forked from breiter/vpnc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tunip.h
131 lines (110 loc) · 3.31 KB
/
tunip.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
/* IPSec ESP and AH support.
Copyright (C) 2005 Maurice Massar
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
$Id$
*/
#ifndef __TUNIP_H__
#define __TUNIP_H__
#include "isakmp.h"
#include <time.h>
#include <net/if.h>
struct lifetime {
time_t start;
uint32_t seconds;
uint32_t kbytes;
uint32_t rx;
uint32_t tx;
};
struct ike_sa {
uint32_t spi;
uint32_t seq_id; /* for replay protection */
uint32_t seq_backlog;
uint8_t *key;
uint8_t *key_cry;
gcry_cipher_hd_t cry_ctx;
uint8_t *key_md;
/* Description of the packet being processed */
unsigned char *buf;
unsigned int bufsize, bufpayload, var_header_size;
int buflen;
};
struct encap_method; /* private to tunip.c */
enum natt_active_mode_enum{
NATT_ACTIVE_NONE,
NATT_ACTIVE_CISCO_UDP, /* isakmp and esp on different ports => never encap */
NATT_ACTIVE_DRAFT_OLD, /* as in natt-draft 0 and 1 */
NATT_ACTIVE_RFC /* draft 2 and RFC3947 / RFC3948 */
};
struct sa_block {
const char *pidfile;
int tun_fd; /* fd to host via tun/tap */
char tun_name[IFNAMSIZ];
uint8_t tun_hwaddr[ETH_ALEN];
struct in_addr dst; /* ip of concentrator, must be set */
struct in_addr src; /* local ip, from getsockname() */
struct in_addr opt_src_ip; /* configured local ip, can be 0.0.0.0 */
/* these sockets are connect()ed */
int ike_fd; /* fd over isakmp traffic, and in case of NAT-T esp too */
int esp_fd; /* raw socket for ip-esp or Cisco-UDP or ike_fd (NAT-T) */
struct {
int timeout;
uint8_t *resend_hash;
uint16_t src_port, dst_port;
uint8_t i_cookie[ISAKMP_COOKIE_LENGTH];
uint8_t r_cookie[ISAKMP_COOKIE_LENGTH];
uint8_t *key; /* ike encryption key */
size_t keylen;
uint8_t *initial_iv;
uint8_t *skeyid_a;
uint8_t *skeyid_d;
int auth_algo; /* PSK, PSK+Xauth, Hybrid ToDo: Cert/... */
int cry_algo, md_algo;
size_t ivlen, md_len;
uint8_t current_iv_msgid[4];
uint8_t *current_iv;
struct lifetime life;
int do_dpd;
int dpd_idle;
uint32_t dpd_seqno;
uint32_t dpd_seqno_ack;
time_t dpd_sent;
unsigned int dpd_attempts;
uint8_t *psk_hash;
uint8_t *sa_f, *idi_f;
size_t sa_size, idi_size;
uint8_t *dh_public;
struct group *dh_grp;
uint8_t i_nonce[20];
uint8_t *returned_hash;
int natd_type;
uint8_t *natd_us, *natd_them;
} ike;
struct in_addr our_address;
struct {
int do_pfs;
int cry_algo, md_algo;
size_t key_len, md_len;
size_t blk_len, iv_len;
uint16_t encap_mode;
uint16_t peer_udpencap_port;
enum natt_active_mode_enum natt_active_mode;
struct lifetime life;
struct ike_sa rx, tx;
struct encap_method *em;
uint16_t ip_id;
uint8_t current_udp_tos;
} ipsec;
};
extern int volatile do_kill;
extern void vpnc_doit(struct sa_block *s);
#endif