d671e7fd2c76fd545dc9cec8cbb639fdff513141
[strongswan.git] / src / libfreeswan / freeswan.h
1 #ifndef _FREESWAN_H
2 /*
3 * header file for FreeS/WAN library functions
4 * Copyright (C) 1998, 1999, 2000 Henry Spencer.
5 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
6 *
7 * This library is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Library General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
11 *
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
15 * License for more details.
16 */
17 #define _FREESWAN_H /* seen it, no need to see it again */
18
19 # include <sys/types.h>
20 # include <stdio.h>
21 # include <netinet/in.h>
22
23 # define uint8_t u_int8_t
24 # define uint16_t u_int16_t
25 # define uint32_t u_int32_t
26 # define uint64_t u_int64_t
27
28 # define DEBUG_NO_STATIC static
29
30 #include <ipsec_param.h>
31 #include <utils.h>
32
33 /*
34 * We assume header files have IPv6 (i.e. kernel version >= 2.1.0)
35 */
36 #define NET_21
37
38 #ifndef IPPROTO_COMP
39 # define IPPROTO_COMP 108
40 #endif /* !IPPROTO_COMP */
41
42 #ifndef IPPROTO_INT
43 # define IPPROTO_INT 61
44 #endif /* !IPPROTO_INT */
45
46 #ifdef CONFIG_IPSEC_DEBUG
47 # define DEBUG_NO_STATIC
48 #else /* CONFIG_IPSEC_DEBUG */
49 # define DEBUG_NO_STATIC static
50 #endif /* CONFIG_IPSEC_DEBUG */
51
52 #define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
53 #define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
54
55 /*
56 * Basic data types for the address-handling functions.
57 * ip_address and ip_subnet are supposed to be opaque types; do not
58 * use their definitions directly, they are subject to change!
59 */
60
61 /* then the main types */
62 typedef struct {
63 union {
64 struct sockaddr_in v4;
65 struct sockaddr_in6 v6;
66 } u;
67 } ip_address;
68 typedef struct {
69 ip_address addr;
70 int maskbits;
71 } ip_subnet;
72
73 /* and the SA ID stuff */
74 typedef u_int32_t ipsec_spi_t;
75 typedef struct { /* to identify an SA, we need: */
76 ip_address dst; /* A. destination host */
77 ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
78 # define SPI_PASS 256 /* magic values... */
79 # define SPI_DROP 257 /* ...for use... */
80 # define SPI_REJECT 258 /* ...with SA_INT */
81 # define SPI_HOLD 259
82 # define SPI_TRAP 260
83 # define SPI_TRAPSUBNET 261
84 int proto; /* C. protocol */
85 # define SA_ESP 50 /* IPPROTO_ESP */
86 # define SA_AH 51 /* IPPROTO_AH */
87 # define SA_IPIP 4 /* IPPROTO_IPIP */
88 # define SA_COMP 108 /* IPPROTO_COMP */
89 # define SA_INT 61 /* IANA reserved for internal use */
90 } ip_said;
91 struct sa_id { /* old v4-only version */
92 struct in_addr dst;
93 ipsec_spi_t spi;
94 int proto;
95 };
96
97 /* misc */
98 struct prng { /* pseudo-random-number-generator guts */
99 unsigned char sbox[256];
100 int i, j;
101 unsigned long count;
102 };
103
104
105 /*
106 * definitions for user space, taken from freeswan/ipsec_sa.h
107 */
108 typedef uint32_t IPsecSAref_t;
109
110 #define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH)
111
112 #define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
113
114 #define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
115 #define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
116
117 #define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
118
119 /* GCC magic for use in function definitions! */
120 #ifdef GCC_LINT
121 # define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
122 # define NEVER_RETURNS __attribute__ ((noreturn))
123 # define UNUSED __attribute__ ((unused))
124 # define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
125 #else
126 # define PRINTF_LIKE(n) /* ignore */
127 # define NEVER_RETURNS /* ignore */
128 # define UNUSED /* ignore */
129 # define BLANK_FORMAT ""
130 #endif
131
132
133
134
135
136 /*
137 * new IPv6-compatible functions
138 */
139
140 /* text conversions */
141 err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
142 size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
143 #define ULTOT_BUF (22+1) /* holds 64 bits in octal */
144 err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
145 err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
146 size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
147 /* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
148 #define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
149 err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
150 size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
151 #define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
152 err_t ttosa(const char *src, size_t srclen, ip_said *dst);
153 size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
154 #define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
155 err_t ttodata(const char *src, size_t srclen, int base, char *buf,
156 size_t buflen, size_t *needed);
157 err_t ttodatav(const char *src, size_t srclen, int base,
158 char *buf, size_t buflen, size_t *needed,
159 char *errp, size_t errlen, unsigned int flags);
160 #define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
161 #define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
162 #define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
163
164 size_t datatot(const char *src, size_t srclen, int format, char *buf,
165 size_t buflen);
166 size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst,
167 size_t dstlen);
168 size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m,
169 size_t mlen, char *dst, size_t dstlen);
170 #define KEYID_BUF 10 /* up to 9 text digits plus NUL */
171 err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port,
172 bool *has_port_wildcard);
173
174 /* initializations */
175 void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
176 err_t loopbackaddr(int af, ip_address *dst);
177 err_t unspecaddr(int af, ip_address *dst);
178 err_t anyaddr(int af, ip_address *dst);
179 err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
180 err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
181 err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
182
183 /* misc. conversions and related */
184 err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
185 int addrtypeof(const ip_address *src);
186 int subnettypeof(const ip_subnet *src);
187 size_t addrlenof(const ip_address *src);
188 size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
189 size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
190 int masktocount(const ip_address *src);
191 void networkof(const ip_subnet *src, ip_address *dst);
192 void maskof(const ip_subnet *src, ip_address *dst);
193
194 /* tests */
195 int sameaddr(const ip_address *a, const ip_address *b);
196 int addrcmp(const ip_address *a, const ip_address *b);
197 int samesubnet(const ip_subnet *a, const ip_subnet *b);
198 int addrinsubnet(const ip_address *a, const ip_subnet *s);
199 int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
200 int subnetishost(const ip_subnet *s);
201 int samesaid(const ip_said *a, const ip_said *b);
202 int sameaddrtype(const ip_address *a, const ip_address *b);
203 int samesubnettype(const ip_subnet *a, const ip_subnet *b);
204 int isanyaddr(const ip_address *src);
205 int isunspecaddr(const ip_address *src);
206 int isloopbackaddr(const ip_address *src);
207
208 /* low-level grot */
209 int portof(const ip_address *src);
210 void setportof(int port, ip_address *dst);
211 struct sockaddr *sockaddrof(ip_address *src);
212 size_t sockaddrlenof(const ip_address *src);
213
214 /* PRNG */
215 void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
216 void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
217 unsigned long prng_count(struct prng *prng);
218 void prng_final(struct prng *prng);
219
220 /* odds and ends */
221 const char *ipsec_version_code(void);
222 const char *ipsec_version_string(void);
223 const char **ipsec_copyright_notice(void);
224
225 const char *dns_string_rr(int rr, char *buf, int bufsize);
226 const char *dns_string_datetime(time_t seconds,
227 char *buf,
228 int bufsize);
229
230
231 /*
232 * old functions, to be deleted eventually
233 */
234
235 /* unsigned long */
236 const char * /* NULL for success, else string literal */
237 atoul(
238 const char *src,
239 size_t srclen, /* 0 means strlen(src) */
240 int base, /* 0 means figure it out */
241 unsigned long *resultp
242 );
243 size_t /* space needed for full conversion */
244 ultoa(
245 unsigned long n,
246 int base,
247 char *dst,
248 size_t dstlen
249 );
250 #define ULTOA_BUF 21 /* just large enough for largest result, */
251 /* assuming 64-bit unsigned long! */
252
253 /* Internet addresses */
254 const char * /* NULL for success, else string literal */
255 atoaddr(
256 const char *src,
257 size_t srclen, /* 0 means strlen(src) */
258 struct in_addr *addr
259 );
260 size_t /* space needed for full conversion */
261 addrtoa(
262 struct in_addr addr,
263 int format, /* character; 0 means default */
264 char *dst,
265 size_t dstlen
266 );
267 #define ADDRTOA_BUF 16 /* just large enough for largest result */
268
269 /* subnets */
270 const char * /* NULL for success, else string literal */
271 atosubnet(
272 const char *src,
273 size_t srclen, /* 0 means strlen(src) */
274 struct in_addr *addr,
275 struct in_addr *mask
276 );
277 size_t /* space needed for full conversion */
278 subnettoa(
279 struct in_addr addr,
280 struct in_addr mask,
281 int format, /* character; 0 means default */
282 char *dst,
283 size_t dstlen
284 );
285 #define SUBNETTOA_BUF 32 /* large enough for worst case result */
286
287 /* ranges */
288 const char * /* NULL for success, else string literal */
289 atoasr(
290 const char *src,
291 size_t srclen, /* 0 means strlen(src) */
292 char *type, /* 'a', 's', 'r' */
293 struct in_addr *addrs /* two-element array */
294 );
295 size_t /* space needed for full conversion */
296 rangetoa(
297 struct in_addr *addrs, /* two-element array */
298 int format, /* character; 0 means default */
299 char *dst,
300 size_t dstlen
301 );
302 #define RANGETOA_BUF 34 /* large enough for worst case result */
303
304 /* data types for SA conversion functions */
305
306 /* SAs */
307 const char * /* NULL for success, else string literal */
308 atosa(
309 const char *src,
310 size_t srclen, /* 0 means strlen(src) */
311 struct sa_id *sa
312 );
313 size_t /* space needed for full conversion */
314 satoa(
315 struct sa_id sa,
316 int format, /* character; 0 means default */
317 char *dst,
318 size_t dstlen
319 );
320 #define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF)
321
322 /* generic data, e.g. keys */
323 const char * /* NULL for success, else string literal */
324 atobytes(
325 const char *src,
326 size_t srclen, /* 0 means strlen(src) */
327 char *dst,
328 size_t dstlen,
329 size_t *lenp /* NULL means don't bother telling me */
330 );
331 size_t /* 0 failure, else true size */
332 bytestoa(
333 const char *src,
334 size_t srclen,
335 int format, /* character; 0 means default */
336 char *dst,
337 size_t dstlen
338 );
339
340 /* old versions of generic-data functions; deprecated */
341 size_t /* 0 failure, else true size */
342 atodata(
343 const char *src,
344 size_t srclen, /* 0 means strlen(src) */
345 char *dst,
346 size_t dstlen
347 );
348 size_t /* 0 failure, else true size */
349 datatoa(
350 const char *src,
351 size_t srclen,
352 int format, /* character; 0 means default */
353 char *dst,
354 size_t dstlen
355 );
356
357 /* part extraction and special addresses */
358 struct in_addr
359 subnetof(
360 struct in_addr addr,
361 struct in_addr mask
362 );
363 struct in_addr
364 hostof(
365 struct in_addr addr,
366 struct in_addr mask
367 );
368 struct in_addr
369 broadcastof(
370 struct in_addr addr,
371 struct in_addr mask
372 );
373
374 /* mask handling */
375 int
376 goodmask(
377 struct in_addr mask
378 );
379 int
380 masktobits(
381 struct in_addr mask
382 );
383 struct in_addr
384 bitstomask(
385 int n
386 );
387
388 /*
389 * Debugging levels for pfkey_lib_debug
390 */
391 #define PF_KEY_DEBUG_PARSE_NONE 0
392 #define PF_KEY_DEBUG_PARSE_PROBLEM 1
393 #define PF_KEY_DEBUG_PARSE_STRUCT 2
394 #define PF_KEY_DEBUG_PARSE_FLOW 4
395 #define PF_KEY_DEBUG_PARSE_MAX 7
396
397 extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
398
399 /*
400 * pluto and lwdnsq need to know the maximum size of the commands to,
401 * and replies from lwdnsq.
402 */
403
404 #define LWDNSQ_CMDBUF_LEN 1024
405 #define LWDNSQ_RESULT_LEN_MAX 4096
406
407 #endif /* _FREESWAN_H */