1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
/*
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup ha_message ha_message
* @{ @ingroup ha
*/
#ifndef HA_MESSAGE_H_
#define HA_MESSAGE_H_
#include <library.h>
#include <networking/host.h>
#include <utils/identification.h>
#include <sa/ike_sa_id.h>
#include <selectors/traffic_selector.h>
/**
* Protocol version of this implementation
*/
#define HA_MESSAGE_VERSION 3
typedef struct ha_message_t ha_message_t;
typedef enum ha_message_type_t ha_message_type_t;
typedef enum ha_message_attribute_t ha_message_attribute_t;
typedef union ha_message_value_t ha_message_value_t;
/**
* Type of a HA message
*/
enum ha_message_type_t {
/** add a completely new IKE_SA */
HA_IKE_ADD = 1,
/** update an existing IKE_SA (identities, address update, ...) */
HA_IKE_UPDATE,
/** update initiator message id */
HA_IKE_MID_INITIATOR,
/** update responder message id */
HA_IKE_MID_RESPONDER,
/** delete an existing IKE_SA */
HA_IKE_DELETE,
/** add a new CHILD_SA */
HA_CHILD_ADD,
/** delete an existing CHILD_SA */
HA_CHILD_DELETE,
/** segments the sending node is giving up */
HA_SEGMENT_DROP,
/** segments the sending node is taking over */
HA_SEGMENT_TAKE,
/** status with the segments the sending node is currently serving */
HA_STATUS,
/** segments the receiving node is requested to resync */
HA_RESYNC,
/** IV synchronization for IKEv1 Main/Aggressive mode */
HA_IKE_IV,
};
/**
* Enum names for message types
*/
extern enum_name_t *ha_message_type_names;
/**
* Type of attributes contained in a message
*/
enum ha_message_attribute_t {
/** ike_sa_id_t*, to identify IKE_SA */
HA_IKE_ID = 1,
/** ike_sa_id_t*, identifies IKE_SA which gets rekeyed */
HA_IKE_REKEY_ID,
/** identification_t*, local identity */
HA_LOCAL_ID,
/** identification_t*, remote identity */
HA_REMOTE_ID,
/** identification_t*, remote EAP identity */
HA_REMOTE_EAP_ID,
/** host_t*, local address */
HA_LOCAL_ADDR,
/** host_t*, remote address */
HA_REMOTE_ADDR,
/** char*, name of configuration */
HA_CONFIG_NAME,
/** uint32_t, bitset of ike_condition_t */
HA_CONDITIONS,
/** uint32_t, bitset of ike_extension_t */
HA_EXTENSIONS,
/** host_t*, local virtual IP */
HA_LOCAL_VIP,
/** host_t*, remote virtual IP */
HA_REMOTE_VIP,
/** host_t*, known peer addresses (used for MOBIKE) */
HA_PEER_ADDR,
/** uint8_t, initiator of an exchange, TRUE for local */
HA_INITIATOR,
/** chunk_t, initiators nonce */
HA_NONCE_I,
/** chunk_t, responders nonce */
HA_NONCE_R,
/** chunk_t, diffie hellman shared secret */
HA_SECRET,
/** chunk_t, SKd of old SA if rekeying */
HA_OLD_SKD,
/** uint16_t, pseudo random function */
HA_ALG_PRF,
/** uint16_t, old pseudo random function if rekeying */
HA_ALG_OLD_PRF,
/** uint16_t, encryption algorithm */
HA_ALG_ENCR,
/** uint16_t, encryption key size in bytes */
HA_ALG_ENCR_LEN,
/** uint16_t, integrity protection algorithm */
HA_ALG_INTEG,
/** uint16_t, DH group */
HA_ALG_DH,
/** uint8_t, IPsec mode, TUNNEL|TRANSPORT|... */
HA_IPSEC_MODE,
/** uint8_t, IPComp protocol */
HA_IPCOMP,
/** uint32_t, inbound security parameter index */
HA_INBOUND_SPI,
/** uint32_t, outbound security parameter index */
HA_OUTBOUND_SPI,
/** uint16_t, inbound security parameter index */
HA_INBOUND_CPI,
/** uint16_t, outbound security parameter index */
HA_OUTBOUND_CPI,
/** traffic_selector_t*, local traffic selector */
HA_LOCAL_TS,
/** traffic_selector_t*, remote traffic selector */
HA_REMOTE_TS,
/** uint32_t, message ID */
HA_MID,
/** uint16_t, HA segment */
HA_SEGMENT,
/** uint16_t, Extended Sequence numbers */
HA_ESN,
/** uint8_t, IKE version */
HA_IKE_VERSION,
/** chunk_t, own DH public value */
HA_LOCAL_DH,
/** chunk_t, remote DH public value */
HA_REMOTE_DH,
/** chunk_t, shared secret for IKEv1 key derivation */
HA_PSK,
/** chunk_t, IV for next IKEv1 message */
HA_IV,
/** uint16_t, auth_method_t for IKEv1 key derivation */
HA_AUTH_METHOD,
};
/**
* Union to enumerate typed attributes in a message
*/
union ha_message_value_t {
uint8_t u8;
uint16_t u16;
uint32_t u32;
char *str;
chunk_t chunk;
ike_sa_id_t *ike_sa_id;
identification_t *id;
host_t *host;
traffic_selector_t *ts;
};
/**
* Abstracted message passed between nodes in a HA cluster.
*/
struct ha_message_t {
/**
* Get the type of the message.
*
* @return message type
*/
ha_message_type_t (*get_type)(ha_message_t *this);
/**
* Add an attribute to a message.
*
* @param attribute attribute type to add
* @param ... attribute specific data
*/
void (*add_attribute)(ha_message_t *this,
ha_message_attribute_t attribute, ...);
/**
* Create an enumerator over all attributes in a message.
*
* @return enumerator over attribute, ha_message_value_t
*/
enumerator_t* (*create_attribute_enumerator)(ha_message_t *this);
/**
* Get the message in a encoded form.
*
* @return chunk pointing to internal data
*/
chunk_t (*get_encoding)(ha_message_t *this);
/**
* Destroy a ha_message_t.
*/
void (*destroy)(ha_message_t *this);
};
/**
* Create a new ha_message instance, ready for adding attributes
*
* @param type type of the message
*/
ha_message_t *ha_message_create(ha_message_type_t type);
/**
* Create a ha_message from encoded data.
*
* @param data encoded message data
*/
ha_message_t *ha_message_parse(chunk_t data);
#endif /** HA_MESSAGE_ @}*/
|