1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
|
#ifndef _FREESWAN_H
/*
* header file for FreeS/WAN library functions
* Copyright (C) 1998, 1999, 2000 Henry Spencer.
* Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
*
* This library is free software; you can redistribute it and/or modify it
* under the terms of the GNU Library General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
* License for more details.
*/
#define _FREESWAN_H /* seen it, no need to see it again */
# include <sys/types.h>
# include <stdio.h>
# include <netinet/in.h>
# define DEBUG_NO_STATIC static
#include <ipsec_param.h>
#include <utils.h>
/*
* We assume header files have IPv6 (i.e. kernel version >= 2.1.0)
*/
#define NET_21
#ifndef IPPROTO_COMP
# define IPPROTO_COMP 108
#endif /* !IPPROTO_COMP */
#ifndef IPPROTO_INT
# define IPPROTO_INT 61
#endif /* !IPPROTO_INT */
#ifdef CONFIG_IPSEC_DEBUG
# define DEBUG_NO_STATIC
#else /* CONFIG_IPSEC_DEBUG */
# define DEBUG_NO_STATIC static
#endif /* CONFIG_IPSEC_DEBUG */
#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
/*
* Basic data types for the address-handling functions.
* ip_address and ip_subnet are supposed to be opaque types; do not
* use their definitions directly, they are subject to change!
*/
/* then the main types */
typedef struct {
union {
struct sockaddr_in v4;
struct sockaddr_in6 v6;
} u;
} ip_address;
typedef struct {
ip_address addr;
int maskbits;
} ip_subnet;
/* and the SA ID stuff */
typedef u_int32_t ipsec_spi_t;
typedef struct { /* to identify an SA, we need: */
ip_address dst; /* A. destination host */
ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
# define SPI_PASS 256 /* magic values... */
# define SPI_DROP 257 /* ...for use... */
# define SPI_REJECT 258 /* ...with SA_INT */
# define SPI_HOLD 259
# define SPI_TRAP 260
# define SPI_TRAPSUBNET 261
int proto; /* C. protocol */
# define SA_ESP 50 /* IPPROTO_ESP */
# define SA_AH 51 /* IPPROTO_AH */
# define SA_IPIP 4 /* IPPROTO_IPIP */
# define SA_COMP 108 /* IPPROTO_COMP */
# define SA_INT 61 /* IANA reserved for internal use */
} ip_said;
struct sa_id { /* old v4-only version */
struct in_addr dst;
ipsec_spi_t spi;
int proto;
};
/* misc */
struct prng { /* pseudo-random-number-generator guts */
unsigned char sbox[256];
int i, j;
unsigned long count;
};
/*
* definitions for user space, taken from freeswan/ipsec_sa.h
*/
typedef uint32_t IPsecSAref_t;
#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH)
#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
/* GCC magic for use in function definitions! */
#ifdef GCC_LINT
# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
# define NEVER_RETURNS __attribute__ ((noreturn))
# define UNUSED __attribute__ ((unused))
# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
#else
# define PRINTF_LIKE(n) /* ignore */
# define NEVER_RETURNS /* ignore */
# define UNUSED /* ignore */
# define BLANK_FORMAT ""
#endif
/*
* new IPv6-compatible functions
*/
/* text conversions */
err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
#define ULTOT_BUF (22+1) /* holds 64 bits in octal */
err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
err_t ttosa(const char *src, size_t srclen, ip_said *dst);
size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
err_t ttodata(const char *src, size_t srclen, int base, char *buf,
size_t buflen, size_t *needed);
err_t ttodatav(const char *src, size_t srclen, int base,
char *buf, size_t buflen, size_t *needed,
char *errp, size_t errlen, unsigned int flags);
#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
size_t datatot(const char *src, size_t srclen, int format, char *buf,
size_t buflen);
err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port,
bool *has_port_wildcard);
/* initializations */
void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
err_t loopbackaddr(int af, ip_address *dst);
err_t unspecaddr(int af, ip_address *dst);
err_t anyaddr(int af, ip_address *dst);
err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
/* misc. conversions and related */
err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
int addrtypeof(const ip_address *src);
int subnettypeof(const ip_subnet *src);
size_t addrlenof(const ip_address *src);
size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
int masktocount(const ip_address *src);
void networkof(const ip_subnet *src, ip_address *dst);
void maskof(const ip_subnet *src, ip_address *dst);
/* tests */
int sameaddr(const ip_address *a, const ip_address *b);
int addrcmp(const ip_address *a, const ip_address *b);
int samesubnet(const ip_subnet *a, const ip_subnet *b);
int addrinsubnet(const ip_address *a, const ip_subnet *s);
int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
int subnetishost(const ip_subnet *s);
int samesaid(const ip_said *a, const ip_said *b);
int sameaddrtype(const ip_address *a, const ip_address *b);
int samesubnettype(const ip_subnet *a, const ip_subnet *b);
int isanyaddr(const ip_address *src);
int isunspecaddr(const ip_address *src);
int isloopbackaddr(const ip_address *src);
/* low-level grot */
int portof(const ip_address *src);
void setportof(int port, ip_address *dst);
struct sockaddr *sockaddrof(ip_address *src);
size_t sockaddrlenof(const ip_address *src);
/* odds and ends */
const char **ipsec_copyright_notice(void);
const char *dns_string_rr(int rr, char *buf, int bufsize);
const char *dns_string_datetime(time_t seconds,
char *buf,
int bufsize);
/*
* old functions, to be deleted eventually
*/
/* unsigned long */
const char * /* NULL for success, else string literal */
atoul(
const char *src,
size_t srclen, /* 0 means strlen(src) */
int base, /* 0 means figure it out */
unsigned long *resultp
);
size_t /* space needed for full conversion */
ultoa(
unsigned long n,
int base,
char *dst,
size_t dstlen
);
#define ULTOA_BUF 21 /* just large enough for largest result, */
/* assuming 64-bit unsigned long! */
/* Internet addresses */
const char * /* NULL for success, else string literal */
atoaddr(
const char *src,
size_t srclen, /* 0 means strlen(src) */
struct in_addr *addr
);
size_t /* space needed for full conversion */
addrtoa(
struct in_addr addr,
int format, /* character; 0 means default */
char *dst,
size_t dstlen
);
#define ADDRTOA_BUF 16 /* just large enough for largest result */
/* subnets */
const char * /* NULL for success, else string literal */
atosubnet(
const char *src,
size_t srclen, /* 0 means strlen(src) */
struct in_addr *addr,
struct in_addr *mask
);
size_t /* space needed for full conversion */
subnettoa(
struct in_addr addr,
struct in_addr mask,
int format, /* character; 0 means default */
char *dst,
size_t dstlen
);
#define SUBNETTOA_BUF 32 /* large enough for worst case result */
/* ranges */
const char * /* NULL for success, else string literal */
atoasr(
const char *src,
size_t srclen, /* 0 means strlen(src) */
char *type, /* 'a', 's', 'r' */
struct in_addr *addrs /* two-element array */
);
size_t /* space needed for full conversion */
rangetoa(
struct in_addr *addrs, /* two-element array */
int format, /* character; 0 means default */
char *dst,
size_t dstlen
);
#define RANGETOA_BUF 34 /* large enough for worst case result */
/* generic data, e.g. keys */
const char * /* NULL for success, else string literal */
atobytes(
const char *src,
size_t srclen, /* 0 means strlen(src) */
char *dst,
size_t dstlen,
size_t *lenp /* NULL means don't bother telling me */
);
size_t /* 0 failure, else true size */
bytestoa(
const char *src,
size_t srclen,
int format, /* character; 0 means default */
char *dst,
size_t dstlen
);
/* old versions of generic-data functions; deprecated */
size_t /* 0 failure, else true size */
atodata(
const char *src,
size_t srclen, /* 0 means strlen(src) */
char *dst,
size_t dstlen
);
size_t /* 0 failure, else true size */
datatoa(
const char *src,
size_t srclen,
int format, /* character; 0 means default */
char *dst,
size_t dstlen
);
/* part extraction and special addresses */
struct in_addr
subnetof(
struct in_addr addr,
struct in_addr mask
);
struct in_addr
hostof(
struct in_addr addr,
struct in_addr mask
);
struct in_addr
broadcastof(
struct in_addr addr,
struct in_addr mask
);
/* mask handling */
int
goodmask(
struct in_addr mask
);
int
masktobits(
struct in_addr mask
);
struct in_addr
bitstomask(
int n
);
/*
* Debugging levels for pfkey_lib_debug
*/
#define PF_KEY_DEBUG_PARSE_NONE 0
#define PF_KEY_DEBUG_PARSE_PROBLEM 1
#define PF_KEY_DEBUG_PARSE_STRUCT 2
#define PF_KEY_DEBUG_PARSE_FLOW 4
#define PF_KEY_DEBUG_PARSE_MAX 7
extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
/*
* pluto and lwdnsq need to know the maximum size of the commands to,
* and replies from lwdnsq.
*/
#define LWDNSQ_CMDBUF_LEN 1024
#define LWDNSQ_RESULT_LEN_MAX 4096
#endif /* _FREESWAN_H */
|
