gvpe/src/connection.h

/*
    connection.h -- header for connection.C
    Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com>
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#ifndef VPE_CONNECTION_H__
#define VPE_CONNECTION_H__

#include <openssl/hmac.h>

#include "global.h"
#include "conf.h"
#include "sockinfo.h"
#include "util.h"
#include "device.h"

struct vpn;

// called after HUP etc. to (re-)initialize global data structures
void connection_init ();

struct rsaid {
  u8 id[RSA_IDLEN]; // the challenge id
};

typedef rsaclear rsachallenge;      // challenge data;
typedef rsacrypt rsaencrdata;       // encrypted challenge
typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash

////////////////////////////////////////////////////////////////////////////////////////

struct crypto_ctx;

struct hmac_packet : net_packet
{
  u8 hmac[HMACLENGTH];          // each and every packet has a hmac field, but that is not (yet) checked everywhere

  void hmac_set (crypto_ctx * ctx);
  bool hmac_chk (crypto_ctx * ctx);

private:
  static unsigned char hmac_digest[EVP_MAX_MD_SIZE];

  void hmac_gen (crypto_ctx * ctx);
};

struct vpn_packet : hmac_packet
  {
    enum ptype
    {
      PT_RESET = 0,
      PT_DATA_UNCOMPRESSED,
      PT_DATA_COMPRESSED,
      PT_PING, PT_PONG, // wasting namespace space? ;)
      PT_AUTH_REQ,      // authentification request
      PT_AUTH_RES,      // authentification response
      PT_CONNECT_REQ,   // want other host to contact me
      PT_CONNECT_INFO,  // request connection to some node
      PT_MAX
    };

    u8 type;
    u8 srcdst, src1, dst1;

    void set_hdr (ptype type_, unsigned int dst);

    unsigned int src () const
    {
      return src1 | ((srcdst >> 4) << 8);
    }

    unsigned int dst () const
    {
      return dst1 | ((srcdst & 0xf) << 8);
    }

    ptype typ () const
    {
      return (ptype) type;
    }
  };

////////////////////////////////////////////////////////////////////////////////////////

// a very simple fifo pkt-queue
class pkt_queue
  {
    net_packet *queue[QUEUEDEPTH];
    int i, j;

  public:

    void put (net_packet *p);
    net_packet *get ();

    pkt_queue ();
    ~pkt_queue ();
  };

enum
  {
    FEATURE_COMPRESSION = 0x01,
    FEATURE_ROHC        = 0x02,
  };

struct connection
  {
    conf_node *conf;
    struct vpn *vpn;

    sockinfo si; // the current(!) destination ip to send packets to
    int retry_cnt;

    tstamp last_activity;       // time of last packet received

    u32 oseqno;
    sliding_window iseqno;

    u8 protocol;
    u8 features;

    pkt_queue data_queue, vpn_queue;

    crypto_ctx *octx, *ictx;

#if ENABLE_DNS
    sockinfo dns_si;

    struct byte_stream *dns_rcvdq; int dns_rcvseq;
    struct byte_stream *dns_snddq; int dns_sndseq;

    void dnsv4_cb (time_watcher &w); time_watcher dnsv4_tw;
    bool send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos);
#endif

    enum conf_node::connectmode connectmode;
    u8 prot_minor; // minor number of other side

    void reset_si ();
    const sockinfo &forward_si (const sockinfo &si) const;

    void shutdown ();
    void connection_established ();
    void reset_connection ();

    void establish_connection_cb (time_watcher &w); time_watcher establish_connection;
    void rekey_cb (time_watcher &w); time_watcher rekey; // next rekying (actually current reset + reestablishing)
    void keepalive_cb (time_watcher &w); time_watcher keepalive; // next keepalive probe

    void send_connect_request (int id);
    void send_auth_request (const sockinfo &si, bool initiate);
    void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
    void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
    void send_reset (const sockinfo &dsi);
    void send_ping (const sockinfo &dsi, u8 pong = 0);
    void send_data_packet (tap_packet *pkt);

    void inject_data_packet (tap_packet *pkt, bool broadcast = false);
    void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding

    void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
    void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);

    void script_node ();
    const char *script_node_up ();
    const char *script_node_down ();

    void dump_status ();

    connection (struct vpn *vpn, conf_node *conf);
    ~connection ();
  };

#endif

Revision:	1.16
Committed:	Wed Mar 2 05:49:31 2005 UTC (19 years, 2 months ago) by pcg
Content type:	text/plain
Branch:	MAIN
Changes since 1.15:	+4 -2 lines
Log Message:	* empty log message *
#	Content
1	/*
2	connection.h -- header for connection.C
3	Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com>
4
5	This program is free software; you can redistribute it and/or modify
6	it under the terms of the GNU General Public License as published by
7	the Free Software Foundation; either version 2 of the License, or
8	(at your option) any later version.
9
10	This program is distributed in the hope that it will be useful,
11	but WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	GNU General Public License for more details.
14
15	You should have received a copy of the GNU General Public License
16	along with this program; if not, write to the Free Software
17	Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18	*/
19
20	#ifndef VPE_CONNECTION_H__
21	#define VPE_CONNECTION_H__
22
23	#include <openssl/hmac.h>
24
25	#include "global.h"
26	#include "conf.h"
27	#include "sockinfo.h"
28	#include "util.h"
29	#include "device.h"
30
31	struct vpn;
32
33	// called after HUP etc. to (re-)initialize global data structures
34	void connection_init ();
35
36	struct rsaid {
37	u8 id[RSA_IDLEN]; // the challenge id
38	};
39
40	typedef rsaclear rsachallenge; // challenge data;
41	typedef rsacrypt rsaencrdata; // encrypted challenge
42	typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash
43
44	////////////////////////////////////////////////////////////////////////////////////////
45
46	struct crypto_ctx;
47
48	struct hmac_packet : net_packet
49	{
50	u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
51
52	void hmac_set (crypto_ctx * ctx);
53	bool hmac_chk (crypto_ctx * ctx);
54
55	private:
56	static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
57
58	void hmac_gen (crypto_ctx * ctx);
59	};
60
61	struct vpn_packet : hmac_packet
62	{
63	enum ptype
64	{
65	PT_RESET = 0,
66	PT_DATA_UNCOMPRESSED,
67	PT_DATA_COMPRESSED,
68	PT_PING, PT_PONG, // wasting namespace space? ;)
69	PT_AUTH_REQ, // authentification request
70	PT_AUTH_RES, // authentification response
71	PT_CONNECT_REQ, // want other host to contact me
72	PT_CONNECT_INFO, // request connection to some node
73	PT_MAX
74	};
75
76	u8 type;
77	u8 srcdst, src1, dst1;
78
79	void set_hdr (ptype type_, unsigned int dst);
80
81	unsigned int src () const
82	{
83	return src1 \| ((srcdst >> 4) << 8);
84	}
85
86	unsigned int dst () const
87	{
88	return dst1 \| ((srcdst & 0xf) << 8);
89	}
90
91	ptype typ () const
92	{
93	return (ptype) type;
94	}
95	};
96
97	////////////////////////////////////////////////////////////////////////////////////////
98
99	// a very simple fifo pkt-queue
100	class pkt_queue
101	{
102	net_packet *queue[QUEUEDEPTH];
103	int i, j;
104
105	public:
106
107	void put (net_packet *p);
108	net_packet *get ();
109
110	pkt_queue ();
111	~pkt_queue ();
112	};
113
114	enum
115	{
116	FEATURE_COMPRESSION = 0x01,
117	FEATURE_ROHC = 0x02,
118	};
119
120	struct connection
121	{
122	conf_node *conf;
123	struct vpn *vpn;
124
125	sockinfo si; // the current(!) destination ip to send packets to
126	int retry_cnt;
127
128	tstamp last_activity; // time of last packet received
129
130	u32 oseqno;
131	sliding_window iseqno;
132
133	u8 protocol;
134	u8 features;
135
136	pkt_queue data_queue, vpn_queue;
137
138	crypto_ctx octx, ictx;
139
140	#if ENABLE_DNS
141	sockinfo dns_si;
142
143	struct byte_stream *dns_rcvdq; int dns_rcvseq;
144	struct byte_stream *dns_snddq; int dns_sndseq;
145
146	void dnsv4_cb (time_watcher &w); time_watcher dnsv4_tw;
147	bool send_dnsv4_packet (vpn_packet *pkt, const sockinfo &si, int tos);
148	#endif
149
150	enum conf_node::connectmode connectmode;
151	u8 prot_minor; // minor number of other side
152
153	void reset_si ();
154	const sockinfo &forward_si (const sockinfo &si) const;
155
156	void shutdown ();
157	void connection_established ();
158	void reset_connection ();
159
160	void establish_connection_cb (time_watcher &w); time_watcher establish_connection;
161	void rekey_cb (time_watcher &w); time_watcher rekey; // next rekying (actually current reset + reestablishing)
162	void keepalive_cb (time_watcher &w); time_watcher keepalive; // next keepalive probe
163
164	void send_connect_request (int id);
165	void send_auth_request (const sockinfo &si, bool initiate);
166	void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
167	void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
168	void send_reset (const sockinfo &dsi);
169	void send_ping (const sockinfo &dsi, u8 pong = 0);
170	void send_data_packet (tap_packet *pkt);
171
172	void inject_data_packet (tap_packet *pkt, bool broadcast = false);
173	void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
174
175	void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
176	void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
177
178	void script_node ();
179	const char *script_node_up ();
180	const char *script_node_down ();
181
182	void dump_status ();
183
184	connection (struct vpn vpn, conf_node conf);
185	~connection ();
186	};
187
188	#endif
189