summaryrefslogtreecommitdiff
path: root/src/pluto/demux.h
blob: 373dd631518a0517a68a7a7db9365385dbe77cb2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/* demultiplex incoming IKE messages
 * Copyright (C) 1998-2002  D. Hugh Redelmeier.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * RCSID $Id: demux.h,v 1.4 2004/07/22 22:57:25 as Exp $
 */

#include "packet.h"

struct state;	/* forward declaration of tag */
extern void init_demux(void);
extern bool send_packet(struct state *st, const char *where);
extern void comm_handle(const struct iface *ifp);

extern u_int8_t reply_buffer[MAX_OUTPUT_UDP_SIZE];

/* State transition function infrastructure
 *
 * com_handle parses a message, decides what state object it applies to,
 * and calls the appropriate state transition function (STF).
 * These declarations define the interface to these functions.
 *
 * Each STF must be able to be restarted up to any failure point:
 * a later message will cause the state to be re-entered.  This
 * explains the use of the replace macro and the care in handling
 * MP_INT members of struct state.
 */

struct payload_digest {
    pb_stream pbs;
    union payload payload;
    struct payload_digest *next;   /* of same kind */
};

/* message digest
 * Note: raw_packet and packet_pbs are "owners" of space on heap.
 */

struct msg_digest {
    struct msg_digest *next;	/* for free list */
    chunk_t raw_packet;		/* if encrypted, received packet before decryption */
    const struct iface *iface;	/* interface on which message arrived */
    ip_address sender;	/* where message came from */
    u_int16_t sender_port;	/* host order */
    pb_stream packet_pbs;	/* whole packet */
    pb_stream message_pbs;	/* message to be processed */
    struct isakmp_hdr hdr;	/* message's header */
    bool encrypted;		/* was it encrypted? */
    enum state_kind from_state;	/* state we started in */
    const struct state_microcode *smc;	/* microcode for initial state */
    struct state *st;		/* current state object */
    pb_stream reply;		/* room for reply */
    pb_stream rbody;		/* room for reply body (after header) */
    notification_t note;	/* reason for failure */
    bool dpd;           	/* peer supports RFC 3706 DPD */
    bool openpgp;		/* peer supports OpenPGP certificates */

#   define PAYLIMIT 40
    struct payload_digest
	digest[PAYLIMIT],
	*digest_roof,
	*chain[ISAKMP_NEXT_ROOF];
	unsigned short nat_traversal_vid;
};

extern void release_md(struct msg_digest *md);

/* status for state-transition-function
 * Note: STF_FAIL + notification_t means fail with that notification
 */

typedef enum {
    STF_IGNORE,	/* don't respond */
    STF_SUSPEND,    /* unfinished -- don't release resources */
    STF_OK,	/* success */
    STF_INTERNAL_ERROR,	/* discard everything, we failed */
    STF_FAIL	/* discard everything, something failed.  notification_t added. */
} stf_status;

typedef stf_status state_transition_fn(struct msg_digest *md);

extern void complete_state_transition(struct msg_digest **mdp, stf_status result);

extern void free_md_pool(void);