[apple/ipsec.git] / ipsec-tools / racoon / ike_session.h

/*
 * Copyright (c) 2008 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

#ifndef _IKE_SESSION_H
#define _IKE_SESSION_H

#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/param.h>
#include <System/net/pfkeyv2.h>
#include <netinet/in.h>
#include "handler.h"
#include "ipsecSessionTracer.h"

#define IKE_VERSION_1					0x1
#define IKE_VERSION_2					0x2

typedef struct ike_session_id {
	struct sockaddr_storage local;
	struct sockaddr_storage remote;
} ike_session_id_t;

typedef struct ike_session_stats {
	u_int32_t							 counters[IPSECSESSIONEVENTCODE_MAX];
} ike_session_stats_t;

typedef struct ike_session_ikev1 {
	/* list of ph1s */
	int                                  active_ph1cnt;
	int                                  ph1cnt;	/* the number which is negotiated for this session */
	LIST_HEAD(_ph1ofsession_, ph1handle) ph1tree;
	
	/* list of ph2s */
	int                                  active_ph2cnt;
	int                                  ph2cnt;	/* the number which is negotiated for this session */
	LIST_HEAD(_ph2ofsession_, ph2handle) ph2tree;
} ike_session_ikev1_t;

typedef struct ike_session_sastats {
    int                                  interv_mon;
    int                                  interv_idle;
    int                                  dir_idle;
    struct sched                        *sc_mon;
    struct sched                        *sc_idle;

    u_int32_t                            num_in_curr_req;
    u_int32_t                            num_in_last_poll;
    struct sastat                        in_curr_req[8];
    struct sastat                        in_last_poll[8];

    u_int32_t                            num_out_curr_req;
    u_int32_t                            num_out_last_poll;
    struct sastat                        out_curr_req[8];
    struct sastat                        out_last_poll[8];
} ike_sesssion_sastats_t;

struct ike_session {
	u_int8_t                             version;		/* mask of version flags */
	u_int8_t				             mode;			/* mode of protocol, see ipsec.h */
	u_int16_t                            proto;			/* IPPROTO_ESP or IPPROTO_AH */

	ike_session_id_t                     session_id;

	int                                  established:1;
	int                                  ports_floated:1;
	int                                  is_cisco_ipsec:1;	
	int									 is_l2tpvpn_ipsec:1;
	int									 is_btmm_ipsec:1;
	int									 stopped_by_vpn_controller:1;
    int                                  peer_sent_data_sc_dpd:1;
    int                                  peer_sent_data_sc_idle:1;
    int                                  i_sent_data_sc_dpd:1;
    int                                  i_sent_data_sc_idle:1;
    int					 is_client:1;
    time_t                               last_time_data_sc_detected;
    int                                  controller_awaiting_peer_resp:1;
    int                                  is_dying:1;
    int                                  is_asserted:1;
    u_int32_t                            natt_flags;
	u_int32_t                            natt_version;
	char                                *term_reason;

	struct timeval						 start_timestamp;
	struct timeval						 estab_timestamp;
	struct timeval						 stop_timestamp;
	ike_session_ikev1_t					 ikev1_state;

	ike_session_stats_t					 stats;

    ike_sesssion_sastats_t               traffic_monitor;
    struct sched                        *sc_idle;
    struct sched                        *sc_xauth;

	LIST_ENTRY(ike_session)              chain;
};

typedef enum ike_session_rekey_type {
	IKE_SESSION_REKEY_TYPE_NONE = 0,
	IKE_SESSION_REKEY_TYPE_PH1,
	IKE_SESSION_REKEY_TYPE_PH2,
} ike_session_rekey_type_t;

extern const char *	ike_session_stopped_by_vpn_disconnect;
extern const char *	ike_session_stopped_by_flush;
extern const char *	ike_session_stopped_by_sleepwake;
extern const char *	ike_session_stopped_by_assert;

extern void               ike_session_init __P((void));
extern ike_session_t *	  ike_session_get_session __P((struct sockaddr *, struct sockaddr *, int));
extern u_int              ike_session_get_rekey_lifetime __P((int, u_int));
extern void               ike_session_update_mode __P((struct ph2handle *iph2));
extern int                ike_session_link_ph1_to_session __P((struct ph1handle *));
extern int                ike_session_link_ph2_to_session __P((struct ph2handle *));
extern int                ike_session_unlink_ph1_from_session __P((struct ph1handle *));
extern int                ike_session_unlink_ph2_from_session __P((struct ph2handle *));
extern int                ike_session_has_other_established_ph1 __P((ike_session_t *, struct ph1handle *));
extern int                ike_session_has_other_negoing_ph1 __P((ike_session_t *, struct ph1handle *));
extern int                ike_session_has_other_established_ph2 __P((ike_session_t *, struct ph2handle *));
extern int                ike_session_has_other_negoing_ph2 __P((ike_session_t *, struct ph2handle *));
extern int                ike_session_verify_ph2_parent_session __P((struct ph2handle *));
extern struct ph1handle * ike_session_update_ph1_ph2tree __P((struct ph1handle *));
extern struct ph1handle * ike_session_update_ph2_ph1bind __P((struct ph2handle *));
extern void               ike_session_ikev1_float_ports __P((struct ph1handle *));
extern void               ike_session_ph2_established __P((struct ph2handle *));
extern void               ike_session_cleanup_other_established_ph1s __P((ike_session_t *, struct ph1handle *));
extern void               ike_session_cleanup_other_established_ph2s __P((ike_session_t *, struct ph2handle *));
extern void				  ike_session_stopped_by_controller __P((ike_session_t *, const char *));
extern void				  ike_sessions_stopped_by_controller __P((struct sockaddr *, int, const char *));
extern void               ike_session_purge_ph2s_by_ph1 __P((struct ph1handle *));
extern struct ph1handle * ike_session_get_established_ph1 __P((ike_session_t *));
extern void               ike_session_update_ph2_ports __P((struct ph2handle *));
extern u_int32_t          ike_session_get_sas_for_stats __P((ike_session_t *, u_int8_t, u_int32_t *, struct sastat  *, u_int32_t));
extern void               ike_session_update_traffic_idle_status __P((ike_session_t *, u_int32_t, struct sastat *, u_int32_t));
extern void               ike_session_cleanup __P((ike_session_t *, const char *));
extern int                ike_session_has_negoing_ph1 __P((ike_session_t *));
extern int                ike_session_has_established_ph1 __P((ike_session_t *));
extern int                ike_session_has_negoing_ph2 __P((ike_session_t *));
extern int                ike_session_has_established_ph2 __P((ike_session_t *));
extern void               ike_session_cleanup_ph1s_by_ph2 __P((struct ph2handle *));
extern int                ike_session_is_client_ph2_rekey __P((struct ph2handle *));
extern int                ike_session_is_client_ph1_rekey __P((struct ph1handle *));
extern void               ike_session_start_xauth_timer __P((struct ph1handle *));
extern void               ike_session_stop_xauth_timer __P((struct ph1handle *));
extern int                ike_session_get_sainfo_r __P((struct ph2handle *));
extern int                ike_session_get_proposal_r __P((struct ph2handle *));
extern void               ike_session_update_natt_version __P((struct ph1handle *));
extern int                ike_session_get_natt_version __P((struct ph1handle *));
extern int                ike_session_drop_rekey __P((ike_session_t *, ike_session_rekey_type_t));
extern void               ike_session_sweep_sleepwake __P((void));
extern int                ike_session_assert __P((struct sockaddr *, struct sockaddr *));
extern int                ike_session_assert_session __P((ike_session_t *));
extern void               ike_session_ph2_retransmits __P((struct ph2handle *));
extern void               ike_session_ph1_retransmits __P((struct ph1handle *));

#endif /* _IKE_SESSION_H */
Commit	Line	Data
d1e348cf A	1	/*
	2	* Copyright (c) 2008 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* The contents of this file constitute Original Code as defined in and
	7	* are subject to the Apple Public Source License Version 1.1 (the
	8	* "License"). You may not use this file except in compliance with the
	9	* License. Please obtain a copy of the License at
	10	* http://www.apple.com/publicsource and read it before using this file.
	11	*
	12	* This Original Code and all software distributed under the License are
	13	* distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	14	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	15	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	16	* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
	17	* License for the specific language governing rights and limitations
	18	* under the License.
	19	*
	20	* @APPLE_LICENSE_HEADER_END@
	21	*/
	22
	23	#ifndef _IKE_SESSION_H
	24	#define _IKE_SESSION_H
	25
	26	#include <stdlib.h>
	27	#include <sys/types.h>
	28	#include <sys/socket.h>
	29	#include <sys/param.h>
d1e348cf	30	#include <System/net/pfkeyv2.h>
d1e348cf A	31	#include <netinet/in.h>
	32	#include "handler.h"
	33	#include "ipsecSessionTracer.h"
	34
	35	#define IKE_VERSION_1 0x1
	36	#define IKE_VERSION_2 0x2
	37
	38	typedef struct ike_session_id {
	39	struct sockaddr_storage local;
	40	struct sockaddr_storage remote;
	41	} ike_session_id_t;
	42
	43	typedef struct ike_session_stats {
	44	u_int32_t counters[IPSECSESSIONEVENTCODE_MAX];
	45	} ike_session_stats_t;
	46
	47	typedef struct ike_session_ikev1 {
	48	/* list of ph1s */
	49	int active_ph1cnt;
	50	int ph1cnt; /* the number which is negotiated for this session */
	51	LIST_HEAD(_ph1ofsession_, ph1handle) ph1tree;
	52
	53	/* list of ph2s */
	54	int active_ph2cnt;
	55	int ph2cnt; /* the number which is negotiated for this session */
	56	LIST_HEAD(_ph2ofsession_, ph2handle) ph2tree;
	57	} ike_session_ikev1_t;
	58
	59	typedef struct ike_session_sastats {
	60	int interv_mon;
	61	int interv_idle;
	62	int dir_idle;
	63	struct sched *sc_mon;
	64	struct sched *sc_idle;
	65
	66	u_int32_t num_in_curr_req;
	67	u_int32_t num_in_last_poll;
	68	struct sastat in_curr_req[8];
	69	struct sastat in_last_poll[8];
	70
	71	u_int32_t num_out_curr_req;
	72	u_int32_t num_out_last_poll;
	73	struct sastat out_curr_req[8];
	74	struct sastat out_last_poll[8];
	75	} ike_sesssion_sastats_t;
	76
	77	struct ike_session {
	78	u_int8_t version; /* mask of version flags */
	79	u_int8_t mode; /* mode of protocol, see ipsec.h */
	80	u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */
	81
	82	ike_session_id_t session_id;
	83
	84	int established:1;
	85	int ports_floated:1;
	86	int is_cisco_ipsec:1;
	87	int is_l2tpvpn_ipsec:1;
	88	int is_btmm_ipsec:1;
	89	int stopped_by_vpn_controller:1;
	90	int peer_sent_data_sc_dpd:1;
	91	int peer_sent_data_sc_idle:1;
	92	int i_sent_data_sc_dpd:1;
	93	int i_sent_data_sc_idle:1;
	94	int is_client:1;
fce29cd9	95	time_t last_time_data_sc_detected;
e8d9021d A	96	int controller_awaiting_peer_resp:1;
	97	int is_dying:1;
	98	int is_asserted:1;
d1e348cf	99	u_int32_t natt_flags;
80318cb7	100	u_int32_t natt_version;
d1e348cf A	101	char *term_reason;
	102
	103	struct timeval start_timestamp;
	104	struct timeval estab_timestamp;
	105	struct timeval stop_timestamp;
	106	ike_session_ikev1_t ikev1_state;
	107
	108	ike_session_stats_t stats;
	109
	110	ike_sesssion_sastats_t traffic_monitor;
	111	struct sched *sc_idle;
	112	struct sched *sc_xauth;
	113
	114	LIST_ENTRY(ike_session) chain;
	115	};
	116
e8d9021d A	117	typedef enum ike_session_rekey_type {
	118	IKE_SESSION_REKEY_TYPE_NONE = 0,
	119	IKE_SESSION_REKEY_TYPE_PH1,
	120	IKE_SESSION_REKEY_TYPE_PH2,
	121	} ike_session_rekey_type_t;
	122
d1e348cf A	123	extern const char * ike_session_stopped_by_vpn_disconnect;
d1e348cf A	124	extern const char * ike_session_stopped_by_flush;
e8d9021d A	125	extern const char * ike_session_stopped_by_sleepwake;
e8d9021d A	126	extern const char * ike_session_stopped_by_assert;
d1e348cf A	127
	128	extern void ike_session_init __P((void));
	129	extern ike_session_t * ike_session_get_session __P((struct sockaddr , struct sockaddr , int));
	130	extern u_int ike_session_get_rekey_lifetime __P((int, u_int));
	131	extern void ike_session_update_mode __P((struct ph2handle *iph2));
	132	extern int ike_session_link_ph1_to_session __P((struct ph1handle *));
	133	extern int ike_session_link_ph2_to_session __P((struct ph2handle *));
	134	extern int ike_session_unlink_ph1_from_session __P((struct ph1handle *));
	135	extern int ike_session_unlink_ph2_from_session __P((struct ph2handle *));
	136	extern int ike_session_has_other_established_ph1 __P((ike_session_t , struct ph1handle ));
	137	extern int ike_session_has_other_negoing_ph1 __P((ike_session_t , struct ph1handle ));
	138	extern int ike_session_has_other_established_ph2 __P((ike_session_t , struct ph2handle ));
	139	extern int ike_session_has_other_negoing_ph2 __P((ike_session_t , struct ph2handle ));
	140	extern int ike_session_verify_ph2_parent_session __P((struct ph2handle *));
	141	extern struct ph1handle * ike_session_update_ph1_ph2tree __P((struct ph1handle *));
	142	extern struct ph1handle * ike_session_update_ph2_ph1bind __P((struct ph2handle *));
	143	extern void ike_session_ikev1_float_ports __P((struct ph1handle *));
	144	extern void ike_session_ph2_established __P((struct ph2handle *));
	145	extern void ike_session_cleanup_other_established_ph1s __P((ike_session_t , struct ph1handle ));
	146	extern void ike_session_cleanup_other_established_ph2s __P((ike_session_t , struct ph2handle ));
	147	extern void ike_session_stopped_by_controller __P((ike_session_t , const char ));
	148	extern void ike_sessions_stopped_by_controller __P((struct sockaddr , int, const char ));
	149	extern void ike_session_purge_ph2s_by_ph1 __P((struct ph1handle *));
	150	extern struct ph1handle * ike_session_get_established_ph1 __P((ike_session_t *));
	151	extern void ike_session_update_ph2_ports __P((struct ph2handle *));
	152	extern u_int32_t ike_session_get_sas_for_stats __P((ike_session_t , u_int8_t, u_int32_t , struct sastat *, u_int32_t));
	153	extern void ike_session_update_traffic_idle_status __P((ike_session_t , u_int32_t, struct sastat , u_int32_t));
	154	extern void ike_session_cleanup __P((ike_session_t , const char ));
	155	extern int ike_session_has_negoing_ph1 __P((ike_session_t *));
e8d9021d	156	extern int ike_session_has_established_ph1 __P((ike_session_t *));
d1e348cf A	157	extern int ike_session_has_negoing_ph2 __P((ike_session_t *));
	158	extern int ike_session_has_established_ph2 __P((ike_session_t *));
	159	extern void ike_session_cleanup_ph1s_by_ph2 __P((struct ph2handle *));
	160	extern int ike_session_is_client_ph2_rekey __P((struct ph2handle *));
	161	extern int ike_session_is_client_ph1_rekey __P((struct ph1handle *));
	162	extern void ike_session_start_xauth_timer __P((struct ph1handle *));
	163	extern void ike_session_stop_xauth_timer __P((struct ph1handle *));
47612122	164	extern int ike_session_get_sainfo_r __P((struct ph2handle *));
80318cb7 A	165	extern int ike_session_get_proposal_r __P((struct ph2handle *));
	166	extern void ike_session_update_natt_version __P((struct ph1handle *));
	167	extern int ike_session_get_natt_version __P((struct ph1handle *));
e8d9021d A	168	extern int ike_session_drop_rekey __P((ike_session_t *, ike_session_rekey_type_t));
	169	extern void ike_session_sweep_sleepwake __P((void));
	170	extern int ike_session_assert __P((struct sockaddr , struct sockaddr ));
	171	extern int ike_session_assert_session __P((ike_session_t *));
fce29cd9	172	extern void ike_session_ph2_retransmits __P((struct ph2handle *));
e8d9021d	173	extern void ike_session_ph1_retransmits __P((struct ph1handle *));
d1e348cf A	174
d1e348cf A	175	#endif /* _IKE_SESSION_H */