Annotation of embedaddon/ipsec-tools/src/racoon/remoteconf.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: remoteconf.h,v 1.16 2011/03/14 15:50:36 vanhu Exp $ */
! 2:
! 3: /* Id: remoteconf.h,v 1.26 2006/05/06 15:52:44 manubsd Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifndef _REMOTECONF_H
! 35: #define _REMOTECONF_H
! 36:
! 37: /* remote configuration */
! 38:
! 39: #include <sys/queue.h>
! 40: #include "genlist.h"
! 41: #ifdef ENABLE_HYBRID
! 42: #include "isakmp_var.h"
! 43: #include "isakmp_xauth.h"
! 44: #endif
! 45:
! 46: struct ph1handle;
! 47: struct secprotospec;
! 48:
! 49: struct etypes {
! 50: int type;
! 51: struct etypes *next;
! 52: };
! 53:
! 54: /* ISAKMP SA specification */
! 55: struct isakmpsa {
! 56: int prop_no;
! 57: int trns_no;
! 58: time_t lifetime;
! 59: size_t lifebyte;
! 60: int enctype;
! 61: int encklen;
! 62: int authmethod;
! 63: int hashtype;
! 64: int vendorid;
! 65: #ifdef HAVE_GSSAPI
! 66: vchar_t *gssid;
! 67: #endif
! 68: int dh_group; /* don't use it if aggressive mode */
! 69: struct dhgroup *dhgrp; /* don't use it if aggressive mode */
! 70:
! 71: struct isakmpsa *next; /* next transform */
! 72: };
! 73:
! 74: /* Certificate information */
! 75: struct rmconf_cert {
! 76: vchar_t *data; /* certificate payload */
! 77: char *filename; /* name of local file */
! 78: };
! 79:
! 80: /* Script hooks */
! 81: #define SCRIPT_PHASE1_UP 0
! 82: #define SCRIPT_PHASE1_DOWN 1
! 83: #define SCRIPT_PHASE1_DEAD 2
! 84: #define SCRIPT_MAX 2
! 85: extern char *script_names[SCRIPT_MAX + 1];
! 86:
! 87: struct remoteconf {
! 88: char *name; /* remote configuration name */
! 89: struct sockaddr *remote; /* remote IP address */
! 90: /* if family is AF_UNSPEC, that is
! 91: * for anonymous configuration. */
! 92:
! 93: struct etypes *etypes; /* exchange type list. the head
! 94: * is a type to be sent first. */
! 95: int doitype; /* doi type */
! 96: int sittype; /* situation type */
! 97:
! 98: int idvtype; /* my identifier type */
! 99: vchar_t *idv; /* my identifier */
! 100: vchar_t *key; /* my pre-shared key */
! 101: struct genlist *idvl_p; /* peer's identifiers list */
! 102:
! 103: char *myprivfile; /* file name of my private key file */
! 104: char *mycertfile; /* file name of my certificate */
! 105: vchar_t *mycert; /* my certificate */
! 106: char *peerscertfile; /* file name of peer's certifcate */
! 107: vchar_t *peerscert; /* peer's certificate */
! 108: char *cacertfile; /* file name of CA */
! 109: vchar_t *cacert; /* CA certificate */
! 110:
! 111: int send_cert; /* send to CERT or not */
! 112: int send_cr; /* send to CR or not */
! 113: int match_empty_cr; /* does this match if CR is empty */
! 114: int verify_cert; /* verify a CERT strictly */
! 115: int verify_identifier; /* vefify the peer's identifier */
! 116: int nonce_size; /* the number of bytes of nonce */
! 117: int passive; /* never initiate */
! 118: int ike_frag; /* IKE fragmentation */
! 119: int esp_frag; /* ESP fragmentation */
! 120: int mode_cfg; /* Gets config through mode config */
! 121: int support_proxy; /* support mip6/proxy */
! 122: #define GENERATE_POLICY_NONE 0
! 123: #define GENERATE_POLICY_REQUIRE 1
! 124: #define GENERATE_POLICY_UNIQUE 2
! 125: int gen_policy; /* generate policy if no policy found */
! 126: int ini_contact; /* initial contact */
! 127: int pcheck_level; /* level of propocl checking */
! 128: int nat_traversal; /* NAT-Traversal */
! 129: vchar_t *script[SCRIPT_MAX + 1];/* script hooks paths */
! 130: int dh_group; /* use it when only aggressive mode */
! 131: struct dhgroup *dhgrp; /* use it when only aggressive mode */
! 132: /* above two can't be defined by user*/
! 133:
! 134: int dpd; /* Negociate DPD support ? */
! 135: int dpd_retry; /* in seconds */
! 136: int dpd_interval; /* in seconds */
! 137: int dpd_maxfails;
! 138:
! 139: int rekey; /* rekey ph1 when active ph2s? */
! 140: #define REKEY_OFF FALSE
! 141: #define REKEY_ON TRUE
! 142: #define REKEY_FORCE 2
! 143:
! 144: uint32_t ph1id; /* ph1id to be matched with sainfo sections */
! 145:
! 146: int weak_phase1_check; /* act on unencrypted deletions ? */
! 147:
! 148: struct isakmpsa *proposal; /* proposal list */
! 149: struct remoteconf *inherited_from; /* the original rmconf
! 150: from which this one
! 151: was inherited */
! 152:
! 153: time_t lifetime; /* for isakmp/ipsec */
! 154: int lifebyte; /* for isakmp/ipsec */
! 155: struct secprotospec *spspec; /* the head is always current spec. */
! 156:
! 157: struct genlist *rsa_private, /* lists of PlainRSA keys to use */
! 158: *rsa_public;
! 159:
! 160: #ifdef ENABLE_HYBRID
! 161: struct xauth_rmconf *xauth;
! 162: #endif
! 163:
! 164: TAILQ_ENTRY(remoteconf) chain; /* next remote conf */
! 165: };
! 166:
! 167: #define RMCONF_NONCE_SIZE(rmconf) \
! 168: (rmconf != NULL ? rmconf->nonce_size : DEFAULT_NONCE_SIZE)
! 169:
! 170: struct dhgroup;
! 171:
! 172: struct idspec {
! 173: int idtype; /* identifier type */
! 174: vchar_t *id; /* identifier */
! 175: };
! 176:
! 177: struct rmconfselector {
! 178: int flags;
! 179: struct sockaddr *remote;
! 180: int etype;
! 181: struct isakmpsa *approval;
! 182: vchar_t *identity;
! 183: vchar_t *certificate_request;
! 184: };
! 185:
! 186: extern void rmconf_selector_from_ph1 __P((struct rmconfselector *rmsel,
! 187: struct ph1handle *iph1));
! 188: extern int enumrmconf __P((struct rmconfselector *rmsel,
! 189: int (* enum_func)(struct remoteconf *rmconf, void *arg),
! 190: void *enum_arg));
! 191:
! 192: #define GETRMCONF_F_NO_ANONYMOUS 0x0001
! 193: #define GETRMCONF_F_NO_PASSIVE 0x0002
! 194:
! 195: #define RMCONF_ERR_MULTIPLE ((struct remoteconf *) -1)
! 196:
! 197: extern int rmconf_match_identity __P((struct remoteconf *rmconf,
! 198: vchar_t *id_p));
! 199: extern struct remoteconf *getrmconf __P((struct sockaddr *remote, int flags));
! 200: extern struct remoteconf *getrmconf_by_ph1 __P((struct ph1handle *iph1));
! 201: extern struct remoteconf *getrmconf_by_name __P((const char *name));
! 202:
! 203: extern struct remoteconf *newrmconf __P((void));
! 204: extern struct remoteconf *duprmconf_shallow __P((struct remoteconf *));
! 205: extern int duprmconf_finish __P((struct remoteconf *));
! 206: extern void delrmconf __P((struct remoteconf *));
! 207: extern void deletypes __P((struct etypes *));
! 208: extern struct etypes * dupetypes __P((struct etypes *));
! 209: extern void insrmconf __P((struct remoteconf *));
! 210: extern void remrmconf __P((struct remoteconf *));
! 211: extern void flushrmconf __P((void));
! 212: extern void dupspspec_list __P((struct remoteconf *, struct remoteconf *));
! 213: extern void flushspspec __P((struct remoteconf *));
! 214: extern void initrmconf __P((void));
! 215: extern void rmconf_start_reload __P((void));
! 216: extern void rmconf_finish_reload __P((void));
! 217:
! 218: extern int check_etypeok __P((struct remoteconf *, void *));
! 219:
! 220: extern struct isakmpsa *newisakmpsa __P((void));
! 221: extern struct isakmpsa *dupisakmpsa __P((struct isakmpsa *));
! 222: extern void delisakmpsa __P((struct isakmpsa *));
! 223: extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *));
! 224: #ifdef ENABLE_HYBRID
! 225: extern int isakmpsa_switch_authmethod __P((int authmethod));
! 226: #else
! 227: static inline int isakmpsa_switch_authmethod(int authmethod)
! 228: {
! 229: return authmethod;
! 230: }
! 231: #endif
! 232: extern struct isakmpsa * checkisakmpsa __P((int pcheck,
! 233: struct isakmpsa *proposal,
! 234: struct isakmpsa *acceptable));
! 235:
! 236:
! 237: extern void dumprmconf __P((void));
! 238:
! 239: extern struct idspec *newidspec __P((void));
! 240:
! 241: extern vchar_t *script_path_add __P((vchar_t *));
! 242:
! 243: #endif /* _REMOTECONF_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to remoteconf.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon