-
Notifications
You must be signed in to change notification settings - Fork 1
/
tunip.h
129 lines (108 loc) · 3.28 KB
/
tunip.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/* IPSec ESP and AH support.
Copyright (C) 2005 Maurice Massar
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
$Id$
*/
#ifndef __TUNIP_H__
#define __TUNIP_H__
#include "isakmp.h"
#include <time.h>
#include <net/if.h>
struct lifetime {
time_t start;
uint32_t seconds;
uint32_t kbytes;
uint32_t rx;
uint32_t tx;
};
struct ike_sa {
uint32_t spi;
uint32_t seq_id; /* for replay protection (not implemented) */
uint8_t *key;
uint8_t *key_cry;
gcry_cipher_hd_t cry_ctx;
uint8_t *key_md;
/* Description of the packet being processed */
unsigned char *buf;
unsigned int bufsize, bufpayload, var_header_size;
int buflen;
};
struct encap_method; /* private to tunip.c */
enum natt_active_mode_enum{
NATT_ACTIVE_NONE,
NATT_ACTIVE_CISCO_UDP, /* isakmp and esp on different ports => never encap */
NATT_ACTIVE_DRAFT_OLD, /* as in natt-draft 0 and 1 */
NATT_ACTIVE_RFC /* draft 2 and RFC3947 / RFC3948 */
};
struct sa_block {
const char *pidfile;
int tun_fd; /* fd to host via tun/tap */
char tun_name[IFNAMSIZ];
uint8_t tun_hwaddr[ETH_ALEN];
struct in_addr dst; /* ip of concentrator, must be set */
struct in_addr src; /* local ip, from getsockname() */
struct in_addr opt_src_ip; /* configured local ip, can be 0.0.0.0 */
/* these sockets are connect()ed */
int ike_fd; /* fd over isakmp traffic, and in case of NAT-T esp too */
int esp_fd; /* raw socket for ip-esp or Cisco-UDP or ike_fd (NAT-T) */
struct {
int timeout;
uint8_t *resend_hash;
uint16_t src_port, dst_port;
uint8_t i_cookie[ISAKMP_COOKIE_LENGTH];
uint8_t r_cookie[ISAKMP_COOKIE_LENGTH];
uint8_t *key; /* ike encryption key */
size_t keylen;
uint8_t *initial_iv;
uint8_t *skeyid_a;
uint8_t *skeyid_d;
int auth_algo; /* PSK, PSK+Xauth, Hybrid ToDo: Cert/... */
int cry_algo, md_algo;
size_t ivlen, md_len;
uint8_t current_iv_msgid[4];
uint8_t *current_iv;
struct lifetime life;
int do_dpd;
int dpd_idle;
uint32_t dpd_seqno;
uint32_t dpd_seqno_ack;
time_t dpd_sent;
unsigned int dpd_attempts;
uint8_t *psk_hash;
uint8_t *sa_f, *idi_f;
size_t sa_size, idi_size;
uint8_t *dh_public;
struct group *dh_grp;
uint8_t i_nonce[20];
uint8_t *returned_hash;
int natd_type;
uint8_t *natd_us, *natd_them;
} ike;
struct in_addr our_address;
struct {
int do_pfs;
int cry_algo, md_algo;
size_t key_len, md_len;
size_t blk_len, iv_len;
uint16_t encap_mode;
uint16_t peer_udpencap_port;
enum natt_active_mode_enum natt_active_mode;
struct lifetime life;
struct ike_sa rx, tx;
struct encap_method *em;
uint16_t ip_id;
} ipsec;
};
extern int volatile do_kill;
extern void vpnc_doit(struct sa_block *s);
#endif