"Fossies" - the Fresh Open Source Software Archive 
Member "vpnc-0.5.3/tunip.h" (19 Nov 2008, 3210 Bytes) of package /linux/privat/old/vpnc-0.5.3.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "tunip.h" see the
Fossies "Dox" file reference documentation.
1 /* IPSec ESP and AH support.
2 Copyright (C) 2005 Maurice Massar
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
18 $Id: tunip.h 312 2008-06-15 18:09:42Z Joerg Mayer $
19 */
20
21 #ifndef __TUNIP_H__
22 #define __TUNIP_H__
23
24 #include "isakmp.h"
25
26 #include <time.h>
27 #include <net/if.h>
28
29 struct lifetime {
30 time_t start;
31 uint32_t seconds;
32 uint32_t kbytes;
33 uint32_t rx;
34 uint32_t tx;
35 };
36
37 struct ike_sa {
38 uint32_t spi;
39 uint32_t seq_id; /* for replay protection (not implemented) */
40
41 uint8_t *key;
42 uint8_t *key_cry;
43 gcry_cipher_hd_t cry_ctx;
44 uint8_t *key_md;
45
46 /* Description of the packet being processed */
47 unsigned char *buf;
48 unsigned int bufsize, bufpayload, var_header_size;
49 int buflen;
50 };
51
52 struct encap_method; /* private to tunip.c */
53
54 enum natt_active_mode_enum{
55 NATT_ACTIVE_NONE,
56 NATT_ACTIVE_CISCO_UDP, /* isakmp and esp on different ports => never encap */
57 NATT_ACTIVE_DRAFT_OLD, /* as in natt-draft 0 and 1 */
58 NATT_ACTIVE_RFC /* draft 2 and RFC3947 / RFC3948 */
59 };
60
61 struct sa_block {
62 const char *pidfile;
63
64 int tun_fd; /* fd to host via tun/tap */
65 char tun_name[IFNAMSIZ];
66 uint8_t tun_hwaddr[ETH_ALEN];
67
68 struct in_addr dst; /* ip of concentrator, must be set */
69 struct in_addr src; /* local ip, from getsockname() */
70
71 struct in_addr opt_src_ip; /* configured local ip, can be 0.0.0.0 */
72
73 /* these sockets are connect()ed */
74 int ike_fd; /* fd over isakmp traffic, and in case of NAT-T esp too */
75 int esp_fd; /* raw socket for ip-esp or Cisco-UDP or ike_fd (NAT-T) */
76
77 struct {
78 int timeout;
79 uint8_t *resend_hash;
80 uint16_t src_port, dst_port;
81 uint8_t i_cookie[ISAKMP_COOKIE_LENGTH];
82 uint8_t r_cookie[ISAKMP_COOKIE_LENGTH];
83 uint8_t *key; /* ike encryption key */
84 size_t keylen;
85 uint8_t *initial_iv;
86 uint8_t *skeyid_a;
87 uint8_t *skeyid_d;
88 int auth_algo; /* PSK, PSK+Xauth, Hybrid ToDo: Cert/... */
89 int cry_algo, md_algo;
90 size_t ivlen, md_len;
91 uint8_t current_iv_msgid[4];
92 uint8_t *current_iv;
93 struct lifetime life;
94 int do_dpd;
95 int dpd_idle;
96 uint32_t dpd_seqno;
97 uint32_t dpd_seqno_ack;
98 time_t dpd_sent;
99 unsigned int dpd_attempts;
100 } ike;
101 uint8_t our_address[4], our_netmask[4];
102 struct {
103 int do_pfs;
104 int cry_algo, md_algo;
105 size_t key_len, md_len;
106 size_t blk_len, iv_len;
107 uint16_t encap_mode;
108 uint16_t peer_udpencap_port;
109 enum natt_active_mode_enum natt_active_mode;
110 struct lifetime life;
111 struct ike_sa rx, tx;
112 struct encap_method *em;
113 uint16_t ip_id;
114 } ipsec;
115 };
116
117 extern int volatile do_kill;
118 extern void vpnc_doit(struct sa_block *s);
119
120 #endif