gvpe/src/connection.h

/*
    connection.h -- header for connection.C
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#ifndef VPE_CONNECTION_H__
#define VPE_CONNECTION_H__

#include <netinet/ip.h> // for tos etc.

#include <openssl/rand.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/err.h>

#include "global.h"
#include "conf.h"
#include "sockinfo.h"
#include "util.h"
#include "device.h"

struct vpn;

// called after HUP etc. to (re-)initialize global data structures
void connection_init ();

struct rsaid {
  u8 id[RSA_IDLEN]; // the challenge id
};

typedef u8 rsachallenge[RSA_KEYLEN - RSA_OVERHEAD]; // challenge data;
typedef u8 rsaencrdata[RSA_KEYLEN]; // encrypted challenge
typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash

////////////////////////////////////////////////////////////////////////////////////////

struct crypto_ctx;

struct hmac_packet:net_packet
{
  u8 hmac[HMACLENGTH];          // each and every packet has a hmac field, but that is not (yet) checked everywhere

  void hmac_set (crypto_ctx * ctx);
  bool hmac_chk (crypto_ctx * ctx);

private:
  static unsigned char hmac_digest[EVP_MAX_MD_SIZE];

  void hmac_gen (crypto_ctx * ctx);
};

struct vpn_packet : hmac_packet
  {
    enum ptype
    {
      PT_RESET = 0,
      PT_DATA_UNCOMPRESSED,
      PT_DATA_COMPRESSED,
      PT_PING, PT_PONG, // wasting namespace space? ;)
      PT_AUTH_REQ,      // authentification request
      PT_AUTH_RES,      // authentification response
      PT_CONNECT_REQ,   // want other host to contact me
      PT_CONNECT_INFO,  // request connection to some node
      PT_MAX
    };

    u8 type;
    u8 srcdst, src1, dst1;

    void set_hdr (ptype type, unsigned int dst);

    unsigned int src () const
    {
      return src1 | ((srcdst >> 4) << 8);
    }

    unsigned int dst () const
    {
      return dst1 | ((srcdst & 0xf) << 8);
    }

    ptype typ () const
    {
      return (ptype) type;
    }
  };

////////////////////////////////////////////////////////////////////////////////////////

// a very simple fifo pkt-queue
class pkt_queue
  {
    tap_packet *queue[QUEUEDEPTH];
    int i, j;

  public:

    void put (tap_packet *p);
    tap_packet *get ();

    pkt_queue ();
    ~pkt_queue ();
  };

struct connection
  {
    conf_node *conf;
    struct vpn *vpn;

    sockinfo si; // the current(!) destination ip to send packets to
    int retry_cnt;

    tstamp last_activity;       // time of last packet received

    u32 oseqno;
    sliding_window iseqno;

    u8 protocol;

    pkt_queue queue;

    crypto_ctx *octx, *ictx;

    enum conf_node::connectmode connectmode;
    u8 prot_minor; // minor number of other side

    void reset_dstaddr ();

    void shutdown ();
    void reset_connection ();
    void establish_connection_cb (tstamp &ts); time_watcher establish_connection;
    void rekey_cb (tstamp &ts); time_watcher rekey; // next rekying (actually current reset + reestablishing)
    void keepalive_cb (tstamp &ts); time_watcher keepalive; // next keepalive probe

    void send_auth_request (const sockinfo &si, bool initiate);
    void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
    void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
    void send_reset (const sockinfo &dsi);
    void send_ping (const sockinfo &dsi, u8 pong = 0);
    void send_data_packet (tap_packet *pkt, bool broadcast = false);
    void inject_data_packet (tap_packet *pkt, bool broadcast = false);
    void connect_request (int id);

    void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = IPTOS_RELIABILITY);
    void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);

    void script_node ();
    const char *script_node_up (int);
    const char *script_node_down (int);

    void dump_status ();

    connection(struct vpn *vpn_);
    ~connection ();
  };

#endif

Revision:	1.1
Committed:	Wed Apr 2 03:06:22 2003 UTC (21 years, 1 month ago) by pcg
Content type:	text/plain
Branch:	MAIN
Log Message:	* empty log message *
#	User	Rev	Content
1	pcg	1.1	/*
2			connection.h -- header for connection.C
3
4			This program is free software; you can redistribute it and/or modify
5			it under the terms of the GNU General Public License as published by
6			the Free Software Foundation; either version 2 of the License, or
7			(at your option) any later version.
8
9			This program is distributed in the hope that it will be useful,
10			but WITHOUT ANY WARRANTY; without even the implied warranty of
11			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12			GNU General Public License for more details.
13
14			You should have received a copy of the GNU General Public License
15			along with this program; if not, write to the Free Software
16			Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17			*/
18
19			#ifndef VPE_CONNECTION_H__
20			#define VPE_CONNECTION_H__
21
22			#include <netinet/ip.h> // for tos etc.
23
24			#include <openssl/rand.h>
25			#include <openssl/hmac.h>
26			#include <openssl/evp.h>
27			#include <openssl/rsa.h>
28			#include <openssl/err.h>
29
30			#include "global.h"
31			#include "conf.h"
32			#include "sockinfo.h"
33			#include "util.h"
34			#include "device.h"
35
36			struct vpn;
37
38			// called after HUP etc. to (re-)initialize global data structures
39			void connection_init ();
40
41			struct rsaid {
42			u8 id[RSA_IDLEN]; // the challenge id
43			};
44
45			typedef u8 rsachallenge[RSA_KEYLEN - RSA_OVERHEAD]; // challenge data;
46			typedef u8 rsaencrdata[RSA_KEYLEN]; // encrypted challenge
47			typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash
48
49			////////////////////////////////////////////////////////////////////////////////////////
50
51			struct crypto_ctx;
52
53			struct hmac_packet:net_packet
54			{
55			u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
56
57			void hmac_set (crypto_ctx * ctx);
58			bool hmac_chk (crypto_ctx * ctx);
59
60			private:
61			static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
62
63			void hmac_gen (crypto_ctx * ctx);
64			};
65
66			struct vpn_packet : hmac_packet
67			{
68			enum ptype
69			{
70			PT_RESET = 0,
71			PT_DATA_UNCOMPRESSED,
72			PT_DATA_COMPRESSED,
73			PT_PING, PT_PONG, // wasting namespace space? ;)
74			PT_AUTH_REQ, // authentification request
75			PT_AUTH_RES, // authentification response
76			PT_CONNECT_REQ, // want other host to contact me
77			PT_CONNECT_INFO, // request connection to some node
78			PT_MAX
79			};
80
81			u8 type;
82			u8 srcdst, src1, dst1;
83
84			void set_hdr (ptype type, unsigned int dst);
85
86			unsigned int src () const
87			{
88			return src1 \| ((srcdst >> 4) << 8);
89			}
90
91			unsigned int dst () const
92			{
93			return dst1 \| ((srcdst & 0xf) << 8);
94			}
95
96			ptype typ () const
97			{
98			return (ptype) type;
99			}
100			};
101
102			////////////////////////////////////////////////////////////////////////////////////////
103
104			// a very simple fifo pkt-queue
105			class pkt_queue
106			{
107			tap_packet *queue[QUEUEDEPTH];
108			int i, j;
109
110			public:
111
112			void put (tap_packet *p);
113			tap_packet *get ();
114
115			pkt_queue ();
116			~pkt_queue ();
117			};
118
119			struct connection
120			{
121			conf_node *conf;
122			struct vpn *vpn;
123
124			sockinfo si; // the current(!) destination ip to send packets to
125			int retry_cnt;
126
127			tstamp last_activity; // time of last packet received
128
129			u32 oseqno;
130			sliding_window iseqno;
131
132			u8 protocol;
133
134			pkt_queue queue;
135
136			crypto_ctx octx, ictx;
137
138			enum conf_node::connectmode connectmode;
139			u8 prot_minor; // minor number of other side
140
141			void reset_dstaddr ();
142
143			void shutdown ();
144			void reset_connection ();
145			void establish_connection_cb (tstamp &ts); time_watcher establish_connection;
146			void rekey_cb (tstamp &ts); time_watcher rekey; // next rekying (actually current reset + reestablishing)
147			void keepalive_cb (tstamp &ts); time_watcher keepalive; // next keepalive probe
148
149			void send_auth_request (const sockinfo &si, bool initiate);
150			void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
151			void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
152			void send_reset (const sockinfo &dsi);
153			void send_ping (const sockinfo &dsi, u8 pong = 0);
154			void send_data_packet (tap_packet *pkt, bool broadcast = false);
155			void inject_data_packet (tap_packet *pkt, bool broadcast = false);
156			void connect_request (int id);
157
158			void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = IPTOS_RELIABILITY);
159			void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
160
161			void script_node ();
162			const char *script_node_up (int);
163			const char *script_node_down (int);
164
165			void dump_status ();
166
167			connection(struct vpn *vpn_);
168			~connection ();
169			};
170
171			#endif
172