1c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* $NetBSD: handler.h,v 1.9.6.1 2008/01/11 14:12:01 vanhu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 8c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 20c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifndef _HANDLER_H 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define _HANDLER_H 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/queue.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <openssl/rsa.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/time.h> 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "oakley.h" 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Phase 1 handler */ 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * main mode: 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initiator responder 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 0 (---) (---) 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1 start start (1st msg received) 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2 (---) 1st valid msg received 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3 1st msg sent 1st msg sent 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 4 1st valid msg received 2st valid msg received 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 5 2nd msg sent 2nd msg sent 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 6 2nd valid msg received 3rd valid msg received 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 7 3rd msg sent 3rd msg sent 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 8 3rd valid msg received (---) 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 9 SA established SA established 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * aggressive mode: 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initiator responder 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 0 (---) (---) 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1 start start (1st msg received) 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2 (---) 1st valid msg received 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3 1st msg sent 1st msg sent 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 4 1st valid msg received 2st valid msg received 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 5 (---) (---) 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 6 (---) (---) 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 7 (---) (---) 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 8 (---) (---) 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 9 SA established SA established 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * base mode: 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initiator responder 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 0 (---) (---) 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1 start start (1st msg received) 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2 (---) 1st valid msg received 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3 1st msg sent 1st msg sent 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 4 1st valid msg received 2st valid msg received 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 5 2nd msg sent (---) 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 6 (---) (---) 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 7 (---) (---) 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 8 (---) (---) 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 9 SA established SA established 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_SPAWN 0 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_START 1 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_MSG1RECEIVED 2 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_MSG1SENT 3 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_MSG2RECEIVED 4 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_MSG2SENT 5 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_MSG3RECEIVED 6 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_MSG3SENT 7 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_MSG4RECEIVED 8 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE1ST_ESTABLISHED 9 96c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#define PHASE1ST_EXPIRED 10 97c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#define PHASE1ST_MAX 11 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* About address semantics in each case. 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initiator(addr=I) responder(addr=R) 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * src dst src dst 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * (local) (remote) (local) (remote) 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * phase 1 handler I R R I 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * phase 2 handler I R R I 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * getspi msg R I I R 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * acquire msg I R 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ID payload I R I R 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_cfg_state; 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle { 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_index index; 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int status; /* status of this SA */ 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int side; /* INITIATOR or RESPONDER */ 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote; /* remote address to negosiate ph1 */ 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *local; /* local address to negosiate ph1 */ 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* XXX copy from rmconf due to anonymous configuration. 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * If anonymous will be forbidden, we do delete them. */ 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct remoteconf *rmconf; /* pointer to remote configuration */ 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmpsa *approval; /* pointer to SA(s) approved. */ 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *authstr; /* place holder of string for auth. */ 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* for example pre-shared key */ 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t version; /* ISAKMP version */ 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t etype; /* Exchange type actually for use */ 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t flags; /* Flags */ 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid; /* message id */ 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_NATT 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1natt_options *natt_options; /* Selected NAT-T IKE version */ 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t natt_flags; /* NAT-T related flags */ 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_FRAG 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int frag; /* IKE phase 1 fragmentation */ 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_frag_item *frag_chain; /* Received fragments */ 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 143c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sched *sce; /* schedule for expire */ 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 145c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sched *scr; /* schedule for resend */ 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int retry_counter; /* for resend. */ 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sendbuf; /* buffer for re-sending */ 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhpriv; /* DH; private value */ 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhpub; /* DH; public value */ 1510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhpub_p; /* DH; partner's public value */ 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhgxy; /* DH; shared secret */ 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *nonce; /* nonce value */ 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *nonce_p; /* partner's nonce value */ 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *skeyid; /* SKEYID */ 1560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *skeyid_d; /* SKEYID_d */ 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *skeyid_a; /* SKEYID_a, i.e. hash */ 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *skeyid_e; /* SKEYID_e, i.e. encryption */ 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *key; /* cipher key */ 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *hash; /* HASH minus general header */ 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sig; /* SIG minus general header */ 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sig_p; /* peer's SIG minus general header */ 163c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert_t *cert; /* CERT minus general header */ 164c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert_t *cert_p; /* peer's CERT minus general header */ 165c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert_t *crl_p; /* peer's CRL minus general header */ 166c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert_t *cr_p; /* peer's CR not including general */ 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RSA *rsa; /* my RSA key */ 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RSA *rsa_p; /* peer's RSA key */ 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct genlist *rsa_candidates; /* possible candidates for peer's RSA key */ 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *id; /* ID minus gen header */ 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *id_p; /* partner's ID minus general header */ 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* i.e. struct ipsecdoi_id_b*. */ 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_ivm *ivm; /* IVs */ 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sa; /* whole SA payload to send/to be sent*/ 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* to calculate HASH */ 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* NOT INCLUDING general header. */ 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sa_ret; /* SA payload to reply/to be replyed */ 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* NOT INCLUDING general header. */ 1810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* NOTE: Should be release after use. */ 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_GSSAPI 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang void *gssapi_state; /* GSS-API specific state. */ 1850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Allocated when needed */ 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *gi_i; /* optional initiator GSS id */ 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *gi_r; /* optional responder GSS id */ 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_pl_hash *pl_hash; /* pointer to hash payload */ 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang time_t created; /* timestamp for establish */ 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_STATS 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct timeval start; 1950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct timeval end; 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_DPD 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int dpd_support; /* Does remote supports DPD ? */ 200c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh time_t dpd_lastack; /* Last ack received */ 201c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh u_int16_t dpd_seq; /* DPD seq number to receive */ 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t dpd_fails; /* number of failures */ 203c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sched *dpd_r_u; 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid2; /* msgid counter for Phase 2 */ 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ph2cnt; /* the number which is negotiated by this phase 1 */ 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_HEAD(_ph2ofph1_, ph2handle) ph2tree; 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_ENTRY(ph1handle) chain; 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 2120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_cfg_state *mode_cfg; /* ISAKMP mode config state */ 213c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* Phase 2 handler */ 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* allocated per a SA or SA bundles of a pair of peer's IP addresses. */ 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initiator responder 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 0 (---) (---) 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1 start start (1st msg received) 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2 acquire msg get 1st valid msg received 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3 getspi request sent getspi request sent 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 4 getspi done getspi done 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 5 1st msg sent 1st msg sent 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 6 1st valid msg received 2nd valid msg received 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 7 (commit bit) (commit bit) 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 8 SAs added SAs added 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 9 SAs established SAs established 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 10 SAs expired SAs expired 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_SPAWN 0 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_START 1 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_STATUS2 2 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_GETSPISENT 3 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_GETSPIDONE 4 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_MSG1SENT 5 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_STATUS6 6 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_COMMIT 7 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_ADDSA 8 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_ESTABLISHED 9 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_EXPIRED 10 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#define PHASE2ST_MAX 11 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle { 247c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *src; /* my address of SA. */ 248c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *dst; /* peer's address of SA. */ 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 250c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* 251c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * copy ip address from ID payloads when ID type is ip address. 252c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * In other case, they must be null. 253c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 254c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *src_id; 255c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *dst_id; 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t spid; /* policy id by kernel */ 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int status; /* ipsec sa status */ 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t side; /* INITIATOR or RESPONDER */ 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 262c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sched *sce; /* schedule for expire */ 263c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sched *scr; /* schedule for resend */ 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int retry_counter; /* for resend. */ 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sendbuf; /* buffer for re-sending */ 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *msg1; /* buffer for re-sending */ 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* used for responder's first message */ 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int retry_checkph1; /* counter to wait phase 1 finished. */ 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* NOTE: actually it's timer. */ 2710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t seq; /* sequence number used by PF_KEY */ 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * NOTE: In responder side, we can't identify each SAs 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * with same destination address for example, when 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * socket based SA is required. So we set a identifier 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * number to "seq", and sent kernel by pfkey. 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t satype; /* satype in PF_KEY */ 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * saved satype in the original PF_KEY request from 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * the kernel in order to reply a error. 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t flags; /* Flags for phase 2 */ 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int32_t msgid; /* msgid for phase 2 */ 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sainfo *sainfo; /* place holder of sainfo */ 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct saprop *proposal; /* SA(s) proposal. */ 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct saprop *approval; /* SA(s) approved. */ 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang caddr_t spidx_gen; /* policy from peer's proposal */ 2920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct dhgroup *pfsgrp; /* DH; prime number */ 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhpriv; /* DH; private value */ 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhpub; /* DH; public value */ 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhpub_p; /* DH; partner's public value */ 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *dhgxy; /* DH; shared secret */ 298c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh vchar_t *id; /* ID minus gen header */ 299c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh vchar_t *id_p; /* peer's ID minus general header */ 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *nonce; /* nonce value in phase 2 */ 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *nonce_p; /* partner's nonce value in phase 2 */ 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sa; /* whole SA payload to send/to be sent*/ 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* to calculate HASH */ 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* NOT INCLUDING general header. */ 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sa_ret; /* SA payload to reply/to be replyed */ 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* NOT INCLUDING general header. */ 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* NOTE: Should be release after use. */ 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_ivm *ivm; /* IVs */ 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int generated_spidx; /* mark handlers whith generated policy */ 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_STATS 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct timeval start; 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct timeval end; 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ph1handle *ph1; /* back pointer to isakmp status */ 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_ENTRY(ph2handle) chain; 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_ENTRY(ph2handle) ph1bind; /* chain to ph1handle */ 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * for handling initial contact. 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct contacted { 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote; /* remote address to negosiate ph1 */ 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_ENTRY(contacted) chain; 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 3340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * for checking a packet retransmited. 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct recvdpkt { 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *remote; /* the remote address */ 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *local; /* the local address */ 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *hash; /* hash of the received packet */ 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *sendbuf; /* buffer for the response */ 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int retry_counter; /* how many times to send */ 342c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh time_t time_send; /* timestamp to send a packet */ 343c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh time_t created; /* timestamp to create a queue */ 344c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 345c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sched *scr; /* schedule for resend, may not used */ 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang LIST_ENTRY(recvdpkt) chain; 3480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 3490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* for parsing ISAKMP header. */ 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_parse_t { 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_char type; /* payload type of mine */ 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len; /* ntohs(ptr->len) */ 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct isakmp_gen *ptr; 3550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 3560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * for IV management. 3590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * - normal case 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initiator responder 3620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ------------------------- -------------------------- 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initialize iv(A), ive(A). initialize iv(A), ive(A). 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * encode by ive(A). 3650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * save to iv(B). ---[packet(B)]--> save to ive(B). 3660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * decode by iv(A). 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * packet consistency. 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * sync iv(B) with ive(B). 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * check auth, integrity. 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * encode by ive(B). 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * save to ive(C). <--[packet(C)]--- save to iv(C). 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * decoded by iv(B). 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * : 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * - In the case that a error is found while cipher processing, 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initiator responder 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ------------------------- -------------------------- 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * initialize iv(A), ive(A). initialize iv(A), ive(A). 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * encode by ive(A). 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * save to iv(B). ---[packet(B)]--> save to ive(B). 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * decode by iv(A). 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * packet consistency. 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * sync iv(B) with ive(B). 3840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * check auth, integrity. 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * error found. 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * create notify. 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * get ive2(X) from iv(B). 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * encode by ive2(X). 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * get iv2(X) from iv(B). <--[packet(Y)]--- save to iv2(Y). 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * save to ive2(Y). 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * decoded by iv2(X). 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * : 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * The reason why the responder synchronizes iv with ive after checking the 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * packet consistency is that it is required to leave the IV for decoding 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * packet. Because there is a potential of error while checking the packet 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * consistency. Also the reason why that is before authentication and 3980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * integirty check is that the IV for informational exchange has to be made 3990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * by the IV which is after packet decoded and checking the packet consistency. 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Otherwise IV mismatched happens between the intitiator and the responder. 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct isakmp_ivm { 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *iv; /* for decoding packet */ 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* if phase 1, it's for computing phase2 iv */ 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *ive; /* for encoding packet */ 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* for dumping */ 4090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1dump { 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang isakmp_index index; 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int status; 4120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int side; 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr_storage remote; 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr_storage local; 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang u_int8_t version; 416c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh u_int8_t etype; 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang time_t created; 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ph2cnt; 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct sockaddr; 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle; 4230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph2handle; 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct policyindex; 4250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph1handle *getph1byindex __P((isakmp_index *)); 4270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph1handle *getph1byindex0 __P((isakmp_index *)); 428c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehextern struct ph1handle *getph1byaddr __P((struct sockaddr *, 429c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *, int)); 430c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehextern struct ph1handle *getph1byaddrwop __P((struct sockaddr *, 431c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sockaddr *)); 432c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehextern struct ph1handle *getph1bydstaddrwop __P((struct sockaddr *)); 4330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 4340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct ph1handle *getph1bylogin __P((char *)); 4350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint purgeph1bylogin __P((char *)); 4360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 4370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern vchar_t *dumpph1 __P((void)); 4380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph1handle *newph1 __P((void)); 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void delph1 __P((struct ph1handle *)); 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int insph1 __P((struct ph1handle *)); 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void remph1 __P((struct ph1handle *)); 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void flushph1 __P((void)); 4430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void initph1tree __P((void)); 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 445c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehextern struct ph2handle *getph2byspidx __P((struct policyindex *)); 446c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehextern struct ph2handle *getph2byspid __P((u_int32_t)); 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph2handle *getph2byseq __P((u_int32_t)); 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph2handle *getph2bysaddr __P((struct sockaddr *, 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *)); 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t)); 4510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph2handle *getph2byid __P((struct sockaddr *, 4520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *, u_int32_t)); 4530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph2handle *getph2bysaidx __P((struct sockaddr *, 4540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *, u_int, u_int32_t)); 4550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct ph2handle *newph2 __P((void)); 4560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void initph2 __P((struct ph2handle *)); 4570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void delph2 __P((struct ph2handle *)); 4580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int insph2 __P((struct ph2handle *)); 4590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void remph2 __P((struct ph2handle *)); 4600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void flushph2 __P((void)); 4610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void deleteallph2 __P((struct sockaddr *, struct sockaddr *, u_int)); 4620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void initph2tree __P((void)); 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void bindph12 __P((struct ph1handle *, struct ph2handle *)); 4650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void unbindph12 __P((struct ph2handle *)); 4660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern struct contacted *getcontacted __P((struct sockaddr *)); 4680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int inscontacted __P((struct sockaddr *)); 4690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void initctdtree __P((void)); 4700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int check_recvdpkt __P((struct sockaddr *, 4720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *, vchar_t *)); 4730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int add_recvdpkt __P((struct sockaddr *, struct sockaddr *, 4740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *, vchar_t *)); 4750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern void init_recvdpkt __P((void)); 4760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 4780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int exclude_cfg_addr __P((const struct sockaddr *)); 4790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 4800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int revalidate_ph12(void); 4820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif /* _HANDLER_H */ 484