ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.h
(Generate patch)

Comparing gvpe/src/connection.h (file contents):
Revision 1.26 by pcg, Fri Jun 3 05:07:31 2005 UTC vs.
Revision 1.38 by root, Thu Jul 18 13:35:16 2013 UTC

1/* 1/*
2 connection.h -- header for connection.C 2 connection.h -- header for connection.C
3 Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de> 3 Copyright (C) 2003-2008,2013 Marc Lehmann <gvpe@schmorp.de>
4 4
5 This file is part of GVPE. 5 This file is part of GVPE.
6 6
7 GVPE is free software; you can redistribute it and/or modify 7 GVPE is free software; you can redistribute it and/or modify it
8 it under the terms of the GNU General Public License as published by 8 under the terms of the GNU General Public License as published by the
9 the Free Software Foundation; either version 2 of the License, or 9 Free Software Foundation; either version 3 of the License, or (at your
10 (at your option) any later version. 10 option) any later version.
11 11
12 This program is distributed in the hope that it will be useful, 12 This program is distributed in the hope that it will be useful, but
13 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15 GNU General Public License for more details. 15 Public License for more details.
16 16
17 You should have received a copy of the GNU General Public License 17 You should have received a copy of the GNU General Public License along
18 along with gvpe; if not, write to the Free Software 18 with this program; if not, see <http://www.gnu.org/licenses/>.
19 Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
20*/ 30*/
21 31
22#ifndef GVPE_CONNECTION_H__ 32#ifndef GVPE_CONNECTION_H__
23#define GVPE_CONNECTION_H__ 33#define GVPE_CONNECTION_H__
24 34
27#include "global.h" 37#include "global.h"
28#include "conf.h" 38#include "conf.h"
29#include "sockinfo.h" 39#include "sockinfo.h"
30#include "util.h" 40#include "util.h"
31#include "device.h" 41#include "device.h"
42#include "curve25519.h"
43#include "iv_gen.h"
32 44
33struct vpn; 45struct vpn;
34 46
35// called after HUP etc. to (re-)initialize global data structures 47// called after HUP etc. to (re-)initialize global data structures
36void connection_init (); 48void connection_init ();
37 49
50typedef curve25519_key ecdh_key;
51
38struct rsaid { 52struct rsa_data
39 u8 id[RSA_IDLEN]; // the challenge id 53{
54 u32 seqno;
55 u8 auth_key[AUTH_SIZE];
56 u8 mac_key[MAC_KEYSIZE]; // used to generate hmac key
57 u8 cipher_key[CIPHER_KEYSIZE]; // used to generate cipher key
58 u8 hkdf_salt[HKDF_SALT]; // used as hkdf salt
59 u8 pad[
60 (RSABITS >> 3)
61 - 41 // OAEP
62 - sizeof (u32) // seqno
63 - AUTH_SIZE
64 - MAC_KEYSIZE
65 - CIPHER_KEYSIZE
66 - HKDF_SALT
67 - 3 // struct alignment...
68 ];
40}; 69};
41 70
42typedef rsaclear rsachallenge; // challenge data; 71struct auth_data
43typedef rsacrypt rsaencrdata; // encrypted challenge 72{
44typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash 73 rsa_data rsa;
74 ecdh_key ecdh;
75};
76
77typedef u8 rsa_crypt[RSA_KEYLEN]; // encrypted challenge
78
79struct auth_encr
80{
81 rsa_crypt rsa;
82 ecdh_key ecdh;
83};
84
85typedef u8 auth_mac[AUTH_SIZE];
86
87struct auth_response
88{
89 auth_mac mac;
90 ecdh_key ecdh;
91};
45 92
46//////////////////////////////////////////////////////////////////////////////////////// 93////////////////////////////////////////////////////////////////////////////////////////
47 94
48struct crypto_ctx; 95struct crypto_ctx;
49 96
59 106
60 void hmac_gen (crypto_ctx * ctx); 107 void hmac_gen (crypto_ctx * ctx);
61}; 108};
62 109
63struct vpn_packet : hmac_packet 110struct vpn_packet : hmac_packet
64 { 111{
65 enum ptype 112 enum ptype
66 { 113 {
67 PT_RESET = 0, 114 PT_RESET = 0,
68 PT_DATA_UNCOMPRESSED, 115 PT_DATA_UNCOMPRESSED,
69 PT_DATA_COMPRESSED, 116 PT_DATA_COMPRESSED,
70 PT_PING, PT_PONG, // wasting namespace space? ;) 117 PT_PING, PT_PONG, // wasting namespace space? ;)
71 PT_AUTH_REQ, // authentification request 118 PT_AUTH_REQ, // authentification request
72 PT_AUTH_RES, // authentification response 119 PT_AUTH_RES, // authentification response
73 PT_CONNECT_REQ, // want other node to contact me 120 PT_CONNECT_REQ, // want other node to contact me
74 PT_CONNECT_INFO, // request connection to some node 121 PT_CONNECT_INFO, // request connection to some node
122 PT_DATA_BRIDGED, // uncompressed packet with foreign mac pot. larger than path mtu (NYI)
75 PT_MAX 123 PT_MAX
76 };
77
78 u8 type;
79 u8 srcdst, src1, dst1;
80
81 void set_hdr (ptype type_, unsigned int dst);
82
83 unsigned int src () const
84 {
85 return src1 | ((srcdst >> 4) << 8);
86 }
87
88 unsigned int dst () const
89 {
90 return dst1 | ((srcdst & 0xf) << 8);
91 }
92
93 ptype typ () const
94 {
95 return (ptype) type;
96 }
97 }; 124 };
125
126 u8 type;
127 u8 srcdst, src1, dst1;
128
129 void set_hdr (ptype type_, unsigned int dst);
130
131 unsigned int src () const
132 {
133 return src1 | ((srcdst >> 4) << 8);
134 }
135
136 unsigned int dst () const
137 {
138 return dst1 | ((srcdst & 0xf) << 8);
139 }
140
141 ptype typ () const
142 {
143 return (ptype) type;
144 }
145};
98 146
99//////////////////////////////////////////////////////////////////////////////////////// 147////////////////////////////////////////////////////////////////////////////////////////
100 148
101// a very simple fifo pkt-queue 149// a very simple fifo pkt-queue
102class pkt_queue 150class pkt_queue
103 { 151{
104 net_packet *queue[QUEUEDEPTH];
105 int i, j; 152 int i, j;
153 int max_queue;
154 double max_ttl;
106 155
156 struct pkt {
157 ev_tstamp tstamp;
158 net_packet *pkt;
159 } *queue;
160
161 void expire_cb (ev::timer &w, int revents); ev::timer expire;
162
107 public: 163public:
108 164
109 void put (net_packet *p); 165 void put (net_packet *p);
110 net_packet *get (); 166 net_packet *get ();
111 167
112 pkt_queue (); 168 bool empty ()
169 {
170 return i == j;
171 }
172
173 pkt_queue (double max_ttl, int max_queue);
113 ~pkt_queue (); 174 ~pkt_queue ();
114 }; 175};
115 176
116enum 177enum
117 { 178{
118 FEATURE_COMPRESSION = 0x01, 179 FEATURE_COMPRESSION = 0x01,
119 FEATURE_ROHC = 0x02, 180 FEATURE_ROHC = 0x02,
120 }; 181 FEATURE_BRIDGING = 0x04,
182};
121 183
122struct connection 184struct connection
123 { 185{
124 conf_node *conf; 186 conf_node *conf;
125 struct vpn *vpn; 187 struct vpn *vpn;
126 188
127 sockinfo si; // the current(!) destination ip to send packets to 189 sockinfo si; // the current(!) destination ip to send packets to
128 int retry_cnt; 190 int retry_cnt;
129 191
130 tstamp last_activity; // time of last packet received 192 tstamp last_activity; // time of last packet received
193 tstamp last_establish_attempt;
194 //tstamp last_si_change; // time we last changed the socket address
131 195
132 u32 oseqno; 196 u32 oseqno;
133 sliding_window iseqno; 197 sliding_window iseqno;
134 198
135 u8 protocol; 199 u8 protocol;
136 u8 features; 200 u8 features;
201 bool is_direct; // current connection (si) is direct?
137 202
138 pkt_queue data_queue, vpn_queue; 203 pkt_queue data_queue, vpn_queue;
139 204
140 crypto_ctx *octx, *ictx; 205 crypto_ctx *octx, *ictx;
206 iv_gen oiv; // generator for random byte prefix
207
208 void generate_auth_data ();
209
210 ev_tstamp auth_expire; // when the snd_* and *_ecdh values expire
211
212 // send auth data - used for octx
213 auth_data snd_auth;
214 auth_mac snd_auth_mac; // expected response mac
215 ecdh_key snd_ecdh_a; // the secret ecdh key we used for our request
216 ecdh_key snd_ecdh_b; // the public ecdh key we received in the response
217 bool have_snd_auth; // received response for our req
218
219 // receive auth data - used for ictx
220 auth_data rcv_auth;
221 ecdh_key rcv_ecdh_a; // the secret ecdh key we used for our response
222 ecdh_key rcv_ecdh_b; // the public ecdh key we sent in our response
223 bool have_rcv_auth; // received auth from other side
141 224
142#if ENABLE_DNS 225#if ENABLE_DNS
143 struct dns_connection *dns; 226 struct dns_connection *dns;
144
145 void dnsv4_reset_connection ();
146#endif 227#endif
147 228
148 enum conf_node::connectmode connectmode; 229 enum conf_node::connectmode connectmode;
149 u8 prot_minor; // minor number of other side 230 u8 prot_minor; // minor number of other side
150 231
151 void reset_si (); 232 void reset_si ();
152 const sockinfo &forward_si (const sockinfo &si) const; 233 const sockinfo &forward_si (const sockinfo &si) const;
153 234
154 void shutdown (); 235 void shutdown ();
155 void connection_established (); 236 void connection_established (const sockinfo &rsi);
156 void reset_connection (); 237 void reset_connection ();
157 238
158 void establish_connection_cb (time_watcher &w); time_watcher establish_connection; 239 void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
159 void rekey_cb (time_watcher &w); time_watcher rekey; // next rekying (actually current reset + reestablishing) 240 void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
160 void keepalive_cb (time_watcher &w); time_watcher keepalive; // next keepalive probe 241 void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe
161 242
162 void send_connect_request (int id); 243 void send_connect_request (int id);
163 void send_auth_request (const sockinfo &si, bool initiate); 244 void send_auth_request (const sockinfo &si, bool initiate);
164 void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg); 245 void send_auth_response (const sockinfo &si);
165 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols); 246 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
166 void send_reset (const sockinfo &dsi); 247 void send_reset (const sockinfo &dsi);
167 void send_ping (const sockinfo &dsi, u8 pong = 0); 248 void send_ping (const sockinfo &dsi, u8 pong = 0);
168 void send_data_packet (tap_packet *pkt); 249 void send_data_packet (tap_packet *pkt);
169 250
251 void post_inject_queue ();
170 void inject_data_packet (tap_packet *pkt, bool broadcast = false); 252 void inject_data_packet (tap_packet *pkt);
171 void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding 253 void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
172 254
173 void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi); 255 void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
174 void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0); 256 void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
175 257
176 void script_init_env (const char *ext); 258 void script_init_env (const char *ext);
177 void script_init_connect_env (); 259 void script_init_connect_env ();
178 const char *script_node_up (); 260 const char *script_node_up ();
261 const char *script_node_change ();
179 const char *script_node_down (); 262 const char *script_node_down ();
180 263
181 void dump_status (); 264 void dump_status ();
182 265
183 connection (struct vpn *vpn, conf_node *conf); 266 connection (struct vpn *vpn, conf_node *conf);
184 ~connection (); 267 ~connection ();
185 }; 268};
186 269
187#endif 270#endif
188 271

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines