ipsec-tools/racoon/ike_session.h

   1 /*
   2  * Copyright (c) 2008 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * The contents of this file constitute Original Code as defined in and
   7  * are subject to the Apple Public Source License Version 1.1 (the
   8  * "License").  You may not use this file except in compliance with the
   9  * License.  Please obtain a copy of the License at
  10  * http://www.apple.com/publicsource and read it before using this file.
  11  *
  12  * This Original Code and all software distributed under the License are
  13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
  17  * License for the specific language governing rights and limitations
  18  * under the License.
  19  *
  20  * @APPLE_LICENSE_HEADER_END@
  21  */
  22
  23 #ifndef _IKE_SESSION_H
  24 #define _IKE_SESSION_H
  25
  26 #include <stdlib.h>
  27 #include <sys/types.h>
  28 #include <sys/socket.h>
  29 #include <sys/param.h>
  30 #ifdef __APPLE__
  31 #include <System/net/pfkeyv2.h>
  32 #else
  33 #include <net/pfkeyv2.h>
  34 #endif
  35 #include <netinet/in.h>
  36 #include "handler.h"
  37 #include "ipsecSessionTracer.h"
  38
  39 #define IKE_VERSION_1                                   0x1
  40 #define IKE_VERSION_2                                   0x2
  41
  42 typedef struct ike_session_id {
  43         struct sockaddr_storage local;
  44         struct sockaddr_storage remote;
  45 } ike_session_id_t;
  46
  47 typedef struct ike_session_stats {
  48         u_int32_t                                                        counters[IPSECSESSIONEVENTCODE_MAX];
  49 } ike_session_stats_t;
  50
  51 typedef struct ike_session_ikev1 {
  52         /* list of ph1s */
  53         int                                  active_ph1cnt;
  54         int                                  ph1cnt;    /* the number which is negotiated for this session */
  55         LIST_HEAD(_ph1ofsession_, ph1handle) ph1tree;
  56
  57         /* list of ph2s */
  58         int                                  active_ph2cnt;
  59         int                                  ph2cnt;    /* the number which is negotiated for this session */
  60         LIST_HEAD(_ph2ofsession_, ph2handle) ph2tree;
  61 } ike_session_ikev1_t;
  62
  63 typedef struct ike_session_sastats {
  64     int                                  interv_mon;
  65     int                                  interv_idle;
  66     int                                  dir_idle;
  67     struct sched                        *sc_mon;
  68     struct sched                        *sc_idle;
  69
  70     u_int32_t                            num_in_curr_req;
  71     u_int32_t                            num_in_last_poll;
  72     struct sastat                        in_curr_req[8];
  73     struct sastat                        in_last_poll[8];
  74
  75     u_int32_t                            num_out_curr_req;
  76     u_int32_t                            num_out_last_poll;
  77     struct sastat                        out_curr_req[8];
  78     struct sastat                        out_last_poll[8];
  79 } ike_sesssion_sastats_t;
  80
  81 struct ike_session {
  82         u_int8_t                             version;           /* mask of version flags */
  83         u_int8_t                                             mode;                      /* mode of protocol, see ipsec.h */
  84         u_int16_t                            proto;                     /* IPPROTO_ESP or IPPROTO_AH */
  85
  86         ike_session_id_t                     session_id;
  87
  88         int                                  established:1;
  89         int                                  ports_floated:1;
  90         int                                  is_cisco_ipsec:1;
  91         int                                                                      is_l2tpvpn_ipsec:1;
  92         int                                                                      is_btmm_ipsec:1;
  93         int                                                                      stopped_by_vpn_controller:1;
  94     int                                  peer_sent_data_sc_dpd:1;
  95     int                                  peer_sent_data_sc_idle:1;
  96     int                                  i_sent_data_sc_dpd:1;
  97     int                                  i_sent_data_sc_idle:1;
  98     int                                  is_client:1;
  99     time_t                               last_time_data_sc_detected;
 100     u_int32_t                            natt_flags;
 101         char                                *term_reason;
 102
 103         struct timeval                                           start_timestamp;
 104         struct timeval                                           estab_timestamp;
 105         struct timeval                                           stop_timestamp;
 106         ike_session_ikev1_t                                      ikev1_state;
 107
 108         ike_session_stats_t                                      stats;
 109
 110     ike_sesssion_sastats_t               traffic_monitor;
 111     struct sched                        *sc_idle;
 112     struct sched                        *sc_xauth;
 113
 114         LIST_ENTRY(ike_session)              chain;
 115 };
 116
 117 extern const char *     ike_session_stopped_by_vpn_disconnect;
 118 extern const char *     ike_session_stopped_by_flush;
 119
 120 extern void               ike_session_init __P((void));
 121 extern ike_session_t *    ike_session_get_session __P((struct sockaddr *, struct sockaddr *, int));
 122 extern u_int              ike_session_get_rekey_lifetime __P((int, u_int));
 123 extern void               ike_session_update_mode __P((struct ph2handle *iph2));
 124 extern int                ike_session_link_ph1_to_session __P((struct ph1handle *));
 125 extern int                ike_session_link_ph2_to_session __P((struct ph2handle *));
 126 extern int                ike_session_unlink_ph1_from_session __P((struct ph1handle *));
 127 extern int                ike_session_unlink_ph2_from_session __P((struct ph2handle *));
 128 extern int                ike_session_has_other_established_ph1 __P((ike_session_t *, struct ph1handle *));
 129 extern int                ike_session_has_other_negoing_ph1 __P((ike_session_t *, struct ph1handle *));
 130 extern int                ike_session_has_other_established_ph2 __P((ike_session_t *, struct ph2handle *));
 131 extern int                ike_session_has_other_negoing_ph2 __P((ike_session_t *, struct ph2handle *));
 132 extern int                ike_session_verify_ph2_parent_session __P((struct ph2handle *));
 133 extern struct ph1handle * ike_session_update_ph1_ph2tree __P((struct ph1handle *));
 134 extern struct ph1handle * ike_session_update_ph2_ph1bind __P((struct ph2handle *));
 135 extern void               ike_session_ikev1_float_ports __P((struct ph1handle *));
 136 extern void               ike_session_ph2_established __P((struct ph2handle *));
 137 extern void               ike_session_cleanup_other_established_ph1s __P((ike_session_t *, struct ph1handle *));
 138 extern void               ike_session_cleanup_other_established_ph2s __P((ike_session_t *, struct ph2handle *));
 139 extern void                               ike_session_stopped_by_controller __P((ike_session_t *, const char *));
 140 extern void                               ike_sessions_stopped_by_controller __P((struct sockaddr *, int, const char *));
 141 extern void               ike_session_purge_ph2s_by_ph1 __P((struct ph1handle *));
 142 extern struct ph1handle * ike_session_get_established_ph1 __P((ike_session_t *));
 143 extern void               ike_session_update_ph2_ports __P((struct ph2handle *));
 144 extern u_int32_t          ike_session_get_sas_for_stats __P((ike_session_t *, u_int8_t, u_int32_t *, struct sastat  *, u_int32_t));
 145 extern void               ike_session_update_traffic_idle_status __P((ike_session_t *, u_int32_t, struct sastat *, u_int32_t));
 146 extern void               ike_session_cleanup __P((ike_session_t *, const char *));
 147 extern int                ike_session_has_negoing_ph1 __P((ike_session_t *));
 148 extern int                ike_session_has_negoing_ph2 __P((ike_session_t *));
 149 extern int                ike_session_has_established_ph2 __P((ike_session_t *));
 150 extern void               ike_session_cleanup_ph1s_by_ph2 __P((struct ph2handle *));
 151 extern int                ike_session_is_client_ph2_rekey __P((struct ph2handle *));
 152 extern int                ike_session_is_client_ph1_rekey __P((struct ph1handle *));
 153 extern void               ike_session_start_xauth_timer __P((struct ph1handle *));
 154 extern void               ike_session_stop_xauth_timer __P((struct ph1handle *));
 155 extern int                ike_session_get_sainfo_r __P((struct ph2handle *));
 156 extern int                ike_session_drop_rekey __P((ike_session_t *));
 157 extern void               ike_session_ph2_retransmits __P((struct ph2handle *));
 158
 159 #endif /* _IKE_SESSION_H */