📄 fa.h
字号:
/* $Id: fa.h,v 1.103 2001/09/25 17:14:20 jm Exp $ * Header files for Foreign Agent * * Dynamic hierarchial IP tunnel * Copyright (C) 1998-2001, Dynamics group * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. See README and COPYING for * more details. */#ifndef FA_H#define FA_H#ifdef HAVE_CONFIG_H#include <config.h>#endif#include <asm/types.h>#include <net/if.h>#include <netinet/in.h>#include <sys/time.h>#include <features.h> /* for the glibc version number */#if __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 1#include <netpacket/packet.h>#else#include <linux/if_packet.h>#endif#include <netinet/ip.h>#include <netinet/udp.h>#include "binding.h"#include "message.h"#include "msgparser.h"#define DEBUG_FLAG 'F'#define DEBUG_FLAG2 'f'#define LOG2(lev, fmt, args...) do { DEBUG(DEBUG_FLAG, fmt, ## args); \ syslog(lev, fmt, ## args); } while(0)/* Delay binding removal DELAY_BINDING_TIME seconds (fa_reply.c: handle_reply_disconnect() */#define DELAY_BINDING_TIME 2#define MAXFILENAMELEN 256#define MAXOWNERNAMELEN 8#define MAXGROUPNAMELEN 8#define FA_DEFAULT_MAX_BINDINGS 20#define FA_DEFAULT_ADVERTISEMENT_INTERVAL 30#define FA_DEFAULT_SEND_ADVERTISEMENTS TRUE#define FA_DEFAULT_TUNNEL_LIFETIME 400#define FA_DEFAULT_SYSLOG_FACILITY LOG_LOCAL0#define FA_DEFAULT_ROUTING_TABLE_START 1#define FA_DEFAULT_ROUTING_TABLE_END 252#define FA_DEFAULT_UDP_PORT 434#define FA_CONF_FILE "dynfad.conf"#define FA_GLOBAL_CONF_FILE SYSCONFDIR "/" FA_CONF_FILE /* The process id of the daemon is saved here to make it easier to kill the correct daemon when necessary. */#define FA_PID_FILE PIDDIR "/dynfad.pid"#define MAXMSG 2048/* the unconfirmed request data can be deleted after it is older than * UNCONFIRMED_TIMEOUT seconds */#define UNCONFIRMED_TIMEOUT 15#define TRUE 1#define FALSE 0#define TUNNEL_MODE_REVERSE 1#define TUNNEL_MODE_TRIANGLE 2#define TTL_CHECK_NONE 0#define TTL_CHECK_REVERSE 1#define TTL_CHECK_ALL 2#define MAX_ADV_DELAY 200000.0 /* wait random 0 - MAX_ADV_DELAY microseconds befora sending agent advertisement (either broadcast or unicast, answer to agent solicitation */#define MAXSHAREDSECRETLEN 32/* FA info socket - message type */#define FA_INFO_REQUEST 1#define FA_INFO_REPLY 2#define FA_INFO_TIMEOUT 3#define FA_INFO_CLOSE 4/* FA info socket - message status */#define FA_INFO_OK 0#define FA_INFO_FAILED 1#define SPI_AGENT_FA 1#define SPI_AGENT_HA 2#define SPI_AGENT_MN 3struct fa_spi_entry { struct node node; int spi; struct in_addr addr; int alg; unsigned char shared_secret[MAXSHAREDSECRETLEN]; int shared_secret_len; int agent_type;};#define INTERFACE_TYPE_BOTH 1#define INTERFACE_TYPE_UP 2#define INTERFACE_TYPE_DOWN 3enum { INTERFACE_AGENTADV_ONLY_SOLICITED = 0, INTERFACE_AGENTADV_ALL = 1, INTERFACE_AGENTADV_NONE = -1 };struct interface_entry { struct node node; /* data from dynfad.conf */ char dev[IFNAMSIZ + 1]; int type; /* see above defines of INTERFACE_TYPE* */ int agentadv; /* whether to send agent advertisements or not */ int interval; /* interval to send advertisements */ struct in_addr force_addr; /* which source address to use if multiple * addresses available for interface */ /* other data */ int if_index; struct in_addr addr; /* local address to be used for this interface */ struct timeval last_adv; int icmp_sock, udp_sock, udp_packet;};#define MAX_HASH_LEN 16enum { PACKET_SOCKET_MODE_SEND = 0, PACKET_SOCKET_MODE_ONLY_RECEIVE = 1 };struct fa_config { struct in_addr highest_fa_addr; struct in_addr upper_fa_addr; int highest_FA; int upper_fa_port; char tunnel_device[IFNAMSIZ + 1]; int udp_port; int ha_udp_port; int routing_table_start; int routing_table_end; char key_file[MAXFILENAMELEN + 1]; int max_bindings; int max_pending; int delete_pending_after; int enable_fa_decapsulation; int enable_triangle_tunneling; int force_reverse_tunneling; int enable_reverse_tunneling; int reg_required; int fa_default_tunnel_lifetime; int syslog_facility; char fa_api_read_socket_path[MAXFILENAMELEN + 1]; char fa_api_read_socket_group[MAXGROUPNAMELEN + 1]; char fa_api_read_socket_owner[MAXOWNERNAMELEN + 1]; int fa_api_read_socket_permissions; char fa_api_admin_socket_path[MAXFILENAMELEN + 1]; char fa_api_admin_socket_group[MAXGROUPNAMELEN + 1]; char fa_api_admin_socket_owner[MAXOWNERNAMELEN + 1]; int fa_api_admin_socket_permissions; struct list *authorized_networks; struct list fa_spi_list; struct list interfaces; int allow_mobile_nodes; int socket_priority; int reg_ttl_check; unsigned char hfa_pubkey_hash[MAX_HASH_LEN + 1]; int hfa_pubkey_hash_len; char fa_nai[MAX_NAI_LEN + 1]; int fa_nai_len; int send_sfa_debug_ext; int fa_reg_lifetime; int enable_challenge_response; int challenge_window; int challenge_length; int require_challenge; int challenge_in_reg_reply; int require_mnfa_sec_assoc; int packet_socket_mode; /* PACKET_SOCKET_MODE_* */#ifdef INCLUDE_IPAY struct in_addr aaaf_addr; /* AAAF address (and UDP port below) for * messages from HFA to AAAF */ int aaaf_port; int ipay_port; /* the UDP port used for Ipay messages to this FA */ int timePrice; int bytePrice;#endif};struct packet_from_info { struct sockaddr_ll from; struct interface_entry *iface; int ttl; struct in_addr dst_addr; struct sockaddr_in src;};/* if there is more than one unconfirmed request or unconfirmed * requests to a confirmed binding, then the request data is saved in * unconfirmed_request structures and the correct one will be used * after the HA's reply is received */struct unconfirmed_request { struct unconfirmed_request *next; time_t created; /* creation time */ struct msg_key *fa_pubkey; /* lower FA public key */ struct packet_from_info info; /* request source data (L2/L3) */ __u32 id[2]; /* id field from the req. */ int spi; /* MN spi */ int fa_spi; /* possible FA keyreq spi */ struct in_addr ha_addr; /* Home Agent address from the req. */ int timeout; int tunnel_mode; int fa_decapsulation; int encaps_delivery; /* encapsulating delivery style [RFC 2344] */ int is_lowest_fa; int old_if_index; /* same as iface->if_index; used to fix the iface * pointer after configuration file reload */ int tunnel_type; __u32 tunnel_key; int mn_nai_included; /* whether MN NAI extension was in the request */ struct challenge_ext *challenge; /* challenge ext. in the request or * NULL if not used */ struct reg_req req; /* registration request data */};#ifdef INCLUDE_IPAYstruct nai_data { int len; char *nai;};#endifstruct tunnel_data { struct msg_key *fa_pubkey; /* lower FA public key */ struct unconfirmed_request *unc_req; /* list of unconfirmed req. */ struct msg_key *last_sent_fa_pubkeyrep; struct msg_key *last_recv_fa_pubkeyrep; int tunnel_mode; /* TUNNEL_MODE_{REVERSE/TRIANGLE} */ int fa_decapsulation; int encaps_delivery; /* encapsulating delivery style [RFC 2344] */ int is_lowest_fa; int dynamics_extensions; /* whether the upper mobility agent supports * Dynamics extensions */#ifdef USE_TEARDOWN __u32 upper_id[2]; /* previously used id with the upper FA * (this may differ with binding->id) */#endif __u32 last_used_seq_num; /* used for local locupd replay protection */ int req_lifetime; /* lifetime used in the request */ int pending_request; /* is the last request pending (i.e., waiting a * reply)? */ char ha_tun_dev[IFNAMSIZ]; /* device for the HA tunnel in * the highest FA */ int old_if_index; /* same as iface->if_index; used to fix the iface * pointer after configuration file reload */ struct packet_from_info info; /* L2&L3 data from last req */ int confirmed; /* confirmed binding = 1, unconfirmed = 0 */ int up_type, down_type; /* TUNNEL_IPIP / TUNNEL_GRE */ __u32 up_key, down_key; /* GRE tunnel key - to upper/lower FA */ struct tunnel *up_tunl; struct tunnel *down_tunl; char force_route_dev[IFNAMSIZ]; char force_reverse_dev[IFNAMSIZ]; int mn_addr_added; /* 0 = mn_addr_add() not used, 1 = used */ struct challenge_ext *last_challenge; /* last challenge send in * registration reply */ struct challenge_ext **used_challenges; /* rotating buffer of last * 2 * CHALLENGE_WINDOW * challenges the MN has used */ int used_challenges_pos; /* position in used_challenges array */ __u32 used_challenges_id[2]; /* reg_req id used with last challenge */ int arpentry; /* 1=permanent ARP entry is added, 0=not */ struct in_addr arp_ipaddr; char arp_dev[IFNAMSIZ + 1];#ifdef INCLUDE_IPAY struct nai_data mn_nai; int ipay_send_stats; /* 1 = send Ipay statistics */ time_t ipay_last_stats; /* last time Ipay statistics was sent */#endif};struct binding_counters { int bindingcount; /* the number of confirmed bindings */ int pendingcount; /* the number of pending registrations */};/* used in fa_request and fa_reply to save old binding info */struct saved_binding_info { struct in_addr lower_addr; unsigned short lower_port; int is_lowest_fa; int tunnel_mode; int fa_decapsulation; int encaps_delivery; int down_type; __u32 down_key; struct interface_entry *down_iface; struct tunnel *down_tunl; char force_route_dev[IFNAMSIZ]; char force_reverse_dev[IFNAMSIZ];};/* function prototypes - fa.c */struct fa_spi_entry *get_fa_spi(int spi, struct in_addr addr, int agent_type);/* function prototypes - fa_request.c */int add_fa_auth_ext(struct in_addr lower_addr, struct in_addr home_addr, unsigned char *data, unsigned char *pos);void save_binding_info(struct saved_binding_info *save, const struct bindingentry *binding);int handle_lower_switch(struct bindingentry *binding, struct saved_binding_info *old, struct msg_extensions *ext, struct in_addr *addr, int request_auth_ok);int handle_request(struct msg_extensions *ext, struct packet_from_info *info, struct fa_config *config);void expire_denial_records(int force);int send_failure_reply(int code, struct msg_extensions *ext, struct packet_from_info *info, unsigned char *sk, int sk_len);/* function prototypes - fa_reply.c */int handle_reply(struct msg_extensions *ext, struct packet_from_info *info);/* function prototypes - fa_config.c */int load_fa(struct fa_config *fa, char *program_name, char *config_file);void cleanup_fa_config(struct fa_config *config);/* function prototypes - fa_utils.c */int send_address_ok(struct in_addr to_addr);int own_sendto(int sock, struct in_addr to_addr, unsigned int to_port, void *data, int len);void close_socket(int fd);void free_unconfirmed_data(struct unconfirmed_request *unc);int eliminate_binding_entry(struct node *node, void *data);int eliminate_binding_entry_force(struct node *node, void *data);int update_binding(struct bindingtable *hash, struct bindingentry *binding, struct binding_counters *bcounters);struct bindingentry *make_new_binding(struct bindingtable *bhash, struct msg_extensions *ext, int max_lifetime, struct binding_counters *bcounters);int equal_pubkey(struct msg_key *key1, struct msg_key *key2);int do_rsa_decrypt(struct msg_key *keyrep, unsigned char *sk, int sk_len);int create_tunnels(struct bindingentry *binding, struct hashtable *thash, int highest_FA);int check_confirmed_data(struct bindingentry *binding, struct msg_extensions *ext);struct unconfirmed_request *add_unconfirmed_data(struct bindingtable *bhash, struct binding_counters *bcounters, struct bindingentry *binding, struct msg_extensions *ext, struct packet_from_info *info, struct fa_config *config);void unconfirmed_to_binding(struct bindingentry *binding, struct unconfirmed_request *unc);void check_unconfirmed_timeout(struct bindingentry *binding);void remove_binding_tunnels(struct bindingentry *binding, struct hashtable *thash, struct binding_counters *bcounters);void check_bindings(struct bindingtable *bhash, struct hashtable *thash, struct binding_counters *bcounters);int is_sender_mobile(struct msg_extensions *ext);int info_send(int type, int status, void *data, int len);struct challenge_ext * create_challenge_ext(struct fa_config *config, int type);int equal_challenge(struct challenge_ext *c1, struct challenge_ext *c2);void setup_device_forcing(struct tunnel_data *t_data);int packet_socket_send(struct packet_from_info *dst, const unsigned char *msg, int len);#endif /* FA_H */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -