removed NAT_TRAVERSAL compile option
[strongswan.git] / src / libfreeswan / freeswan.h
1 #ifndef _FREESWAN_H
2 /*
3 * header file for FreeS/WAN library functions
4 * Copyright (C) 1998, 1999, 2000 Henry Spencer.
5 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
6 *
7 * This library is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Library General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
11 *
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
15 * License for more details.
16 *
17 * RCSID $Id: freeswan.h,v 1.2 2004/03/22 21:53:17 as Exp $
18 */
19 #define _FREESWAN_H /* seen it, no need to see it again */
20
21
22
23 /*
24 * We've just got to have some datatypes defined... And annoyingly, just
25 * where we get them depends on whether we're in userland or not.
26 */
27 #ifdef __KERNEL__
28
29 # include <linux/types.h>
30 # include <linux/in.h>
31
32 #else /* __KERNEL__ */
33
34 # include <stdio.h>
35 # include <netinet/in.h>
36
37 # define uint8_t u_int8_t
38 # define uint16_t u_int16_t
39 # define uint32_t u_int32_t
40 # define uint64_t u_int64_t
41
42 # define DEBUG_NO_STATIC static
43
44 #endif /* __KERNEL__ */
45
46 #include <ipsec_param.h>
47
48
49 /*
50 * Grab the kernel version to see if we have NET_21, and therefore
51 * IPv6. Some of this is repeated from ipsec_kversions.h. Of course,
52 * we aren't really testing if the kernel has IPv6, but rather if the
53 * the include files do.
54 */
55 #include <linux/version.h>
56 #ifndef KERNEL_VERSION
57 #define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
58 #endif
59
60 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
61 #define NET_21
62 #endif
63
64 #ifndef IPPROTO_COMP
65 # define IPPROTO_COMP 108
66 #endif /* !IPPROTO_COMP */
67
68 #ifndef IPPROTO_INT
69 # define IPPROTO_INT 61
70 #endif /* !IPPROTO_INT */
71
72 #ifdef CONFIG_IPSEC_DEBUG
73 # define DEBUG_NO_STATIC
74 #else /* CONFIG_IPSEC_DEBUG */
75 # define DEBUG_NO_STATIC static
76 #endif /* CONFIG_IPSEC_DEBUG */
77
78 #define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
79 #define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
80
81 /*
82 * Basic data types for the address-handling functions.
83 * ip_address and ip_subnet are supposed to be opaque types; do not
84 * use their definitions directly, they are subject to change!
85 */
86
87 /* first, some quick fakes in case we're on an old system with no IPv6 */
88 #ifndef s6_addr16
89 struct in6_addr {
90 union
91 {
92 __u8 u6_addr8[16];
93 __u16 u6_addr16[8];
94 __u32 u6_addr32[4];
95 } in6_u;
96 #define s6_addr in6_u.u6_addr8
97 #define s6_addr16 in6_u.u6_addr16
98 #define s6_addr32 in6_u.u6_addr32
99 };
100 struct sockaddr_in6 {
101 unsigned short int sin6_family; /* AF_INET6 */
102 __u16 sin6_port; /* Transport layer port # */
103 __u32 sin6_flowinfo; /* IPv6 flow information */
104 struct in6_addr sin6_addr; /* IPv6 address */
105 __u32 sin6_scope_id; /* scope id (new in RFC2553) */
106 };
107 #endif /* !s6_addr16 */
108
109 /* then the main types */
110 typedef struct {
111 union {
112 struct sockaddr_in v4;
113 struct sockaddr_in6 v6;
114 } u;
115 } ip_address;
116 typedef struct {
117 ip_address addr;
118 int maskbits;
119 } ip_subnet;
120
121 /* and the SA ID stuff */
122 #ifdef __KERNEL__
123 typedef __u32 ipsec_spi_t;
124 #else
125 typedef u_int32_t ipsec_spi_t;
126 #endif
127 typedef struct { /* to identify an SA, we need: */
128 ip_address dst; /* A. destination host */
129 ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
130 # define SPI_PASS 256 /* magic values... */
131 # define SPI_DROP 257 /* ...for use... */
132 # define SPI_REJECT 258 /* ...with SA_INT */
133 # define SPI_HOLD 259
134 # define SPI_TRAP 260
135 # define SPI_TRAPSUBNET 261
136 int proto; /* C. protocol */
137 # define SA_ESP 50 /* IPPROTO_ESP */
138 # define SA_AH 51 /* IPPROTO_AH */
139 # define SA_IPIP 4 /* IPPROTO_IPIP */
140 # define SA_COMP 108 /* IPPROTO_COMP */
141 # define SA_INT 61 /* IANA reserved for internal use */
142 } ip_said;
143 struct sa_id { /* old v4-only version */
144 struct in_addr dst;
145 ipsec_spi_t spi;
146 int proto;
147 };
148
149 /* misc */
150 typedef const char *err_t; /* error message, or NULL for success */
151 struct prng { /* pseudo-random-number-generator guts */
152 unsigned char sbox[256];
153 int i, j;
154 unsigned long count;
155 };
156
157
158 /*
159 * definitions for user space, taken from freeswan/ipsec_sa.h
160 */
161 typedef uint32_t IPsecSAref_t;
162
163 #define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
164
165 #define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
166 #define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
167
168 #define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
169
170 /* GCC magic for use in function definitions! */
171 #ifdef GCC_LINT
172 # define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
173 # define NEVER_RETURNS __attribute__ ((noreturn))
174 # define UNUSED __attribute__ ((unused))
175 # define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
176 #else
177 # define PRINTF_LIKE(n) /* ignore */
178 # define NEVER_RETURNS /* ignore */
179 # define UNUSED /* ignore */
180 # define BLANK_FORMAT ""
181 #endif
182
183
184
185
186
187 /*
188 * new IPv6-compatible functions
189 */
190
191 /* text conversions */
192 err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
193 size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
194 #define ULTOT_BUF (22+1) /* holds 64 bits in octal */
195 err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
196 err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
197 size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
198 /* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
199 #define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
200 err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
201 size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
202 #define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
203 err_t ttosa(const char *src, size_t srclen, ip_said *dst);
204 size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
205 #define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
206 err_t ttodata(const char *src, size_t srclen, int base, char *buf,
207 size_t buflen, size_t *needed);
208 err_t ttodatav(const char *src, size_t srclen, int base,
209 char *buf, size_t buflen, size_t *needed,
210 char *errp, size_t errlen, unsigned int flags);
211 #define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
212 #define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
213 #define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
214
215 size_t datatot(const char *src, size_t srclen, int format, char *buf,
216 size_t buflen);
217 size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst,
218 size_t dstlen);
219 size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m,
220 size_t mlen, char *dst, size_t dstlen);
221 #define KEYID_BUF 10 /* up to 9 text digits plus NUL */
222 err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port,
223 int *has_port_wildcard);
224
225 /* initializations */
226 void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
227 err_t loopbackaddr(int af, ip_address *dst);
228 err_t unspecaddr(int af, ip_address *dst);
229 err_t anyaddr(int af, ip_address *dst);
230 err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
231 err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
232 err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
233
234 /* misc. conversions and related */
235 err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
236 int addrtypeof(const ip_address *src);
237 int subnettypeof(const ip_subnet *src);
238 size_t addrlenof(const ip_address *src);
239 size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
240 size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
241 int masktocount(const ip_address *src);
242 void networkof(const ip_subnet *src, ip_address *dst);
243 void maskof(const ip_subnet *src, ip_address *dst);
244
245 /* tests */
246 int sameaddr(const ip_address *a, const ip_address *b);
247 int addrcmp(const ip_address *a, const ip_address *b);
248 int samesubnet(const ip_subnet *a, const ip_subnet *b);
249 int addrinsubnet(const ip_address *a, const ip_subnet *s);
250 int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
251 int subnetishost(const ip_subnet *s);
252 int samesaid(const ip_said *a, const ip_said *b);
253 int sameaddrtype(const ip_address *a, const ip_address *b);
254 int samesubnettype(const ip_subnet *a, const ip_subnet *b);
255 int isanyaddr(const ip_address *src);
256 int isunspecaddr(const ip_address *src);
257 int isloopbackaddr(const ip_address *src);
258
259 /* low-level grot */
260 int portof(const ip_address *src);
261 void setportof(int port, ip_address *dst);
262 struct sockaddr *sockaddrof(ip_address *src);
263 size_t sockaddrlenof(const ip_address *src);
264
265 /* PRNG */
266 void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
267 void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
268 unsigned long prng_count(struct prng *prng);
269 void prng_final(struct prng *prng);
270
271 /* odds and ends */
272 const char *ipsec_version_code(void);
273 const char *ipsec_version_string(void);
274 const char **ipsec_copyright_notice(void);
275
276 const char *dns_string_rr(int rr, char *buf, int bufsize);
277 const char *dns_string_datetime(time_t seconds,
278 char *buf,
279 int bufsize);
280
281
282 /*
283 * old functions, to be deleted eventually
284 */
285
286 /* unsigned long */
287 const char * /* NULL for success, else string literal */
288 atoul(
289 const char *src,
290 size_t srclen, /* 0 means strlen(src) */
291 int base, /* 0 means figure it out */
292 unsigned long *resultp
293 );
294 size_t /* space needed for full conversion */
295 ultoa(
296 unsigned long n,
297 int base,
298 char *dst,
299 size_t dstlen
300 );
301 #define ULTOA_BUF 21 /* just large enough for largest result, */
302 /* assuming 64-bit unsigned long! */
303
304 /* Internet addresses */
305 const char * /* NULL for success, else string literal */
306 atoaddr(
307 const char *src,
308 size_t srclen, /* 0 means strlen(src) */
309 struct in_addr *addr
310 );
311 size_t /* space needed for full conversion */
312 addrtoa(
313 struct in_addr addr,
314 int format, /* character; 0 means default */
315 char *dst,
316 size_t dstlen
317 );
318 #define ADDRTOA_BUF 16 /* just large enough for largest result */
319
320 /* subnets */
321 const char * /* NULL for success, else string literal */
322 atosubnet(
323 const char *src,
324 size_t srclen, /* 0 means strlen(src) */
325 struct in_addr *addr,
326 struct in_addr *mask
327 );
328 size_t /* space needed for full conversion */
329 subnettoa(
330 struct in_addr addr,
331 struct in_addr mask,
332 int format, /* character; 0 means default */
333 char *dst,
334 size_t dstlen
335 );
336 #define SUBNETTOA_BUF 32 /* large enough for worst case result */
337
338 /* ranges */
339 const char * /* NULL for success, else string literal */
340 atoasr(
341 const char *src,
342 size_t srclen, /* 0 means strlen(src) */
343 char *type, /* 'a', 's', 'r' */
344 struct in_addr *addrs /* two-element array */
345 );
346 size_t /* space needed for full conversion */
347 rangetoa(
348 struct in_addr *addrs, /* two-element array */
349 int format, /* character; 0 means default */
350 char *dst,
351 size_t dstlen
352 );
353 #define RANGETOA_BUF 34 /* large enough for worst case result */
354
355 /* data types for SA conversion functions */
356
357 /* SAs */
358 const char * /* NULL for success, else string literal */
359 atosa(
360 const char *src,
361 size_t srclen, /* 0 means strlen(src) */
362 struct sa_id *sa
363 );
364 size_t /* space needed for full conversion */
365 satoa(
366 struct sa_id sa,
367 int format, /* character; 0 means default */
368 char *dst,
369 size_t dstlen
370 );
371 #define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF)
372
373 /* generic data, e.g. keys */
374 const char * /* NULL for success, else string literal */
375 atobytes(
376 const char *src,
377 size_t srclen, /* 0 means strlen(src) */
378 char *dst,
379 size_t dstlen,
380 size_t *lenp /* NULL means don't bother telling me */
381 );
382 size_t /* 0 failure, else true size */
383 bytestoa(
384 const char *src,
385 size_t srclen,
386 int format, /* character; 0 means default */
387 char *dst,
388 size_t dstlen
389 );
390
391 /* old versions of generic-data functions; deprecated */
392 size_t /* 0 failure, else true size */
393 atodata(
394 const char *src,
395 size_t srclen, /* 0 means strlen(src) */
396 char *dst,
397 size_t dstlen
398 );
399 size_t /* 0 failure, else true size */
400 datatoa(
401 const char *src,
402 size_t srclen,
403 int format, /* character; 0 means default */
404 char *dst,
405 size_t dstlen
406 );
407
408 /* part extraction and special addresses */
409 struct in_addr
410 subnetof(
411 struct in_addr addr,
412 struct in_addr mask
413 );
414 struct in_addr
415 hostof(
416 struct in_addr addr,
417 struct in_addr mask
418 );
419 struct in_addr
420 broadcastof(
421 struct in_addr addr,
422 struct in_addr mask
423 );
424
425 /* mask handling */
426 int
427 goodmask(
428 struct in_addr mask
429 );
430 int
431 masktobits(
432 struct in_addr mask
433 );
434 struct in_addr
435 bitstomask(
436 int n
437 );
438
439
440
441 /*
442 * general utilities
443 */
444
445 #ifndef __KERNEL__
446 /* option pickup from files (userland only because of use of FILE) */
447 const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
448 int optind, FILE *errorreport);
449 #endif
450
451 /*
452 * Debugging levels for pfkey_lib_debug
453 */
454 #define PF_KEY_DEBUG_PARSE_NONE 0
455 #define PF_KEY_DEBUG_PARSE_PROBLEM 1
456 #define PF_KEY_DEBUG_PARSE_STRUCT 2
457 #define PF_KEY_DEBUG_PARSE_FLOW 4
458 #define PF_KEY_DEBUG_PARSE_MAX 7
459
460 extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
461
462 /*
463 * pluto and lwdnsq need to know the maximum size of the commands to,
464 * and replies from lwdnsq.
465 */
466
467 #define LWDNSQ_CMDBUF_LEN 1024
468 #define LWDNSQ_RESULT_LEN_MAX 4096
469
470 #endif /* _FREESWAN_H */