gvpe/src/connection.h

/*
    connection.h -- header for connection.C
    Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>
 
    This file is part of GVPE.

    GVPE is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with gvpe; if not, write to the Free Software
    Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/

#ifndef GVPE_CONNECTION_H__
#define GVPE_CONNECTION_H__

#include <openssl/hmac.h>

#include "global.h"
#include "conf.h"
#include "sockinfo.h"
#include "util.h"
#include "device.h"

struct vpn;

// called after HUP etc. to (re-)initialize global data structures
void connection_init ();

struct rsaid
{
  u8 id[RSA_IDLEN]; // the challenge id
};

typedef rsaclear rsachallenge;      // challenge data;
typedef rsacrypt rsaencrdata;       // encrypted challenge
typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash

////////////////////////////////////////////////////////////////////////////////////////

struct crypto_ctx;

struct hmac_packet : net_packet
{
  u8 hmac[HMACLENGTH];          // each and every packet has a hmac field, but that is not (yet) checked everywhere

  void hmac_set (crypto_ctx * ctx);
  bool hmac_chk (crypto_ctx * ctx);

private:
  static unsigned char hmac_digest[EVP_MAX_MD_SIZE];

  void hmac_gen (crypto_ctx * ctx);
};

struct vpn_packet : hmac_packet
{
  enum ptype
  {
    PT_RESET = 0,
    PT_DATA_UNCOMPRESSED,
    PT_DATA_COMPRESSED,
    PT_PING, PT_PONG,   // wasting namespace space? ;)
    PT_AUTH_REQ,        // authentification request
    PT_AUTH_RES,        // authentification response
    PT_CONNECT_REQ,     // want other node to contact me
    PT_CONNECT_INFO,    // request connection to some node
    PT_DATA_BRIDGED,  // uncompressed packet with foreign mac pot. larger than path mtu
    PT_MAX
  };

  u8 type;
  u8 srcdst, src1, dst1;

  void set_hdr (ptype type_, unsigned int dst);

  unsigned int src () const
  {
    return src1 | ((srcdst >> 4) << 8);
  }

  unsigned int dst () const
  {
    return dst1 | ((srcdst & 0xf) << 8);
  }

  ptype typ () const
  {
    return (ptype) type;
  }
};

////////////////////////////////////////////////////////////////////////////////////////

// a very simple fifo pkt-queue
class pkt_queue
{
  int i, j;
  int max_queue;
  double max_ttl;

  struct pkt {
    ev_tstamp tstamp;
    net_packet *pkt;
  } *queue;

  void expire_cb (ev::timer &w, int revents); ev::timer expire;

public:

  void put (net_packet *p);
  net_packet *get ();

  bool empty ()
  {
    return i == j;
  }

  pkt_queue (double max_ttl, int max_queue);
  ~pkt_queue ();
};

enum
{
  FEATURE_COMPRESSION = 0x01,
  FEATURE_ROHC        = 0x02,
  FEATURE_BRIDGING    = 0x04,
};

struct connection
{
  conf_node *conf;
  struct vpn *vpn;

  sockinfo si; // the current(!) destination ip to send packets to
  int retry_cnt;

  tstamp last_activity; // time of last packet received

  u32 oseqno;
  sliding_window iseqno;

  u8 protocol;
  u8 features;

  pkt_queue data_queue, vpn_queue;

  crypto_ctx *octx, *ictx;

#if ENABLE_DNS
  struct dns_connection *dns;

  void dnsv4_reset_connection ();
#endif

  enum conf_node::connectmode connectmode;
  u8 prot_minor; // minor number of other side

  void reset_si ();
  const sockinfo &forward_si (const sockinfo &si) const;

  void shutdown ();
  void connection_established ();
  void reset_connection ();

  void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
  void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
  void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe

  void send_connect_request (int id);
  void send_auth_request (const sockinfo &si, bool initiate);
  void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
  void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
  void send_reset (const sockinfo &dsi);
  void send_ping (const sockinfo &dsi, u8 pong = 0);
  void send_data_packet (tap_packet *pkt);

  void inject_data_packet (tap_packet *pkt, bool broadcast = false);
  void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding

  void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
  void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);

  void script_init_env (const char *ext);
  void script_init_connect_env ();
  const char *script_node_up ();
  const char *script_node_down ();

  void dump_status ();

  connection (struct vpn *vpn, conf_node *conf);
  ~connection ();
};

#endif

Revision:	1.30
Committed:	Thu Aug 7 16:34:21 2008 UTC (15 years, 9 months ago) by pcg
Content type:	text/plain
Branch:	MAIN
Changes since 1.29:	+15 -2 lines
Log Message:	* empty log message *
#	User	Rev	Content
1	pcg	1.1	/*
2			connection.h -- header for connection.C
3	pcg	1.18	Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>
4	pcg	1.1
5	pcg	1.18	This file is part of GVPE.
6
7			GVPE is free software; you can redistribute it and/or modify
8	pcg	1.1	it under the terms of the GNU General Public License as published by
9			the Free Software Foundation; either version 2 of the License, or
10			(at your option) any later version.
11
12			This program is distributed in the hope that it will be useful,
13			but WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			GNU General Public License for more details.
16
17			You should have received a copy of the GNU General Public License
18	pcg	1.18	along with gvpe; if not, write to the Free Software
19	pcg	1.25	Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20	pcg	1.1	*/
21
22	pcg	1.22	#ifndef GVPE_CONNECTION_H__
23			#define GVPE_CONNECTION_H__
24	pcg	1.1
25			#include <openssl/hmac.h>
26
27			#include "global.h"
28			#include "conf.h"
29			#include "sockinfo.h"
30			#include "util.h"
31			#include "device.h"
32
33			struct vpn;
34
35			// called after HUP etc. to (re-)initialize global data structures
36			void connection_init ();
37
38	pcg	1.29	struct rsaid
39			{
40	pcg	1.1	u8 id[RSA_IDLEN]; // the challenge id
41			};
42
43	pcg	1.11	typedef rsaclear rsachallenge; // challenge data;
44			typedef rsacrypt rsaencrdata; // encrypted challenge
45	pcg	1.1	typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash
46
47			////////////////////////////////////////////////////////////////////////////////////////
48
49			struct crypto_ctx;
50
51	pcg	1.13	struct hmac_packet : net_packet
52	pcg	1.1	{
53			u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
54
55			void hmac_set (crypto_ctx * ctx);
56			bool hmac_chk (crypto_ctx * ctx);
57
58			private:
59			static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
60
61			void hmac_gen (crypto_ctx * ctx);
62			};
63
64			struct vpn_packet : hmac_packet
65	pcg	1.29	{
66			enum ptype
67	pcg	1.1	{
68	pcg	1.29	PT_RESET = 0,
69			PT_DATA_UNCOMPRESSED,
70			PT_DATA_COMPRESSED,
71			PT_PING, PT_PONG, // wasting namespace space? ;)
72			PT_AUTH_REQ, // authentification request
73			PT_AUTH_RES, // authentification response
74			PT_CONNECT_REQ, // want other node to contact me
75			PT_CONNECT_INFO, // request connection to some node
76			PT_DATA_BRIDGED, // uncompressed packet with foreign mac pot. larger than path mtu
77			PT_MAX
78	pcg	1.1	};
79
80	pcg	1.29	u8 type;
81			u8 srcdst, src1, dst1;
82
83			void set_hdr (ptype type_, unsigned int dst);
84
85			unsigned int src () const
86			{
87			return src1 \| ((srcdst >> 4) << 8);
88			}
89
90			unsigned int dst () const
91			{
92			return dst1 \| ((srcdst & 0xf) << 8);
93			}
94
95			ptype typ () const
96			{
97			return (ptype) type;
98			}
99			};
100
101	pcg	1.1	////////////////////////////////////////////////////////////////////////////////////////
102
103			// a very simple fifo pkt-queue
104			class pkt_queue
105	pcg	1.29	{
106			int i, j;
107	pcg	1.30	int max_queue;
108			double max_ttl;
109
110			struct pkt {
111			ev_tstamp tstamp;
112			net_packet *pkt;
113			} *queue;
114
115			void expire_cb (ev::timer &w, int revents); ev::timer expire;
116	pcg	1.1
117	pcg	1.29	public:
118	pcg	1.1
119	pcg	1.29	void put (net_packet *p);
120			net_packet *get ();
121	pcg	1.1
122	pcg	1.30	bool empty ()
123			{
124			return i == j;
125			}
126
127			pkt_queue (double max_ttl, int max_queue);
128	pcg	1.29	~pkt_queue ();
129			};
130	pcg	1.1
131	pcg	1.14	enum
132	pcg	1.29	{
133			FEATURE_COMPRESSION = 0x01,
134			FEATURE_ROHC = 0x02,
135			FEATURE_BRIDGING = 0x04,
136			};
137	pcg	1.14
138	pcg	1.1	struct connection
139	pcg	1.29	{
140			conf_node *conf;
141			struct vpn *vpn;
142	pcg	1.1
143	pcg	1.29	sockinfo si; // the current(!) destination ip to send packets to
144			int retry_cnt;
145	pcg	1.1
146	pcg	1.29	tstamp last_activity; // time of last packet received
147	pcg	1.1
148	pcg	1.29	u32 oseqno;
149			sliding_window iseqno;
150	pcg	1.1
151	pcg	1.29	u8 protocol;
152			u8 features;
153	pcg	1.1
154	pcg	1.29	pkt_queue data_queue, vpn_queue;
155	pcg	1.1
156	pcg	1.29	crypto_ctx octx, ictx;
157	pcg	1.1
158	pcg	1.15	#if ENABLE_DNS
159	pcg	1.29	struct dns_connection *dns;
160	pcg	1.16
161	pcg	1.29	void dnsv4_reset_connection ();
162	pcg	1.15	#endif
163
164	pcg	1.29	enum conf_node::connectmode connectmode;
165			u8 prot_minor; // minor number of other side
166	pcg	1.1
167	pcg	1.29	void reset_si ();
168			const sockinfo &forward_si (const sockinfo &si) const;
169	pcg	1.1
170	pcg	1.29	void shutdown ();
171			void connection_established ();
172			void reset_connection ();
173
174			void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
175			void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
176			void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe
177
178			void send_connect_request (int id);
179			void send_auth_request (const sockinfo &si, bool initiate);
180			void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
181			void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
182			void send_reset (const sockinfo &dsi);
183			void send_ping (const sockinfo &dsi, u8 pong = 0);
184			void send_data_packet (tap_packet *pkt);
185
186			void inject_data_packet (tap_packet *pkt, bool broadcast = false);
187			void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
188
189			void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
190			void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
191
192			void script_init_env (const char *ext);
193			void script_init_connect_env ();
194			const char *script_node_up ();
195			const char *script_node_down ();
196	pcg	1.1
197	pcg	1.29	void dump_status ();
198	pcg	1.1
199	pcg	1.29	connection (struct vpn vpn, conf_node conf);
200			~connection ();
201			};
202	pcg	1.1
203			#endif
204