1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
2 | #ifndef _LINUX_XFRM_H |
3 | #define _LINUX_XFRM_H |
4 | |
5 | #include <linux/in6.h> |
6 | #include <linux/types.h> |
7 | #include <linux/stddef.h> |
8 | |
9 | /* All of the structures in this file may not change size as they are |
10 | * passed into the kernel from userspace via netlink sockets. |
11 | */ |
12 | |
13 | /* Structure to encapsulate addresses. I do not want to use |
14 | * "standard" structure. My apologies. |
15 | */ |
16 | typedef union { |
17 | __be32 a4; |
18 | __be32 a6[4]; |
19 | struct in6_addr in6; |
20 | } xfrm_address_t; |
21 | |
22 | /* Ident of a specific xfrm_state. It is used on input to lookup |
23 | * the state by (spi,daddr,ah/esp) or to store information about |
24 | * spi, protocol and tunnel address on output. |
25 | */ |
26 | struct xfrm_id { |
27 | xfrm_address_t daddr; |
28 | __be32 spi; |
29 | __u8 proto; |
30 | }; |
31 | |
32 | struct xfrm_sec_ctx { |
33 | __u8 ctx_doi; |
34 | __u8 ctx_alg; |
35 | __u16 ctx_len; |
36 | __u32 ctx_sid; |
37 | char ctx_str[] __counted_by(ctx_len); |
38 | }; |
39 | |
40 | /* Security Context Domains of Interpretation */ |
41 | #define XFRM_SC_DOI_RESERVED 0 |
42 | #define XFRM_SC_DOI_LSM 1 |
43 | |
44 | /* Security Context Algorithms */ |
45 | #define XFRM_SC_ALG_RESERVED 0 |
46 | #define XFRM_SC_ALG_SELINUX 1 |
47 | |
48 | /* Selector, used as selector both on policy rules (SPD) and SAs. */ |
49 | |
50 | struct xfrm_selector { |
51 | xfrm_address_t daddr; |
52 | xfrm_address_t saddr; |
53 | __be16 dport; |
54 | __be16 dport_mask; |
55 | __be16 sport; |
56 | __be16 sport_mask; |
57 | __u16 family; |
58 | __u8 prefixlen_d; |
59 | __u8 prefixlen_s; |
60 | __u8 proto; |
61 | int ifindex; |
62 | __kernel_uid32_t user; |
63 | }; |
64 | |
65 | #define XFRM_INF (~(__u64)0) |
66 | |
67 | struct xfrm_lifetime_cfg { |
68 | __u64 soft_byte_limit; |
69 | __u64 hard_byte_limit; |
70 | __u64 soft_packet_limit; |
71 | __u64 hard_packet_limit; |
72 | __u64 soft_add_expires_seconds; |
73 | __u64 hard_add_expires_seconds; |
74 | __u64 soft_use_expires_seconds; |
75 | __u64 hard_use_expires_seconds; |
76 | }; |
77 | |
78 | struct xfrm_lifetime_cur { |
79 | __u64 bytes; |
80 | __u64 packets; |
81 | __u64 add_time; |
82 | __u64 use_time; |
83 | }; |
84 | |
85 | struct xfrm_replay_state { |
86 | __u32 oseq; |
87 | __u32 seq; |
88 | __u32 bitmap; |
89 | }; |
90 | |
91 | #define XFRMA_REPLAY_ESN_MAX 4096 |
92 | |
93 | struct xfrm_replay_state_esn { |
94 | unsigned int bmp_len; |
95 | __u32 oseq; |
96 | __u32 seq; |
97 | __u32 oseq_hi; |
98 | __u32 seq_hi; |
99 | __u32 replay_window; |
100 | __u32 bmp[]; |
101 | }; |
102 | |
103 | struct xfrm_algo { |
104 | char alg_name[64]; |
105 | unsigned int alg_key_len; /* in bits */ |
106 | char alg_key[]; |
107 | }; |
108 | |
109 | struct xfrm_algo_auth { |
110 | char alg_name[64]; |
111 | unsigned int alg_key_len; /* in bits */ |
112 | unsigned int alg_trunc_len; /* in bits */ |
113 | char alg_key[]; |
114 | }; |
115 | |
116 | struct xfrm_algo_aead { |
117 | char alg_name[64]; |
118 | unsigned int alg_key_len; /* in bits */ |
119 | unsigned int alg_icv_len; /* in bits */ |
120 | char alg_key[]; |
121 | }; |
122 | |
123 | struct xfrm_stats { |
124 | __u32 replay_window; |
125 | __u32 replay; |
126 | __u32 integrity_failed; |
127 | }; |
128 | |
129 | enum { |
130 | XFRM_POLICY_TYPE_MAIN = 0, |
131 | XFRM_POLICY_TYPE_SUB = 1, |
132 | XFRM_POLICY_TYPE_MAX = 2, |
133 | XFRM_POLICY_TYPE_ANY = 255 |
134 | }; |
135 | |
136 | enum { |
137 | XFRM_POLICY_IN = 0, |
138 | XFRM_POLICY_OUT = 1, |
139 | XFRM_POLICY_FWD = 2, |
140 | XFRM_POLICY_MASK = 3, |
141 | XFRM_POLICY_MAX = 3 |
142 | }; |
143 | |
144 | enum { |
145 | XFRM_SHARE_ANY, /* No limitations */ |
146 | XFRM_SHARE_SESSION, /* For this session only */ |
147 | XFRM_SHARE_USER, /* For this user only */ |
148 | XFRM_SHARE_UNIQUE /* Use once */ |
149 | }; |
150 | |
151 | #define XFRM_MODE_TRANSPORT 0 |
152 | #define XFRM_MODE_TUNNEL 1 |
153 | #define XFRM_MODE_ROUTEOPTIMIZATION 2 |
154 | #define XFRM_MODE_IN_TRIGGER 3 |
155 | #define XFRM_MODE_BEET 4 |
156 | #define XFRM_MODE_MAX 5 |
157 | |
158 | /* Netlink configuration messages. */ |
159 | enum { |
160 | XFRM_MSG_BASE = 0x10, |
161 | |
162 | XFRM_MSG_NEWSA = 0x10, |
163 | #define XFRM_MSG_NEWSA XFRM_MSG_NEWSA |
164 | XFRM_MSG_DELSA, |
165 | #define XFRM_MSG_DELSA XFRM_MSG_DELSA |
166 | XFRM_MSG_GETSA, |
167 | #define XFRM_MSG_GETSA XFRM_MSG_GETSA |
168 | |
169 | XFRM_MSG_NEWPOLICY, |
170 | #define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY |
171 | XFRM_MSG_DELPOLICY, |
172 | #define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY |
173 | XFRM_MSG_GETPOLICY, |
174 | #define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY |
175 | |
176 | XFRM_MSG_ALLOCSPI, |
177 | #define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI |
178 | XFRM_MSG_ACQUIRE, |
179 | #define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE |
180 | XFRM_MSG_EXPIRE, |
181 | #define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE |
182 | |
183 | XFRM_MSG_UPDPOLICY, |
184 | #define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY |
185 | XFRM_MSG_UPDSA, |
186 | #define XFRM_MSG_UPDSA XFRM_MSG_UPDSA |
187 | |
188 | XFRM_MSG_POLEXPIRE, |
189 | #define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE |
190 | |
191 | XFRM_MSG_FLUSHSA, |
192 | #define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA |
193 | XFRM_MSG_FLUSHPOLICY, |
194 | #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY |
195 | |
196 | XFRM_MSG_NEWAE, |
197 | #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE |
198 | XFRM_MSG_GETAE, |
199 | #define XFRM_MSG_GETAE XFRM_MSG_GETAE |
200 | |
201 | XFRM_MSG_REPORT, |
202 | #define XFRM_MSG_REPORT XFRM_MSG_REPORT |
203 | |
204 | XFRM_MSG_MIGRATE, |
205 | #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE |
206 | |
207 | XFRM_MSG_NEWSADINFO, |
208 | #define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO |
209 | XFRM_MSG_GETSADINFO, |
210 | #define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO |
211 | |
212 | XFRM_MSG_NEWSPDINFO, |
213 | #define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO |
214 | XFRM_MSG_GETSPDINFO, |
215 | #define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO |
216 | |
217 | XFRM_MSG_MAPPING, |
218 | #define XFRM_MSG_MAPPING XFRM_MSG_MAPPING |
219 | |
220 | XFRM_MSG_SETDEFAULT, |
221 | #define XFRM_MSG_SETDEFAULT XFRM_MSG_SETDEFAULT |
222 | XFRM_MSG_GETDEFAULT, |
223 | #define XFRM_MSG_GETDEFAULT XFRM_MSG_GETDEFAULT |
224 | __XFRM_MSG_MAX |
225 | }; |
226 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) |
227 | |
228 | #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE) |
229 | |
230 | /* |
231 | * Generic LSM security context for comunicating to user space |
232 | * NOTE: Same format as sadb_x_sec_ctx |
233 | */ |
234 | struct xfrm_user_sec_ctx { |
235 | __u16 len; |
236 | __u16 exttype; |
237 | __u8 ctx_alg; /* LSMs: e.g., selinux == 1 */ |
238 | __u8 ctx_doi; |
239 | __u16 ctx_len; |
240 | }; |
241 | |
242 | struct xfrm_user_tmpl { |
243 | struct xfrm_id id; |
244 | __u16 family; |
245 | xfrm_address_t saddr; |
246 | __u32 reqid; |
247 | __u8 mode; |
248 | __u8 share; |
249 | __u8 optional; |
250 | __u32 aalgos; |
251 | __u32 ealgos; |
252 | __u32 calgos; |
253 | }; |
254 | |
255 | struct xfrm_encap_tmpl { |
256 | __u16 encap_type; |
257 | __be16 encap_sport; |
258 | __be16 encap_dport; |
259 | xfrm_address_t encap_oa; |
260 | }; |
261 | |
262 | /* AEVENT flags */ |
263 | enum xfrm_ae_ftype_t { |
264 | XFRM_AE_UNSPEC, |
265 | XFRM_AE_RTHR=1, /* replay threshold*/ |
266 | XFRM_AE_RVAL=2, /* replay value */ |
267 | XFRM_AE_LVAL=4, /* lifetime value */ |
268 | XFRM_AE_ETHR=8, /* expiry timer threshold */ |
269 | XFRM_AE_CR=16, /* Event cause is replay update */ |
270 | XFRM_AE_CE=32, /* Event cause is timer expiry */ |
271 | XFRM_AE_CU=64, /* Event cause is policy update */ |
272 | __XFRM_AE_MAX |
273 | |
274 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) |
275 | }; |
276 | |
277 | struct xfrm_userpolicy_type { |
278 | __u8 type; |
279 | __u16 reserved1; |
280 | __u8 reserved2; |
281 | }; |
282 | |
283 | /* Netlink message attributes. */ |
284 | enum xfrm_attr_type_t { |
285 | XFRMA_UNSPEC, |
286 | XFRMA_ALG_AUTH, /* struct xfrm_algo */ |
287 | XFRMA_ALG_CRYPT, /* struct xfrm_algo */ |
288 | XFRMA_ALG_COMP, /* struct xfrm_algo */ |
289 | XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */ |
290 | XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */ |
291 | XFRMA_SA, /* struct xfrm_usersa_info */ |
292 | XFRMA_POLICY, /*struct xfrm_userpolicy_info */ |
293 | XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */ |
294 | XFRMA_LTIME_VAL, |
295 | XFRMA_REPLAY_VAL, |
296 | XFRMA_REPLAY_THRESH, |
297 | XFRMA_ETIMER_THRESH, |
298 | XFRMA_SRCADDR, /* xfrm_address_t */ |
299 | XFRMA_COADDR, /* xfrm_address_t */ |
300 | XFRMA_LASTUSED, /* __u64 */ |
301 | XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ |
302 | XFRMA_MIGRATE, |
303 | XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ |
304 | XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ |
305 | XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ |
306 | XFRMA_MARK, /* struct xfrm_mark */ |
307 | XFRMA_TFCPAD, /* __u32 */ |
308 | XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_state_esn */ |
309 | , /* __u32 */ |
310 | XFRMA_PROTO, /* __u8 */ |
311 | XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */ |
312 | XFRMA_PAD, |
313 | XFRMA_OFFLOAD_DEV, /* struct xfrm_user_offload */ |
314 | XFRMA_SET_MARK, /* __u32 */ |
315 | XFRMA_SET_MARK_MASK, /* __u32 */ |
316 | XFRMA_IF_ID, /* __u32 */ |
317 | XFRMA_MTIMER_THRESH, /* __u32 in seconds for input SA */ |
318 | __XFRMA_MAX |
319 | |
320 | #define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */ |
321 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
322 | }; |
323 | |
324 | struct xfrm_mark { |
325 | __u32 v; /* value */ |
326 | __u32 m; /* mask */ |
327 | }; |
328 | |
329 | enum xfrm_sadattr_type_t { |
330 | XFRMA_SAD_UNSPEC, |
331 | XFRMA_SAD_CNT, |
332 | XFRMA_SAD_HINFO, |
333 | __XFRMA_SAD_MAX |
334 | |
335 | #define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1) |
336 | }; |
337 | |
338 | struct xfrmu_sadhinfo { |
339 | __u32 sadhcnt; /* current hash bkts */ |
340 | __u32 sadhmcnt; /* max allowed hash bkts */ |
341 | }; |
342 | |
343 | enum xfrm_spdattr_type_t { |
344 | XFRMA_SPD_UNSPEC, |
345 | XFRMA_SPD_INFO, |
346 | XFRMA_SPD_HINFO, |
347 | XFRMA_SPD_IPV4_HTHRESH, |
348 | XFRMA_SPD_IPV6_HTHRESH, |
349 | __XFRMA_SPD_MAX |
350 | |
351 | #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1) |
352 | }; |
353 | |
354 | struct xfrmu_spdinfo { |
355 | __u32 incnt; |
356 | __u32 outcnt; |
357 | __u32 fwdcnt; |
358 | __u32 inscnt; |
359 | __u32 outscnt; |
360 | __u32 fwdscnt; |
361 | }; |
362 | |
363 | struct xfrmu_spdhinfo { |
364 | __u32 spdhcnt; |
365 | __u32 spdhmcnt; |
366 | }; |
367 | |
368 | struct xfrmu_spdhthresh { |
369 | __u8 lbits; |
370 | __u8 rbits; |
371 | }; |
372 | |
373 | struct xfrm_usersa_info { |
374 | struct xfrm_selector sel; |
375 | struct xfrm_id id; |
376 | xfrm_address_t saddr; |
377 | struct xfrm_lifetime_cfg lft; |
378 | struct xfrm_lifetime_cur curlft; |
379 | struct xfrm_stats stats; |
380 | __u32 seq; |
381 | __u32 reqid; |
382 | __u16 family; |
383 | __u8 mode; /* XFRM_MODE_xxx */ |
384 | __u8 replay_window; |
385 | __u8 flags; |
386 | #define XFRM_STATE_NOECN 1 |
387 | #define XFRM_STATE_DECAP_DSCP 2 |
388 | #define XFRM_STATE_NOPMTUDISC 4 |
389 | #define XFRM_STATE_WILDRECV 8 |
390 | #define XFRM_STATE_ICMP 16 |
391 | #define XFRM_STATE_AF_UNSPEC 32 |
392 | #define XFRM_STATE_ALIGN4 64 |
393 | #define XFRM_STATE_ESN 128 |
394 | }; |
395 | |
396 | #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1 |
397 | #define XFRM_SA_XFLAG_OSEQ_MAY_WRAP 2 |
398 | |
399 | struct xfrm_usersa_id { |
400 | xfrm_address_t daddr; |
401 | __be32 spi; |
402 | __u16 family; |
403 | __u8 proto; |
404 | }; |
405 | |
406 | struct xfrm_aevent_id { |
407 | struct xfrm_usersa_id sa_id; |
408 | xfrm_address_t saddr; |
409 | __u32 flags; |
410 | __u32 reqid; |
411 | }; |
412 | |
413 | struct xfrm_userspi_info { |
414 | struct xfrm_usersa_info info; |
415 | __u32 min; |
416 | __u32 max; |
417 | }; |
418 | |
419 | struct xfrm_userpolicy_info { |
420 | struct xfrm_selector sel; |
421 | struct xfrm_lifetime_cfg lft; |
422 | struct xfrm_lifetime_cur curlft; |
423 | __u32 priority; |
424 | __u32 index; |
425 | __u8 dir; |
426 | __u8 action; |
427 | #define XFRM_POLICY_ALLOW 0 |
428 | #define XFRM_POLICY_BLOCK 1 |
429 | __u8 flags; |
430 | #define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */ |
431 | /* Automatically expand selector to include matching ICMP payloads. */ |
432 | #define XFRM_POLICY_ICMP 2 |
433 | __u8 share; |
434 | }; |
435 | |
436 | struct xfrm_userpolicy_id { |
437 | struct xfrm_selector sel; |
438 | __u32 index; |
439 | __u8 dir; |
440 | }; |
441 | |
442 | struct xfrm_user_acquire { |
443 | struct xfrm_id id; |
444 | xfrm_address_t saddr; |
445 | struct xfrm_selector sel; |
446 | struct xfrm_userpolicy_info policy; |
447 | __u32 aalgos; |
448 | __u32 ealgos; |
449 | __u32 calgos; |
450 | __u32 seq; |
451 | }; |
452 | |
453 | struct xfrm_user_expire { |
454 | struct xfrm_usersa_info state; |
455 | __u8 hard; |
456 | }; |
457 | |
458 | struct xfrm_user_polexpire { |
459 | struct xfrm_userpolicy_info pol; |
460 | __u8 hard; |
461 | }; |
462 | |
463 | struct xfrm_usersa_flush { |
464 | __u8 proto; |
465 | }; |
466 | |
467 | struct xfrm_user_report { |
468 | __u8 proto; |
469 | struct xfrm_selector sel; |
470 | }; |
471 | |
472 | /* Used by MIGRATE to pass addresses IKE should use to perform |
473 | * SA negotiation with the peer */ |
474 | struct xfrm_user_kmaddress { |
475 | xfrm_address_t local; |
476 | xfrm_address_t remote; |
477 | __u32 reserved; |
478 | __u16 family; |
479 | }; |
480 | |
481 | struct xfrm_user_migrate { |
482 | xfrm_address_t old_daddr; |
483 | xfrm_address_t old_saddr; |
484 | xfrm_address_t new_daddr; |
485 | xfrm_address_t new_saddr; |
486 | __u8 proto; |
487 | __u8 mode; |
488 | __u16 reserved; |
489 | __u32 reqid; |
490 | __u16 old_family; |
491 | __u16 new_family; |
492 | }; |
493 | |
494 | struct xfrm_user_mapping { |
495 | struct xfrm_usersa_id id; |
496 | __u32 reqid; |
497 | xfrm_address_t old_saddr; |
498 | xfrm_address_t new_saddr; |
499 | __be16 old_sport; |
500 | __be16 new_sport; |
501 | }; |
502 | |
503 | struct xfrm_address_filter { |
504 | xfrm_address_t saddr; |
505 | xfrm_address_t daddr; |
506 | __u16 family; |
507 | __u8 splen; |
508 | __u8 dplen; |
509 | }; |
510 | |
511 | struct xfrm_user_offload { |
512 | int ifindex; |
513 | __u8 flags; |
514 | }; |
515 | /* This flag was exposed without any kernel code that supports it. |
516 | * Unfortunately, strongswan has the code that sets this flag, |
517 | * which makes it impossible to reuse this bit. |
518 | * |
519 | * So leave it here to make sure that it won't be reused by mistake. |
520 | */ |
521 | #define XFRM_OFFLOAD_IPV6 1 |
522 | #define XFRM_OFFLOAD_INBOUND 2 |
523 | /* Two bits above are relevant for state path only, while |
524 | * offload is used for both policy and state flows. |
525 | * |
526 | * In policy offload mode, they are free and can be safely reused. |
527 | */ |
528 | #define XFRM_OFFLOAD_PACKET 4 |
529 | |
530 | struct xfrm_userpolicy_default { |
531 | #define XFRM_USERPOLICY_UNSPEC 0 |
532 | #define XFRM_USERPOLICY_BLOCK 1 |
533 | #define XFRM_USERPOLICY_ACCEPT 2 |
534 | __u8 in; |
535 | __u8 fwd; |
536 | __u8 out; |
537 | }; |
538 | |
539 | #ifndef __KERNEL__ |
540 | /* backwards compatibility for userspace */ |
541 | #define XFRMGRP_ACQUIRE 1 |
542 | #define XFRMGRP_EXPIRE 2 |
543 | #define XFRMGRP_SA 4 |
544 | #define XFRMGRP_POLICY 8 |
545 | #define XFRMGRP_REPORT 0x20 |
546 | #endif |
547 | |
548 | enum xfrm_nlgroups { |
549 | XFRMNLGRP_NONE, |
550 | #define XFRMNLGRP_NONE XFRMNLGRP_NONE |
551 | XFRMNLGRP_ACQUIRE, |
552 | #define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE |
553 | XFRMNLGRP_EXPIRE, |
554 | #define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE |
555 | XFRMNLGRP_SA, |
556 | #define XFRMNLGRP_SA XFRMNLGRP_SA |
557 | XFRMNLGRP_POLICY, |
558 | #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY |
559 | XFRMNLGRP_AEVENTS, |
560 | #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS |
561 | XFRMNLGRP_REPORT, |
562 | #define XFRMNLGRP_REPORT XFRMNLGRP_REPORT |
563 | XFRMNLGRP_MIGRATE, |
564 | #define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE |
565 | XFRMNLGRP_MAPPING, |
566 | #define XFRMNLGRP_MAPPING XFRMNLGRP_MAPPING |
567 | __XFRMNLGRP_MAX |
568 | }; |
569 | #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) |
570 | |
571 | #endif /* _LINUX_XFRM_H */ |
572 | |