GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7c3900176e4b1e5a1b986ca2cd5b9ae0a73474d4
ocserv/src/vpn.h
Nikos Mavrogiannopoulos 7c3900176e Send X-CSTP-Version and read hostname.
2013-02-05 19:31:57 +01:00

164 lines
4.0 KiB
C
Raw Blame History

#ifndef VPN_H
#define VPN_H
#include <config.h>
#include <gnutls/gnutls.h>
#include <http-parser/http_parser.h>
#include <syslog.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <net/if.h>
#define AC_PKT_DATA 0 /* Uncompressed data */
#define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */
#define AC_PKT_DPD_RESP 4 /* DPD response */
#define AC_PKT_DISCONN 5 /* Client disconnection notice */
#define AC_PKT_KEEPALIVE 7 /* Keepalive */
#define AC_PKT_COMPRESSED 8 /* Compressed data */
#define AC_PKT_TERM_SERVER 9 /* Server kick */
extern int syslog_open;
#define MAX(x,y) ((x)>(y)?(x):(y))
/* the first is generic, for the methods that require a username password */
#define AUTH_TYPE_USERNAME_PASS (1<<0)
#define AUTH_TYPE_PAM (1<<1 | AUTH_TYPE_USERNAME_PASS)
#define AUTH_TYPE_CERTIFICATE (1<<2)
struct vpn_st {
const char *name; /* device name */
const char *ipv4_netmask;
const char *ipv4;
const char *ipv4_local; /* local IPv4 address */
const char *ipv6_netmask;
const char *ipv6;
const char *ipv6_local; /* local IPv6 address */
const char *ipv4_dns;
const char *ipv6_dns;
unsigned int mtu;
const char **routes;
unsigned int routes_size;
};
struct cfg_st {
const char *name;
unsigned int port;
const char *cert;
const char *key;
const char *ca;
const char *crl;
const char *cert_user_oid; /* The OID that will be used to extract the username */
unsigned int auth_types; /* or'ed sequence of AUTH_TYPE */
gnutls_certificate_request_t cert_req;
const char *priorities;
const char *chroot_dir; /* where the xml files are served from */
time_t cookie_validity; /* in seconds */
unsigned auth_timeout; /* timeout of HTTP auth */
unsigned keepalive;
const char *cookie_db;
unsigned foreground;
unsigned max_clients;
const char *connect_script;
const char *disconnect_script;
uid_t uid;
gid_t gid;
/* the tun network */
struct vpn_st network;
};
#include <tun.h>
#define MAX_USERNAME_SIZE 64
#define MAX_PASSWORD_SIZE 64
#define TLS_MASTER_SIZE 48
#define COOKIE_SIZE 32
struct tls_st {
gnutls_certificate_credentials_t xcred;
gnutls_priority_t cprio;
};
typedef enum {
UP_DISABLED,
UP_SETUP,
UP_HANDSHAKE,
UP_INACTIVE,
UP_ACTIVE
} udp_port_state_t;
#define MAX_HOSTNAME_SIZE MAX_USERNAME_SIZE
typedef struct worker_st {
struct tls_st *creds;
gnutls_session_t session;
gnutls_session_t dtls_session;
int cmd_fd;
int conn_fd;
http_parser *parser;
struct cfg_st *config;
struct sockaddr_storage remote_addr; /* peer's address */
socklen_t remote_addr_len;
/* set after authentication */
int udp_fd;
udp_port_state_t udp_state;
unsigned int udp_port;
int udp_port_proto;
/* the following are set only if authentication is complete */
char tun_name[IFNAMSIZ];
char username[MAX_USERNAME_SIZE];
char hostname[MAX_HOSTNAME_SIZE];
uint8_t cookie[COOKIE_SIZE];
uint8_t master_secret[TLS_MASTER_SIZE];
uint8_t session_id[GNUTLS_MAX_SESSION_ID];
unsigned auth_ok;
int tun_fd;
} worker_st;
enum {
HEADER_COOKIE = 1,
HEADER_MASTER_SECRET,
HEADER_HOSTNAME,
};
struct req_data_st {
char url[256];
char hostname[MAX_HOSTNAME_SIZE];
unsigned int next_header;
unsigned char cookie[COOKIE_SIZE];
unsigned int cookie_set;
unsigned char master_secret[TLS_MASTER_SIZE];
unsigned int master_secret_set;
char *body;
unsigned int headers_complete;
unsigned int message_complete;
};
void vpn_server(struct worker_st* ws);
const char *human_addr(const struct sockaddr *sa, socklen_t salen,
void *buf, size_t buflen);
void __attribute__ ((format(printf, 3, 4)))
oclog(const worker_st * server, int priority, const char *fmt, ...);
/* Helper casts */
#define SA_IN_P(p) (&((struct sockaddr_in *)(p))->sin_addr)
#define SA_IN_U8_P(p) ((uint8_t*)(&((struct sockaddr_in *)(p))->sin_addr))
#define SA_IN6_P(p) (&((struct sockaddr_in6 *)(p))->sin6_addr)
#define SA_IN6_U8_P(p) ((uint8_t*)(&((struct sockaddr_in6 *)(p))->sin6_addr))
#define SA_IN_PORT(p) (((struct sockaddr_in *)(p))->sin_port)
#define SA_IN6_PORT(p) (((struct sockaddr_in6 *)(p))->sin6_port)
#endif
Reference in New Issue View Git Blame Copy Permalink