Annotation of embedaddon/ipsec-tools/src/racoon/handler.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: handler.h,v 1.25 2010/11/17 10:40:41 tteras Exp $ */
! 2:
! 3: /* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifndef _HANDLER_H
! 35: #define _HANDLER_H
! 36:
! 37: #include <sys/queue.h>
! 38: #include <openssl/rsa.h>
! 39:
! 40: #include <sys/time.h>
! 41:
! 42: #include "isakmp_var.h"
! 43: #include "oakley.h"
! 44: #include "schedule.h"
! 45: #include "evt.h"
! 46:
! 47: /* Phase 1 handler */
! 48: /*
! 49: * main mode:
! 50: * initiator responder
! 51: * 0 (---) (---)
! 52: * 1 start start (1st msg received)
! 53: * 2 (---) 1st valid msg received
! 54: * 3 1st msg sent 1st msg sent
! 55: * 4 1st valid msg received 2st valid msg received
! 56: * 5 2nd msg sent 2nd msg sent
! 57: * 6 2nd valid msg received 3rd valid msg received
! 58: * 7 3rd msg sent 3rd msg sent
! 59: * 8 3rd valid msg received (---)
! 60: * 9 SA established SA established
! 61: *
! 62: * aggressive mode:
! 63: * initiator responder
! 64: * 0 (---) (---)
! 65: * 1 start start (1st msg received)
! 66: * 2 (---) 1st valid msg received
! 67: * 3 1st msg sent 1st msg sent
! 68: * 4 1st valid msg received 2st valid msg received
! 69: * 5 (---) (---)
! 70: * 6 (---) (---)
! 71: * 7 (---) (---)
! 72: * 8 (---) (---)
! 73: * 9 SA established SA established
! 74: *
! 75: * base mode:
! 76: * initiator responder
! 77: * 0 (---) (---)
! 78: * 1 start start (1st msg received)
! 79: * 2 (---) 1st valid msg received
! 80: * 3 1st msg sent 1st msg sent
! 81: * 4 1st valid msg received 2st valid msg received
! 82: * 5 2nd msg sent (---)
! 83: * 6 (---) (---)
! 84: * 7 (---) (---)
! 85: * 8 (---) (---)
! 86: * 9 SA established SA established
! 87: */
! 88: #define PHASE1ST_SPAWN 0
! 89: #define PHASE1ST_START 1
! 90: #define PHASE1ST_MSG1RECEIVED 2
! 91: #define PHASE1ST_MSG1SENT 3
! 92: #define PHASE1ST_MSG2RECEIVED 4
! 93: #define PHASE1ST_MSG2SENT 5
! 94: #define PHASE1ST_MSG3RECEIVED 6
! 95: #define PHASE1ST_MSG3SENT 7
! 96: #define PHASE1ST_MSG4RECEIVED 8
! 97: #define PHASE1ST_ESTABLISHED 9
! 98: #define PHASE1ST_DYING 10
! 99: #define PHASE1ST_EXPIRED 11
! 100: #define PHASE1ST_MAX 12
! 101:
! 102: /* About address semantics in each case.
! 103: * initiator(addr=I) responder(addr=R)
! 104: * src dst src dst
! 105: * (local) (remote) (local) (remote)
! 106: * phase 1 handler I R R I
! 107: * phase 2 handler I R R I
! 108: * getspi msg R I I R
! 109: * acquire msg I R
! 110: * ID payload I R I R
! 111: */
! 112: #ifdef ENABLE_HYBRID
! 113: struct isakmp_cfg_state;
! 114: #endif
! 115: struct ph1handle {
! 116: isakmp_index index;
! 117:
! 118: int status; /* status of this SA */
! 119: int side; /* INITIATOR or RESPONDER */
! 120:
! 121: struct sockaddr *remote; /* remote address to negosiate ph1 */
! 122: struct sockaddr *local; /* local address to negosiate ph1 */
! 123: /* XXX copy from rmconf due to anonymous configuration.
! 124: * If anonymous will be forbidden, we do delete them. */
! 125:
! 126: struct remoteconf *rmconf; /* pointer to remote configuration */
! 127:
! 128: struct isakmpsa *approval; /* pointer to SA(s) approved. */
! 129: vchar_t *authstr; /* place holder of string for auth. */
! 130: /* for example pre-shared key */
! 131:
! 132: u_int8_t version; /* ISAKMP version */
! 133: u_int8_t etype; /* Exchange type actually for use */
! 134: u_int8_t flags; /* Flags */
! 135: u_int32_t msgid; /* message id */
! 136:
! 137: u_int32_t vendorid_mask; /* bitmask of received supported vendor ids*/
! 138: #ifdef ENABLE_NATT
! 139: struct ph1natt_options *natt_options; /* Selected NAT-T IKE version */
! 140: u_int32_t natt_flags; /* NAT-T related flags */
! 141: #endif
! 142: #ifdef ENABLE_FRAG
! 143: int frag; /* IKE phase 1 fragmentation */
! 144: struct isakmp_frag_item *frag_chain; /* Received fragments */
! 145: #endif
! 146:
! 147: struct sched sce; /* schedule for expire */
! 148:
! 149: struct sched scr; /* schedule for resend */
! 150: int retry_counter; /* for resend. */
! 151: vchar_t *sendbuf; /* buffer for re-sending */
! 152:
! 153: vchar_t *dhpriv; /* DH; private value */
! 154: vchar_t *dhpub; /* DH; public value */
! 155: vchar_t *dhpub_p; /* DH; partner's public value */
! 156: vchar_t *dhgxy; /* DH; shared secret */
! 157: vchar_t *nonce; /* nonce value */
! 158: vchar_t *nonce_p; /* partner's nonce value */
! 159: vchar_t *skeyid; /* SKEYID */
! 160: vchar_t *skeyid_d; /* SKEYID_d */
! 161: vchar_t *skeyid_a; /* SKEYID_a, i.e. hash */
! 162: vchar_t *skeyid_e; /* SKEYID_e, i.e. encryption */
! 163: vchar_t *key; /* cipher key */
! 164: vchar_t *hash; /* HASH minus general header */
! 165: vchar_t *sig; /* SIG minus general header */
! 166: vchar_t *sig_p; /* peer's SIG minus general header */
! 167: vchar_t *cert; /* CERT minus general header */
! 168: vchar_t *cert_p; /* peer's CERT minus general header */
! 169: vchar_t *crl_p; /* peer's CRL minus general header */
! 170: vchar_t *cr_p; /* peer's CR not including general */
! 171: RSA *rsa; /* my RSA key */
! 172: RSA *rsa_p; /* peer's RSA key */
! 173: struct genlist *rsa_candidates; /* possible candidates for peer's RSA key */
! 174: vchar_t *id; /* ID minus gen header */
! 175: vchar_t *id_p; /* partner's ID minus general header */
! 176: /* i.e. struct ipsecdoi_id_b*. */
! 177: struct isakmp_ivm *ivm; /* IVs */
! 178:
! 179: vchar_t *sa; /* whole SA payload to send/to be sent*/
! 180: /* to calculate HASH */
! 181: /* NOT INCLUDING general header. */
! 182:
! 183: vchar_t *sa_ret; /* SA payload to reply/to be replyed */
! 184: /* NOT INCLUDING general header. */
! 185: /* NOTE: Should be release after use. */
! 186:
! 187: #ifdef HAVE_GSSAPI
! 188: void *gssapi_state; /* GSS-API specific state. */
! 189: /* Allocated when needed */
! 190: vchar_t *gi_i; /* optional initiator GSS id */
! 191: vchar_t *gi_r; /* optional responder GSS id */
! 192: #endif
! 193:
! 194: struct isakmp_pl_hash *pl_hash; /* pointer to hash payload */
! 195:
! 196: time_t created; /* timestamp for establish */
! 197: int initial_contact_received; /* set if initial contact received */
! 198: #ifdef ENABLE_STATS
! 199: struct timeval start;
! 200: struct timeval end;
! 201: #endif
! 202:
! 203: #ifdef ENABLE_DPD
! 204: int dpd_support; /* Does remote supports DPD ? */
! 205: u_int32_t dpd_last_ack;
! 206: u_int32_t dpd_seq; /* DPD seq number to receive */
! 207: u_int8_t dpd_fails; /* number of failures */
! 208: struct sched dpd_r_u;
! 209: #endif
! 210:
! 211: u_int32_t msgid2; /* msgid counter for Phase 2 */
! 212: int ph2cnt; /* the number which is negotiated by this phase 1 */
! 213: LIST_HEAD(_ph2ofph1_, ph2handle) ph2tree;
! 214:
! 215: LIST_ENTRY(ph1handle) chain;
! 216: #ifdef ENABLE_HYBRID
! 217: struct isakmp_cfg_state *mode_cfg; /* ISAKMP mode config state */
! 218: #endif
! 219: EVT_LISTENER_LIST(evt_listeners);
! 220: };
! 221:
! 222: /* For limiting enumeration of ph1 tree */
! 223: struct ph1selector {
! 224: struct sockaddr *local;
! 225: struct sockaddr *remote;
! 226: };
! 227:
! 228: /* Phase 2 handler */
! 229: /* allocated per a SA or SA bundles of a pair of peer's IP addresses. */
! 230: /*
! 231: * initiator responder
! 232: * 0 (---) (---)
! 233: * 1 start start (1st msg received)
! 234: * 2 acquire msg get 1st valid msg received
! 235: * 3 getspi request sent getspi request sent
! 236: * 4 getspi done getspi done
! 237: * 5 1st msg sent 1st msg sent
! 238: * 6 1st valid msg received 2nd valid msg received
! 239: * 7 (commit bit) (commit bit)
! 240: * 8 SAs added SAs added
! 241: * 9 SAs established SAs established
! 242: * 10 SAs expired SAs expired
! 243: */
! 244: #define PHASE2ST_SPAWN 0
! 245: #define PHASE2ST_START 1
! 246: #define PHASE2ST_STATUS2 2
! 247: #define PHASE2ST_GETSPISENT 3
! 248: #define PHASE2ST_GETSPIDONE 4
! 249: #define PHASE2ST_MSG1SENT 5
! 250: #define PHASE2ST_STATUS6 6
! 251: #define PHASE2ST_COMMIT 7
! 252: #define PHASE2ST_ADDSA 8
! 253: #define PHASE2ST_ESTABLISHED 9
! 254: #define PHASE2ST_EXPIRED 10
! 255: #define PHASE2ST_MAX 11
! 256:
! 257: struct ph2handle {
! 258: /* source and destination addresses used for IKE exchange. Might
! 259: * differ from source and destination of SA. On the initiator,
! 260: * they are tweaked if a hint is available in the SPD (set by
! 261: * MIGRATE for instance). Otherwise they are the source and
! 262: * destination of SA for transport mode and the tunnel endpoints
! 263: * for tunnel mode */
! 264: struct sockaddr *src;
! 265: struct sockaddr *dst;
! 266:
! 267: /* source and destination addresses of the SA in the case addresses
! 268: * used for IKE exchanges (src and dst) do differ. On the initiator,
! 269: * they are set (if needed) in pk_recvacquire(). On the responder,
! 270: * they are _derived_ from the local and remote parameters of the
! 271: * SP, if available. */
! 272: struct sockaddr *sa_src;
! 273: struct sockaddr *sa_dst;
! 274:
! 275: /* Store our Phase 2 ID and the peer ID (ID minus general header).
! 276: * On the initiator, they are set during ACQUIRE processing.
! 277: * On the responder, they are set from the content of ID payload
! 278: * in quick_r1recv(). Then, if they are of type address or
! 279: * tunnel, they are compared to sainfo selectors.
! 280: */
! 281: vchar_t *id; /* ID minus gen header */
! 282: vchar_t *id_p; /* peer's ID minus general header */
! 283:
! 284: #ifdef ENABLE_NATT
! 285: struct sockaddr *natoa_src; /* peer's view of my address */
! 286: struct sockaddr *natoa_dst; /* peer's view of his address */
! 287: #endif
! 288:
! 289: u_int32_t spid; /* policy id by kernel */
! 290:
! 291: int status; /* ipsec sa status */
! 292: u_int8_t side; /* INITIATOR or RESPONDER */
! 293:
! 294: struct sched sce; /* schedule for expire */
! 295: struct sched scr; /* schedule for resend */
! 296: int retry_counter; /* for resend. */
! 297: vchar_t *sendbuf; /* buffer for re-sending */
! 298: vchar_t *msg1; /* buffer for re-sending */
! 299: /* used for responder's first message */
! 300:
! 301: int retry_checkph1; /* counter to wait phase 1 finished. */
! 302: /* NOTE: actually it's timer. */
! 303:
! 304: u_int32_t seq; /* sequence number used by PF_KEY */
! 305: /*
! 306: * NOTE: In responder side, we can't identify each SAs
! 307: * with same destination address for example, when
! 308: * socket based SA is required. So we set a identifier
! 309: * number to "seq", and sent kernel by pfkey.
! 310: */
! 311: u_int8_t satype; /* satype in PF_KEY */
! 312: /*
! 313: * saved satype in the original PF_KEY request from
! 314: * the kernel in order to reply a error.
! 315: */
! 316:
! 317: u_int8_t flags; /* Flags for phase 2 */
! 318: u_int32_t msgid; /* msgid for phase 2 */
! 319:
! 320: struct sainfo *sainfo; /* place holder of sainfo */
! 321: struct saprop *proposal; /* SA(s) proposal. */
! 322: struct saprop *approval; /* SA(s) approved. */
! 323: u_int32_t lifetime_secs; /* responder lifetime (seconds) */
! 324: u_int32_t lifetime_kb; /* responder lifetime (kbytes) */
! 325: caddr_t spidx_gen; /* policy from peer's proposal */
! 326:
! 327: struct dhgroup *pfsgrp; /* DH; prime number */
! 328: vchar_t *dhpriv; /* DH; private value */
! 329: vchar_t *dhpub; /* DH; public value */
! 330: vchar_t *dhpub_p; /* DH; partner's public value */
! 331: vchar_t *dhgxy; /* DH; shared secret */
! 332: vchar_t *nonce; /* nonce value in phase 2 */
! 333: vchar_t *nonce_p; /* partner's nonce value in phase 2 */
! 334:
! 335: vchar_t *sa; /* whole SA payload to send/to be sent*/
! 336: /* to calculate HASH */
! 337: /* NOT INCLUDING general header. */
! 338:
! 339: vchar_t *sa_ret; /* SA payload to reply/to be replyed */
! 340: /* NOT INCLUDING general header. */
! 341: /* NOTE: Should be release after use. */
! 342:
! 343: struct isakmp_ivm *ivm; /* IVs */
! 344:
! 345: int generated_spidx; /* mark handlers whith generated policy */
! 346:
! 347: #ifdef ENABLE_STATS
! 348: struct timeval start;
! 349: struct timeval end;
! 350: #endif
! 351: struct ph1handle *ph1; /* back pointer to isakmp status */
! 352:
! 353: LIST_ENTRY(ph2handle) chain;
! 354: LIST_ENTRY(ph2handle) ph1bind; /* chain to ph1handle */
! 355: EVT_LISTENER_LIST(evt_listeners);
! 356: };
! 357:
! 358: /* For limiting enumeration of ph2 tree */
! 359: struct ph2selector {
! 360: u_int32_t spid;
! 361: struct sockaddr *src;
! 362: struct sockaddr *dst;
! 363: };
! 364:
! 365: /*
! 366: * for handling initial contact.
! 367: */
! 368: struct contacted {
! 369: struct sockaddr *remote; /* remote address to negosiate ph1 */
! 370: LIST_ENTRY(contacted) chain;
! 371: };
! 372:
! 373: /*
! 374: * for checking a packet retransmited.
! 375: */
! 376: struct recvdpkt {
! 377: struct sockaddr *remote; /* the remote address */
! 378: struct sockaddr *local; /* the local address */
! 379: vchar_t *hash; /* hash of the received packet */
! 380: vchar_t *sendbuf; /* buffer for the response */
! 381: int retry_counter; /* how many times to send */
! 382: struct timeval time_send; /* timestamp of previous send */
! 383:
! 384: LIST_ENTRY(recvdpkt) chain;
! 385: };
! 386:
! 387: /* for parsing ISAKMP header. */
! 388: struct isakmp_parse_t {
! 389: u_char type; /* payload type of mine */
! 390: int len; /* ntohs(ptr->len) */
! 391: struct isakmp_gen *ptr;
! 392: };
! 393:
! 394: /*
! 395: * for IV management.
! 396: *
! 397: * - normal case
! 398: * initiator responder
! 399: * ------------------------- --------------------------
! 400: * initialize iv(A), ive(A). initialize iv(A), ive(A).
! 401: * encode by ive(A).
! 402: * save to iv(B). ---[packet(B)]--> save to ive(B).
! 403: * decode by iv(A).
! 404: * packet consistency.
! 405: * sync iv(B) with ive(B).
! 406: * check auth, integrity.
! 407: * encode by ive(B).
! 408: * save to ive(C). <--[packet(C)]--- save to iv(C).
! 409: * decoded by iv(B).
! 410: * :
! 411: *
! 412: * - In the case that a error is found while cipher processing,
! 413: * initiator responder
! 414: * ------------------------- --------------------------
! 415: * initialize iv(A), ive(A). initialize iv(A), ive(A).
! 416: * encode by ive(A).
! 417: * save to iv(B). ---[packet(B)]--> save to ive(B).
! 418: * decode by iv(A).
! 419: * packet consistency.
! 420: * sync iv(B) with ive(B).
! 421: * check auth, integrity.
! 422: * error found.
! 423: * create notify.
! 424: * get ive2(X) from iv(B).
! 425: * encode by ive2(X).
! 426: * get iv2(X) from iv(B). <--[packet(Y)]--- save to iv2(Y).
! 427: * save to ive2(Y).
! 428: * decoded by iv2(X).
! 429: * :
! 430: *
! 431: * The reason why the responder synchronizes iv with ive after checking the
! 432: * packet consistency is that it is required to leave the IV for decoding
! 433: * packet. Because there is a potential of error while checking the packet
! 434: * consistency. Also the reason why that is before authentication and
! 435: * integirty check is that the IV for informational exchange has to be made
! 436: * by the IV which is after packet decoded and checking the packet consistency.
! 437: * Otherwise IV mismatched happens between the intitiator and the responder.
! 438: */
! 439: struct isakmp_ivm {
! 440: vchar_t *iv; /* for decoding packet */
! 441: /* if phase 1, it's for computing phase2 iv */
! 442: vchar_t *ive; /* for encoding packet */
! 443: };
! 444:
! 445: /* for dumping */
! 446: struct ph1dump {
! 447: isakmp_index index;
! 448: int status;
! 449: int side;
! 450: struct sockaddr_storage remote;
! 451: struct sockaddr_storage local;
! 452: u_int8_t version;
! 453: u_int8_t etype;
! 454: time_t created;
! 455: int ph2cnt;
! 456: };
! 457:
! 458: struct sockaddr;
! 459: struct ph1handle;
! 460: struct ph2handle;
! 461: struct policyindex;
! 462:
! 463: extern struct ph1handle *getph1byindex __P((isakmp_index *));
! 464: extern struct ph1handle *getph1byindex0 __P((isakmp_index *));
! 465:
! 466: extern int enumph1 __P((struct ph1selector *ph1sel,
! 467: int (* enum_func)(struct ph1handle *iph1, void *arg),
! 468: void *enum_arg));
! 469:
! 470: #define GETPH1_F_ESTABLISHED 0x0001
! 471:
! 472: extern struct ph1handle *getph1 __P((struct ph1handle *ph1hint,
! 473: struct sockaddr *local,
! 474: struct sockaddr *remote,
! 475: int flags));
! 476:
! 477: #define getph1byaddr(local, remote, est) \
! 478: getph1(NULL, local, remote, est ? GETPH1_F_ESTABLISHED : 0)
! 479: #define getph1bydstaddr(remote) \
! 480: getph1(NULL, NULL, remote, 0)
! 481:
! 482: #ifdef ENABLE_HYBRID
! 483: struct ph1handle *getph1bylogin __P((char *));
! 484: int purgeph1bylogin __P((char *));
! 485: #endif
! 486: extern void migrate_ph12 __P((struct ph1handle *old_iph1, struct ph1handle *new_iph1));
! 487: extern void migrate_dying_ph12 __P((struct ph1handle *iph1));
! 488: extern vchar_t *dumpph1 __P((void));
! 489: extern struct ph1handle *newph1 __P((void));
! 490: extern void delph1 __P((struct ph1handle *));
! 491: extern int insph1 __P((struct ph1handle *));
! 492: extern void remph1 __P((struct ph1handle *));
! 493: extern int resolveph1rmconf __P((struct ph1handle *));
! 494: extern void flushph1 __P((void));
! 495: extern void initph1tree __P((void));
! 496: extern int ph1_rekey_enabled __P((struct ph1handle *));
! 497:
! 498: extern int enumph2 __P((struct ph2selector *ph2sel,
! 499: int (* enum_func)(struct ph2handle *iph2, void *arg),
! 500: void *enum_arg));
! 501: extern struct ph2handle *getph2byseq __P((u_int32_t));
! 502: extern struct ph2handle *getph2bysaddr __P((struct sockaddr *,
! 503: struct sockaddr *));
! 504: extern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t));
! 505: extern struct ph2handle *getph2byid __P((struct sockaddr *,
! 506: struct sockaddr *, u_int32_t));
! 507: extern struct ph2handle *getph2bysaidx __P((struct sockaddr *,
! 508: struct sockaddr *, u_int, u_int32_t));
! 509: extern struct ph2handle *newph2 __P((void));
! 510: extern void initph2 __P((struct ph2handle *));
! 511: extern void delph2 __P((struct ph2handle *));
! 512: extern int insph2 __P((struct ph2handle *));
! 513: extern void remph2 __P((struct ph2handle *));
! 514: extern void flushph2 __P((void));
! 515: extern void deleteallph2 __P((struct sockaddr *, struct sockaddr *, u_int));
! 516: extern void initph2tree __P((void));
! 517:
! 518: extern void bindph12 __P((struct ph1handle *, struct ph2handle *));
! 519: extern void unbindph12 __P((struct ph2handle *));
! 520:
! 521: extern struct contacted *getcontacted __P((struct sockaddr *));
! 522: extern int inscontacted __P((struct sockaddr *));
! 523: extern void remcontacted __P((struct sockaddr *));
! 524: extern void initctdtree __P((void));
! 525:
! 526: extern int check_recvdpkt __P((struct sockaddr *,
! 527: struct sockaddr *, vchar_t *));
! 528: extern int add_recvdpkt __P((struct sockaddr *, struct sockaddr *,
! 529: vchar_t *, vchar_t *));
! 530: extern void init_recvdpkt __P((void));
! 531:
! 532: #ifdef ENABLE_HYBRID
! 533: extern int exclude_cfg_addr __P((const struct sockaddr *));
! 534: #endif
! 535:
! 536: extern int revalidate_ph12(void);
! 537:
! 538: #endif /* _HANDLER_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to handler.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon