"Fossies" - the Fresh Open Source Software Archive

Member "vpnc-0.5.3/tunip.h" (19 Nov 2008, 3210 Bytes) of package /linux/privat/old/vpnc-0.5.3.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "tunip.h" see the Fossies "Dox" file reference documentation.

    1 /* IPSec ESP and AH support.
    2    Copyright (C) 2005 Maurice Massar
    3 
    4    This program is free software; you can redistribute it and/or modify
    5    it under the terms of the GNU General Public License as published by
    6    the Free Software Foundation; either version 2 of the License, or
    7    (at your option) any later version.
    8    
    9    This program is distributed in the hope that it will be useful,
   10    but WITHOUT ANY WARRANTY; without even the implied warranty of
   11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   12    GNU General Public License for more details.
   13    
   14    You should have received a copy of the GNU General Public License
   15    along with this program; if not, write to the Free Software
   16    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   17 
   18    $Id: tunip.h 312 2008-06-15 18:09:42Z Joerg Mayer $
   19 */
   20 
   21 #ifndef __TUNIP_H__
   22 #define __TUNIP_H__
   23 
   24 #include "isakmp.h"
   25 
   26 #include <time.h>
   27 #include <net/if.h>
   28 
   29 struct lifetime {
   30     time_t   start;
   31     uint32_t seconds;
   32     uint32_t kbytes;
   33     uint32_t rx;
   34     uint32_t tx;
   35 };
   36 
   37 struct ike_sa {
   38     uint32_t spi;
   39     uint32_t seq_id; /* for replay protection (not implemented) */
   40     
   41     uint8_t *key;
   42     uint8_t *key_cry;
   43     gcry_cipher_hd_t cry_ctx;
   44     uint8_t *key_md;
   45     
   46     /* Description of the packet being processed */
   47     unsigned char *buf;
   48     unsigned int bufsize, bufpayload, var_header_size;
   49     int buflen;
   50 };
   51 
   52 struct encap_method; /* private to tunip.c */
   53 
   54 enum natt_active_mode_enum{
   55     NATT_ACTIVE_NONE,
   56     NATT_ACTIVE_CISCO_UDP, /* isakmp and esp on different ports => never encap */
   57     NATT_ACTIVE_DRAFT_OLD, /* as in natt-draft 0 and 1 */
   58     NATT_ACTIVE_RFC        /* draft 2 and RFC3947 / RFC3948 */
   59 };
   60 
   61 struct sa_block {
   62     const char *pidfile;
   63     
   64     int tun_fd; /* fd to host via tun/tap */
   65     char tun_name[IFNAMSIZ];
   66     uint8_t tun_hwaddr[ETH_ALEN];
   67     
   68     struct in_addr dst; /* ip of concentrator, must be set */
   69     struct in_addr src; /* local ip, from getsockname() */
   70     
   71     struct in_addr opt_src_ip; /* configured local ip, can be 0.0.0.0 */
   72     
   73     /* these sockets are connect()ed */
   74     int ike_fd; /* fd over isakmp traffic, and in case of NAT-T esp too */
   75     int esp_fd; /* raw socket for ip-esp or Cisco-UDP or ike_fd (NAT-T) */
   76     
   77     struct {
   78         int timeout;
   79         uint8_t *resend_hash;
   80         uint16_t src_port, dst_port;
   81         uint8_t i_cookie[ISAKMP_COOKIE_LENGTH];
   82         uint8_t r_cookie[ISAKMP_COOKIE_LENGTH];
   83         uint8_t *key; /* ike encryption key */
   84         size_t keylen;
   85         uint8_t *initial_iv;
   86         uint8_t *skeyid_a;
   87         uint8_t *skeyid_d;
   88         int auth_algo; /* PSK, PSK+Xauth, Hybrid ToDo: Cert/... */
   89         int cry_algo, md_algo;
   90         size_t ivlen, md_len;
   91         uint8_t current_iv_msgid[4];
   92         uint8_t *current_iv;
   93         struct lifetime life;
   94         int do_dpd;
   95         int dpd_idle;
   96         uint32_t dpd_seqno;
   97         uint32_t dpd_seqno_ack;
   98         time_t dpd_sent;
   99         unsigned int dpd_attempts;
  100     } ike;
  101     uint8_t our_address[4], our_netmask[4];
  102     struct {
  103         int do_pfs;
  104         int cry_algo, md_algo;
  105         size_t key_len, md_len;
  106         size_t blk_len, iv_len;
  107         uint16_t encap_mode;
  108         uint16_t peer_udpencap_port;
  109         enum natt_active_mode_enum natt_active_mode;
  110         struct lifetime life;
  111         struct ike_sa rx, tx;
  112         struct encap_method *em;
  113         uint16_t ip_id;
  114     } ipsec;
  115 };
  116 
  117 extern int volatile do_kill;
  118 extern void vpnc_doit(struct sa_block *s);
  119 
  120 #endif