gvpe/src/connection.h

/*
    connection.h -- header for connection.C
    Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>
 
    This file is part of GVPE.

    GVPE is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with gvpe; if not, write to the Free Software
    Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#ifndef GVPE_CONNECTION_H__
#define GVPE_CONNECTION_H__

#include <openssl/hmac.h>

#include "global.h"
#include "conf.h"
#include "sockinfo.h"
#include "util.h"
#include "device.h"

struct vpn;

// called after HUP etc. to (re-)initialize global data structures
void connection_init ();

struct rsaid {
  u8 id[RSA_IDLEN]; // the challenge id
};

typedef rsaclear rsachallenge;      // challenge data;
typedef rsacrypt rsaencrdata;       // encrypted challenge
typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash

////////////////////////////////////////////////////////////////////////////////////////

struct crypto_ctx;

struct hmac_packet : net_packet
{
  u8 hmac[HMACLENGTH];          // each and every packet has a hmac field, but that is not (yet) checked everywhere

  void hmac_set (crypto_ctx * ctx);
  bool hmac_chk (crypto_ctx * ctx);

private:
  static unsigned char hmac_digest[EVP_MAX_MD_SIZE];

  void hmac_gen (crypto_ctx * ctx);
};

struct vpn_packet : hmac_packet
  {
    enum ptype
    {
      PT_RESET = 0,
      PT_DATA_UNCOMPRESSED,
      PT_DATA_COMPRESSED,
      PT_PING, PT_PONG, // wasting namespace space? ;)
      PT_AUTH_REQ,      // authentification request
      PT_AUTH_RES,      // authentification response
      PT_CONNECT_REQ,   // want other host to contact me
      PT_CONNECT_INFO,  // request connection to some node
      PT_MAX
    };

    u8 type;
    u8 srcdst, src1, dst1;

    void set_hdr (ptype type_, unsigned int dst);

    unsigned int src () const
    {
      return src1 | ((srcdst >> 4) << 8);
    }

    unsigned int dst () const
    {
      return dst1 | ((srcdst & 0xf) << 8);
    }

    ptype typ () const
    {
      return (ptype) type;
    }
  };

////////////////////////////////////////////////////////////////////////////////////////

// a very simple fifo pkt-queue
class pkt_queue
  {
    net_packet *queue[QUEUEDEPTH];
    int i, j;

  public:

    void put (net_packet *p);
    net_packet *get ();

    pkt_queue ();
    ~pkt_queue ();
  };

enum
  {
    FEATURE_COMPRESSION = 0x01,
    FEATURE_ROHC        = 0x02,
  };

struct connection
  {
    conf_node *conf;
    struct vpn *vpn;

    sockinfo si; // the current(!) destination ip to send packets to
    int retry_cnt;

    tstamp last_activity;       // time of last packet received

    u32 oseqno;
    sliding_window iseqno;

    u8 protocol;
    u8 features;

    pkt_queue data_queue, vpn_queue;

    crypto_ctx *octx, *ictx;

#if ENABLE_DNS
    struct dns_connection *dns;

    void dnsv4_reset_connection ();
#endif

    enum conf_node::connectmode connectmode;
    u8 prot_minor; // minor number of other side

    void reset_si ();
    const sockinfo &forward_si (const sockinfo &si) const;

    void shutdown ();
    void connection_established ();
    void reset_connection ();

    void establish_connection_cb (time_watcher &w); time_watcher establish_connection;
    void rekey_cb (time_watcher &w); time_watcher rekey; // next rekying (actually current reset + reestablishing)
    void keepalive_cb (time_watcher &w); time_watcher keepalive; // next keepalive probe

    void send_connect_request (int id);
    void send_auth_request (const sockinfo &si, bool initiate);
    void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
    void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
    void send_reset (const sockinfo &dsi);
    void send_ping (const sockinfo &dsi, u8 pong = 0);
    void send_data_packet (tap_packet *pkt);

    void inject_data_packet (tap_packet *pkt, bool broadcast = false);
    void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding

    void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
    void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);

    void script_init_env (const char *ext);
    void script_init_connect_env ();
    const char *script_node_up ();
    const char *script_node_down ();

    void dump_status ();

    connection (struct vpn *vpn, conf_node *conf);
    ~connection ();
  };

#endif

Revision:	1.24
Committed:	Sat Mar 26 03:16:24 2005 UTC (19 years, 2 months ago) by pcg
Content type:	text/plain
Branch:	MAIN
CVS Tags:	rel-1_9
Changes since 1.23:	+2 -1 lines
Log Message:	* empty log message *
#	User	Rev	Content
1	pcg	1.1	/*
2			connection.h -- header for connection.C
3	pcg	1.18	Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>
4	pcg	1.1
5	pcg	1.18	This file is part of GVPE.
6
7			GVPE is free software; you can redistribute it and/or modify
8	pcg	1.1	it under the terms of the GNU General Public License as published by
9			the Free Software Foundation; either version 2 of the License, or
10			(at your option) any later version.
11
12			This program is distributed in the hope that it will be useful,
13			but WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			GNU General Public License for more details.
16
17			You should have received a copy of the GNU General Public License
18	pcg	1.18	along with gvpe; if not, write to the Free Software
19	pcg	1.1	Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20			*/
21
22	pcg	1.22	#ifndef GVPE_CONNECTION_H__
23			#define GVPE_CONNECTION_H__
24	pcg	1.1
25			#include <openssl/hmac.h>
26
27			#include "global.h"
28			#include "conf.h"
29			#include "sockinfo.h"
30			#include "util.h"
31			#include "device.h"
32
33			struct vpn;
34
35			// called after HUP etc. to (re-)initialize global data structures
36			void connection_init ();
37
38			struct rsaid {
39			u8 id[RSA_IDLEN]; // the challenge id
40			};
41
42	pcg	1.11	typedef rsaclear rsachallenge; // challenge data;
43			typedef rsacrypt rsaencrdata; // encrypted challenge
44	pcg	1.1	typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash
45
46			////////////////////////////////////////////////////////////////////////////////////////
47
48			struct crypto_ctx;
49
50	pcg	1.13	struct hmac_packet : net_packet
51	pcg	1.1	{
52			u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
53
54			void hmac_set (crypto_ctx * ctx);
55			bool hmac_chk (crypto_ctx * ctx);
56
57			private:
58			static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
59
60			void hmac_gen (crypto_ctx * ctx);
61			};
62
63			struct vpn_packet : hmac_packet
64			{
65			enum ptype
66			{
67			PT_RESET = 0,
68			PT_DATA_UNCOMPRESSED,
69			PT_DATA_COMPRESSED,
70			PT_PING, PT_PONG, // wasting namespace space? ;)
71			PT_AUTH_REQ, // authentification request
72			PT_AUTH_RES, // authentification response
73			PT_CONNECT_REQ, // want other host to contact me
74			PT_CONNECT_INFO, // request connection to some node
75			PT_MAX
76			};
77
78			u8 type;
79			u8 srcdst, src1, dst1;
80
81	pcg	1.5	void set_hdr (ptype type_, unsigned int dst);
82	pcg	1.1
83			unsigned int src () const
84			{
85			return src1 \| ((srcdst >> 4) << 8);
86			}
87
88			unsigned int dst () const
89			{
90			return dst1 \| ((srcdst & 0xf) << 8);
91			}
92
93			ptype typ () const
94			{
95			return (ptype) type;
96			}
97			};
98
99			////////////////////////////////////////////////////////////////////////////////////////
100
101			// a very simple fifo pkt-queue
102			class pkt_queue
103			{
104	pcg	1.8	net_packet *queue[QUEUEDEPTH];
105	pcg	1.1	int i, j;
106
107			public:
108
109	pcg	1.8	void put (net_packet *p);
110			net_packet *get ();
111	pcg	1.1
112			pkt_queue ();
113			~pkt_queue ();
114			};
115
116	pcg	1.14	enum
117			{
118			FEATURE_COMPRESSION = 0x01,
119			FEATURE_ROHC = 0x02,
120			};
121
122	pcg	1.1	struct connection
123			{
124			conf_node *conf;
125			struct vpn *vpn;
126
127			sockinfo si; // the current(!) destination ip to send packets to
128			int retry_cnt;
129
130			tstamp last_activity; // time of last packet received
131
132			u32 oseqno;
133			sliding_window iseqno;
134
135			u8 protocol;
136	pcg	1.14	u8 features;
137	pcg	1.1
138	pcg	1.8	pkt_queue data_queue, vpn_queue;
139	pcg	1.1
140			crypto_ctx octx, ictx;
141
142	pcg	1.15	#if ENABLE_DNS
143	pcg	1.19	struct dns_connection *dns;
144	pcg	1.16
145	pcg	1.20	void dnsv4_reset_connection ();
146	pcg	1.15	#endif
147
148	pcg	1.1	enum conf_node::connectmode connectmode;
149			u8 prot_minor; // minor number of other side
150
151	pcg	1.6	void reset_si ();
152			const sockinfo &forward_si (const sockinfo &si) const;
153	pcg	1.1
154			void shutdown ();
155	pcg	1.7	void connection_established ();
156	pcg	1.1	void reset_connection ();
157	pcg	1.7
158	pcg	1.4	void establish_connection_cb (time_watcher &w); time_watcher establish_connection;
159			void rekey_cb (time_watcher &w); time_watcher rekey; // next rekying (actually current reset + reestablishing)
160			void keepalive_cb (time_watcher &w); time_watcher keepalive; // next keepalive probe
161	pcg	1.1
162	pcg	1.7	void send_connect_request (int id);
163	pcg	1.1	void send_auth_request (const sockinfo &si, bool initiate);
164			void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
165			void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
166			void send_reset (const sockinfo &dsi);
167			void send_ping (const sockinfo &dsi, u8 pong = 0);
168	pcg	1.9	void send_data_packet (tap_packet *pkt);
169	pcg	1.7
170	pcg	1.1	void inject_data_packet (tap_packet *pkt, bool broadcast = false);
171	pcg	1.6	void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
172	pcg	1.1
173	pcg	1.21	void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
174	pcg	1.7	void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
175	pcg	1.1
176	pcg	1.24	void script_init_env (const char *ext);
177			void script_init_connect_env ();
178	pcg	1.3	const char *script_node_up ();
179			const char *script_node_down ();
180	pcg	1.1
181			void dump_status ();
182
183	pcg	1.15	connection (struct vpn vpn, conf_node conf);
184	pcg	1.1	~connection ();
185			};
186
187			#endif
188