1 /*	$NetBSD: nattraversal.h,v 1.8 2018/05/19 18:51:59 maxv Exp $	*/
2 
3 /*
4  * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
5  * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the project nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 #ifndef _NATTRAVERSAL_H
34 #define _NATTRAVERSAL_H
35 
36 #include "vendorid.h"
37 
38 #define	NAT_ANNOUNCED		(1L<<0)
39 #define	NAT_DETECTED_ME		(1L<<1)
40 #define	NAT_DETECTED_PEER	(1L<<2)
41 #define	NAT_PORTS_CHANGED	(1L<<3)
42 #define	NAT_KA_QUEUED		(1L<<4)
43 #define	NAT_ADD_NON_ESP_MARKER	(1L<<5)
44 
45 #define	NATT_AVAILABLE(_ph1)	((_ph1)->natt_flags & NAT_ANNOUNCED)
46 
47 #define	NAT_DETECTED	(NAT_DETECTED_ME | NAT_DETECTED_PEER)
48 
49 #define	NON_ESP_MARKER_LEN	sizeof(u_int32_t)
50 #define	NON_ESP_MARKER_USE(_ph1)	((_ph1)->natt_flags & NAT_ADD_NON_ESP_MARKER)
51 
52 /*
53  * These are the values from parsing "remote {}" block of the config file.
54  */
55 #define NATT_OFF	FLASE	/* = 0 */
56 #define NATT_ON		TRUE	/* = 1 */
57 #define NATT_FORCE	2
58 
59 struct ph1natt_options {
60 	int version;
61 	u_int16_t float_port;
62 	u_int16_t mode_udp_tunnel;
63 	u_int16_t mode_udp_transport;
64 	u_int16_t encaps_type; /* ESPINUDP / ESPINUDP_NON_IKE */
65 	u_int16_t mode_udp_diff;
66 	u_int16_t payload_nat_d;
67 	u_int16_t payload_nat_oa;
68 };
69 
70 struct ph2natt {
71 	u_int8_t type;
72 	u_int16_t sport;
73 	u_int16_t dport;
74 	struct sockaddr *oa;
75 	u_int16_t frag;
76 };
77 
78 int natt_vendorid(int vid);
79 vchar_t *natt_hash_addr(struct ph1handle *iph1, struct sockaddr *addr);
80 int natt_compare_addr_hash(struct ph1handle *iph1, vchar_t *natd_received, int natd_seq);
81 int natt_udp_encap(int encmode);
82 int natt_fill_options(struct ph1natt_options *opts, int version);
83 void natt_float_ports(struct ph1handle *iph1);
84 void natt_handle_vendorid(struct ph1handle *iph1, int vid_numeric);
85 
86 struct payload_list *
87 isakmp_plist_append_natt_vids(struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]);
88 
89 /* NAT keepalive functions */
90 void natt_keepalive_init(void);
91 int natt_keepalive_add(struct sockaddr *src, struct sockaddr *dst);
92 int natt_keepalive_add_ph1(struct ph1handle *iph1);
93 void natt_keepalive_remove(struct sockaddr *src, struct sockaddr *dst);
94 
95 /* Walk through all rmconfigs and tell if NAT-T is enabled in at least one. */
96 int natt_enabled_in_rmconf(void);
97 
98 #endif /* _NATTRAVERSAL_H */
99