projects / apple / ipsec.git / blame
| Commit | Line | Data |
|---|---|---|
| d1e348cf A |
1 | /* |
| 2 | * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. | |
| 3 | * | |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * The contents of this file constitute Original Code as defined in and | |
| 7 | * are subject to the Apple Public Source License Version 1.1 (the | |
| 8 | * "License"). You may not use this file except in compliance with the | |
| 9 | * License. Please obtain a copy of the License at | |
| 10 | * http://www.apple.com/publicsource and read it before using this file. | |
| 11 | * | |
| 12 | * This Original Code and all software distributed under the License are | |
| 13 | * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 14 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 15 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 16 | * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the | |
| 17 | * License for the specific language governing rights and limitations | |
| 18 | * under the License. | |
| 19 | * | |
| 20 | * @APPLE_LICENSE_HEADER_END@ | |
| 21 | */ | |
| 22 | ||
| 23 | #ifndef _IKE_SESSION_H | |
| 24 | #define _IKE_SESSION_H | |
| 25 | ||
| 26 | #include <stdlib.h> | |
| 27 | #include <sys/types.h> | |
| 28 | #include <sys/socket.h> | |
| 29 | #include <sys/param.h> | |
| 65c25746 | 30 | #include <net/pfkeyv2.h> |
| d1e348cf | 31 | #include <netinet/in.h> |
| 65c25746 | 32 | #include <dispatch/dispatch.h> |
| d1e348cf | 33 | #include "handler.h" |
| d1e348cf | 34 | |
| d1e348cf A |
35 | typedef struct ike_session_id { |
| 36 | struct sockaddr_storage local; | |
| 37 | struct sockaddr_storage remote; | |
| 38 | } ike_session_id_t; | |
| 39 | ||
| d1e348cf A |
40 | typedef struct ike_session_ikev1 { |
| 41 | /* list of ph1s */ | |
| 42 | int active_ph1cnt; | |
| 43 | int ph1cnt; /* the number which is negotiated for this session */ | |
| d1e348cf A |
44 | /* list of ph2s */ |
| 45 | int active_ph2cnt; | |
| 46 | int ph2cnt; /* the number which is negotiated for this session */ | |
| d1e348cf A |
47 | } ike_session_ikev1_t; |
| 48 | ||
| 49 | typedef struct ike_session_sastats { | |
| 50 | int interv_mon; | |
| 51 | int interv_idle; | |
| 52 | int dir_idle; | |
| 65c25746 A |
53 | schedule_ref sc_mon; |
| 54 | schedule_ref sc_idle; | |
| d1e348cf A |
55 | |
| 56 | u_int32_t num_in_curr_req; | |
| 57 | u_int32_t num_in_last_poll; | |
| 58 | struct sastat in_curr_req[8]; | |
| 59 | struct sastat in_last_poll[8]; | |
| 60 | ||
| 61 | u_int32_t num_out_curr_req; | |
| 62 | u_int32_t num_out_last_poll; | |
| 63 | struct sastat out_curr_req[8]; | |
| 64 | struct sastat out_last_poll[8]; | |
| 65 | } ike_sesssion_sastats_t; | |
| 66 | ||
| 67 | struct ike_session { | |
| d1e348cf A |
68 | u_int8_t mode; /* mode of protocol, see ipsec.h */ |
| 69 | u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */ | |
| 70 | ||
| 71 | ike_session_id_t session_id; | |
| 72 | ||
| 73 | int established:1; | |
| 74 | int ports_floated:1; | |
| 75 | int is_cisco_ipsec:1; | |
| 76 | int is_l2tpvpn_ipsec:1; | |
| 77 | int is_btmm_ipsec:1; | |
| 78 | int stopped_by_vpn_controller:1; | |
| 79 | int peer_sent_data_sc_dpd:1; | |
| 80 | int peer_sent_data_sc_idle:1; | |
| 81 | int i_sent_data_sc_dpd:1; | |
| 82 | int i_sent_data_sc_idle:1; | |
| 65c25746 | 83 | int is_client:1; |
| fce29cd9 | 84 | time_t last_time_data_sc_detected; |
| e8d9021d A |
85 | int controller_awaiting_peer_resp:1; |
| 86 | int is_dying:1; | |
| 87 | int is_asserted:1; | |
| d1e348cf | 88 | u_int32_t natt_flags; |
| 80318cb7 | 89 | u_int32_t natt_version; |
| d1e348cf A |
90 | char *term_reason; |
| 91 | ||
| 92 | struct timeval start_timestamp; | |
| 93 | struct timeval estab_timestamp; | |
| 94 | struct timeval stop_timestamp; | |
| 95 | ike_session_ikev1_t ikev1_state; | |
| 96 | ||
| d1e348cf | 97 | ike_sesssion_sastats_t traffic_monitor; |
| 65c25746 A |
98 | schedule_ref sc_idle; |
| 99 | schedule_ref sc_xauth; | |
| 100 | ||
| 101 | LIST_HEAD(_ph1tree_, phase1handle) ph1tree; | |
| 102 | LIST_HEAD(_ph2tree_, phase2handle) ph2tree; | |
| d1e348cf A |
103 | |
| 104 | LIST_ENTRY(ike_session) chain; | |
| 105 | }; | |
| 106 | ||
| e8d9021d A |
107 | typedef enum ike_session_rekey_type { |
| 108 | IKE_SESSION_REKEY_TYPE_NONE = 0, | |
| 109 | IKE_SESSION_REKEY_TYPE_PH1, | |
| 110 | IKE_SESSION_REKEY_TYPE_PH2, | |
| 111 | } ike_session_rekey_type_t; | |
| 112 | ||
| d1e348cf | 113 | extern const char * ike_session_stopped_by_vpn_disconnect; |
| 85f41bec | 114 | extern const char * ike_session_stopped_by_controller_comm_lost; |
| d1e348cf | 115 | extern const char * ike_session_stopped_by_flush; |
| e8d9021d A |
116 | extern const char * ike_session_stopped_by_sleepwake; |
| 117 | extern const char * ike_session_stopped_by_assert; | |
| 65c25746 A |
118 | extern const char * ike_session_stopped_by_peer; |
| 119 | ||
| 120 | extern void ike_session_init (void); | |
| 121 | extern ike_session_t * ike_session_create_session (ike_session_id_t *session_id); | |
| 122 | extern void ike_session_release_session (ike_session_t *session); | |
| 1760d65d | 123 | extern ike_session_t * ike_session_get_session (struct sockaddr_storage *, struct sockaddr_storage *, int, isakmp_index *); |
| 65c25746 A |
124 | extern u_int ike_session_get_rekey_lifetime (int, u_int); |
| 125 | extern void ike_session_update_mode (phase2_handle_t *iph2); | |
| 126 | extern int ike_session_link_phase1 (ike_session_t *, phase1_handle_t *); | |
| 127 | extern int ike_session_link_phase2 (ike_session_t *, phase2_handle_t *); | |
| 128 | extern int ike_session_link_ph2_to_ph1 (phase1_handle_t *, phase2_handle_t *); | |
| 129 | extern int ike_session_unlink_phase1 (phase1_handle_t *); | |
| 130 | extern int ike_session_unlink_phase2 (phase2_handle_t *); | |
| 131 | extern int ike_session_has_other_established_ph1 (ike_session_t *, phase1_handle_t *); | |
| 132 | extern int ike_session_has_other_negoing_ph1 (ike_session_t *, phase1_handle_t *); | |
| 133 | extern int ike_session_has_other_established_ph2 (ike_session_t *, phase2_handle_t *); | |
| 134 | extern int ike_session_has_other_negoing_ph2 (ike_session_t *, phase2_handle_t *); | |
| 135 | extern phase1_handle_t * ike_session_update_ph1_ph2tree (phase1_handle_t *); | |
| 136 | extern phase1_handle_t * ike_session_update_ph2_ph1bind (phase2_handle_t *); | |
| 137 | extern void ike_session_ikev1_float_ports (phase1_handle_t *); | |
| 138 | extern void ike_session_ph2_established (phase2_handle_t *); | |
| 139 | extern void ike_session_replace_other_ph1 (phase1_handle_t *, phase1_handle_t *); | |
| 140 | extern void ike_session_cleanup_other_established_ph1s (ike_session_t *, phase1_handle_t *); | |
| 141 | extern void ike_session_cleanup_other_established_ph2s (ike_session_t *, phase2_handle_t *); | |
| 142 | extern void ike_session_stopped_by_controller (ike_session_t *, const char *); | |
| 143 | extern void ike_sessions_stopped_by_controller (struct sockaddr_storage *, int, const char *); | |
| 144 | extern void ike_session_purge_ph2s_by_ph1 (phase1_handle_t *); | |
| d06a7ccb | 145 | extern void ike_session_purge_ph1s_by_session (ike_session_t *session); |
| 65c25746 A |
146 | extern phase1_handle_t * ike_session_get_established_ph1 (ike_session_t *); |
| 147 | extern phase1_handle_t * ike_session_get_established_or_negoing_ph1 (ike_session_t *); | |
| 148 | extern void ike_session_update_ph2_ports (phase2_handle_t *); | |
| 149 | extern u_int32_t ike_session_get_sas_for_stats (ike_session_t *, u_int8_t, u_int32_t *, struct sastat *, u_int32_t); | |
| 150 | extern void ike_session_update_traffic_idle_status (ike_session_t *, u_int32_t, struct sastat *, u_int32_t); | |
| 151 | extern void ike_session_cleanup (ike_session_t *, const char *); | |
| 152 | extern int ike_session_has_negoing_ph1 (ike_session_t *); | |
| 153 | extern int ike_session_has_established_ph1 (ike_session_t *); | |
| 154 | extern int ike_session_has_negoing_ph2 (ike_session_t *); | |
| 155 | extern int ike_session_has_established_ph2 (ike_session_t *); | |
| 156 | extern void ike_session_cleanup_ph1s_by_ph2 (phase2_handle_t *); | |
| 157 | extern int ike_session_is_client_ph2_rekey (phase2_handle_t *); | |
| 158 | extern int ike_session_is_client_ph1_rekey (phase1_handle_t *); | |
| 159 | extern int ike_session_is_client_ph1 (phase1_handle_t *); | |
| 160 | extern int ike_session_is_client_ph2 (phase2_handle_t *); | |
| 161 | extern void ike_session_start_xauth_timer (phase1_handle_t *); | |
| 162 | extern void ike_session_stop_xauth_timer (phase1_handle_t *); | |
| 163 | extern int ike_session_get_sainfo_r (phase2_handle_t *); | |
| 164 | extern int ike_session_get_proposal_r (phase2_handle_t *); | |
| 165 | extern void ike_session_update_natt_version (phase1_handle_t *); | |
| 166 | extern int ike_session_get_natt_version (phase1_handle_t *); | |
| 167 | extern int ike_session_drop_rekey (ike_session_t *, ike_session_rekey_type_t); | |
| 168 | extern void ike_session_sweep_sleepwake (void); | |
| 169 | extern int ike_session_assert (struct sockaddr_storage *, struct sockaddr_storage *); | |
| 170 | extern int ike_session_assert_session (ike_session_t *); | |
| 171 | extern void ike_session_unbindph12(phase2_handle_t *); | |
| 172 | extern void ike_session_ph2_retransmits (phase2_handle_t *); | |
| 173 | extern void ike_session_ph1_retransmits (phase1_handle_t *); | |
| d1e348cf A |
174 | |
| 175 | #endif /* _IKE_SESSION_H */ |