gvpe/src/connection.h

/*
    connection.h -- header for connection.C
    Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
 
    This file is part of GVPE.

    GVPE is free software; you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by the
    Free Software Foundation; either version 3 of the License, or (at your
    option) any later version.
   
    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
    Public License for more details.
   
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/>.
   
    Additional permission under GNU GPL version 3 section 7
   
    If you modify this Program, or any covered work, by linking or
    combining it with the OpenSSL project's OpenSSL library (or a modified
    version of that library), containing parts covered by the terms of the
    OpenSSL or SSLeay licenses, the licensors of this Program grant you
    additional permission to convey the resulting work.  Corresponding
    Source for a non-source form of such a combination shall include the
    source code for the parts of OpenSSL used as well as that of the
    covered work.
*/

#ifndef GVPE_CONNECTION_H__
#define GVPE_CONNECTION_H__

#include <openssl/hmac.h>

#include "global.h"
#include "conf.h"
#include "sockinfo.h"
#include "util.h"
#include "device.h"

struct vpn;

// called after HUP etc. to (re-)initialize global data structures
void connection_init ();

struct rsaid
{
  u8 id[RSA_IDLEN]; // the challenge id
};

typedef rsaclear rsachallenge;      // challenge data;
typedef rsacrypt rsaencrdata;       // encrypted challenge
typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash

////////////////////////////////////////////////////////////////////////////////////////

struct crypto_ctx;

struct hmac_packet : net_packet
{
  u8 hmac[HMACLENGTH];          // each and every packet has a hmac field, but that is not (yet) checked everywhere

  void hmac_set (crypto_ctx * ctx);
  bool hmac_chk (crypto_ctx * ctx);

private:
  static unsigned char hmac_digest[EVP_MAX_MD_SIZE];

  void hmac_gen (crypto_ctx * ctx);
};

struct vpn_packet : hmac_packet
{
  enum ptype
  {
    PT_RESET = 0,
    PT_DATA_UNCOMPRESSED,
    PT_DATA_COMPRESSED,
    PT_PING, PT_PONG,   // wasting namespace space? ;)
    PT_AUTH_REQ,        // authentification request
    PT_AUTH_RES,        // authentification response
    PT_CONNECT_REQ,     // want other node to contact me
    PT_CONNECT_INFO,    // request connection to some node
    PT_DATA_BRIDGED,    // uncompressed packet with foreign mac pot. larger than path mtu (NYI)
    PT_MAX
  };

  u8 type;
  u8 srcdst, src1, dst1;

  void set_hdr (ptype type_, unsigned int dst);

  unsigned int src () const
  {
    return src1 | ((srcdst >> 4) << 8);
  }

  unsigned int dst () const
  {
    return dst1 | ((srcdst & 0xf) << 8);
  }

  ptype typ () const
  {
    return (ptype) type;
  }
};

////////////////////////////////////////////////////////////////////////////////////////

// a very simple fifo pkt-queue
class pkt_queue
{
  int i, j;
  int max_queue;
  double max_ttl;

  struct pkt {
    ev_tstamp tstamp;
    net_packet *pkt;
  } *queue;

  void expire_cb (ev::timer &w, int revents); ev::timer expire;

public:

  void put (net_packet *p);
  net_packet *get ();

  bool empty ()
  {
    return i == j;
  }

  pkt_queue (double max_ttl, int max_queue);
  ~pkt_queue ();
};

enum
{
  FEATURE_COMPRESSION = 0x01,
  FEATURE_ROHC        = 0x02,
  FEATURE_BRIDGING    = 0x04,
};

struct connection
{
  conf_node *conf;
  struct vpn *vpn;

  sockinfo si; // the current(!) destination ip to send packets to
  int retry_cnt;

  tstamp last_activity; // time of last packet received
  tstamp last_establish_attempt;
  //tstamp last_si_change; // time we last changed the socket address

  u32 oseqno;
  sliding_window iseqno;

  u8 protocol;
  u8 features;
  bool is_direct; // current connection (si) is direct?

  pkt_queue data_queue, vpn_queue;

  crypto_ctx *octx, *ictx;

#if ENABLE_DNS
  struct dns_connection *dns;

  void dnsv4_reset_connection ();
#endif

  enum conf_node::connectmode connectmode;
  u8 prot_minor; // minor number of other side

  void reset_si ();
  const sockinfo &forward_si (const sockinfo &si) const;

  void shutdown ();
  void connection_established ();
  void reset_connection ();

  void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
  void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
  void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe

  void send_connect_request (int id);
  void send_auth_request (const sockinfo &si, bool initiate);
  void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
  void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
  void send_reset (const sockinfo &dsi);
  void send_ping (const sockinfo &dsi, u8 pong = 0);
  void send_data_packet (tap_packet *pkt);

  void post_inject_queue ();
  void inject_data_packet (tap_packet *pkt);
  void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding

  void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
  void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);

  void script_init_env (const char *ext);
  void script_init_connect_env ();
  const char *script_node_up ();
  const char *script_node_change ();
  const char *script_node_down ();

  void dump_status ();

  connection (struct vpn *vpn, conf_node *conf);
  ~connection ();
};

#endif

Revision:	1.35
Committed:	Tue Feb 8 23:13:48 2011 UTC (13 years, 3 months ago) by root
Content type:	text/plain
Branch:	MAIN
Changes since 1.34:	+1 -1 lines
Log Message:	whitespace cleanup
#	Content
1	/*
2	connection.h -- header for connection.C
3	Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
4
5	This file is part of GVPE.
6
7	GVPE is free software; you can redistribute it and/or modify it
8	under the terms of the GNU General Public License as published by the
9	Free Software Foundation; either version 3 of the License, or (at your
10	option) any later version.
11
12	This program is distributed in the hope that it will be useful, but
13	WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15	Public License for more details.
16
17	You should have received a copy of the GNU General Public License along
18	with this program; if not, see <http://www.gnu.org/licenses/>.
19
20	Additional permission under GNU GPL version 3 section 7
21
22	If you modify this Program, or any covered work, by linking or
23	combining it with the OpenSSL project's OpenSSL library (or a modified
24	version of that library), containing parts covered by the terms of the
25	OpenSSL or SSLeay licenses, the licensors of this Program grant you
26	additional permission to convey the resulting work. Corresponding
27	Source for a non-source form of such a combination shall include the
28	source code for the parts of OpenSSL used as well as that of the
29	covered work.
30	*/
31
32	#ifndef GVPE_CONNECTION_H__
33	#define GVPE_CONNECTION_H__
34
35	#include <openssl/hmac.h>
36
37	#include "global.h"
38	#include "conf.h"
39	#include "sockinfo.h"
40	#include "util.h"
41	#include "device.h"
42
43	struct vpn;
44
45	// called after HUP etc. to (re-)initialize global data structures
46	void connection_init ();
47
48	struct rsaid
49	{
50	u8 id[RSA_IDLEN]; // the challenge id
51	};
52
53	typedef rsaclear rsachallenge; // challenge data;
54	typedef rsacrypt rsaencrdata; // encrypted challenge
55	typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash
56
57	////////////////////////////////////////////////////////////////////////////////////////
58
59	struct crypto_ctx;
60
61	struct hmac_packet : net_packet
62	{
63	u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
64
65	void hmac_set (crypto_ctx * ctx);
66	bool hmac_chk (crypto_ctx * ctx);
67
68	private:
69	static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
70
71	void hmac_gen (crypto_ctx * ctx);
72	};
73
74	struct vpn_packet : hmac_packet
75	{
76	enum ptype
77	{
78	PT_RESET = 0,
79	PT_DATA_UNCOMPRESSED,
80	PT_DATA_COMPRESSED,
81	PT_PING, PT_PONG, // wasting namespace space? ;)
82	PT_AUTH_REQ, // authentification request
83	PT_AUTH_RES, // authentification response
84	PT_CONNECT_REQ, // want other node to contact me
85	PT_CONNECT_INFO, // request connection to some node
86	PT_DATA_BRIDGED, // uncompressed packet with foreign mac pot. larger than path mtu (NYI)
87	PT_MAX
88	};
89
90	u8 type;
91	u8 srcdst, src1, dst1;
92
93	void set_hdr (ptype type_, unsigned int dst);
94
95	unsigned int src () const
96	{
97	return src1 \| ((srcdst >> 4) << 8);
98	}
99
100	unsigned int dst () const
101	{
102	return dst1 \| ((srcdst & 0xf) << 8);
103	}
104
105	ptype typ () const
106	{
107	return (ptype) type;
108	}
109	};
110
111	////////////////////////////////////////////////////////////////////////////////////////
112
113	// a very simple fifo pkt-queue
114	class pkt_queue
115	{
116	int i, j;
117	int max_queue;
118	double max_ttl;
119
120	struct pkt {
121	ev_tstamp tstamp;
122	net_packet *pkt;
123	} *queue;
124
125	void expire_cb (ev::timer &w, int revents); ev::timer expire;
126
127	public:
128
129	void put (net_packet *p);
130	net_packet *get ();
131
132	bool empty ()
133	{
134	return i == j;
135	}
136
137	pkt_queue (double max_ttl, int max_queue);
138	~pkt_queue ();
139	};
140
141	enum
142	{
143	FEATURE_COMPRESSION = 0x01,
144	FEATURE_ROHC = 0x02,
145	FEATURE_BRIDGING = 0x04,
146	};
147
148	struct connection
149	{
150	conf_node *conf;
151	struct vpn *vpn;
152
153	sockinfo si; // the current(!) destination ip to send packets to
154	int retry_cnt;
155
156	tstamp last_activity; // time of last packet received
157	tstamp last_establish_attempt;
158	//tstamp last_si_change; // time we last changed the socket address
159
160	u32 oseqno;
161	sliding_window iseqno;
162
163	u8 protocol;
164	u8 features;
165	bool is_direct; // current connection (si) is direct?
166
167	pkt_queue data_queue, vpn_queue;
168
169	crypto_ctx octx, ictx;
170
171	#if ENABLE_DNS
172	struct dns_connection *dns;
173
174	void dnsv4_reset_connection ();
175	#endif
176
177	enum conf_node::connectmode connectmode;
178	u8 prot_minor; // minor number of other side
179
180	void reset_si ();
181	const sockinfo &forward_si (const sockinfo &si) const;
182
183	void shutdown ();
184	void connection_established ();
185	void reset_connection ();
186
187	void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
188	void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
189	void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe
190
191	void send_connect_request (int id);
192	void send_auth_request (const sockinfo &si, bool initiate);
193	void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg);
194	void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
195	void send_reset (const sockinfo &dsi);
196	void send_ping (const sockinfo &dsi, u8 pong = 0);
197	void send_data_packet (tap_packet *pkt);
198
199	void post_inject_queue ();
200	void inject_data_packet (tap_packet *pkt);
201	void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
202
203	void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
204	void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
205
206	void script_init_env (const char *ext);
207	void script_init_connect_env ();
208	const char *script_node_up ();
209	const char *script_node_change ();
210	const char *script_node_down ();
211
212	void dump_status ();
213
214	connection (struct vpn vpn, conf_node conf);
215	~connection ();
216	};
217
218	#endif
219