X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/d1e348cfd503b08e7d34b7683d23aae209af0a71..c8d8bee0bee0298e25cb827876f57e58cc0a938c:/ipsec-tools/racoon/nattraversal.h diff --git a/ipsec-tools/racoon/nattraversal.h b/ipsec-tools/racoon/nattraversal.h index 693fc40..c921ff7 100644 --- a/ipsec-tools/racoon/nattraversal.h +++ b/ipsec-tools/racoon/nattraversal.h @@ -32,10 +32,13 @@ #define _NATTRAVERSAL_H #include "vendorid.h" +#ifdef ENABLE_NATT +#ifdef ENABLE_FRAG +#include "isakmp_frag.h" +#endif /* ENABLE_NATT */ +#endif /* ENABLE_FRAG */ -#ifdef __APPLE__ #define UDP_ENCAP_ESPINUDP 2 /* to make it compile - we don't use this */ -#endif #define NAT_ANNOUNCED (1L<<0) #define NAT_DETECTED_ME (1L<<1) @@ -44,7 +47,7 @@ #define NAT_KA_QUEUED (1L<<4) #define NAT_ADD_NON_ESP_MARKER (1L<<5) -#define NATT_AVAILABLE(ph1) ((iph1)->natt_flags & NAT_ANNOUNCED) +#define NATT_AVAILABLE(iph1) ((iph1)->natt_flags & NAT_ANNOUNCED) #define NAT_DETECTED (NAT_DETECTED_ME | NAT_DETECTED_PEER) @@ -53,15 +56,21 @@ #ifdef ENABLE_NATT #ifdef ENABLE_FRAG -#define PH1_NON_ESP_EXTRA_LEN(iph1) ((iph1->frag && iph1->sendbuf->l > ISAKMP_FRAG_MAXLEN) ? 0: (NON_ESP_MARKER_USE(iph1) ? NON_ESP_MARKER_LEN : 0)) -#define PH2_NON_ESP_EXTRA_LEN(iph2) ((iph2->ph1->frag && iph2->sendbuf->l > ISAKMP_FRAG_MAXLEN) ? 0: (NON_ESP_MARKER_USE(iph2->ph1) ? NON_ESP_MARKER_LEN : 0)) +#define PH1_NON_ESP_EXTRA_LEN(iph1, sendbuf) ((iph1->frag && sendbuf->l > ISAKMP_FRAG_MAXLEN) ? 0: (NON_ESP_MARKER_USE(iph1) ? NON_ESP_MARKER_LEN : 0)) +#define PH2_NON_ESP_EXTRA_LEN(iph2, sendbuf) ((iph2->ph1->frag && sendbuf->l > ISAKMP_FRAG_MAXLEN) ? 0: (NON_ESP_MARKER_USE(iph2->ph1) ? NON_ESP_MARKER_LEN : 0)) +#define PH1_FRAG_FLAGS(iph1) (NON_ESP_MARKER_USE(iph1) ? FRAG_PUT_NON_ESP_MARKER : 0) +#define PH2_FRAG_FLAGS(iph2) (NON_ESP_MARKER_USE(iph2->ph1) ? FRAG_PUT_NON_ESP_MARKER : 0) #else -#define PH1_NON_ESP_EXTRA_LEN(iph1) (NON_ESP_MARKER_USE(iph1) ? NON_ESP_MARKER_LEN : 0) -#define PH2_NON_ESP_EXTRA_LEN(iph2) (NON_ESP_MARKER_USE(iph2->ph1) ? NON_ESP_MARKER_LEN : 0) +#define PH1_NON_ESP_EXTRA_LEN(iph1, sendbuf) (NON_ESP_MARKER_USE(iph1) ? NON_ESP_MARKER_LEN : 0) +#define PH2_NON_ESP_EXTRA_LEN(iph2, sendbuf) (NON_ESP_MARKER_USE(iph2->ph1) ? NON_ESP_MARKER_LEN : 0) +#define PH1_FRAG_FLAGS(iph1) 0 +#define PH2_FRAG_FLAGS(iph2) 0 #endif #else -#define PH1_NON_ESP_EXTRA_LEN(iph1) 0 -#define PH2_NON_ESP_EXTRA_LEN(iph2) 0 +#define PH1_NON_ESP_EXTRA_LEN(iph1, sendbuf) 0 +#define PH2_NON_ESP_EXTRA_LEN(iph2, sendbuf) 0 +#define PH1_FRAG_FLAGS(iph1) 0 +#define PH2_FRAG_FLAGS(iph2) 0 #endif /* These are the values from parsing "remote {}" @@ -85,31 +94,23 @@ struct ph2natt { u_int8_t type; u_int16_t sport; u_int16_t dport; - struct sockaddr *oa; + struct sockaddr_storage *oa; u_int16_t frag; }; int natt_vendorid (int vid); -vchar_t *natt_hash_addr (struct ph1handle *iph1, struct sockaddr *addr); -int natt_compare_addr_hash (struct ph1handle *iph1, vchar_t *natd_received, int natd_seq); +vchar_t *natt_hash_addr (phase1_handle_t *iph1, struct sockaddr_storage *addr); +int natt_compare_addr_hash (phase1_handle_t *iph1, vchar_t *natd_received, int natd_seq); int natt_udp_encap (int encmode); int natt_fill_options (struct ph1natt_options *opts, int version); -void natt_float_ports (struct ph1handle *iph1); -void natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric); -int create_natoa_payloads(struct ph2handle *iph2, vchar_t **, vchar_t **); -struct sockaddr * process_natoa_payload(vchar_t *buf); +void natt_float_ports (phase1_handle_t *iph1); +void natt_handle_vendorid (phase1_handle_t *iph1, int vid_numeric); +int create_natoa_payloads(phase2_handle_t *iph2, vchar_t **, vchar_t **); +struct sockaddr_storage * process_natoa_payload(vchar_t *buf); struct payload_list * isakmp_plist_append_natt_vids (struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]); -#ifndef __APPLE__ -/* NAT keepalive functions */ -void natt_keepalive_init (void); -int natt_keepalive_add (struct sockaddr *src, struct sockaddr *dst); -int natt_keepalive_add_ph1 (struct ph1handle *iph1); -void natt_keepalive_remove (struct sockaddr *src, struct sockaddr *dst); -#endif - /* Walk through all rmconfigs and tell if NAT-T is enabled in at least one. */ int natt_enabled_in_rmconf (void);