK_APPDATA = 19, /* Cs-: RESPONSE: RxGK app data to include */ RXRPC__SUPPORTED }; /* * RxRPC security levels */ #define RXRPC_SECURITY_PLAIN 0 /* plain secure-checksummed packets only */ #define RXRPC_SECURITY_AUTH 1 /* authenticated packets */ #define RXRPC_SECURITY_ENCRYPT 2 /* encrypted packets */ /* * RxRPC security indices */ #define RXRPC_SECURITY_NONE 0 /* no security protocol */ #define RXRPC_SECURITY_RXKAD 2 /* kaserver or kerberos 4 */ #define RXRPC_SECURITY_RXGK 4 /* gssapi-based */ #define RXRPC_SECURITY_RXK5 5 /* kerberos 5 */ #define RXRPC_SECURITY_YFS_RXGK 6 /* YFS gssapi-based */ /* * RxRPC-level abort codes */ #define RX_CALL_DEAD -1 /* call/conn has been inactive and is shut down */ #define RX_INVALID_OPERATION -2 /* invalid operation requested / attempted */ #define RX_CALL_TIMEOUT -3 /* call timeout exceeded */ #define RX_EOF -4 /* unexpected end of data on read op */ #define RX_PROTOCOL_ERROR -5 /* low-level protocol error */ #define RX_USER_ABORT -6 /* generic user abort */ #define RX_ADDRINUSE -7 /* UDP port in use */ #define RX_DEBUGI_BADTYPE -8 /* bad debugging packet type */ /* * (un)marshalling abort codes (rxgen) */ #define RXGEN_CC_MARSHAL -450 #define RXGEN_CC_UNMARSHAL -451 #define RXGEN_SS_MARSHAL -452 #define RXGEN_SS_UNMARSHAL -453 #define RXGEN_DECODE -454 #define RXGEN_OPCODE -455 #define RXGEN_SS_XDRFREE -456 #define RXGEN_CC_XDRFREE -457 /* * Rx kerberos security abort codes * - unfortunately we have no generalised security abort codes to say things * like "unsupported security", so we have to use these instead and hope the * other side understands */ #define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */ #define RXKADPACKETSHORT 19270401 /* packet too short for security challenge */ #define RXKADLEVELFAIL 19270402 /* security level negotiation failed */ #define RXKADTICKETLEN 19270403 /* ticket length too short or too long */ #define RXKADOUTOFSEQUENCE 19270404 /* packet had bad sequence number */ #define RXKADNOAUTH 19270405 /* caller not authorised */ #define RXKADBADKEY 19270406 /* illegal key: bad parity or weak */ #define RXKADBADTICKET 19270407 /* security object was passed a bad ticket */ #define RXKADUNKNOWNKEY 19270408 /* ticket contained unknown key version number */ #define RXKADEXPIRED 19270409 /* authentication expired */ #define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */ #define RXKADDATALEN 19270411 /* user data too long */ #define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */ /* * RxGK GSSAPI security abort codes. */ #if 0 /* Original standard abort codes (used by OpenAFS) */ #define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */ #define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */ #define RXGK_BADCHALLENGE 1233242882 /* Invalid security challenge */ #define RXGK_BADETYPE 1233242883 /* Invalid or impermissible encryption type */ #define RXGK_BADLEVEL 1233242884 /* Invalid or impermissible security level */ #define RXGK_BADKEYNO 1233242885 /* Key version number not found */ #define RXGK_EXPIRED 1233242886 /* Token has expired */ #define RXGK_NOTAUTH 1233242887 /* Caller not authorized */ #define RXGK_BAD_TOKEN 1233242888 /* Security object was passed a bad token */ #define RXGK_SEALED_INCON 1233242889 /* Sealed data inconsistent */ #define RXGK_DATA_LEN 1233242890 /* User data too long */ #define RXGK_BAD_QOP 1233242891 /* Inadequate quality of protection available */ #else /* Revised standard abort codes (used by YFS) */ #define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */ #define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */ #define RXGK_BADCHALLENGE 1233242882 /* Security challenge/response failed */ #define RXGK_SEALEDINCON 1233242883 /* Sealed data is inconsistent */ #define RXGK_NOTAUTH 1233242884 /* Caller not authorised */ #define RXGK_EXPIRED 1233242885 /* Authentication expired */ #define RXGK_BADLEVEL 1233242886 /* Unsupported or not permitted security level */ #define RXGK_BADKEYNO 1233242887 /* Bad transport key number */ #define RXGK_NOTRXGK 1233242888 /* Security layer is not rxgk */ #define RXGK_UNSUPPORTED 1233242889 /* Endpoint does not support rxgk */ #define RXGK_GSSERROR 1233242890 /* GSSAPI mechanism error */ #endif /* * Challenge information in the RXRPC_CHALLENGED control message. */ struct rxrpc_challenge { __u16 service_id; /* The service ID of the connection (may be upgraded) */ __u8 security_index; /* The security index of the connection */ __u8 pad; /* Round out to a multiple of 4 bytes. */ /* ... The security class gets to append extra information ... */ }; struct rxgk_challenge { struct rxrpc_challenge base; __u32 enctype; /* Krb5 encoding type */ }; #endif /* _UAPI_LINUX_RXRPC_H */