search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Replace obsolete getpass()
[vpnc.git] / tunip.h
blob216fdf0e78d02c42bf21c1f6b85c2c95a3def93f
1 /* IPSec ESP and AH support.
2 Copyright (C) 2005 Maurice Massar
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
18 $Id$
19 */
20
21 #ifndef __TUNIP_H__
22 #define __TUNIP_H__
23
24 #include "isakmp.h"
25
26 #include <time.h>
27 #include <net/if.h>
28
29 struct lifetime {
30 time_t start;
31 uint32_t seconds;
32 uint32_t kbytes;
33 uint32_t rx;
34 uint32_t tx;
35 };
36
37 struct ike_sa {
38 uint32_t spi;
39 uint32_t seq_id; /* for replay protection (not implemented) */
40
41 uint8_t *key;
42 uint8_t *key_cry;
43 gcry_cipher_hd_t cry_ctx;
44 uint8_t *key_md;
45
46 /* Description of the packet being processed */
47 unsigned char *buf;
48 unsigned int bufsize, bufpayload, var_header_size;
49 int buflen;
50 };
51
52 struct encap_method; /* private to tunip.c */
53
54 enum natt_active_mode_enum{
55 NATT_ACTIVE_NONE,
56 NATT_ACTIVE_CISCO_UDP, /* isakmp and esp on different ports => never encap */
57 NATT_ACTIVE_DRAFT_OLD, /* as in natt-draft 0 and 1 */
58 NATT_ACTIVE_RFC /* draft 2 and RFC3947 / RFC3948 */
59 };
60
61 struct sa_block {
62 const char *pidfile;
63
64 int tun_fd; /* fd to host via tun/tap */
65 char tun_name[IFNAMSIZ];
66 uint8_t tun_hwaddr[ETH_ALEN];
67
68 struct in_addr dst; /* ip of concentrator, must be set */
69 struct in_addr src; /* local ip, from getsockname() */
70
71 struct in_addr opt_src_ip; /* configured local ip, can be 0.0.0.0 */
72
73 /* these sockets are connect()ed */
74 int ike_fd; /* fd over isakmp traffic, and in case of NAT-T esp too */
75 int esp_fd; /* raw socket for ip-esp or Cisco-UDP or ike_fd (NAT-T) */
76
77 struct {
78 int timeout;
79 uint8_t *resend_hash;
80 uint16_t src_port, dst_port;
81 uint8_t i_cookie[ISAKMP_COOKIE_LENGTH];
82 uint8_t r_cookie[ISAKMP_COOKIE_LENGTH];
83 uint8_t *key; /* ike encryption key */
84 size_t keylen;
85 uint8_t *initial_iv;
86 uint8_t *skeyid_a;
87 uint8_t *skeyid_d;
88 int auth_algo; /* PSK, PSK+Xauth, Hybrid ToDo: Cert/... */
89 int cry_algo, md_algo;
90 size_t ivlen, md_len;
91 uint8_t current_iv_msgid[4];
92 uint8_t *current_iv;
93 struct lifetime life;
94 int do_dpd;
95 int dpd_idle;
96 uint32_t dpd_seqno;
97 uint32_t dpd_seqno_ack;
98 time_t dpd_sent;
99 unsigned int dpd_attempts;
100 uint8_t *psk_hash;
101 uint8_t *sa_f, *idi_f;
102 size_t sa_size, idi_size;
103 uint8_t *dh_public;
104 struct group *dh_grp;
105 uint8_t i_nonce[20];
106 uint8_t *returned_hash;
107 int natd_type;
108 uint8_t *natd_us, *natd_them;
109 } ike;
110 struct in_addr our_address;
111 struct {
112 int do_pfs;
113 int cry_algo, md_algo;
114 size_t key_len, md_len;
115 size_t blk_len, iv_len;
116 uint16_t encap_mode;
117 uint16_t peer_udpencap_port;
118 enum natt_active_mode_enum natt_active_mode;
119 struct lifetime life;
120 struct ike_sa rx, tx;
121 struct encap_method *em;
122 uint16_t ip_id;
123 } ipsec;
124 };
125
126 extern int volatile do_kill;
127 extern void vpnc_doit(struct sa_block *s);
128
129 #endif
client for cisco vpn concentrator