]>
Commit | Line | Data |
---|---|---|
0fecac98 MW |
1 | #ifndef _FREESWAN_H |
2 | /* | |
3 | * header file for FreeS/WAN library functions | |
4 | * Copyright (C) 1998, 1999, 2000 Henry Spencer. | |
5 | * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs | |
6 | * | |
7 | * This library is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU Library General Public License as published by | |
9 | * the Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
15 | * License for more details. | |
16 | * | |
17 | * RCSID $Id: freeswan.h,v 1.2 2004/03/22 21:53:17 as Exp $ | |
18 | */ | |
19 | #define _FREESWAN_H /* seen it, no need to see it again */ | |
20 | ||
21 | ||
22 | ||
23 | /* | |
24 | * We've just got to have some datatypes defined... And annoyingly, just | |
25 | * where we get them depends on whether we're in userland or not. | |
26 | */ | |
27 | #ifdef __KERNEL__ | |
28 | ||
29 | # include <linux/types.h> | |
30 | # include <linux/in.h> | |
31 | ||
32 | #else /* __KERNEL__ */ | |
33 | ||
34 | # include <stdio.h> | |
35 | # include <netinet/in.h> | |
36 | ||
37 | # define uint8_t u_int8_t | |
38 | # define uint16_t u_int16_t | |
39 | # define uint32_t u_int32_t | |
40 | # define uint64_t u_int64_t | |
41 | ||
42 | # define DEBUG_NO_STATIC static | |
43 | ||
44 | #endif /* __KERNEL__ */ | |
45 | ||
46 | #include <freeswan/ipsec_param.h> | |
47 | ||
48 | ||
49 | /* | |
50 | * Grab the kernel version to see if we have NET_21, and therefore | |
51 | * IPv6. Some of this is repeated from ipsec_kversions.h. Of course, | |
52 | * we aren't really testing if the kernel has IPv6, but rather if the | |
53 | * the include files do. | |
54 | */ | |
55 | #include <linux/version.h> | |
56 | #ifndef KERNEL_VERSION | |
57 | #define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) | |
58 | #endif | |
59 | ||
60 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) | |
61 | #define NET_21 | |
62 | #endif | |
63 | ||
64 | #ifndef IPPROTO_COMP | |
65 | # define IPPROTO_COMP 108 | |
66 | #endif /* !IPPROTO_COMP */ | |
67 | ||
68 | #ifndef IPPROTO_INT | |
69 | # define IPPROTO_INT 61 | |
70 | #endif /* !IPPROTO_INT */ | |
71 | ||
72 | #ifdef CONFIG_IPSEC_DEBUG | |
73 | # define DEBUG_NO_STATIC | |
74 | #else /* CONFIG_IPSEC_DEBUG */ | |
75 | # define DEBUG_NO_STATIC static | |
76 | #endif /* CONFIG_IPSEC_DEBUG */ | |
77 | ||
78 | #ifdef CONFIG_IPSEC_NAT_TRAVERSAL /* KERNEL ifdef */ | |
79 | #ifndef NAT_TRAVERSAL | |
80 | #define NAT_TRAVERSAL | |
81 | #endif | |
82 | #endif | |
83 | #ifdef NAT_TRAVERSAL | |
84 | #define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ | |
85 | #define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */ | |
86 | #endif | |
87 | ||
88 | /* | |
89 | * Basic data types for the address-handling functions. | |
90 | * ip_address and ip_subnet are supposed to be opaque types; do not | |
91 | * use their definitions directly, they are subject to change! | |
92 | */ | |
93 | ||
94 | /* first, some quick fakes in case we're on an old system with no IPv6 */ | |
95 | #ifndef s6_addr16 | |
96 | struct in6_addr { | |
97 | union | |
98 | { | |
99 | __u8 u6_addr8[16]; | |
100 | __u16 u6_addr16[8]; | |
101 | __u32 u6_addr32[4]; | |
102 | } in6_u; | |
103 | #define s6_addr in6_u.u6_addr8 | |
104 | #define s6_addr16 in6_u.u6_addr16 | |
105 | #define s6_addr32 in6_u.u6_addr32 | |
106 | }; | |
107 | struct sockaddr_in6 { | |
108 | unsigned short int sin6_family; /* AF_INET6 */ | |
109 | __u16 sin6_port; /* Transport layer port # */ | |
110 | __u32 sin6_flowinfo; /* IPv6 flow information */ | |
111 | struct in6_addr sin6_addr; /* IPv6 address */ | |
112 | __u32 sin6_scope_id; /* scope id (new in RFC2553) */ | |
113 | }; | |
114 | #endif /* !s6_addr16 */ | |
115 | ||
116 | /* then the main types */ | |
117 | typedef struct { | |
118 | union { | |
119 | struct sockaddr_in v4; | |
120 | struct sockaddr_in6 v6; | |
121 | } u; | |
122 | } ip_address; | |
123 | typedef struct { | |
124 | ip_address addr; | |
125 | int maskbits; | |
126 | } ip_subnet; | |
127 | ||
128 | /* and the SA ID stuff */ | |
129 | #ifdef __KERNEL__ | |
130 | typedef __u32 ipsec_spi_t; | |
131 | #else | |
132 | typedef u_int32_t ipsec_spi_t; | |
133 | #endif | |
134 | typedef struct { /* to identify an SA, we need: */ | |
135 | ip_address dst; /* A. destination host */ | |
136 | ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */ | |
137 | # define SPI_PASS 256 /* magic values... */ | |
138 | # define SPI_DROP 257 /* ...for use... */ | |
139 | # define SPI_REJECT 258 /* ...with SA_INT */ | |
140 | # define SPI_HOLD 259 | |
141 | # define SPI_TRAP 260 | |
142 | # define SPI_TRAPSUBNET 261 | |
143 | int proto; /* C. protocol */ | |
144 | # define SA_ESP 50 /* IPPROTO_ESP */ | |
145 | # define SA_AH 51 /* IPPROTO_AH */ | |
146 | # define SA_IPIP 4 /* IPPROTO_IPIP */ | |
147 | # define SA_COMP 108 /* IPPROTO_COMP */ | |
148 | # define SA_INT 61 /* IANA reserved for internal use */ | |
149 | } ip_said; | |
150 | struct sa_id { /* old v4-only version */ | |
151 | struct in_addr dst; | |
152 | ipsec_spi_t spi; | |
153 | int proto; | |
154 | }; | |
155 | ||
156 | /* misc */ | |
157 | typedef const char *err_t; /* error message, or NULL for success */ | |
158 | struct prng { /* pseudo-random-number-generator guts */ | |
159 | unsigned char sbox[256]; | |
160 | int i, j; | |
161 | unsigned long count; | |
162 | }; | |
163 | ||
164 | ||
165 | /* | |
166 | * definitions for user space, taken from freeswan/ipsec_sa.h | |
167 | */ | |
168 | typedef uint32_t IPsecSAref_t; | |
169 | ||
170 | #define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) | |
171 | ||
172 | #define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) | |
173 | #define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) | |
174 | ||
175 | #define IPSEC_SAREF_NULL (~((IPsecSAref_t)0)) | |
176 | ||
177 | /* GCC magic for use in function definitions! */ | |
178 | #ifdef GCC_LINT | |
179 | # define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) | |
180 | # define NEVER_RETURNS __attribute__ ((noreturn)) | |
181 | # define UNUSED __attribute__ ((unused)) | |
182 | # define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ | |
183 | #else | |
184 | # define PRINTF_LIKE(n) /* ignore */ | |
185 | # define NEVER_RETURNS /* ignore */ | |
186 | # define UNUSED /* ignore */ | |
187 | # define BLANK_FORMAT "" | |
188 | #endif | |
189 | ||
190 | ||
191 | ||
192 | ||
193 | ||
194 | /* | |
195 | * new IPv6-compatible functions | |
196 | */ | |
197 | ||
198 | /* text conversions */ | |
199 | err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst); | |
200 | size_t ultot(unsigned long src, int format, char *buf, size_t buflen); | |
201 | #define ULTOT_BUF (22+1) /* holds 64 bits in octal */ | |
202 | err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst); | |
203 | err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst); | |
204 | size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen); | |
205 | /* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */ | |
206 | #define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1) | |
207 | err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst); | |
208 | size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen); | |
209 | #define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3) | |
210 | err_t ttosa(const char *src, size_t srclen, ip_said *dst); | |
211 | size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen); | |
212 | #define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF) | |
213 | err_t ttodata(const char *src, size_t srclen, int base, char *buf, | |
214 | size_t buflen, size_t *needed); | |
215 | err_t ttodatav(const char *src, size_t srclen, int base, | |
216 | char *buf, size_t buflen, size_t *needed, | |
217 | char *errp, size_t errlen, unsigned int flags); | |
218 | #define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */ | |
219 | #define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/ | |
220 | #define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */ | |
221 | ||
222 | size_t datatot(const char *src, size_t srclen, int format, char *buf, | |
223 | size_t buflen); | |
224 | size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst, | |
225 | size_t dstlen); | |
226 | size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m, | |
227 | size_t mlen, char *dst, size_t dstlen); | |
228 | #define KEYID_BUF 10 /* up to 9 text digits plus NUL */ | |
229 | err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port, | |
230 | int *has_port_wildcard); | |
231 | ||
232 | /* initializations */ | |
233 | void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst); | |
234 | err_t loopbackaddr(int af, ip_address *dst); | |
235 | err_t unspecaddr(int af, ip_address *dst); | |
236 | err_t anyaddr(int af, ip_address *dst); | |
237 | err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst); | |
238 | err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst); | |
239 | err_t addrtosubnet(const ip_address *addr, ip_subnet *dst); | |
240 | ||
241 | /* misc. conversions and related */ | |
242 | err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst); | |
243 | int addrtypeof(const ip_address *src); | |
244 | int subnettypeof(const ip_subnet *src); | |
245 | size_t addrlenof(const ip_address *src); | |
246 | size_t addrbytesptr(const ip_address *src, const unsigned char **dst); | |
247 | size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen); | |
248 | int masktocount(const ip_address *src); | |
249 | void networkof(const ip_subnet *src, ip_address *dst); | |
250 | void maskof(const ip_subnet *src, ip_address *dst); | |
251 | ||
252 | /* tests */ | |
253 | int sameaddr(const ip_address *a, const ip_address *b); | |
254 | int addrcmp(const ip_address *a, const ip_address *b); | |
255 | int samesubnet(const ip_subnet *a, const ip_subnet *b); | |
256 | int addrinsubnet(const ip_address *a, const ip_subnet *s); | |
257 | int subnetinsubnet(const ip_subnet *a, const ip_subnet *b); | |
258 | int subnetishost(const ip_subnet *s); | |
259 | int samesaid(const ip_said *a, const ip_said *b); | |
260 | int sameaddrtype(const ip_address *a, const ip_address *b); | |
261 | int samesubnettype(const ip_subnet *a, const ip_subnet *b); | |
262 | int isanyaddr(const ip_address *src); | |
263 | int isunspecaddr(const ip_address *src); | |
264 | int isloopbackaddr(const ip_address *src); | |
265 | ||
266 | /* low-level grot */ | |
267 | int portof(const ip_address *src); | |
268 | void setportof(int port, ip_address *dst); | |
269 | struct sockaddr *sockaddrof(ip_address *src); | |
270 | size_t sockaddrlenof(const ip_address *src); | |
271 | ||
272 | /* PRNG */ | |
273 | void prng_init(struct prng *prng, const unsigned char *key, size_t keylen); | |
274 | void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen); | |
275 | unsigned long prng_count(struct prng *prng); | |
276 | void prng_final(struct prng *prng); | |
277 | ||
278 | /* odds and ends */ | |
279 | const char *ipsec_version_code(void); | |
280 | const char *ipsec_version_string(void); | |
281 | const char **ipsec_copyright_notice(void); | |
282 | ||
283 | const char *dns_string_rr(int rr, char *buf, int bufsize); | |
284 | const char *dns_string_datetime(time_t seconds, | |
285 | char *buf, | |
286 | int bufsize); | |
287 | ||
288 | ||
289 | /* | |
290 | * old functions, to be deleted eventually | |
291 | */ | |
292 | ||
293 | /* unsigned long */ | |
294 | const char * /* NULL for success, else string literal */ | |
295 | atoul( | |
296 | const char *src, | |
297 | size_t srclen, /* 0 means strlen(src) */ | |
298 | int base, /* 0 means figure it out */ | |
299 | unsigned long *resultp | |
300 | ); | |
301 | size_t /* space needed for full conversion */ | |
302 | ultoa( | |
303 | unsigned long n, | |
304 | int base, | |
305 | char *dst, | |
306 | size_t dstlen | |
307 | ); | |
308 | #define ULTOA_BUF 21 /* just large enough for largest result, */ | |
309 | /* assuming 64-bit unsigned long! */ | |
310 | ||
311 | /* Internet addresses */ | |
312 | const char * /* NULL for success, else string literal */ | |
313 | atoaddr( | |
314 | const char *src, | |
315 | size_t srclen, /* 0 means strlen(src) */ | |
316 | struct in_addr *addr | |
317 | ); | |
318 | size_t /* space needed for full conversion */ | |
319 | addrtoa( | |
320 | struct in_addr addr, | |
321 | int format, /* character; 0 means default */ | |
322 | char *dst, | |
323 | size_t dstlen | |
324 | ); | |
325 | #define ADDRTOA_BUF 16 /* just large enough for largest result */ | |
326 | ||
327 | /* subnets */ | |
328 | const char * /* NULL for success, else string literal */ | |
329 | atosubnet( | |
330 | const char *src, | |
331 | size_t srclen, /* 0 means strlen(src) */ | |
332 | struct in_addr *addr, | |
333 | struct in_addr *mask | |
334 | ); | |
335 | size_t /* space needed for full conversion */ | |
336 | subnettoa( | |
337 | struct in_addr addr, | |
338 | struct in_addr mask, | |
339 | int format, /* character; 0 means default */ | |
340 | char *dst, | |
341 | size_t dstlen | |
342 | ); | |
343 | #define SUBNETTOA_BUF 32 /* large enough for worst case result */ | |
344 | ||
345 | /* ranges */ | |
346 | const char * /* NULL for success, else string literal */ | |
347 | atoasr( | |
348 | const char *src, | |
349 | size_t srclen, /* 0 means strlen(src) */ | |
350 | char *type, /* 'a', 's', 'r' */ | |
351 | struct in_addr *addrs /* two-element array */ | |
352 | ); | |
353 | size_t /* space needed for full conversion */ | |
354 | rangetoa( | |
355 | struct in_addr *addrs, /* two-element array */ | |
356 | int format, /* character; 0 means default */ | |
357 | char *dst, | |
358 | size_t dstlen | |
359 | ); | |
360 | #define RANGETOA_BUF 34 /* large enough for worst case result */ | |
361 | ||
362 | /* data types for SA conversion functions */ | |
363 | ||
364 | /* SAs */ | |
365 | const char * /* NULL for success, else string literal */ | |
366 | atosa( | |
367 | const char *src, | |
368 | size_t srclen, /* 0 means strlen(src) */ | |
369 | struct sa_id *sa | |
370 | ); | |
371 | size_t /* space needed for full conversion */ | |
372 | satoa( | |
373 | struct sa_id sa, | |
374 | int format, /* character; 0 means default */ | |
375 | char *dst, | |
376 | size_t dstlen | |
377 | ); | |
378 | #define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF) | |
379 | ||
380 | /* generic data, e.g. keys */ | |
381 | const char * /* NULL for success, else string literal */ | |
382 | atobytes( | |
383 | const char *src, | |
384 | size_t srclen, /* 0 means strlen(src) */ | |
385 | char *dst, | |
386 | size_t dstlen, | |
387 | size_t *lenp /* NULL means don't bother telling me */ | |
388 | ); | |
389 | size_t /* 0 failure, else true size */ | |
390 | bytestoa( | |
391 | const char *src, | |
392 | size_t srclen, | |
393 | int format, /* character; 0 means default */ | |
394 | char *dst, | |
395 | size_t dstlen | |
396 | ); | |
397 | ||
398 | /* old versions of generic-data functions; deprecated */ | |
399 | size_t /* 0 failure, else true size */ | |
400 | atodata( | |
401 | const char *src, | |
402 | size_t srclen, /* 0 means strlen(src) */ | |
403 | char *dst, | |
404 | size_t dstlen | |
405 | ); | |
406 | size_t /* 0 failure, else true size */ | |
407 | datatoa( | |
408 | const char *src, | |
409 | size_t srclen, | |
410 | int format, /* character; 0 means default */ | |
411 | char *dst, | |
412 | size_t dstlen | |
413 | ); | |
414 | ||
415 | /* part extraction and special addresses */ | |
416 | struct in_addr | |
417 | subnetof( | |
418 | struct in_addr addr, | |
419 | struct in_addr mask | |
420 | ); | |
421 | struct in_addr | |
422 | hostof( | |
423 | struct in_addr addr, | |
424 | struct in_addr mask | |
425 | ); | |
426 | struct in_addr | |
427 | broadcastof( | |
428 | struct in_addr addr, | |
429 | struct in_addr mask | |
430 | ); | |
431 | ||
432 | /* mask handling */ | |
433 | int | |
434 | goodmask( | |
435 | struct in_addr mask | |
436 | ); | |
437 | int | |
438 | masktobits( | |
439 | struct in_addr mask | |
440 | ); | |
441 | struct in_addr | |
442 | bitstomask( | |
443 | int n | |
444 | ); | |
445 | ||
446 | ||
447 | ||
448 | /* | |
449 | * general utilities | |
450 | */ | |
451 | ||
452 | #ifndef __KERNEL__ | |
453 | /* option pickup from files (userland only because of use of FILE) */ | |
454 | const char *optionsfrom(const char *filename, int *argcp, char ***argvp, | |
455 | int optind, FILE *errorreport); | |
456 | #endif | |
457 | ||
458 | /* | |
459 | * Debugging levels for pfkey_lib_debug | |
460 | */ | |
461 | #define PF_KEY_DEBUG_PARSE_NONE 0 | |
462 | #define PF_KEY_DEBUG_PARSE_PROBLEM 1 | |
463 | #define PF_KEY_DEBUG_PARSE_STRUCT 2 | |
464 | #define PF_KEY_DEBUG_PARSE_FLOW 4 | |
465 | #define PF_KEY_DEBUG_PARSE_MAX 7 | |
466 | ||
467 | extern unsigned int pfkey_lib_debug; /* bits selecting what to report */ | |
468 | ||
469 | /* | |
470 | * pluto and lwdnsq need to know the maximum size of the commands to, | |
471 | * and replies from lwdnsq. | |
472 | */ | |
473 | ||
474 | #define LWDNSQ_CMDBUF_LEN 1024 | |
475 | #define LWDNSQ_RESULT_LEN_MAX 4096 | |
476 | ||
477 | #endif /* _FREESWAN_H */ |