1 // SoftEther VPN Source Code - Developer Edition Master Branch 2 // Cedar Communication Module 3 // © 2020 Nokia 4 5 // Cedar.h 6 // Header of Cedar.c 7 8 #ifndef CEDAR_H 9 #define CEDAR_H 10 11 #include "CedarType.h" 12 #include "GlobalConst.h" 13 14 #include "Mayaqua/Network.h" 15 16 ////////////////////////////////////////////////////////////////////// 17 // 18 // Products related constants 19 // 20 ////////////////////////////////////////////////////////////////////// 21 22 // Replace the function name 23 #ifdef VPN_SPEED 24 25 #define DecryptSecurePacket __dsp 26 #define CreateSecurePacket __csp 27 #define GetSecureRandomSize __gsrs 28 29 #endif // VPN_SPEED 30 31 // Version number 32 #ifndef CEDAR_VERSION_MAJOR 33 #define CEDAR_VERSION_MAJOR 0 34 #endif // CEDAR_VERSION_MAJOR 35 36 #ifndef CEDAR_VERSION_MINOR 37 #define CEDAR_VERSION_MINOR 0 38 #endif // CEDAR_VER_MINOR 39 40 // Build number 41 #ifndef CEDAR_VERSION_BUILD 42 #define CEDAR_VERSION_BUILD 0 43 #endif // CEDAR_VERSION_BUILD 44 45 // Beta number 46 //#define BETA_NUMBER 3 47 48 // RC or not 49 #define RELEASE_CANDIDATE 50 51 // Specify the name of the person in charge building 52 #ifndef BUILDER_NAME 53 #define BUILDER_NAME "Unknown" 54 #endif // BUILDER_NAME 55 56 // Specify the location to build 57 #ifndef BUILD_PLACE 58 #define BUILD_PLACE "Unknown" 59 #endif // BUILD_PLACE 60 61 // Specifies the build date 62 #ifndef BUILD_DATE_Y 63 #define BUILD_DATE_Y 1970 64 #endif // BUILD_DATE_Y 65 66 #ifndef BUILD_DATE_M 67 #define BUILD_DATE_M 1 68 #endif // BUILD_DATE_M 69 70 #ifndef BUILD_DATE_D 71 #define BUILD_DATE_D 1 72 #endif // BUILD_DATE_D 73 74 #ifndef BUILD_DATE_HO 75 #define BUILD_DATE_HO 0 76 #endif // BUILD_DATE_HO 77 78 #ifndef BUILD_DATE_MI 79 #define BUILD_DATE_MI 0 80 #endif // BUILD_DATE_MI 81 82 #ifndef BUILD_DATE_SE 83 #define BUILD_DATE_SE 0 84 #endif // BUILD_DATE_SE 85 86 // Tolerable time difference 87 #define ALLOW_TIMESTAMP_DIFF (UINT64)(3 * 24 * 60 * 60 * 1000) 88 89 90 // Configuration of communication related control switch 91 #define USE_DOS_ATTACK_DETECTION // Enable the DOS attack detection 92 //#define USE_SECURE_PACKET // Enable the scrambled packet 93 94 // Designate the IDS detection signatures 95 #define CEDAR_SIGNATURE_STR "SE-VPN4-PROTOCOL" 96 97 // Default RSA certificate name of the smart card 98 #define SECURE_DEFAULT_CERT_NAME "VPN_RSA_CERT" 99 100 // Default RSA private key name of the smart card 101 #define SECURE_DEFAULT_KEY_NAME "VPN_RSA_KEY" 102 103 // Hidden password string of 8 characters 104 #define HIDDEN_PASSWORD "********" 105 106 // Default separator character for the hub name in the username 107 #define DEFAULT_USERNAME_HUB_SEPARATOR '@' 108 109 110 ////////////////////////////////////////////////////////////////////// 111 // 112 // Definition of the maximum length of various string 113 // 114 ////////////////////////////////////////////////////////////////////// 115 116 #define MAX_ACCOUNT_NAME_LEN 255 // Maximum account name length 117 #define MAX_USERNAME_LEN 255 // User name maximum length 118 #define MAX_PASSWORD_LEN 255 // Password name maximum length 119 #define MAX_SERVER_STR_LEN 255 // Maximum length of server string 120 #define MAX_CLIENT_STR_LEN 255 // Maximum length of client string 121 #define MAX_HUBNAME_LEN 255 // Maximum length of HUB name 122 #define MAX_SESSION_NAME_LEN 255 // Session name maximum length 123 #define MAX_CONNECTION_NAME_LEN 255 // Maximum length of connection name 124 #define MAX_DEVICE_NAME_LEN 31 // Device name maximum length 125 #define MAX_ACCESSLIST_NOTE_LEN 255 // Maximum length of the note of access list entry 126 #define MAX_SECURE_DEVICE_FILE_LEN 255 // Secure device file name maximum length 127 #define MAX_ADMIN_OPTION_NAME_LEN 63 // Management option name 128 #define MAX_REDIRECT_URL_LEN 255 // URL length to redirect 129 130 131 ////////////////////////////////////////////////////////////////////// 132 // 133 // Server and session management related constants 134 // 135 ////////////////////////////////////////////////////////////////////// 136 137 #define SERVER_MAX_SESSIONS 4096 // Maximum number of sessions that the server supports 138 #define SERVER_MAX_SESSIONS_FOR_CARRIER_EDITION 100000 // Maximum number of sessions that the server supports (Carrier Edition) 139 #define NAT_MAX_SESSIONS 20000 // Maximum number of sessions that are supported by NAT 140 #define NAT_MAX_SESSIONS_KERNEL 65536 // Maximum number of sessions that are supported by NAT (In the case of kernel-mode NAT) 141 #define MAX_HUBS 4096 // The maximum number of virtual HUB 142 #define MAX_HUBS_FOR_CARRIER_EDITION 100000 // The maximum number of virtual HUB (Carrier Edition) 143 #define MAX_ACCESSLISTS (4096 * 8) // Maximum number of access list entries 144 #define MAX_USERS 10000 // The maximum number of users 145 #define MAX_GROUPS 10000 // Maximum number of groups 146 #define MAX_MAC_TABLES VPN_GP(GP_MAX_MAC_TABLES, 65536) // Maximum number of MAC address table entries 147 #define MAX_IP_TABLES VPN_GP(GP_MAX_IP_TABLES, 65536) // Maximum number of IP address table entries 148 #define MAX_HUB_CERTS 4096 // Maximum number of Root CA that can be registered 149 #define MAX_HUB_CRLS 4096 // Maximum number of CRL that can be registered 150 #define MAX_HUB_ACS 4096 // Maximum number of AC that can be registered 151 #define MAX_HUB_LINKS VPN_GP(GP_MAX_HUB_LINKS, 1024) // Maximum number of Cascade that can be registered 152 #define MAX_HUB_ADMIN_OPTIONS 4096 // Maximum number of Virtual HUB management options that can be registered 153 154 #ifndef USE_STRATEGY_LOW_MEMORY 155 #define MEM_FIFO_REALLOC_MEM_SIZE VPN_GP(GP_MEM_FIFO_REALLOC_MEM_SIZE, (65536 * 10)) 156 #define QUEUE_BUDGET VPN_GP(GP_QUEUE_BUDGET, 2048) 157 #define FIFO_BUDGET VPN_GP(GP_FIFO_BUDGET, 1600 * 1600 * 4) 158 #else // USE_STRATEGY_LOW_MEMORY 159 #define MEM_FIFO_REALLOC_MEM_SIZE VPN_GP(GP_MEM_FIFO_REALLOC_MEM_SIZE, (65536)) 160 #define QUEUE_BUDGET VPN_GP(GP_QUEUE_BUDGET, 1024) 161 #define FIFO_BUDGET VPN_GP(GP_FIFO_BUDGET, 1000000) 162 #endif // USE_STRATEGY_LOW_MEMORY 163 164 #define MAX_PACKET_SIZE 1600 // Maximum packet size 165 #define UDP_BUF_SIZE (32 * 1024) // Aim of the UDP packet size 166 167 #ifndef USE_STRATEGY_LOW_MEMORY 168 #define MAX_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_SIZE, (1600 * 1600 * 1)) // Maximum transmit queue size 169 #define MIN_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MIN_SEND_SOCKET_QUEUE_SIZE, (1600 * 200 * 1)) // Minimum transmit queue size 170 #define MAX_STORED_QUEUE_NUM VPN_GP(GP_MAX_STORED_QUEUE_NUM, 1024) // The number of queues that can be stored in each session 171 #define MAX_BUFFERING_PACKET_SIZE VPN_GP(GP_MAX_BUFFERING_PACKET_SIZE, (1600 * 1600)) // Maximum packet size can be buffered 172 #else // USE_STRATEGY_LOW_MEMORY 173 #define MAX_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_SIZE, (1600 * 200 * 1)) // Maximum transmit queue size 174 #define MIN_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MIN_SEND_SOCKET_QUEUE_SIZE, (1600 * 50 * 1)) // Minimum transmit queue size 175 #define MAX_STORED_QUEUE_NUM VPN_GP(GP_MAX_STORED_QUEUE_NUM, 384) // The number of queues that can be stored in each session 176 #define MAX_BUFFERING_PACKET_SIZE VPN_GP(GP_MAX_BUFFERING_PACKET_SIZE, (1600 * 300 * 1)) // Maximum packet size can be buffered 177 #endif // USE_STRATEGY_LOW_MEMORY 178 179 #define MAX_SEND_SOCKET_QUEUE_NUM VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_NUM, 128) // Maximum number of transmission queue items per processing 180 #define MAX_TCP_CONNECTION 32 // The maximum number of TCP connections 181 #define NUM_TCP_CONNECTION_FOR_UDP_RECOVERY 2 // Maximum number of connections when using UDP recovery 182 #define SELECT_TIME VPN_GP(GP_SELECT_TIME, 256) 183 #define SELECT_TIME_FOR_NAT VPN_GP(GP_SELECT_TIME_FOR_NAT, 30) 184 #define SELECT_TIME_FOR_DELAYED_PKT 1 // If there is a delayed packet 185 186 #define TIMEOUT_MIN (5 * 1000) // Minimum timeout in seconds 187 #define TIMEOUT_MAX (60 * 1000) // Maximum timeout in seconds 188 #define TIMEOUT_DEFAULT (30 * 1000) // Default number of seconds to timeout 189 #define CONNECTING_TIMEOUT (15 * 1000) // Timeout in seconds of being connected 190 #define CONNECTING_POOLING_SPAN (3 * 1000) // Polling interval of connected 191 #define MIN_RETRY_INTERVAL (5 * 1000) // Minimum retry interval 192 #define MAX_RETRY_INTERVAL (300 * 1000) // Maximum retry interval 193 #define RETRY_INTERVAL_SPECIAL (60 * 1000) // Reconnection interval of a special case 194 195 #define MAX_ADDITIONAL_CONNECTION_FAILED_COUNTER 16 // Allowable number that can be serially failed to additional connection 196 #define ADDITIONAL_CONNECTION_COUNTER_RESET_INTERVAL (30 * 60 * 1000) // Reset period of additional connection failure counter 197 198 #define MAC_MIN_LIMIT_COUNT 3 // Minimum number of MAC addresses 199 #define IP_MIN_LIMIT_COUNT 4 // Number of IPv4 addresses minimum 200 #define IP_MIN_LIMIT_COUNT_V6 5 // Number of IPv6 addresses minimum 201 #define IP_LIMIT_WHEN_NO_ROUTING_V6 15 // Maximum number of IPv6 addresses when NoRouting policy is enabled 202 203 #define MAC_TABLE_EXCLUSIVE_TIME (13 * 1000) // Period that can occupy the MAC address 204 #define IP_TABLE_EXCLUSIVE_TIME (13 * 1000) // Period that can occupy the IP address 205 #define MAC_TABLE_EXPIRE_TIME VPN_GP(GP_MAC_TABLE_EXPIRE_TIME, (600 * 1000)) // MAC address table expiration time 206 #define IP_TABLE_EXPIRE_TIME VPN_GP(GP_IP_TABLE_EXPIRE_TIME, (60 * 1000)) // IP address table expiration time 207 #define IP_TABLE_EXPIRE_TIME_DHCP VPN_GP(GP_IP_TABLE_EXPIRE_TIME_DHCP, (5 * 60 * 1000)) // IP address table expiration time (In the case of DHCP) 208 #define HUB_ARP_SEND_INTERVAL VPN_GP(GP_HUB_ARP_SEND_INTERVAL, (5 * 1000)) // ARP packet transmission interval (alive check) 209 210 #define LIMITER_SAMPLING_SPAN 1000 // Sampling interval of the traffic limiting device 211 212 #define STORM_CHECK_SPAN VPN_GP(GP_STORM_CHECK_SPAN, 500) // Broadcast storm check interval 213 #define STORM_DISCARD_VALUE_START VPN_GP(GP_STORM_DISCARD_VALUE_START, 3) // Broadcast packet discard value start value 214 #define STORM_DISCARD_VALUE_END VPN_GP(GP_STORM_DISCARD_VALUE_END, 1024) // Broadcast packet discard value end value 215 216 #define KEEP_INTERVAL_MIN 5 // Packet transmission interval minimum value 217 #define KEEP_INTERVAL_DEFAULT 50 // Packet transmission interval default value 218 #define KEEP_INTERVAL_MAX 600 // Packet transmission interval maximum value 219 #define KEEP_TCP_TIMEOUT 1000 // TCP time-out value 220 221 #define TICKET_EXPIRES (60 * 1000) // Expiration date of ticket 222 223 #define SEND_KILL_NUM_X 256 // Number of 'X' characters to send the Kill 224 225 226 #define FARM_BASE_POINT 100000 // Reference value of the cluster score 227 #define FARM_DEFAULT_WEIGHT 100 // Standard performance ratio 228 229 #define DH_PARAM_BITS_DEFAULT 2048 // Bits of Diffie-Hellman Parameters 230 231 232 #define SE_UDP_SIGN "SE2P" // Not used (only old UDP mode) 233 234 // R-UDP service name 235 #define VPN_RUDP_SVC_NAME "SoftEther_VPN" 236 237 // Traffic information update interval 238 #define INCREMENT_TRAFFIC_INTERVAL (10 * 1000) 239 240 // State of the client session 241 #define CLIENT_STATUS_CONNECTING 0 // Connecting 242 #define CLIENT_STATUS_NEGOTIATION 1 // Negotiating 243 #define CLIENT_STATUS_AUTH 2 // During user authentication 244 #define CLIENT_STATUS_ESTABLISHED 3 // Connection complete 245 #define CLIENT_STATUS_RETRY 4 // Wait to retry 246 #define CLIENT_STATUS_IDLE 5 // Idle state 247 248 // Expiration date of the black list 249 #define BLACK_LIST_EXPIRES (30 * 10000) 250 251 // Number Blacklist entries 252 #define MAX_BLACK_LIST 4096 253 #define BLACK_LIST_CHECK_SPAN 1000 254 255 // Blocks to be transmitted at one during the file transfer 256 #define FTP_BLOCK_SIZE (640 * 1024) 257 258 // Syslog configuration 259 #define SYSLOG_NONE 0 // Do not use syslog 260 #define SYSLOG_SERVER_LOG 1 // Only server log 261 #define SYSLOG_SERVER_AND_HUB_SECURITY_LOG 2 // Server and Virtual HUB security log 262 #define SYSLOG_SERVER_AND_HUB_ALL_LOG 3 // Server, Virtual HUB security, and packet log 263 264 #define SYSLOG_PORT 514 // Syslog port number 265 #define SYSLOG_POLL_IP_INTERVAL (UINT64)(3600 * 1000) // Interval to examine the IP address 266 #define SYSLOG_POLL_IP_INTERVAL_NG (UINT64)(60 * 1000) // Interval to examine the IP address (previous failure) 267 268 ////////////////////////////////////////////////////////////////////// 269 // 270 // Connection-related constant 271 // 272 ////////////////////////////////////////////////////////////////////// 273 274 // Internet connection maintenance function (KeepAlive) 275 276 #define KEEP_RETRY_INTERVAL (60 * 1000) // Reconnection interval on connection failure 277 #define KEEP_MIN_PACKET_SIZE 1 // Minimum packet size 278 #define KEEP_MAX_PACKET_SIZE 128 // Maximum packet size 279 #define KEEP_POLLING_INTERVAL 250 // KEEP polling interval 280 281 // Constants 282 #define RECV_BUF_SIZE 65536 // Buffer size to be received at a time 283 284 // Type of proxy 285 #define PROXY_DIRECT 0 // Direct TCP connection 286 #define PROXY_HTTP 1 // Connection via HTTP proxy server 287 #define PROXY_SOCKS 2 // Connection via SOCKS4 proxy server 288 #define PROXY_SOCKS5 3 // Connection via SOCKS5 proxy server 289 290 // Direction of data flow 291 #define TCP_BOTH 0 // Bi-directional 292 #define TCP_SERVER_TO_CLIENT 1 // Only server -> client direction 293 #define TCP_CLIENT_TO_SERVER 2 // Only client -> server direction 294 295 // Type of connection 296 #define CONNECTION_TYPE_CLIENT 0 // Client 297 #define CONNECTION_TYPE_INIT 1 // During initialization 298 #define CONNECTION_TYPE_LOGIN 2 // Login connection 299 #define CONNECTION_TYPE_ADDITIONAL 3 // Additional connection 300 #define CONNECTION_TYPE_FARM_RPC 4 // RPC for server farm 301 #define CONNECTION_TYPE_ADMIN_RPC 5 // RPC for Management 302 #define CONNECTION_TYPE_ENUM_HUB 6 // HUB enumeration 303 #define CONNECTION_TYPE_PASSWORD 7 // Password change 304 #define CONNECTION_TYPE_OTHER 0xffffffff // E.g. Third-party protocol 305 306 // Protocol 307 #define CONNECTION_TCP 0 // TCP protocol 308 #define CONNECTION_UDP 1 // UDP protocol 309 #define CONNECTION_HUB_LAYER3 6 // Layer-3 switch session 310 #define CONNECTION_HUB_BRIDGE 7 // Bridge session 311 #define CONNECTION_HUB_SECURE_NAT 8 // Secure NAT session 312 #define CONNECTION_HUB_LINK_SERVER 9 // HUB link session 313 314 315 // Status 316 #define CONNECTION_STATUS_ACCEPTED 0 // The connection is accepted (client side) 317 #define CONNECTION_STATUS_NEGOTIATION 1 // Negotiating 318 #define CONNECTION_STATUS_USERAUTH 2 // During user authentication 319 #define CONNECTION_STATUS_ESTABLISHED 3 // Connection has been established 320 #define CONNECTION_STATUS_CONNECTING 0 // Connecting (client side) 321 322 // Magic number of KeepAlive packet 323 #define KEEP_ALIVE_MAGIC 0xffffffff 324 #define MAX_KEEPALIVE_SIZE 512 325 326 327 328 ////////////////////////////////////////////////////////////////////// 329 // 330 // Virtual HUB-related constant 331 // 332 ////////////////////////////////////////////////////////////////////// 333 334 #define SE_HUB_MAC_ADDR_SIGN 0xAE // Sign virtual HUB MAC address 335 336 // Traffic difference value 337 #define TRAFFIC_DIFF_USER 0 // User 338 #define TRAFFIC_DIFF_HUB 1 // Virtual HUB 339 #define MAX_TRAFFIC_DIFF 30000 // Maximum number of items 340 341 // Type of HUB 342 #define HUB_TYPE_STANDALONE 0 // Stand-alone HUB 343 #define HUB_TYPE_FARM_STATIC 1 // Static HUB 344 #define HUB_TYPE_FARM_DYNAMIC 2 // Dynamic HUB 345 346 // Related to delay, jitter, packet loss in the access list 347 #define HUB_ACCESSLIST_DELAY_MAX 10000 // Maximum delay 348 #define HUB_ACCESSLIST_JITTER_MAX 100 // Maximum jitter 349 #define HUB_ACCESSLIST_LOSS_MAX 100 // Maximum packet loss 350 351 // Message related 352 #define HUB_MAXMSG_LEN 20000 // The maximum number of characters in a message 353 354 355 356 ////////////////////////////////////////////////////////////////////// 357 // 358 // Type of user authentication 359 // 360 ////////////////////////////////////////////////////////////////////// 361 362 // Constant in the server-side 363 #define AUTHTYPE_ANONYMOUS 0 // Anonymous authentication 364 #define AUTHTYPE_PASSWORD 1 // Password authentication 365 #define AUTHTYPE_USERCERT 2 // User certificate authentication 366 #define AUTHTYPE_ROOTCERT 3 // Root certificate which is issued by trusted Certificate Authority 367 #define AUTHTYPE_RADIUS 4 // Radius authentication 368 #define AUTHTYPE_NT 5 // Windows NT authentication 369 #define AUTHTYPE_WIREGUARD_KEY 97 // WireGuard public key authentication 370 #define AUTHTYPE_OPENVPN_CERT 98 // TLS client certificate authentication 371 #define AUTHTYPE_TICKET 99 // Ticket authentication 372 373 // Constant of the client side 374 #define CLIENT_AUTHTYPE_ANONYMOUS 0 // Anonymous authentication 375 #define CLIENT_AUTHTYPE_PASSWORD 1 // Password authentication 376 #define CLIENT_AUTHTYPE_PLAIN_PASSWORD 2 // Plain password authentication 377 #define CLIENT_AUTHTYPE_CERT 3 // Certificate authentication 378 #define CLIENT_AUTHTYPE_SECURE 4 // Secure device authentication 379 #define CLIENT_AUTHTYPE_OPENSSLENGINE 5 // Openssl engine authentication 380 381 382 383 ////////////////////////////////////////////////////////////////////// 384 // 385 // TCP listener related constants 386 // 387 ////////////////////////////////////////////////////////////////////// 388 389 // Retries in case it fails to Listen 390 #define LISTEN_RETRY_TIME (2 * 1000) // If fail to Listen normally 391 #define LISTEN_RETRY_TIME_NOIPV6 (60 * 1000) // If IPv6 support is disabled 392 393 #define DOS_TABLE_EXPIRES_FIRST 250 // Initial value of the expiration date of DOS attack list 394 #define DOS_TABLE_EXPIRES_MAX 1000 // Maximum value of the expiration date of DOS attack list 395 #define DOS_TABLE_REFRESH_INTERVAL (10 * 1000) // Interval to update the DOS attack list 396 #define DOS_TABLE_MAX_LIMIT_PER_IP 16 // Accessible number per an IP 397 #define DOS_TABLE_EXPIRES_TOTAL (3000 * 1000) // Time to force delete the entry 398 399 400 // Protocol to be used for the listener 401 #define LISTENER_TCP 0 // TCP/IP 402 #define LISTENER_UDP 1 // UDP/IP (not being used) 403 #define LISTENER_INPROC 2 // In-process communication 404 #define LISTENER_RUDP 3 // R-UDP with NAT-T 405 #define LISTENER_ICMP 4 // VPN over ICMP 406 #define LISTENER_DNS 5 // VPN over DNS 407 #define LISTENER_REVERSE 6 // Reverse socket 408 409 // Status of the listener 410 #define LISTENER_STATUS_TRYING 0 // While attempting 411 #define LISTENER_STATUS_LISTENING 1 // Listening 412 413 // Largest packet size of UDP 414 #define UDP_PACKET_SIZE 65536 415 416 // Number of standard connections per IP address 417 #define DEFAULT_MAX_CONNECTIONS_PER_IP 256 418 #define MIN_MAX_CONNECTIONS_PER_IP 10 // Minimum value 419 420 // Allowed number of outstanding connections 421 #define DEFAULT_MAX_UNESTABLISHED_CONNECTIONS 1000 422 #define MIN_MAX_UNESTABLISHED_CONNECTIONS 30 // Minimum value 423 424 425 ////////////////////////////////////////////////////////////////////// 426 // 427 // Log related constant 428 // 429 ////////////////////////////////////////////////////////////////////// 430 431 #define LOG_ENGINE_SAVE_START_CACHE_COUNT 100000 // Number to start saving forcibly 432 #define LOG_ENGINE_BUFFER_CACHE_SIZE_MAX (10 * 1024 * 1024) // Write cache size 433 434 // Constant such as a file name 435 // 436 // These placeholders will be replaced in InnerFilePathW(). 437 // 438 // @ - placeholder for LogDir 439 // $ - placeholder for DbDir (config directory) 440 // 441 #define SERVER_LOG_DIR "server" 442 #define SERVER_LOG_DIR_NAME "@"SERVER_LOG_DIR 443 #define BRIDGE_LOG_DIR_NAME SERVER_LOG_DIR_NAME 444 #define SERVER_LOG_PERFIX "vpn" 445 446 #define HUB_SECURITY_LOG_DIR "security" 447 #define HUB_SECURITY_LOG_DIR_NAME "@"HUB_SECURITY_LOG_DIR 448 #define HUB_SECURITY_LOG_FILE_NAME HUB_SECURITY_LOG_DIR_NAME"/%s" 449 #define HUB_SECURITY_LOG_PREFIX "sec" 450 #define HUB_PACKET_LOG_DIR "packet" 451 #define HUB_PACKET_LOG_DIR_NAME "@"HUB_PACKET_LOG_DIR 452 #define HUB_PACKET_LOG_FILE_NAME HUB_PACKET_LOG_DIR_NAME"/%s" 453 #define HUB_PACKET_LOG_PREFIX "pkt" 454 455 #define NAT_LOG_DIR "secure_nat" 456 #define NAT_LOG_DIR_NAME "@"NAT_LOG_DIR 457 #define NAT_LOG_FILE_NAME NAT_LOG_DIR_NAME"/%s" 458 #define NAT_LOG_PREFIX "snat" 459 460 #define CLIENT_LOG_DIR_NAME "@client" 461 #define CLIENT_LOG_PREFIX "client" 462 463 // Packet log settings 464 #define NUM_PACKET_LOG 16 465 #define PACKET_LOG_TCP_CONN 0 // TCP connection log 466 #define PACKET_LOG_TCP 1 // TCP packet log 467 #define PACKET_LOG_DHCP 2 // DHCP Log 468 #define PACKET_LOG_UDP 3 // UDP log 469 #define PACKET_LOG_ICMP 4 // ICMP log 470 #define PACKET_LOG_IP 5 // IP log 471 #define PACKET_LOG_ARP 6 // ARP log 472 #define PACKET_LOG_ETHERNET 7 // Ethernet log 473 474 #define PACKET_LOG_NONE 0 // Not save 475 #define PACKET_LOG_HEADER 1 // Only header 476 #define PACKET_LOG_ALL 2 // Store also data 477 478 // Timing of log switching 479 #define LOG_SWITCH_NO 0 // No switching 480 #define LOG_SWITCH_SECOND 1 // Secondly basis 481 #define LOG_SWITCH_MINUTE 2 // Minutely basis 482 #define LOG_SWITCH_HOUR 3 // Hourly basis 483 #define LOG_SWITCH_DAY 4 // Daily basis 484 #define LOG_SWITCH_MONTH 5 // Monthly basis 485 486 // Minimum amount of free disk space 487 #define DISK_FREE_SPACE_MIN 1048576 // 1 MBytes 488 #define DISK_FREE_SPACE_DEFAULT (DISK_FREE_SPACE_MIN * 100) // 100 Mbytes 489 #define DISK_FREE_SPACE_DEFAULT_WINDOWS ((UINT64)(8ULL * 1024ULL * 1024ULL * 1024ULL)) // 8GBytes 490 491 // Interval to check the free space 492 #define DISK_FREE_CHECK_INTERVAL_DEFAULT (5 * 60 * 1000) 493 494 // Simple log 495 #define TINY_LOG_DIRNAME "@tiny_log" 496 #define TINY_LOG_FILENAME "@tiny_log/%04u%02u%02u_%02u%02u%02u.log" 497 498 499 ////////////////////////////////////////////////////////////////////// 500 // 501 // Constant related to Carrier Edition 502 // 503 ////////////////////////////////////////////////////////////////////// 504 505 #define CE_SNAPSHOT_INTERVAL ((UINT64)(3600 * 1000)) 506 //#define CE_SNAPSHOT_INTERVAL ((UINT64)(3000)) 507 #define CE_SNAPSHOT_POLLING_INTERVAL (1 * 1000) 508 #define CE_SNAPSHOT_POLLING_INTERVAL_LICENSE (30 * 1000) 509 #define CE_SNAPSHOT_DIR_NAME "@carrier_log" 510 #define CE_SNAPSHOT_PREFIX "carrier" 511 512 513 ////////////////////////////////////////////////////////////////////// 514 // 515 // Communication protocol related constant 516 // 517 ////////////////////////////////////////////////////////////////////// 518 519 // Administrator Username 520 #define ADMINISTRATOR_USERNAME "administrator" 521 // Maximum value of random size 522 #define RAND_SIZE_MAX 4096 523 // Expiration date of random size cache 524 #define RAND_SIZE_CACHE_EXPIRE (24 * 60 * 60 * 1000) 525 // Management allowed IP address list file name 526 #define ADMINIP_TXT "$adminip.txt" 527 528 #define NON_SSL_MIN_COUNT 60 529 #define NON_SSL_ENTRY_EXPIRES (10 * 60 * 1000) 530 531 ////////////////////////////////////////////////////////////////////// 532 // 533 // The cascade related constants 534 // 535 ////////////////////////////////////////////////////////////////////// 536 537 #define LINK_DEVICE_NAME "_SEHUBLINKCLI_" 538 #define LINK_USER_NAME "link" 539 #define LINK_USER_NAME_PRINT "Cascade" 540 541 542 543 ////////////////////////////////////////////////////////////////////// 544 // 545 // Constant related to SecureNAT connection 546 // 547 ////////////////////////////////////////////////////////////////////// 548 549 #define SNAT_DEVICE_NAME "_SEHUBSECURENAT_" 550 #define SNAT_USER_NAME "securenat" 551 #define SNAT_USER_NAME_PRINT "SecureNAT" 552 553 554 555 ////////////////////////////////////////////////////////////////////// 556 // 557 // Constant related to bridge connection 558 // 559 ////////////////////////////////////////////////////////////////////// 560 561 #define BRIDGE_DEVICE_NAME "_SEHUBBRIDGE_" 562 #define BRIDGE_USER_NAME "localbridge" 563 #define BRIDGE_USER_NAME_PRINT "Local Bridge" 564 #define BRIDGE_TRY_SPAN 1000 565 #define BRIDGE_NUM_DEVICE_CHECK_SPAN (5 * 60 * 1000) 566 #define BRIDGE_NETWORK_CONNECTION_STR L"%s [%S]" 567 568 569 570 ////////////////////////////////////////////////////////////////////// 571 // 572 // EtherLogger related constants 573 // 574 ////////////////////////////////////////////////////////////////////// 575 576 #define EL_ADMIN_PORT 22888 577 #define EL_CONFIG_FILENAME "$etherlogger.config" 578 #define EL_PACKET_LOG_DIR "etherlogger" 579 #define EL_PACKET_LOG_DIR_NAME "@"EL_PACKET_LOG_DIR 580 #define EL_PACKET_LOG_FILE_NAME EL_PACKET_LOG_DIR_NAME"/%s" 581 #define EL_PACKET_LOG_PREFIX "pkt" 582 #define EL_LICENSE_CHECK_SPAN (10 * 1000) 583 584 585 586 ////////////////////////////////////////////////////////////////////// 587 // 588 // Layer-3 Switch related constants 589 // 590 ////////////////////////////////////////////////////////////////////// 591 592 #define MAX_NUM_L3_SWITCH 4096 593 #define MAX_NUM_L3_IF 4096 594 #define MAX_NUM_L3_TABLE 4096 595 596 597 598 ////////////////////////////////////////////////////////////////////// 599 // 600 // Constant related to User-mode Router 601 // 602 ////////////////////////////////////////////////////////////////////// 603 604 #define ARP_ENTRY_EXPIRES (30 * 1000) // ARP table expiration date 605 #define ARP_ENTRY_POLLING_TIME (1 * 1000) // ARP table cleaning timer 606 #define ARP_REQUEST_TIMEOUT (1000) // ARP request time-out period 607 #define ARP_REQUEST_GIVEUP (5 * 1000) // Time to give up sending the ARP request 608 #define IP_WAIT_FOR_ARP_TIMEOUT (5 * 1000) // Total time that an IP packet waiting for ARP table 609 #define IP_COMBINE_TIMEOUT (10 * 1000) // Time-out of IP packet combining 610 #define NAT_TCP_MAX_TIMEOUT (2000000 * 1000) // Maximum TCP session timeout in seconds 611 #define NAT_UDP_MAX_TIMEOUT (2000000 * 1000) // Maximum UDP session timeout in seconds 612 #define NAT_TCP_MIN_TIMEOUT (1 * 60 * 1000) // Minimum TCP session timeout in seconds 613 #define NAT_UDP_MIN_TIMEOUT (10 * 1000) // Minimum UDP session timeout in seconds 614 #define NAT_TCP_RECV_WINDOW_SIZE 64512 // TCP receive window size 615 #define NAT_TCP_SYNACK_SEND_TIMEOUT 250 // Sending TCP SYN+ACK interval 616 #define NAT_ICMP_TIMEOUT (10 * 1000) // ICMP timeout in seconds 617 #define NAT_ICMP_TIMEOUT_WITH_API (3 * 1000) // Timeout in seconds in the case of using the ICMP API 618 #define NAT_SEND_BUF_SIZE (64 * 1024) // TCP send buffer size 619 #define NAT_RECV_BUF_SIZE (64 * 1024) // TCP receive buffer size 620 #define NAT_TMPBUF_SIZE (128 * 1024) // TCP temporally memory area size 621 #define NAT_ACK_KEEPALIVE_SPAN (5 * 1000) // ACK transmission interval for TCP keep alive 622 #define NAT_INITIAL_RTT_VALUE 500 // Initial RTT value 623 #define NAT_FIN_SEND_INTERVAL 1000 // FIN transmission interval 624 #define NAT_FIN_SEND_MAX_COUNT 5 // Total number of FIN transmissions 625 #define NAT_DNS_PROXY_PORT 53 // DNS proxy port number 626 #define NAT_DNS_RESPONSE_TTL (20 * 60) // TTL of the DNS response 627 #define NAT_DHCP_SERVER_PORT 67 // DHCP server port number 628 #define NAT_DHCP_CLIENT_PORT 68 // DHCP client port number 629 #define DHCP_MIN_EXPIRE_TIMESPAN (15 * 1000) // DHCP minimum expiration date 630 #define DHCP_POLLING_INTERVAL 1000 // DHCP polling interval 631 #define X32 ((UINT64)4294967296ULL) // 32bit + 1 632 #define NAT_DNS_QUERY_TIMEOUT (512) // Time-out value of DNS queries 633 634 // Beacon transmission interval 635 #define BEACON_SEND_INTERVAL (5 * 1000) 636 637 // Total size quota allowed in the queue for the combining the IP packet 638 #define IP_COMBINE_WAIT_QUEUE_SIZE_QUOTA (50 * 1024 * 1024) 639 640 // Header size constant 641 #define MAC_HEADER_SIZE (sizeof(MAC_HEADER)) 642 #define ARP_HEADER_SIZE (sizeof(ARP_HEADER)) 643 #define IP_HEADER_SIZE (sizeof(IPV4_HEADER)) 644 #define TCP_HEADER_SIZE (sizeof(TCP_HEADER)) 645 #define UDP_HEADER_SIZE (sizeof(UDP_HEADER)) 646 647 // Data maximum size constant 648 #define MAX_L3_DATA_SIZE (1500) 649 #define MAX_IP_DATA_SIZE (MAX_L3_DATA_SIZE - IP_HEADER_SIZE) 650 #define MAX_TCP_DATA_SIZE (MAX_IP_DATA_SIZE - TCP_HEADER_SIZE) 651 #define MAX_UDP_DATA_SIZE (MAX_IP_DATA_SIZE - UDP_HEADER_SIZE) 652 #define MAX_IP_DATA_SIZE_TOTAL (65535) 653 654 // IP packet option constant 655 #define DEFAULT_IP_TOS 0 // TOS in the IP header 656 #define DEFAULT_IP_TTL 128 // TTL in the IP header 657 658 // Type of NAT session 659 #define NAT_TCP 0 // TCP NAT 660 #define NAT_UDP 1 // UDP NAT 661 #define NAT_DNS 2 // DNS NAT 662 #define NAT_ICMP 3 // ICMP NAT 663 664 // State of NAT session 665 #define NAT_TCP_CONNECTING 0 // Connecting 666 #define NAT_TCP_SEND_RESET 1 // Send the RST (Connection failure or disconnected) 667 #define NAT_TCP_CONNECTED 2 // Connection complete 668 #define NAT_TCP_ESTABLISHED 3 // Connection established 669 #define NAT_TCP_WAIT_DISCONNECT 4 // Wait for socket disconnection 670 671 672 ////////////////////////////////////////////////////////////////////// 673 // 674 // For UNIX virtual LAN card related constant 675 // 676 ////////////////////////////////////////////////////////////////////// 677 678 #ifndef UNIX_BSD 679 #define TAP_FILENAME_1 "/dev/net/tun" 680 #define TAP_FILENAME_2 "/dev/tun" 681 #else // UNIX_BSD 682 #define TAP_NAME "tap" 683 #define TAP_DIR "/dev/" 684 #define TAP_MAX (512) 685 #endif // UNIX_BSD 686 687 688 #define LICENSE_EDITION_VPN3_NO_LICENSE 0 // Without license 689 690 #define LICENSE_MAX_PRODUCT_NAME_LEN 255 // Maximum length of license product name 691 #define LICENSE_NUM_SHA 10000 // Number of times to hash with SHA 692 #define LICENSE_SYSTEM_KEY_NUM 2048 // Key number for system 693 #define LICENSE_SYSTEM_KEYSIZE_BIT 144 // Number of key bits for system 694 #define LICENSE_PRODUCT_KEY_NUM 16384 // Number of keys for product 695 #define LICENSE_PRODUCT_KEYSIZE_BIT 56 // Number of key bits for product 696 #define LICENSE_PRODUCT_COMMON_KEYSIZE_BIT 48 // Number of common key bits for product 697 #define LICENSE_MASTER_KEYSIZE_BIT 1024 // Number of master key bits 698 #define LICENSE_SYSTEM_ID_MIN 0ULL // System ID minimum value 699 #define LICENSE_SYSTEM_ID_MAX 549755813887ULL // System ID maximum value 700 #define LICENSE_SERIAL_ID_MIN 0 // Serial ID minimum value 701 #define LICENSE_SERIAL_ID_MAX 65535 // Serial ID maximum value 702 #define LICENSE_EXPIRES_MIN 0 // Expiration date minimum 703 #define LICENSE_EXPIRES_MAX 16383 // Expiration date maximum 704 #define LICENSE_KEYSTR_LEN 41 // Length of the license key 705 #define LICENSE_LICENSEID_STR_LEN 33 // Length of the license ID 706 707 #define LICENSE_STATUS_OK 0 // Enabled 708 #define LICENSE_STATUS_EXPIRED 1 // Invalid (expired) 709 #define LICENSE_STATUS_ID_DIFF 2 // Invalid (System ID mismatch) 710 #define LICENSE_STATUS_DUP 3 // Invalid (duplicated) 711 #define LICENSE_STATUS_INSUFFICIENT 4 // Invalid (other necessary license shortage) 712 #define LICENSE_STATUS_COMPETITION 5 // Invalid (conflict with other licenses) 713 #define LICENSE_STATUS_NONSENSE 6 // Invalid (meaningless in the current edition) 714 #define LICENSE_STATUS_CPU 7 // Invalid (CPU type mismatch) 715 716 #define BIT_TO_BYTE(x) (((x) + 7) / 8) 717 #define BYTE_TO_BIT(x) ((x) * 8) 718 719 720 ////////////////////////////////////////////////////////////////////// 721 // 722 // Error code 723 // 724 ////////////////////////////////////////////////////////////////////// 725 726 #define ERR_NO_ERROR 0 // No error 727 #define ERR_CONNECT_FAILED 1 // Connection to the server has failed 728 #define ERR_SERVER_IS_NOT_VPN 2 // The destination server is not a VPN server 729 #define ERR_DISCONNECTED 3 // The connection has been interrupted 730 #define ERR_PROTOCOL_ERROR 4 // Protocol error 731 #define ERR_CLIENT_IS_NOT_VPN 5 // Connecting client is not a VPN client 732 #define ERR_USER_CANCEL 6 // User cancel 733 #define ERR_AUTHTYPE_NOT_SUPPORTED 7 // Specified authentication method is not supported 734 #define ERR_HUB_NOT_FOUND 8 // The HUB does not exist 735 #define ERR_AUTH_FAILED 9 // Authentication failure 736 #define ERR_HUB_STOPPING 10 // HUB is stopped 737 #define ERR_SESSION_REMOVED 11 // Session has been deleted 738 #define ERR_ACCESS_DENIED 12 // Access denied 739 #define ERR_SESSION_TIMEOUT 13 // Session times out 740 #define ERR_INVALID_PROTOCOL 14 // Protocol is invalid 741 #define ERR_TOO_MANY_CONNECTION 15 // Too many connections 742 #define ERR_HUB_IS_BUSY 16 // Too many sessions of the HUB 743 #define ERR_PROXY_CONNECT_FAILED 17 // Connection to the proxy server fails 744 #define ERR_PROXY_ERROR 18 // Proxy Error 745 #define ERR_PROXY_AUTH_FAILED 19 // Failed to authenticate on the proxy server 746 #define ERR_TOO_MANY_USER_SESSION 20 // Too many sessions of the same user 747 #define ERR_LICENSE_ERROR 21 // License error 748 #define ERR_DEVICE_DRIVER_ERROR 22 // Device driver error 749 #define ERR_INTERNAL_ERROR 23 // Internal error 750 #define ERR_SECURE_DEVICE_OPEN_FAILED 24 // The secure device cannot be opened 751 #define ERR_SECURE_PIN_LOGIN_FAILED 25 // PIN code is incorrect 752 #define ERR_SECURE_NO_CERT 26 // Specified certificate is not stored 753 #define ERR_SECURE_NO_PRIVATE_KEY 27 // Specified private key is not stored 754 #define ERR_SECURE_CANT_WRITE 28 // Write failure 755 #define ERR_OBJECT_NOT_FOUND 29 // Specified object can not be found 756 #define ERR_VLAN_ALREADY_EXISTS 30 // Virtual LAN card with the specified name already exists 757 #define ERR_VLAN_INSTALL_ERROR 31 // Specified virtual LAN card cannot be created 758 #define ERR_VLAN_INVALID_NAME 32 // Specified name of the virtual LAN card is invalid 759 #define ERR_NOT_SUPPORTED 33 // Unsupported 760 #define ERR_ACCOUNT_ALREADY_EXISTS 34 // Account already exists 761 #define ERR_ACCOUNT_ACTIVE 35 // Account is operating 762 #define ERR_ACCOUNT_NOT_FOUND 36 // Specified account doesn't exist 763 #define ERR_ACCOUNT_INACTIVE 37 // Account is offline 764 #define ERR_INVALID_PARAMETER 38 // Parameter is invalid 765 #define ERR_SECURE_DEVICE_ERROR 39 // Error has occurred in the operation of the secure device 766 #define ERR_NO_SECURE_DEVICE_SPECIFIED 40 // Secure device is not specified 767 #define ERR_VLAN_IS_USED 41 // Virtual LAN card in use by account 768 #define ERR_VLAN_FOR_ACCOUNT_NOT_FOUND 42 // Virtual LAN card of the account can not be found 769 #define ERR_VLAN_FOR_ACCOUNT_USED 43 // Virtual LAN card of the account is already in use 770 #define ERR_VLAN_FOR_ACCOUNT_DISABLED 44 // Virtual LAN card of the account is disabled 771 #define ERR_INVALID_VALUE 45 // Value is invalid 772 #define ERR_NOT_FARM_CONTROLLER 46 // Not a farm controller 773 #define ERR_TRYING_TO_CONNECT 47 // Attempting to connect 774 #define ERR_CONNECT_TO_FARM_CONTROLLER 48 // Failed to connect to the farm controller 775 #define ERR_COULD_NOT_HOST_HUB_ON_FARM 49 // A virtual HUB on farm could not be created 776 #define ERR_FARM_MEMBER_HUB_ADMIN 50 // HUB cannot be managed on a farm member 777 #define ERR_NULL_PASSWORD_LOCAL_ONLY 51 // Accepting only local connections for an empty password 778 #define ERR_NOT_ENOUGH_RIGHT 52 // Right is insufficient 779 #define ERR_LISTENER_NOT_FOUND 53 // Listener can not be found 780 #define ERR_LISTENER_ALREADY_EXISTS 54 // Listener already exists 781 #define ERR_NOT_FARM_MEMBER 55 // Not a farm member 782 #define ERR_CIPHER_NOT_SUPPORTED 56 // Encryption algorithm is not supported 783 #define ERR_HUB_ALREADY_EXISTS 57 // HUB already exists 784 #define ERR_TOO_MANY_HUBS 58 // Too many HUBs 785 #define ERR_LINK_ALREADY_EXISTS 59 // Link already exists 786 #define ERR_LINK_CANT_CREATE_ON_FARM 60 // The link can not be created on the server farm 787 #define ERR_LINK_IS_OFFLINE 61 // Link is off-line 788 #define ERR_TOO_MANY_ACCESS_LIST 62 // Too many access list 789 #define ERR_TOO_MANY_USER 63 // Too many users 790 #define ERR_TOO_MANY_GROUP 64 // Too many Groups 791 #define ERR_GROUP_NOT_FOUND 65 // Group can not be found 792 #define ERR_USER_ALREADY_EXISTS 66 // User already exists 793 #define ERR_GROUP_ALREADY_EXISTS 67 // Group already exists 794 #define ERR_USER_AUTHTYPE_NOT_PASSWORD 68 // Authentication method of the user is not a password authentication 795 #define ERR_OLD_PASSWORD_WRONG 69 // The user does not exist or the old password is wrong 796 #define ERR_LINK_CANT_DISCONNECT 73 // Cascade session cannot be disconnected 797 #define ERR_ACCOUNT_NOT_PRESENT 74 // Not completed configure the connection to the VPN server 798 #define ERR_ALREADY_ONLINE 75 // It is already online 799 #define ERR_OFFLINE 76 // It is offline 800 #define ERR_NOT_RSA_1024 77 // The certificate is not RSA 1024bit 801 #define ERR_SNAT_CANT_DISCONNECT 78 // SecureNAT session cannot be disconnected 802 #define ERR_SNAT_NEED_STANDALONE 79 // SecureNAT works only in stand-alone HUB 803 #define ERR_SNAT_NOT_RUNNING 80 // SecureNAT function is not working 804 #define ERR_SE_VPN_BLOCK 81 // Stopped by PacketiX VPN Block 805 #define ERR_BRIDGE_CANT_DISCONNECT 82 // Bridge session can not be disconnected 806 #define ERR_LOCAL_BRIDGE_STOPPING 83 // Bridge function is stopped 807 #define ERR_LOCAL_BRIDGE_UNSUPPORTED 84 // Bridge feature is not supported 808 #define ERR_CERT_NOT_TRUSTED 85 // Certificate of the destination server can not be trusted 809 #define ERR_PRODUCT_CODE_INVALID 86 // Product code is different 810 #define ERR_VERSION_INVALID 87 // Version is different 811 #define ERR_CAPTURE_DEVICE_ADD_ERROR 88 // Adding capture device failure 812 #define ERR_VPN_CODE_INVALID 89 // VPN code is different 813 #define ERR_CAPTURE_NOT_FOUND 90 // Capture device can not be found 814 #define ERR_LAYER3_CANT_DISCONNECT 91 // Layer-3 session cannot be disconnected 815 #define ERR_LAYER3_SW_EXISTS 92 // L3 switch of the same already exists 816 #define ERR_LAYER3_SW_NOT_FOUND 93 // Layer-3 switch can not be found 817 #define ERR_INVALID_NAME 94 // Name is invalid 818 #define ERR_LAYER3_IF_ADD_FAILED 95 // Failed to add interface 819 #define ERR_LAYER3_IF_DEL_FAILED 96 // Failed to delete the interface 820 #define ERR_LAYER3_IF_EXISTS 97 // Interface that you specified already exists 821 #define ERR_LAYER3_TABLE_ADD_FAILED 98 // Failed to add routing table 822 #define ERR_LAYER3_TABLE_DEL_FAILED 99 // Failed to delete the routing table 823 #define ERR_LAYER3_TABLE_EXISTS 100 // Routing table entry that you specified already exists 824 #define ERR_BAD_CLOCK 101 // Time is queer 825 #define ERR_LAYER3_CANT_START_SWITCH 102 // The Virtual Layer 3 Switch can not be started 826 #define ERR_CLIENT_LICENSE_NOT_ENOUGH 103 // Client connection licenses shortage 827 #define ERR_BRIDGE_LICENSE_NOT_ENOUGH 104 // Bridge connection licenses shortage 828 #define ERR_SERVER_CANT_ACCEPT 105 // Not Accept on the technical issues 829 #define ERR_SERVER_CERT_EXPIRES 106 // Destination VPN server has expired 830 #define ERR_MONITOR_MODE_DENIED 107 // Monitor port mode was rejected 831 #define ERR_BRIDGE_MODE_DENIED 108 // Bridge-mode or Routing-mode was rejected 832 #define ERR_IP_ADDRESS_DENIED 109 // Client IP address is denied 833 #define ERR_TOO_MANT_ITEMS 110 // Too many items 834 #define ERR_MEMORY_NOT_ENOUGH 111 // Out of memory 835 #define ERR_OBJECT_EXISTS 112 // Object already exists 836 #define ERR_FATAL 113 // A fatal error occurred 837 #define ERR_SERVER_LICENSE_FAILED 114 // License violation has occurred on the server side 838 #define ERR_SERVER_INTERNET_FAILED 115 // Server side is not connected to the Internet 839 #define ERR_CLIENT_LICENSE_FAILED 116 // License violation occurs on the client side 840 #define ERR_BAD_COMMAND_OR_PARAM 117 // Command or parameter is invalid 841 #define ERR_INVALID_LICENSE_KEY 118 // License key is invalid 842 #define ERR_NO_VPN_SERVER_LICENSE 119 // There is no valid license for the VPN Server 843 #define ERR_NO_VPN_CLUSTER_LICENSE 120 // There is no cluster license 844 #define ERR_NOT_ADMINPACK_SERVER 121 // Not trying to connect to a server with the Administrator Pack license 845 #define ERR_NOT_ADMINPACK_SERVER_NET 122 // Not trying to connect to a server with the Administrator Pack license (for .NET) 846 #define ERR_BETA_EXPIRES 123 // Destination Beta VPN Server has expired 847 #define ERR_BRANDED_C_TO_S 124 // Branding string of connection limit is different (Authentication on the server side) 848 #define ERR_BRANDED_C_FROM_S 125 // Branding string of connection limit is different (Authentication for client-side) 849 #define ERR_AUTO_DISCONNECTED 126 // VPN session is disconnected for a certain period of time has elapsed 850 #define ERR_CLIENT_ID_REQUIRED 127 // Client ID does not match 851 #define ERR_TOO_MANY_USERS_CREATED 128 // Too many created users 852 #define ERR_SUBSCRIPTION_IS_OLDER 129 // Subscription expiration date Is earlier than the build date of the VPN Server 853 #define ERR_ILLEGAL_TRIAL_VERSION 130 // Many trial license is used continuously 854 #define ERR_NAT_T_TWO_OR_MORE 131 // There are multiple servers in the back of a global IP address in the NAT-T connection 855 #define ERR_DUPLICATE_DDNS_KEY 132 // DDNS host key duplicate 856 #define ERR_DDNS_HOSTNAME_EXISTS 133 // Specified DDNS host name already exists 857 #define ERR_DDNS_HOSTNAME_INVALID_CHAR 134 // Characters that can not be used for the host name is included 858 #define ERR_DDNS_HOSTNAME_TOO_LONG 135 // Host name is too long 859 #define ERR_DDNS_HOSTNAME_IS_EMPTY 136 // Host name is not specified 860 #define ERR_DDNS_HOSTNAME_TOO_SHORT 137 // Host name is too short 861 #define ERR_MSCHAP2_PASSWORD_NEED_RESET 138 // Necessary that password is changed 862 #define ERR_DDNS_DISCONNECTED 139 // Communication to the dynamic DNS server is disconnected 863 #define ERR_SPECIAL_LISTENER_ICMP_ERROR 140 // The ICMP socket can not be opened 864 #define ERR_SPECIAL_LISTENER_DNS_ERROR 141 // Socket for DNS port can not be opened 865 #define ERR_OPENVPN_IS_NOT_ENABLED 142 // OpenVPN server feature is not enabled 866 #define ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE 143 // It is the type of user authentication that are not supported in the open source version 867 #define ERR_VPNGATE 144 // Operation on VPN Gate Server is not available 868 #define ERR_VPNGATE_CLIENT 145 // Operation on VPN Gate Client is not available 869 #define ERR_VPNGATE_INCLIENT_CANT_STOP 146 // Can not be stopped if operating within VPN Client mode 870 #define ERR_NOT_SUPPORTED_FUNCTION_ON_OPENSOURCE 147 // It is a feature that is not supported in the open source version 871 #define ERR_SUSPENDING 148 // System is suspending 872 873 874 //////////////////////////// 875 // Generally used structure 876 877 // Network Services 878 typedef struct NETSVC 879 { 880 bool Udp; // false=TCP, true=UDP 881 UINT Port; // Port number 882 char *Name; // Name 883 } NETSVC; 884 885 // Traffic data entry 886 typedef struct TRAFFIC_ENTRY 887 { 888 UINT64 BroadcastCount; // Number of broadcast packets 889 UINT64 BroadcastBytes; // Broadcast bytes 890 UINT64 UnicastCount; // Unicast count 891 UINT64 UnicastBytes; // Unicast bytes 892 } TRAFFIC_ENTRY; 893 894 // Traffic data 895 struct TRAFFIC 896 { 897 TRAFFIC_ENTRY Send; // Transmitted data 898 TRAFFIC_ENTRY Recv; // Received data 899 }; 900 901 // Non-SSL connection source 902 typedef struct NON_SSL 903 { 904 IP IpAddress; // IP address 905 UINT64 EntryExpires; // Expiration date of entry 906 UINT Count; // Number of connection count 907 } NON_SSL; 908 909 // Simple log storage 910 typedef struct TINY_LOG 911 { 912 char FileName[MAX_PATH]; // File name 913 IO *io; // File 914 LOCK *Lock; // Lock 915 } TINY_LOG; 916 917 // CEDAR structure 918 struct CEDAR 919 { 920 LOCK *lock; // Lock 921 REF *ref; // Reference counter 922 COUNTER *AcceptingSockets; // Number of sockets in Accept 923 UINT Type; // Type 924 LIST *ListenerList; // Listener list 925 LIST *HubList; // HUB list 926 LIST *WgkList; // WireGuard key list 927 LIST *ConnectionList; // Negotiating connection list 928 LIST *CaList; // List of CA 929 volatile bool Halt; // Halt flag 930 COUNTER *ConnectionIncrement; // Connection increment counter 931 X *ServerX; // Server certificate 932 K *ServerK; // Private key of the server certificate 933 char UsernameHubSeparator; // Character which separates the username from the hub name 934 char *CipherList; // List of encryption algorithms 935 UINT Version; // Version information 936 UINT Build; // Build Number 937 char *ServerStr; // Server string 938 char *MachineName; // Computer name 939 char *HttpUserAgent; // HTTP user agent 940 char *HttpAccept; // HTTP Accept 941 char *HttpAcceptLanguage; // HTTP Accept Language 942 char *HttpAcceptEncoding; // HTTP Accept Encoding 943 TRAFFIC *Traffic; // Traffic information 944 LOCK *TrafficLock; // Traffic information lock 945 LIST *UDPEntryList; // UDP entry list 946 COUNTER *CurrentSessions; // The current number of sessions 947 COUNTER *CurrentTcpConnections; // Number of current TCP connections 948 LIST *NetSvcList; // Network service list 949 char *VerString; // Version string 950 char *BuildInfo; // Build Information 951 struct CLIENT *Client; // Client 952 struct SERVER *Server; // Server 953 UINT64 CreatedTick; // Generation date and time 954 bool CheckExpires; // Check the expiration date 955 LIST *TrafficDiffList; // Traffic difference list 956 struct LOG *DebugLog; // Debug log 957 UCHAR UniqueId[16]; // Unique ID 958 LIST *LocalBridgeList; // Local bridge list 959 bool Bridge; // Bridge version 960 LIST *L3SwList; // Layer-3 switch list 961 COUNTER *AssignedClientLicense; // Number of assigned client licenses 962 COUNTER *AssignedBridgeLicense; // Number of assigned bridge licenses 963 UINT64 LicenseViolationTick; // License violation occurs 964 LIST *NonSslList; // Non-SSL connection list 965 struct WEBUI *WebUI; // Data for WebUI service 966 UINT Beta; // Beta number 967 LOCK *CedarSuperLock; // Cedar super lock! 968 bool DisableIPv6Listener; // Disable IPv6 listener 969 UINT ClientId; // Client ID 970 UINT64 BuiltDate; // Build Date 971 LIST *UdpPortList; // UDP port list in use 972 char CurrentDDnsFqdn[MAX_SIZE]; // FQDN of the current DDNS 973 char OpenVPNPublicPorts[MAX_SIZE]; // OpenVPN public UDP port list 974 LOCK *OpenVPNPublicPortsLock; // Lock of OpenVPN public UDP port list 975 LOCK *CurrentRegionLock; // Current region lock 976 char CurrentRegion[128]; // Current region 977 LOCK *CurrentTcpQueueSizeLock; // Current TCP send queue size lock 978 UINT CurrentTcpQueueSize; // Current TCP send queue size 979 COUNTER *CurrentActiveLinks; // Current active cascade connections 980 LOCK *QueueBudgetLock; // Queue budget lock 981 UINT QueueBudget; // Queue budget 982 LOCK *FifoBudgetLock; // Fifo budget lock 983 UINT FifoBudget; // Fifo budget 984 SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings 985 UINT DhParamBits; // Bits of Diffie-Hellman parameters 986 }; 987 988 // Type of CEDAR 989 #define CEDAR_CLIENT 0 // Client 990 #define CEDAR_STANDALONE_SERVER 1 // Stand-alone server 991 #define CEDAR_FARM_CONTROLLER 2 // Server farm controller 992 #define CEDAR_FARM_MEMBER 3 // Server farm member 993 994 //////////////////////////// 995 // Function prototype 996 997 TRAFFIC *NewTraffic(); 998 void FreeTraffic(TRAFFIC *t); 999 CEDAR *NewCedar(X *server_x, K *server_k); 1000 void CedarForceLink(); 1001 void SetCedarVpnBridge(CEDAR *c); 1002 void SetCedarCert(CEDAR *c, X *server_x, K *server_k); 1003 void ReleaseCedar(CEDAR *c); 1004 void CleanupCedar(CEDAR *c); 1005 void StopCedar(CEDAR *c); 1006 void AddListener(CEDAR *c, LISTENER *r); 1007 void StopAllListener(CEDAR *c); 1008 void AddTraffic(TRAFFIC *dst, TRAFFIC *diff); 1009 void AddHub(CEDAR *c, HUB *h); 1010 void DelHub(CEDAR *c, HUB *h); 1011 void DelHubEx(CEDAR *c, HUB *h, bool no_lock); 1012 void StopAllHub(CEDAR *c); 1013 void StopAllConnection(CEDAR *c); 1014 void AddConnection(CEDAR *cedar, CONNECTION *c); 1015 void DelConnection(CEDAR *cedar, CONNECTION *c); 1016 void SetCedarCipherList(CEDAR *cedar, char *name); 1017 void InitCedar(); 1018 void FreeCedar(); 1019 void AddCa(CEDAR *cedar, X *x); 1020 bool DeleteCa(CEDAR *cedar, UINT ptr); 1021 bool CheckSignatureByCa(CEDAR *cedar, X *x); 1022 bool CheckSignatureByCaLinkMode(SESSION *s, X *x); 1023 X *FindCaSignedX(LIST *o, X *x); 1024 void InitNetSvcList(CEDAR *cedar); 1025 void FreeNetSvcList(CEDAR *cedar); 1026 int CompareNetSvc(void *p1, void *p2); 1027 char *GetSvcName(CEDAR *cedar, bool udp, UINT port); 1028 UINT64 GetTrafficPacketSize(TRAFFIC *t); 1029 UINT64 GetTrafficPacketNum(TRAFFIC *t); 1030 void StartCedarLog(); 1031 void StopCedarLog(); 1032 int CompareNoSslList(void *p1, void *p2); 1033 void InitNoSslList(CEDAR *c); 1034 void FreeNoSslList(CEDAR *c); 1035 bool AddNoSsl(CEDAR *c, IP *ip); 1036 void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec); 1037 void DeleteOldNoSsl(CEDAR *c); 1038 NON_SSL *SearchNoSslList(CEDAR *c, IP *ip); 1039 void FreeTinyLog(TINY_LOG *t); 1040 void WriteTinyLog(TINY_LOG *t, char *str); 1041 TINY_LOG *NewTinyLog(); 1042 void GetWinVer(RPC_WINVER *v); 1043 bool IsSupportedWinVer(RPC_WINVER *v); 1044 SOCK *GetInProcListeningSock(CEDAR *c); 1045 SOCK *GetReverseListeningSock(CEDAR *c); 1046 void GetCedarVersion(char *tmp, UINT size); 1047 UINT GetCedarVersionNumber(); 1048 UINT64 GetCurrentBuildDate(); 1049 void CedarAddCurrentTcpQueueSize(CEDAR *c, int diff); 1050 UINT CedarGetCurrentTcpQueueSize(CEDAR *c); 1051 void CedarAddQueueBudget(CEDAR *c, int diff); 1052 void CedarAddFifoBudget(CEDAR *c, int diff); 1053 UINT CedarGetQueueBudgetConsuming(CEDAR *c); 1054 UINT CedarGetFifoBudgetConsuming(CEDAR *c); 1055 UINT CedarGetQueueBudgetBalance(CEDAR *c); 1056 UINT CedarGetFifoBudgetBalance(CEDAR *c); 1057 bool CedarIsThereAnyEapEnabledRadiusConfig(CEDAR *c); 1058 1059 1060 1061 #endif // CEDAR_H 1062 1063