1/*	$KAME: remoteconf.h,v 1.27 2001/12/07 08:39:39 sakane Exp $	*/
2
3/*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 *    may be used to endorse or promote products derived from this software
17 *    without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32/* remote configuration */
33
34#include <sys/queue.h>
35
36struct etypes {
37	int type;
38	struct etypes *next;
39};
40
41struct remoteconf {
42	struct sockaddr *remote;	/* remote IP address */
43					/* if family is AF_UNSPEC, that is
44					 * for anonymous configuration. */
45
46	struct etypes *etypes;		/* exchange type list. the head
47					 * is a type to be sent first. */
48	int doitype;			/* doi type */
49	int sittype;			/* situation type */
50
51	int idvtype;			/* my identifier type */
52	vchar_t *idv;			/* my identifier */
53	int idvtype_p;			/* peer's identifier type */
54	vchar_t *idv_p;			/* peer's identifier */
55
56	int certtype;			/* certificate type if need */
57	char *mycertfile;		/* file name of my certificate */
58	char *myprivfile;		/* file name of my private key file */
59	char *peerscertfile;		/* file name of peer's certifcate */
60	int getcert_method;		/* the way to get peer's certificate */
61	int send_cert;			/* send to CERT or not */
62	int send_cr;			/* send to CR or not */
63	int verify_cert;		/* verify a CERT strictly */
64	int verify_identifier;		/* vefify the peer's identifier */
65	int nonce_size;			/* the number of bytes of nonce */
66	int keepalive;
67	int passive;			/* never initiate */
68	int support_mip6;		/* support mip6 */
69	int gen_policy;			/* generate policy if no policy found */
70	int ini_contact;		/* initial contact */
71	int pcheck_level;		/* level of propocl checking */
72
73	int dh_group;			/* use it when only aggressive mode */
74	struct dhgroup *dhgrp;		/* use it when only aggressive mode */
75					/* avobe two cann't be defined by user*/
76
77	int retry_counter;		/* times to retry. */
78	int retry_interval;		/* interval each retry. */
79				/* above 2 values are copied from localconf. */
80
81	struct isakmpsa *proposal;	/* proposal list */
82	LIST_ENTRY(remoteconf) chain;	/* next remote conf */
83};
84
85struct dhgroup;
86
87/* ISAKMP SA specification */
88struct isakmpsa {
89	int prop_no;
90	int trns_no;
91	time_t lifetime;
92	int lifebyte;
93	int enctype;
94	int encklen;
95	int authmethod;
96	int hashtype;
97	int vendorid;
98#ifdef HAVE_GSSAPI
99	vchar_t *gssid;
100#endif
101	int dh_group;			/* don't use it if aggressive mode */
102	struct dhgroup *dhgrp;		/* don't use it if aggressive mode */
103
104	struct isakmpsa *next;		/* next transform */
105	struct remoteconf *rmconf;	/* backpointer to remoteconf */
106};
107
108struct remoteconf *getrmconf __P((struct sockaddr *));
109extern struct remoteconf *newrmconf __P((void));
110extern void delrmconf __P((struct remoteconf *));
111extern void delisakmpsa __P((struct isakmpsa *));
112extern void deletypes __P((struct etypes *));
113extern void insrmconf __P((struct remoteconf *));
114extern void remrmconf __P((struct remoteconf *));
115extern void flushrmconf __P((void));
116extern void initrmconf __P((void));
117extern struct etypes *check_etypeok
118	__P((struct remoteconf *, u_int8_t));
119
120extern struct isakmpsa *newisakmpsa __P((void));
121extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *));
122extern const char *rm2str __P((const struct remoteconf *));
123