1 // SoftEther VPN Source Code - Stable Edition Repository 2 // Cedar Communication Module 3 // 4 // SoftEther VPN Server, Client and Bridge are free software under the Apache License, Version 2.0. 5 // 6 // Copyright (c) Daiyuu Nobori. 7 // Copyright (c) SoftEther VPN Project, University of Tsukuba, Japan. 8 // Copyright (c) SoftEther Corporation. 9 // Copyright (c) all contributors on SoftEther VPN project in GitHub. 10 // 11 // All Rights Reserved. 12 // 13 // http://www.softether.org/ 14 // 15 // This stable branch is officially managed by Daiyuu Nobori, the owner of SoftEther VPN Project. 16 // Pull requests should be sent to the Developer Edition Master Repository on https://github.com/SoftEtherVPN/SoftEtherVPN 17 // 18 // License: The Apache License, Version 2.0 19 // https://www.apache.org/licenses/LICENSE-2.0 20 // 21 // DISCLAIMER 22 // ========== 23 // 24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 25 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 26 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 27 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 28 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 29 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 // SOFTWARE. 31 // 32 // THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER 33 // JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH, 34 // DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY 35 // JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS, 36 // AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER 37 // SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND 38 // OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, 39 // AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND 40 // CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE 41 // JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE 42 // ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS. 43 // PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE 44 // LAW OR COURT RULE. 45 // 46 // USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE 47 // A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL 48 // RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS 49 // COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND 50 // DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING 51 // CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER 52 // COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. 53 // WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR 54 // INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES 55 // AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH 56 // DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS 57 // AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE 58 // PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A 59 // PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE 60 // LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL 61 // RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A 62 // STATEMENT FOR WARNING AND DISCLAIMER. 63 // 64 // READ AND UNDERSTAND THE 'WARNING.TXT' FILE BEFORE USING THIS SOFTWARE. 65 // SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH 66 // LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'THIRD_PARTY.TXT' FILE. 67 // 68 // 69 // SOURCE CODE CONTRIBUTION 70 // ------------------------ 71 // 72 // Your contribution to SoftEther VPN Project is much appreciated. 73 // Please send patches to us through GitHub. 74 // Read the SoftEther VPN Patch Acceptance Policy in advance: 75 // http://www.softether.org/5-download/src/9.patch 76 // 77 // 78 // DEAR SECURITY EXPERTS 79 // --------------------- 80 // 81 // If you find a bug or a security vulnerability please kindly inform us 82 // about the problem immediately so that we can fix the security problem 83 // to protect a lot of users around the world as soon as possible. 84 // 85 // Our e-mail address for security reports is: 86 // softether-vpn-security [at] softether.org 87 // 88 // Please note that the above e-mail address is not a technical support 89 // inquiry address. If you need technical assistance, please visit 90 // http://www.softether.org/ and ask your question on the users forum. 91 // 92 // Thank you for your cooperation. 93 // 94 // 95 // NO MEMORY OR RESOURCE LEAKS 96 // --------------------------- 97 // 98 // The memory-leaks and resource-leaks verification under the stress 99 // test has been passed before release this source code. 100 101 102 // Nat.h 103 // Header of Nat.c 104 105 #ifndef NAT_H 106 #define NAT_H 107 108 // Constants 109 #define NAT_CONFIG_FILE_NAME "$vpn_router.config" // NAT configuration file 110 #define DEFAULT_NAT_ADMIN_PORT 2828 // Default port number for management 111 #define NAT_ADMIN_PORT_LISTEN_INTERVAL 1000 // Interval for trying to open a port for management 112 #define NAT_FILE_SAVE_INTERVAL (30 * 1000) // Interval to save 113 114 115 // NAT object 116 struct NAT 117 { 118 LOCK *lock; // Lock 119 UCHAR HashedPassword[SHA1_SIZE]; // Administrative password 120 VH_OPTION Option; // Option 121 CEDAR *Cedar; // Cedar 122 UINT AdminPort; // Management port number 123 bool Online; // Online flag 124 VH *Virtual; // Virtual host object 125 CLIENT_OPTION *ClientOption; // Client Option 126 CLIENT_AUTH *ClientAuth; // Client authentication data 127 CFG_RW *CfgRw; // Config file R/W 128 THREAD *AdminAcceptThread; // Management connection reception thread 129 SOCK *AdminListenSock; // Management port socket 130 EVENT *HaltEvent; // Halting event 131 volatile bool Halt; // Halting flag 132 LIST *AdminList; // Management thread list 133 X *AdminX; // Server certificate for management 134 K *AdminK; // Server private key for management 135 SNAT *SecureNAT; // SecureNAT object 136 }; 137 138 // NAT management connection 139 struct NAT_ADMIN 140 { 141 NAT *Nat; // NAT 142 SOCK *Sock; // Socket 143 THREAD *Thread; // Thread 144 }; 145 146 // RPC_DUMMY 147 struct RPC_DUMMY 148 { 149 UINT DummyValue; 150 }; 151 152 // RPC_NAT_STATUS 153 struct RPC_NAT_STATUS 154 { 155 char HubName[MAX_HUBNAME_LEN + 1]; // HUB name 156 UINT NumTcpSessions; // Number of TCP sessions 157 UINT NumUdpSessions; // Ntmber of UDP sessions 158 UINT NumIcmpSessions; // Nymber of ICMP sessions 159 UINT NumDnsSessions; // Number of DNS sessions 160 UINT NumDhcpClients; // Number of DHCP clients 161 bool IsKernelMode; // Whether kernel mode 162 bool IsRawIpMode; // Whether raw IP mode 163 }; 164 165 // RPC_NAT_INFO * 166 struct RPC_NAT_INFO 167 { 168 char NatProductName[128]; // Server product name 169 char NatVersionString[128]; // Server version string 170 char NatBuildInfoString[128]; // Server build information string 171 UINT NatVerInt; // Server version integer value 172 UINT NatBuildInt; // Server build number integer value 173 char NatHostName[MAX_HOST_NAME_LEN + 1]; // Server host name 174 OS_INFO OsInfo; // OS information 175 MEMINFO MemInfo; // Memory information 176 }; 177 178 // RPC_ENUM_NAT_ITEM 179 struct RPC_ENUM_NAT_ITEM 180 { 181 UINT Id; // ID 182 UINT Protocol; // Protocol 183 UINT SrcIp; // Source IP address 184 char SrcHost[MAX_HOST_NAME_LEN + 1]; // Source host name 185 UINT SrcPort; // Source port number 186 UINT DestIp; // Destination IP address 187 char DestHost[MAX_HOST_NAME_LEN + 1]; // Destination host name 188 UINT DestPort; // Destination port number 189 UINT64 CreatedTime; // Connection time 190 UINT64 LastCommTime; // Last communication time 191 UINT64 SendSize; // Transmission size 192 UINT64 RecvSize; // Receive size 193 UINT TcpStatus; // TCP state 194 }; 195 196 // RPC_ENUM_NAT * 197 struct RPC_ENUM_NAT 198 { 199 char HubName[MAX_HUBNAME_LEN + 1]; // HUB name 200 UINT NumItem; // Number of items 201 RPC_ENUM_NAT_ITEM *Items; // Item 202 }; 203 204 // RPC_ENUM_DHCP_ITEM 205 struct RPC_ENUM_DHCP_ITEM 206 { 207 UINT Id; // ID 208 UINT64 LeasedTime; // Lease time 209 UINT64 ExpireTime; // Expiration date 210 UCHAR MacAddress[6]; // MAC address 211 UCHAR Padding[2]; // Padding 212 UINT IpAddress; // IP address 213 UINT Mask; // Subnet mask 214 char Hostname[MAX_HOST_NAME_LEN + 1]; // Host name 215 }; 216 217 // RPC_ENUM_DHCP * 218 struct RPC_ENUM_DHCP 219 { 220 char HubName[MAX_HUBNAME_LEN + 1]; // HUB name 221 UINT NumItem; // Number of items 222 RPC_ENUM_DHCP_ITEM *Items; // Item 223 }; 224 225 226 // Function prototype 227 NAT *NiNewNat(); 228 NAT *NiNewNatEx(SNAT *snat, VH_OPTION *o); 229 void NiFreeNat(NAT *n); 230 void NiInitConfig(NAT *n); 231 void NiFreeConfig(NAT *n); 232 void NiInitDefaultConfig(NAT *n); 233 void NiSetDefaultVhOption(NAT *n, VH_OPTION *o); 234 void NiClearUnsupportedVhOptionForDynamicHub(VH_OPTION *o, bool initial); 235 void NiWriteConfig(NAT *n); 236 void NiWriteVhOption(NAT *n, FOLDER *root); 237 void NiWriteVhOptionEx(VH_OPTION *o, FOLDER *root); 238 void NiWriteClientData(NAT *n, FOLDER *root); 239 void NiLoadVhOption(NAT *n, FOLDER *root); 240 void NiLoadVhOptionEx(VH_OPTION *o, FOLDER *root); 241 bool NiLoadConfig(NAT *n, FOLDER *root); 242 void NiLoadClientData(NAT *n, FOLDER *root); 243 void NiInitAdminAccept(NAT *n); 244 void NiFreeAdminAccept(NAT *n); 245 void NiListenThread(THREAD *thread, void *param); 246 void NiAdminThread(THREAD *thread, void *param); 247 void NiAdminMain(NAT *n, SOCK *s); 248 PACK *NiRpcServer(RPC *r, char *name, PACK *p); 249 250 RPC *NatAdminConnect(CEDAR *cedar, char *hostname, UINT port, void *hashed_password, UINT *err); 251 void NatAdminDisconnect(RPC *r); 252 253 void NtStartNat(); 254 void NtStopNat(); 255 void NtInit(); 256 void NtFree(); 257 258 259 UINT NtOnline(NAT *n, RPC_DUMMY *t); 260 UINT NtOffline(NAT *n, RPC_DUMMY *t); 261 UINT NtSetHostOption(NAT *n, VH_OPTION *t); 262 UINT NtGetHostOption(NAT *n, VH_OPTION *t); 263 UINT NtSetClientConfig(NAT *n, RPC_CREATE_LINK *t); 264 UINT NtGetClientConfig(NAT *n, RPC_CREATE_LINK *t); 265 UINT NtGetStatus(NAT *n, RPC_NAT_STATUS *t); 266 UINT NtGetInfo(NAT *n, RPC_NAT_INFO *t); 267 UINT NtEnumNatList(NAT *n, RPC_ENUM_NAT *t); 268 UINT NtEnumDhcpList(NAT *n, RPC_ENUM_DHCP *t); 269 UINT NtSetPassword(NAT *n, RPC_SET_PASSWORD *t); 270 271 272 UINT NcOnline(RPC *r, RPC_DUMMY *t); 273 UINT NcOffline(RPC *r, RPC_DUMMY *t); 274 UINT NcSetHostOption(RPC *r, VH_OPTION *t); 275 UINT NcGetHostOption(RPC *r, VH_OPTION *t); 276 UINT NcSetClientConfig(RPC *r, RPC_CREATE_LINK *t); 277 UINT NcGetClientConfig(RPC *r, RPC_CREATE_LINK *t); 278 UINT NcGetStatus(RPC *r, RPC_NAT_STATUS *t); 279 UINT NcGetInfo(RPC *r, RPC_NAT_INFO *t); 280 UINT NcEnumNatList(RPC *r, RPC_ENUM_NAT *t); 281 UINT NcEnumDhcpList(RPC *r, RPC_ENUM_DHCP *t); 282 UINT NcSetPassword(RPC *r, RPC_SET_PASSWORD *t); 283 284 285 286 287 void InRpcEnumDhcp(RPC_ENUM_DHCP *t, PACK *p); 288 void OutRpcEnumDhcp(PACK *p, RPC_ENUM_DHCP *t); 289 void FreeRpcEnumDhcp(RPC_ENUM_DHCP *t); 290 void InRpcEnumNat(RPC_ENUM_NAT *t, PACK *p); 291 void OutRpcEnumNat(PACK *p, RPC_ENUM_NAT *t); 292 void FreeRpcEnumNat(RPC_ENUM_NAT *t); 293 void InRpcNatInfo(RPC_NAT_INFO *t, PACK *p); 294 void OutRpcNatInfo(PACK *p, RPC_NAT_INFO *t); 295 void FreeRpcNatInfo(RPC_NAT_INFO *t); 296 void InRpcNatStatus(RPC_NAT_STATUS *t, PACK *p); 297 void OutRpcNatStatus(PACK *p, RPC_NAT_STATUS *t); 298 void FreeRpcNatStatus(RPC_NAT_STATUS *t); 299 void InVhOption(VH_OPTION *t, PACK *p); 300 void OutVhOption(PACK *p, VH_OPTION *t); 301 void InRpcDummy(RPC_DUMMY *t, PACK *p); 302 void OutRpcDummy(PACK *p, RPC_DUMMY *t); 303 304 305 306 307 #endif // NAT_H 308 309 310