1/* 2 * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * The contents of this file constitute Original Code as defined in and 7 * are subject to the Apple Public Source License Version 1.1 (the 8 * "License"). You may not use this file except in compliance with the 9 * License. Please obtain a copy of the License at 10 * http://www.apple.com/publicsource and read it before using this file. 11 * 12 * This Original Code and all software distributed under the License are 13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER 14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the 17 * License for the specific language governing rights and limitations 18 * under the License. 19 * 20 * @APPLE_LICENSE_HEADER_END@ 21 */ 22 23#ifndef _IKE_SESSION_H 24#define _IKE_SESSION_H 25 26#include <stdlib.h> 27#include <sys/types.h> 28#include <sys/socket.h> 29#include <sys/param.h> 30#include <net/pfkeyv2.h> 31#include <netinet/in.h> 32#include <dispatch/dispatch.h> 33#include "handler.h" 34#include "ipsecSessionTracer.h" 35 36typedef struct ike_session_id { 37 struct sockaddr_storage local; 38 struct sockaddr_storage remote; 39} ike_session_id_t; 40 41typedef struct ike_session_stats { 42 u_int32_t counters[IPSECSESSIONEVENTCODE_MAX]; 43} ike_session_stats_t; 44 45typedef struct ike_session_ikev1 { 46 /* list of ph1s */ 47 int active_ph1cnt; 48 int ph1cnt; /* the number which is negotiated for this session */ 49 /* list of ph2s */ 50 int active_ph2cnt; 51 int ph2cnt; /* the number which is negotiated for this session */ 52} ike_session_ikev1_t; 53 54typedef struct ike_session_sastats { 55 int interv_mon; 56 int interv_idle; 57 int dir_idle; 58 schedule_ref sc_mon; 59 schedule_ref sc_idle; 60 61 u_int32_t num_in_curr_req; 62 u_int32_t num_in_last_poll; 63 struct sastat in_curr_req[8]; 64 struct sastat in_last_poll[8]; 65 66 u_int32_t num_out_curr_req; 67 u_int32_t num_out_last_poll; 68 struct sastat out_curr_req[8]; 69 struct sastat out_last_poll[8]; 70} ike_sesssion_sastats_t; 71 72 73struct ike_session { 74 u_int8_t mode; /* mode of protocol, see ipsec.h */ 75 u_int16_t proto; /* IPPROTO_ESP or IPPROTO_AH */ 76 77 ike_session_id_t session_id; 78 79 int established:1; 80 int ports_floated:1; 81 int is_cisco_ipsec:1; 82 int is_l2tpvpn_ipsec:1; 83 int is_btmm_ipsec:1; 84 int stopped_by_vpn_controller:1; 85 int peer_sent_data_sc_dpd:1; 86 int peer_sent_data_sc_idle:1; 87 int i_sent_data_sc_dpd:1; 88 int i_sent_data_sc_idle:1; 89 int is_client:1; 90 time_t last_time_data_sc_detected; 91 int controller_awaiting_peer_resp:1; 92 int is_dying:1; 93 int is_asserted:1; 94 u_int32_t natt_flags; 95 u_int32_t natt_version; 96 char *term_reason; 97 98 struct timeval start_timestamp; 99 struct timeval estab_timestamp; 100 struct timeval stop_timestamp; 101 ike_session_ikev1_t ikev1_state; 102 103 ike_session_stats_t stats; 104 105 ike_sesssion_sastats_t traffic_monitor; 106 schedule_ref sc_idle; 107 schedule_ref sc_xauth; 108 109 LIST_HEAD(_ph1tree_, phase1handle) ph1tree; 110 LIST_HEAD(_ph2tree_, phase2handle) ph2tree; 111 112 LIST_ENTRY(ike_session) chain; 113 114}; 115 116typedef enum ike_session_rekey_type { 117 IKE_SESSION_REKEY_TYPE_NONE = 0, 118 IKE_SESSION_REKEY_TYPE_PH1, 119 IKE_SESSION_REKEY_TYPE_PH2, 120} ike_session_rekey_type_t; 121 122extern const char * ike_session_stopped_by_vpn_disconnect; 123extern const char * ike_session_stopped_by_controller_comm_lost; 124extern const char * ike_session_stopped_by_flush; 125extern const char * ike_session_stopped_by_sleepwake; 126extern const char * ike_session_stopped_by_assert; 127extern const char * ike_session_stopped_by_peer; 128 129extern void ike_session_init (void); 130extern ike_session_t * ike_session_create_session (ike_session_id_t *session_id); 131extern void ike_session_release_session (ike_session_t *session); 132extern ike_session_t * ike_session_get_session (struct sockaddr_storage *, struct sockaddr_storage *, int, isakmp_index *); 133extern u_int ike_session_get_rekey_lifetime (int, u_int); 134extern void ike_session_update_mode (phase2_handle_t *iph2); 135extern int ike_session_link_phase1 (ike_session_t *, phase1_handle_t *); 136extern int ike_session_link_phase2 (ike_session_t *, phase2_handle_t *); 137extern int ike_session_link_ph2_to_ph1 (phase1_handle_t *, phase2_handle_t *); 138extern int ike_session_unlink_phase1 (phase1_handle_t *); 139extern int ike_session_unlink_phase2 (phase2_handle_t *); 140extern int ike_session_has_other_established_ph1 (ike_session_t *, phase1_handle_t *); 141extern int ike_session_has_other_negoing_ph1 (ike_session_t *, phase1_handle_t *); 142extern int ike_session_has_other_established_ph2 (ike_session_t *, phase2_handle_t *); 143extern int ike_session_has_other_negoing_ph2 (ike_session_t *, phase2_handle_t *); 144extern phase1_handle_t * ike_session_update_ph1_ph2tree (phase1_handle_t *); 145extern phase1_handle_t * ike_session_update_ph2_ph1bind (phase2_handle_t *); 146extern void ike_session_ikev1_float_ports (phase1_handle_t *); 147extern void ike_session_ph2_established (phase2_handle_t *); 148extern void ike_session_replace_other_ph1 (phase1_handle_t *, phase1_handle_t *); 149extern void ike_session_cleanup_other_established_ph1s (ike_session_t *, phase1_handle_t *); 150extern void ike_session_cleanup_other_established_ph2s (ike_session_t *, phase2_handle_t *); 151extern void ike_session_stopped_by_controller (ike_session_t *, const char *); 152extern void ike_sessions_stopped_by_controller (struct sockaddr_storage *, int, const char *); 153extern void ike_session_purge_ph2s_by_ph1 (phase1_handle_t *); 154extern phase1_handle_t * ike_session_get_established_ph1 (ike_session_t *); 155extern phase1_handle_t * ike_session_get_established_or_negoing_ph1 (ike_session_t *); 156extern void ike_session_update_ph2_ports (phase2_handle_t *); 157extern u_int32_t ike_session_get_sas_for_stats (ike_session_t *, u_int8_t, u_int32_t *, struct sastat *, u_int32_t); 158extern void ike_session_update_traffic_idle_status (ike_session_t *, u_int32_t, struct sastat *, u_int32_t); 159extern void ike_session_cleanup (ike_session_t *, const char *); 160extern int ike_session_has_negoing_ph1 (ike_session_t *); 161extern int ike_session_has_established_ph1 (ike_session_t *); 162extern int ike_session_has_negoing_ph2 (ike_session_t *); 163extern int ike_session_has_established_ph2 (ike_session_t *); 164extern void ike_session_cleanup_ph1s_by_ph2 (phase2_handle_t *); 165extern int ike_session_is_client_ph2_rekey (phase2_handle_t *); 166extern int ike_session_is_client_ph1_rekey (phase1_handle_t *); 167extern int ike_session_is_client_ph1 (phase1_handle_t *); 168extern int ike_session_is_client_ph2 (phase2_handle_t *); 169extern void ike_session_start_xauth_timer (phase1_handle_t *); 170extern void ike_session_stop_xauth_timer (phase1_handle_t *); 171extern int ike_session_get_sainfo_r (phase2_handle_t *); 172extern int ike_session_get_proposal_r (phase2_handle_t *); 173extern void ike_session_update_natt_version (phase1_handle_t *); 174extern int ike_session_get_natt_version (phase1_handle_t *); 175extern int ike_session_drop_rekey (ike_session_t *, ike_session_rekey_type_t); 176extern void ike_session_sweep_sleepwake (void); 177extern int ike_session_assert (struct sockaddr_storage *, struct sockaddr_storage *); 178extern int ike_session_assert_session (ike_session_t *); 179extern void ike_session_unbindph12(phase2_handle_t *); 180extern void ike_session_ph2_retransmits (phase2_handle_t *); 181extern void ike_session_ph1_retransmits (phase1_handle_t *); 182 183#endif /* _IKE_SESSION_H */ 184