diff options
Diffstat (limited to 'src/charon/network/receiver.h')
| -rw-r--r-- | src/charon/network/receiver.h | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/src/charon/network/receiver.h b/src/charon/network/receiver.h new file mode 100644 index 000000000..1bfa7b764 --- /dev/null +++ b/src/charon/network/receiver.h @@ -0,0 +1,81 @@ +/** + * @file receiver.h + * + * @brief Interface of receiver_t. + * + */ + +/* + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef RECEIVER_H_ +#define RECEIVER_H_ + +typedef struct receiver_t receiver_t; + +#include <library.h> +#include <utils/host.h> + +/** + * @brief Receives packets from the socket and adds them to the job queue. + * + * The receiver starts a thread, wich reads on the blocking socket. A received + * packet is preparsed and a process_message_job is queued in the job queue. + * + * To endure DoS attacks, cookies are enabled when to many IKE_SAs are half + * open. The calculation of cookies is slightly different from the proposed + * method in RFC4306. We do not include a nonce, because we think the advantage + * we gain does not justify the overhead to parse the whole message. + * Instead of VersionIdOfSecret, we include a timestamp. This allows us to + * find out wich key was used for cookie creation. Further, we can set a + * lifetime for the cookie, which allows us to reuse the secret for a longer + * time. + * COOKIE = time | sha1( IPi | SPIi | time | secret ) + * + * The secret is changed after a certain amount of cookies sent. The old + * secret is stored to allow a clean migration between secret changes. + * + * Further, the number of half-initiated IKE_SAs is limited per peer. This + * mades it impossible for a peer to flood the server with its real IP address. + * + * @b Constructors: + * - receiver_create() + * + * @ingroup network + */ +struct receiver_t { + + /** + * @brief Destroys a receiver_t object. + * + * @param receiver receiver object + */ + void (*destroy) (receiver_t *receiver); +}; + +/** + * @brief Create a receiver_t object. + * + * The receiver thread will start working, get data + * from the socket and add those packets to the job queue. + * + * @return receiver_t object + * + * @ingroup network + */ +receiver_t * receiver_create(void); + +#endif /*RECEIVER_H_*/ |