ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.h
(Generate patch)

Comparing gvpe/src/connection.h (file contents):
Revision 1.14 by pcg, Sun Feb 8 07:24:25 2004 UTC vs.
Revision 1.37 by root, Tue Jul 16 16:44:36 2013 UTC

1/* 1/*
2 connection.h -- header for connection.C 2 connection.h -- header for connection.C
3 Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com> 3 Copyright (C) 2003-2008,2013 Marc Lehmann <gvpe@schmorp.de>
4 4
5 This file is part of GVPE.
6
5 This program is free software; you can redistribute it and/or modify 7 GVPE is free software; you can redistribute it and/or modify it
6 it under the terms of the GNU General Public License as published by 8 under the terms of the GNU General Public License as published by the
7 the Free Software Foundation; either version 2 of the License, or 9 Free Software Foundation; either version 3 of the License, or (at your
8 (at your option) any later version. 10 option) any later version.
9 11
10 This program is distributed in the hope that it will be useful, 12 This program is distributed in the hope that it will be useful, but
11 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
13 GNU General Public License for more details. 15 Public License for more details.
14 16
15 You should have received a copy of the GNU General Public License 17 You should have received a copy of the GNU General Public License along
16 along with this program; if not, write to the Free Software 18 with this program; if not, see <http://www.gnu.org/licenses/>.
17 Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
18*/ 30*/
19 31
20#ifndef VPE_CONNECTION_H__ 32#ifndef GVPE_CONNECTION_H__
21#define VPE_CONNECTION_H__ 33#define GVPE_CONNECTION_H__
22 34
23#include <openssl/hmac.h> 35#include <openssl/hmac.h>
24 36
25#include "global.h" 37#include "global.h"
26#include "conf.h" 38#include "conf.h"
27#include "sockinfo.h" 39#include "sockinfo.h"
28#include "util.h" 40#include "util.h"
29#include "device.h" 41#include "device.h"
42#include "curve25519.h"
30 43
31struct vpn; 44struct vpn;
32 45
33// called after HUP etc. to (re-)initialize global data structures 46// called after HUP etc. to (re-)initialize global data structures
34void connection_init (); 47void connection_init ();
35 48
49typedef curve25519_key ecdh_key;
50
36struct rsaid { 51struct rsa_data
37 u8 id[RSA_IDLEN]; // the challenge id 52{
53 u32 seqno;
54 u8 auth_key[AUTH_SIZE];
55 u8 mac_key[MAC_KEYSIZE]; // used to generate hmac key
56 u8 cipher_key[CIPHER_KEYSIZE]; // used to generate cipher key
57 u8 hkdf_salt[HKDF_SALT]; // used as hkdf salt
58 u8 ikm[IKM_SIZE]; // used as additional keying material for both sides
59 u8 pad[
60 (RSABITS >> 3)
61 - 41 // OAEP
62 - sizeof (u32) // seqno
63 - AUTH_SIZE
64 - MAC_KEYSIZE
65 - CIPHER_KEYSIZE
66 - HKDF_SALT
67 - IKM_SIZE
68 - 3 // struct alignment...
69 ];
38}; 70};
39 71
40typedef rsaclear rsachallenge; // challenge data; 72struct auth_data
41typedef rsacrypt rsaencrdata; // encrypted challenge 73{
42typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash 74 rsa_data rsa;
75 ecdh_key ecdh;
76};
77
78typedef u8 rsa_crypt[RSA_KEYLEN]; // encrypted challenge
79
80struct auth_encr
81{
82 rsa_crypt rsa;
83 ecdh_key ecdh;
84};
85
86typedef u8 auth_mac[AUTH_SIZE];
87
88struct auth_response
89{
90 auth_mac mac;
91 ecdh_key ecdh;
92};
43 93
44//////////////////////////////////////////////////////////////////////////////////////// 94////////////////////////////////////////////////////////////////////////////////////////
45 95
46struct crypto_ctx; 96struct crypto_ctx;
47 97
57 107
58 void hmac_gen (crypto_ctx * ctx); 108 void hmac_gen (crypto_ctx * ctx);
59}; 109};
60 110
61struct vpn_packet : hmac_packet 111struct vpn_packet : hmac_packet
62 { 112{
63 enum ptype 113 enum ptype
64 { 114 {
65 PT_RESET = 0, 115 PT_RESET = 0,
66 PT_DATA_UNCOMPRESSED, 116 PT_DATA_UNCOMPRESSED,
67 PT_DATA_COMPRESSED, 117 PT_DATA_COMPRESSED,
68 PT_PING, PT_PONG, // wasting namespace space? ;) 118 PT_PING, PT_PONG, // wasting namespace space? ;)
69 PT_AUTH_REQ, // authentification request 119 PT_AUTH_REQ, // authentification request
70 PT_AUTH_RES, // authentification response 120 PT_AUTH_RES, // authentification response
71 PT_CONNECT_REQ, // want other host to contact me 121 PT_CONNECT_REQ, // want other node to contact me
72 PT_CONNECT_INFO, // request connection to some node 122 PT_CONNECT_INFO, // request connection to some node
123 PT_DATA_BRIDGED, // uncompressed packet with foreign mac pot. larger than path mtu (NYI)
73 PT_MAX 124 PT_MAX
74 };
75
76 u8 type;
77 u8 srcdst, src1, dst1;
78
79 void set_hdr (ptype type_, unsigned int dst);
80
81 unsigned int src () const
82 {
83 return src1 | ((srcdst >> 4) << 8);
84 }
85
86 unsigned int dst () const
87 {
88 return dst1 | ((srcdst & 0xf) << 8);
89 }
90
91 ptype typ () const
92 {
93 return (ptype) type;
94 }
95 }; 125 };
126
127 u8 type;
128 u8 srcdst, src1, dst1;
129
130 void set_hdr (ptype type_, unsigned int dst);
131
132 unsigned int src () const
133 {
134 return src1 | ((srcdst >> 4) << 8);
135 }
136
137 unsigned int dst () const
138 {
139 return dst1 | ((srcdst & 0xf) << 8);
140 }
141
142 ptype typ () const
143 {
144 return (ptype) type;
145 }
146};
96 147
97//////////////////////////////////////////////////////////////////////////////////////// 148////////////////////////////////////////////////////////////////////////////////////////
98 149
99// a very simple fifo pkt-queue 150// a very simple fifo pkt-queue
100class pkt_queue 151class pkt_queue
101 { 152{
102 net_packet *queue[QUEUEDEPTH];
103 int i, j; 153 int i, j;
154 int max_queue;
155 double max_ttl;
104 156
157 struct pkt {
158 ev_tstamp tstamp;
159 net_packet *pkt;
160 } *queue;
161
162 void expire_cb (ev::timer &w, int revents); ev::timer expire;
163
105 public: 164public:
106 165
107 void put (net_packet *p); 166 void put (net_packet *p);
108 net_packet *get (); 167 net_packet *get ();
109 168
110 pkt_queue (); 169 bool empty ()
170 {
171 return i == j;
172 }
173
174 pkt_queue (double max_ttl, int max_queue);
111 ~pkt_queue (); 175 ~pkt_queue ();
112 }; 176};
113 177
114enum 178enum
115 { 179{
116 FEATURE_COMPRESSION = 0x01, 180 FEATURE_COMPRESSION = 0x01,
117 FEATURE_ROHC = 0x02, 181 FEATURE_ROHC = 0x02,
118 }; 182 FEATURE_BRIDGING = 0x04,
183};
119 184
120struct connection 185struct connection
121 { 186{
122 conf_node *conf; 187 conf_node *conf;
123 struct vpn *vpn; 188 struct vpn *vpn;
124 189
125 sockinfo si; // the current(!) destination ip to send packets to 190 sockinfo si; // the current(!) destination ip to send packets to
126 int retry_cnt; 191 int retry_cnt;
127 192
128 tstamp last_activity; // time of last packet received 193 tstamp last_activity; // time of last packet received
194 tstamp last_establish_attempt;
195 //tstamp last_si_change; // time we last changed the socket address
129 196
130 u32 oseqno; 197 u32 oseqno;
131 sliding_window iseqno; 198 sliding_window iseqno;
132 199
133 u8 protocol; 200 u8 protocol;
134 u8 features; 201 u8 features;
202 bool is_direct; // current connection (si) is direct?
135 203
136 pkt_queue data_queue, vpn_queue; 204 pkt_queue data_queue, vpn_queue;
137 205
138 crypto_ctx *octx, *ictx; 206 crypto_ctx *octx, *ictx;
139 207
140 enum conf_node::connectmode connectmode; 208 void generate_auth_data ();
141 u8 prot_minor; // minor number of other side
142 209
143 void reset_si (); 210 ev_tstamp auth_expire; // when the snd_* and *_ecdh values expire
144 const sockinfo &forward_si (const sockinfo &si) const;
145 211
146 void shutdown (); 212 // send auth data - used for octx
147 void connection_established (); 213 auth_data snd_auth;
148 void reset_connection (); 214 auth_mac snd_auth_mac; // expected response mac
215 ecdh_key snd_ecdh_a; // the secret ecdh key we used for our request
216 ecdh_key snd_ecdh_b; // the public ecdh key we received in the response
217 bool have_snd_auth; // received response for our req
149 218
150 void establish_connection_cb (time_watcher &w); time_watcher establish_connection; 219 // receive auth data - used for ictx
151 void rekey_cb (time_watcher &w); time_watcher rekey; // next rekying (actually current reset + reestablishing) 220 auth_data rcv_auth;
152 void keepalive_cb (time_watcher &w); time_watcher keepalive; // next keepalive probe 221 ecdh_key rcv_ecdh_a; // the secret ecdh key we used for our response
222 ecdh_key rcv_ecdh_b; // the public ecdh key we sent in our response
223 bool have_rcv_auth; // received auth from other side
153 224
154 void send_connect_request (int id); 225#if ENABLE_DNS
155 void send_auth_request (const sockinfo &si, bool initiate); 226 struct dns_connection *dns;
156 void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
157 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
158 void send_reset (const sockinfo &dsi);
159 void send_ping (const sockinfo &dsi, u8 pong = 0);
160 void send_data_packet (tap_packet *pkt);
161
162 void inject_data_packet (tap_packet *pkt, bool broadcast = false);
163 void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
164
165 void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
166 void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
167
168 void script_node ();
169 const char *script_node_up ();
170 const char *script_node_down ();
171
172 void dump_status ();
173
174 connection(struct vpn *vpn_);
175 ~connection ();
176 };
177
178#endif 227#endif
179 228
229 enum conf_node::connectmode connectmode;
230 u8 prot_minor; // minor number of other side
231
232 void reset_si ();
233 const sockinfo &forward_si (const sockinfo &si) const;
234
235 void shutdown ();
236 void connection_established (const sockinfo &rsi);
237 void reset_connection ();
238
239 void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
240 void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
241 void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe
242
243 void send_connect_request (int id);
244 void send_auth_request (const sockinfo &si, bool initiate);
245 void send_auth_response (const sockinfo &si);
246 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
247 void send_reset (const sockinfo &dsi);
248 void send_ping (const sockinfo &dsi, u8 pong = 0);
249 void send_data_packet (tap_packet *pkt);
250
251 void post_inject_queue ();
252 void inject_data_packet (tap_packet *pkt);
253 void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
254
255 void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
256 void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
257
258 void script_init_env (const char *ext);
259 void script_init_connect_env ();
260 const char *script_node_up ();
261 const char *script_node_change ();
262 const char *script_node_down ();
263
264 void dump_status ();
265
266 connection (struct vpn *vpn, conf_node *conf);
267 ~connection ();
268};
269
270#endif
271

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines