1 /* IPSec ESP and AH support.
2    Copyright (C) 2005 Maurice Massar
3 
4    This program is free software; you can redistribute it and/or modify
5    it under the terms of the GNU General Public License as published by
6    the Free Software Foundation; either version 2 of the License, or
7    (at your option) any later version.
8 
9    This program is distributed in the hope that it will be useful,
10    but WITHOUT ANY WARRANTY; without even the implied warranty of
11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12    GNU General Public License for more details.
13 
14    You should have received a copy of the GNU General Public License
15    along with this program; if not, write to the Free Software
16    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
17 
18    $Id: tunip.h 312 2008-06-15 18:09:42Z Joerg Mayer $
19 */
20 
21 #ifndef __TUNIP_H__
22 #define __TUNIP_H__
23 
24 #include "isakmp.h"
25 
26 #include <time.h>
27 #include <net/if.h>
28 
29 struct lifetime {
30 	time_t   start;
31 	uint32_t seconds;
32 	uint32_t kbytes;
33 	uint32_t rx;
34 	uint32_t tx;
35 };
36 
37 struct ike_sa {
38 	uint32_t spi;
39 	uint32_t seq_id; /* for replay protection (not implemented) */
40 
41 	uint8_t *key;
42 	uint8_t *key_cry;
43 	gcry_cipher_hd_t cry_ctx;
44 	uint8_t *key_md;
45 
46 	/* Description of the packet being processed */
47 	unsigned char *buf;
48 	unsigned int bufsize, bufpayload, var_header_size;
49 	int buflen;
50 };
51 
52 struct encap_method; /* private to tunip.c */
53 
54 enum natt_active_mode_enum{
55 	NATT_ACTIVE_NONE,
56 	NATT_ACTIVE_CISCO_UDP, /* isakmp and esp on different ports => never encap */
57 	NATT_ACTIVE_DRAFT_OLD, /* as in natt-draft 0 and 1 */
58 	NATT_ACTIVE_RFC        /* draft 2 and RFC3947 / RFC3948 */
59 };
60 
61 struct sa_block {
62 	const char *pidfile;
63 
64 	int tun_fd; /* fd to host via tun/tap */
65 	char tun_name[IFNAMSIZ];
66 	uint8_t tun_hwaddr[ETH_ALEN];
67 
68 	struct in_addr dst; /* ip of concentrator, must be set */
69 	struct in_addr src; /* local ip, from getsockname() */
70 
71 	struct in_addr opt_src_ip; /* configured local ip, can be 0.0.0.0 */
72 
73 	/* these sockets are connect()ed */
74 	int ike_fd; /* fd over isakmp traffic, and in case of NAT-T esp too */
75 	int esp_fd; /* raw socket for ip-esp or Cisco-UDP or ike_fd (NAT-T) */
76 
77 	struct {
78 		int timeout;
79 		uint8_t *resend_hash;
80 		uint16_t src_port, dst_port;
81 		uint8_t i_cookie[ISAKMP_COOKIE_LENGTH];
82 		uint8_t r_cookie[ISAKMP_COOKIE_LENGTH];
83 		uint8_t *key; /* ike encryption key */
84 		size_t keylen;
85 		uint8_t *initial_iv;
86 		uint8_t *skeyid_a;
87 		uint8_t *skeyid_d;
88 		int auth_algo; /* PSK, PSK+Xauth, Hybrid ToDo: Cert/... */
89 		int cry_algo, md_algo;
90 		size_t ivlen, md_len;
91 		uint8_t current_iv_msgid[4];
92 		uint8_t *current_iv;
93 		struct lifetime life;
94 		int do_dpd;
95 		int dpd_idle;
96 		uint32_t dpd_seqno;
97 		uint32_t dpd_seqno_ack;
98 		time_t dpd_sent;
99 		unsigned int dpd_attempts;
100 	} ike;
101 	uint8_t our_address[4], our_netmask[4];
102 	struct {
103 		int do_pfs;
104 		int cry_algo, md_algo;
105 		size_t key_len, md_len;
106 		size_t blk_len, iv_len;
107 		uint16_t encap_mode;
108 		uint16_t peer_udpencap_port;
109 		enum natt_active_mode_enum natt_active_mode;
110 		struct lifetime life;
111 		struct ike_sa rx, tx;
112 		struct encap_method *em;
113 		uint16_t ip_id;
114 	} ipsec;
115 };
116 
117 extern int volatile do_kill;
118 extern void vpnc_doit(struct sa_block *s);
119 
120 #endif
121