]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/ike_session.h
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-258.1.3.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / ike_session.h
1 /*
2 * Copyright (c) 2008 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
11 *
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22
23 #ifndef _IKE_SESSION_H
24 #define _IKE_SESSION_H
25
26 #include <stdlib.h>
27 #include <sys/types.h>
28 #include <sys/socket.h>
29 #include <sys/param.h>
30 #include <net/pfkeyv2.h>
31 #include <netinet/in.h>
32 #include <dispatch/dispatch.h>
33 #include "handler.h"
34 #include "ipsecSessionTracer.h"
35
36 typedef struct ike_session_id {
37 struct sockaddr_storage local;
38 struct sockaddr_storage remote;
39 } ike_session_id_t;
40
41 typedef struct ike_session_stats {
42 u_int32_t counters[IPSECSESSIONEVENTCODE_MAX];
43 } ike_session_stats_t;
44
45 typedef struct ike_session_ikev1 {
46 /* list of ph1s */
47 int active_ph1cnt;
48 int ph1cnt; /* the number which is negotiated for this session */
49 /* list of ph2s */
50 int active_ph2cnt;
51 int ph2cnt; /* the number which is negotiated for this session */
52 } ike_session_ikev1_t;
53
54 typedef struct ike_session_sastats {
55 int interv_mon;
56 int interv_idle;
57 int dir_idle;
58 schedule_ref sc_mon;
59 schedule_ref sc_idle;
60
61 u_int32_t num_in_curr_req;
62 u_int32_t num_in_last_poll;
63 struct sastat in_curr_req[8];
64 struct sastat in_last_poll[8];
65
66 u_int32_t num_out_curr_req;
67 u_int32_t num_out_last_poll;
68 struct sastat out_curr_req[8];
69 struct sastat out_last_poll[8];
70 } ike_sesssion_sastats_t;
71
72
73 struct ike_session {
74 u_int8_t mode; /* mode of protocol, see ipsec.h */
75 u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */
76
77 ike_session_id_t session_id;
78
79 int established:1;
80 int ports_floated:1;
81 int is_cisco_ipsec:1;
82 int is_l2tpvpn_ipsec:1;
83 int is_btmm_ipsec:1;
84 int stopped_by_vpn_controller:1;
85 int peer_sent_data_sc_dpd:1;
86 int peer_sent_data_sc_idle:1;
87 int i_sent_data_sc_dpd:1;
88 int i_sent_data_sc_idle:1;
89 int is_client:1;
90 time_t last_time_data_sc_detected;
91 int controller_awaiting_peer_resp:1;
92 int is_dying:1;
93 int is_asserted:1;
94 u_int32_t natt_flags;
95 u_int32_t natt_version;
96 char *term_reason;
97
98 struct timeval start_timestamp;
99 struct timeval estab_timestamp;
100 struct timeval stop_timestamp;
101 ike_session_ikev1_t ikev1_state;
102
103 ike_session_stats_t stats;
104
105 ike_sesssion_sastats_t traffic_monitor;
106 schedule_ref sc_idle;
107 schedule_ref sc_xauth;
108
109 LIST_HEAD(_ph1tree_, phase1handle) ph1tree;
110 LIST_HEAD(_ph2tree_, phase2handle) ph2tree;
111
112 LIST_ENTRY(ike_session) chain;
113
114 };
115
116 typedef enum ike_session_rekey_type {
117 IKE_SESSION_REKEY_TYPE_NONE = 0,
118 IKE_SESSION_REKEY_TYPE_PH1,
119 IKE_SESSION_REKEY_TYPE_PH2,
120 } ike_session_rekey_type_t;
121
122 extern const char * ike_session_stopped_by_vpn_disconnect;
123 extern const char * ike_session_stopped_by_controller_comm_lost;
124 extern const char * ike_session_stopped_by_flush;
125 extern const char * ike_session_stopped_by_sleepwake;
126 extern const char * ike_session_stopped_by_assert;
127 extern const char * ike_session_stopped_by_peer;
128
129 extern void ike_session_init (void);
130 extern ike_session_t * ike_session_create_session (ike_session_id_t *session_id);
131 extern void ike_session_release_session (ike_session_t *session);
132 extern ike_session_t * ike_session_get_session (struct sockaddr_storage *, struct sockaddr_storage *, int);
133 extern u_int ike_session_get_rekey_lifetime (int, u_int);
134 extern void ike_session_update_mode (phase2_handle_t *iph2);
135 extern int ike_session_link_phase1 (ike_session_t *, phase1_handle_t *);
136 extern int ike_session_link_phase2 (ike_session_t *, phase2_handle_t *);
137 extern int ike_session_link_ph2_to_ph1 (phase1_handle_t *, phase2_handle_t *);
138 extern int ike_session_unlink_phase1 (phase1_handle_t *);
139 extern int ike_session_unlink_phase2 (phase2_handle_t *);
140 extern int ike_session_has_other_established_ph1 (ike_session_t *, phase1_handle_t *);
141 extern int ike_session_has_other_negoing_ph1 (ike_session_t *, phase1_handle_t *);
142 extern int ike_session_has_other_established_ph2 (ike_session_t *, phase2_handle_t *);
143 extern int ike_session_has_other_negoing_ph2 (ike_session_t *, phase2_handle_t *);
144 extern phase1_handle_t * ike_session_update_ph1_ph2tree (phase1_handle_t *);
145 extern phase1_handle_t * ike_session_update_ph2_ph1bind (phase2_handle_t *);
146 extern void ike_session_ikev1_float_ports (phase1_handle_t *);
147 extern void ike_session_ph2_established (phase2_handle_t *);
148 extern void ike_session_replace_other_ph1 (phase1_handle_t *, phase1_handle_t *);
149 extern void ike_session_cleanup_other_established_ph1s (ike_session_t *, phase1_handle_t *);
150 extern void ike_session_cleanup_other_established_ph2s (ike_session_t *, phase2_handle_t *);
151 extern void ike_session_stopped_by_controller (ike_session_t *, const char *);
152 extern void ike_sessions_stopped_by_controller (struct sockaddr_storage *, int, const char *);
153 extern void ike_session_purge_ph2s_by_ph1 (phase1_handle_t *);
154 extern phase1_handle_t * ike_session_get_established_ph1 (ike_session_t *);
155 extern phase1_handle_t * ike_session_get_established_or_negoing_ph1 (ike_session_t *);
156 extern void ike_session_update_ph2_ports (phase2_handle_t *);
157 extern u_int32_t ike_session_get_sas_for_stats (ike_session_t *, u_int8_t, u_int32_t *, struct sastat *, u_int32_t);
158 extern void ike_session_update_traffic_idle_status (ike_session_t *, u_int32_t, struct sastat *, u_int32_t);
159 extern void ike_session_cleanup (ike_session_t *, const char *);
160 extern int ike_session_has_negoing_ph1 (ike_session_t *);
161 extern int ike_session_has_established_ph1 (ike_session_t *);
162 extern int ike_session_has_negoing_ph2 (ike_session_t *);
163 extern int ike_session_has_established_ph2 (ike_session_t *);
164 extern void ike_session_cleanup_ph1s_by_ph2 (phase2_handle_t *);
165 extern int ike_session_is_client_ph2_rekey (phase2_handle_t *);
166 extern int ike_session_is_client_ph1_rekey (phase1_handle_t *);
167 extern int ike_session_is_client_ph1 (phase1_handle_t *);
168 extern int ike_session_is_client_ph2 (phase2_handle_t *);
169 extern void ike_session_start_xauth_timer (phase1_handle_t *);
170 extern void ike_session_stop_xauth_timer (phase1_handle_t *);
171 extern int ike_session_get_sainfo_r (phase2_handle_t *);
172 extern int ike_session_get_proposal_r (phase2_handle_t *);
173 extern void ike_session_update_natt_version (phase1_handle_t *);
174 extern int ike_session_get_natt_version (phase1_handle_t *);
175 extern int ike_session_drop_rekey (ike_session_t *, ike_session_rekey_type_t);
176 extern void ike_session_sweep_sleepwake (void);
177 extern int ike_session_assert (struct sockaddr_storage *, struct sockaddr_storage *);
178 extern int ike_session_assert_session (ike_session_t *);
179 extern void ike_session_unbindph12(phase2_handle_t *);
180 extern void ike_session_ph2_retransmits (phase2_handle_t *);
181 extern void ike_session_ph1_retransmits (phase1_handle_t *);
182
183 #endif /* _IKE_SESSION_H */
mirror of ipsec