Annotation of embedaddon/ipsec-tools/src/racoon/remoteconf.h, revision 1.1.1.1
1.1 misho 1: /* $NetBSD: remoteconf.h,v 1.16 2011/03/14 15:50:36 vanhu Exp $ */
2:
3: /* Id: remoteconf.h,v 1.26 2006/05/06 15:52:44 manubsd Exp */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #ifndef _REMOTECONF_H
35: #define _REMOTECONF_H
36:
37: /* remote configuration */
38:
39: #include <sys/queue.h>
40: #include "genlist.h"
41: #ifdef ENABLE_HYBRID
42: #include "isakmp_var.h"
43: #include "isakmp_xauth.h"
44: #endif
45:
46: struct ph1handle;
47: struct secprotospec;
48:
49: struct etypes {
50: int type;
51: struct etypes *next;
52: };
53:
54: /* ISAKMP SA specification */
55: struct isakmpsa {
56: int prop_no;
57: int trns_no;
58: time_t lifetime;
59: size_t lifebyte;
60: int enctype;
61: int encklen;
62: int authmethod;
63: int hashtype;
64: int vendorid;
65: #ifdef HAVE_GSSAPI
66: vchar_t *gssid;
67: #endif
68: int dh_group; /* don't use it if aggressive mode */
69: struct dhgroup *dhgrp; /* don't use it if aggressive mode */
70:
71: struct isakmpsa *next; /* next transform */
72: };
73:
74: /* Certificate information */
75: struct rmconf_cert {
76: vchar_t *data; /* certificate payload */
77: char *filename; /* name of local file */
78: };
79:
80: /* Script hooks */
81: #define SCRIPT_PHASE1_UP 0
82: #define SCRIPT_PHASE1_DOWN 1
83: #define SCRIPT_PHASE1_DEAD 2
84: #define SCRIPT_MAX 2
85: extern char *script_names[SCRIPT_MAX + 1];
86:
87: struct remoteconf {
88: char *name; /* remote configuration name */
89: struct sockaddr *remote; /* remote IP address */
90: /* if family is AF_UNSPEC, that is
91: * for anonymous configuration. */
92:
93: struct etypes *etypes; /* exchange type list. the head
94: * is a type to be sent first. */
95: int doitype; /* doi type */
96: int sittype; /* situation type */
97:
98: int idvtype; /* my identifier type */
99: vchar_t *idv; /* my identifier */
100: vchar_t *key; /* my pre-shared key */
101: struct genlist *idvl_p; /* peer's identifiers list */
102:
103: char *myprivfile; /* file name of my private key file */
104: char *mycertfile; /* file name of my certificate */
105: vchar_t *mycert; /* my certificate */
106: char *peerscertfile; /* file name of peer's certifcate */
107: vchar_t *peerscert; /* peer's certificate */
108: char *cacertfile; /* file name of CA */
109: vchar_t *cacert; /* CA certificate */
110:
111: int send_cert; /* send to CERT or not */
112: int send_cr; /* send to CR or not */
113: int match_empty_cr; /* does this match if CR is empty */
114: int verify_cert; /* verify a CERT strictly */
115: int verify_identifier; /* vefify the peer's identifier */
116: int nonce_size; /* the number of bytes of nonce */
117: int passive; /* never initiate */
118: int ike_frag; /* IKE fragmentation */
119: int esp_frag; /* ESP fragmentation */
120: int mode_cfg; /* Gets config through mode config */
121: int support_proxy; /* support mip6/proxy */
122: #define GENERATE_POLICY_NONE 0
123: #define GENERATE_POLICY_REQUIRE 1
124: #define GENERATE_POLICY_UNIQUE 2
125: int gen_policy; /* generate policy if no policy found */
126: int ini_contact; /* initial contact */
127: int pcheck_level; /* level of propocl checking */
128: int nat_traversal; /* NAT-Traversal */
129: vchar_t *script[SCRIPT_MAX + 1];/* script hooks paths */
130: int dh_group; /* use it when only aggressive mode */
131: struct dhgroup *dhgrp; /* use it when only aggressive mode */
132: /* above two can't be defined by user*/
133:
134: int dpd; /* Negociate DPD support ? */
135: int dpd_retry; /* in seconds */
136: int dpd_interval; /* in seconds */
137: int dpd_maxfails;
138:
139: int rekey; /* rekey ph1 when active ph2s? */
140: #define REKEY_OFF FALSE
141: #define REKEY_ON TRUE
142: #define REKEY_FORCE 2
143:
144: uint32_t ph1id; /* ph1id to be matched with sainfo sections */
145:
146: int weak_phase1_check; /* act on unencrypted deletions ? */
147:
148: struct isakmpsa *proposal; /* proposal list */
149: struct remoteconf *inherited_from; /* the original rmconf
150: from which this one
151: was inherited */
152:
153: time_t lifetime; /* for isakmp/ipsec */
154: int lifebyte; /* for isakmp/ipsec */
155: struct secprotospec *spspec; /* the head is always current spec. */
156:
157: struct genlist *rsa_private, /* lists of PlainRSA keys to use */
158: *rsa_public;
159:
160: #ifdef ENABLE_HYBRID
161: struct xauth_rmconf *xauth;
162: #endif
163:
164: TAILQ_ENTRY(remoteconf) chain; /* next remote conf */
165: };
166:
167: #define RMCONF_NONCE_SIZE(rmconf) \
168: (rmconf != NULL ? rmconf->nonce_size : DEFAULT_NONCE_SIZE)
169:
170: struct dhgroup;
171:
172: struct idspec {
173: int idtype; /* identifier type */
174: vchar_t *id; /* identifier */
175: };
176:
177: struct rmconfselector {
178: int flags;
179: struct sockaddr *remote;
180: int etype;
181: struct isakmpsa *approval;
182: vchar_t *identity;
183: vchar_t *certificate_request;
184: };
185:
186: extern void rmconf_selector_from_ph1 __P((struct rmconfselector *rmsel,
187: struct ph1handle *iph1));
188: extern int enumrmconf __P((struct rmconfselector *rmsel,
189: int (* enum_func)(struct remoteconf *rmconf, void *arg),
190: void *enum_arg));
191:
192: #define GETRMCONF_F_NO_ANONYMOUS 0x0001
193: #define GETRMCONF_F_NO_PASSIVE 0x0002
194:
195: #define RMCONF_ERR_MULTIPLE ((struct remoteconf *) -1)
196:
197: extern int rmconf_match_identity __P((struct remoteconf *rmconf,
198: vchar_t *id_p));
199: extern struct remoteconf *getrmconf __P((struct sockaddr *remote, int flags));
200: extern struct remoteconf *getrmconf_by_ph1 __P((struct ph1handle *iph1));
201: extern struct remoteconf *getrmconf_by_name __P((const char *name));
202:
203: extern struct remoteconf *newrmconf __P((void));
204: extern struct remoteconf *duprmconf_shallow __P((struct remoteconf *));
205: extern int duprmconf_finish __P((struct remoteconf *));
206: extern void delrmconf __P((struct remoteconf *));
207: extern void deletypes __P((struct etypes *));
208: extern struct etypes * dupetypes __P((struct etypes *));
209: extern void insrmconf __P((struct remoteconf *));
210: extern void remrmconf __P((struct remoteconf *));
211: extern void flushrmconf __P((void));
212: extern void dupspspec_list __P((struct remoteconf *, struct remoteconf *));
213: extern void flushspspec __P((struct remoteconf *));
214: extern void initrmconf __P((void));
215: extern void rmconf_start_reload __P((void));
216: extern void rmconf_finish_reload __P((void));
217:
218: extern int check_etypeok __P((struct remoteconf *, void *));
219:
220: extern struct isakmpsa *newisakmpsa __P((void));
221: extern struct isakmpsa *dupisakmpsa __P((struct isakmpsa *));
222: extern void delisakmpsa __P((struct isakmpsa *));
223: extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *));
224: #ifdef ENABLE_HYBRID
225: extern int isakmpsa_switch_authmethod __P((int authmethod));
226: #else
227: static inline int isakmpsa_switch_authmethod(int authmethod)
228: {
229: return authmethod;
230: }
231: #endif
232: extern struct isakmpsa * checkisakmpsa __P((int pcheck,
233: struct isakmpsa *proposal,
234: struct isakmpsa *acceptable));
235:
236:
237: extern void dumprmconf __P((void));
238:
239: extern struct idspec *newidspec __P((void));
240:
241: extern vchar_t *script_path_add __P((vchar_t *));
242:
243: #endif /* _REMOTECONF_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to remoteconf.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon