1 /* $NetBSD: nattraversal.h,v 1.7 2010/09/22 07:34:51 vanhu Exp $ */ 2 3 /* 4 * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany. 5 * Contributed by: Michal Ludvig <mludvig (at) suse.cz>, SUSE Labs 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #ifndef _NATTRAVERSAL_H 34 #define _NATTRAVERSAL_H 35 36 #include "vendorid.h" 37 38 #define NAT_ANNOUNCED (1L<<0) 39 #define NAT_DETECTED_ME (1L<<1) 40 #define NAT_DETECTED_PEER (1L<<2) 41 #define NAT_PORTS_CHANGED (1L<<3) 42 #define NAT_KA_QUEUED (1L<<4) 43 #define NAT_ADD_NON_ESP_MARKER (1L<<5) 44 45 #define NATT_AVAILABLE(_ph1) ((_ph1)->natt_flags & NAT_ANNOUNCED) 46 47 #define NAT_DETECTED (NAT_DETECTED_ME | NAT_DETECTED_PEER) 48 49 #define NON_ESP_MARKER_LEN sizeof(u_int32_t) 50 #define NON_ESP_MARKER_USE(_ph1) ((_ph1)->natt_flags & NAT_ADD_NON_ESP_MARKER) 51 52 /* These are the values from parsing "remote {}" 53 block of the config file. */ 54 #define NATT_OFF FLASE /* = 0 */ 55 #define NATT_ON TRUE /* = 1 */ 56 #define NATT_FORCE 2 57 58 struct ph1natt_options { 59 int version; 60 u_int16_t float_port; 61 u_int16_t mode_udp_tunnel; 62 u_int16_t mode_udp_transport; 63 u_int16_t encaps_type; /* ESPINUDP / ESPINUDP_NON_IKE */ 64 u_int16_t mode_udp_diff; 65 u_int16_t payload_nat_d; 66 u_int16_t payload_nat_oa; 67 }; 68 69 struct ph2natt { 70 u_int8_t type; 71 u_int16_t sport; 72 u_int16_t dport; 73 struct sockaddr *oa; 74 u_int16_t frag; 75 }; 76 77 int natt_vendorid (int vid); 78 vchar_t *natt_hash_addr (struct ph1handle *iph1, struct sockaddr *addr); 79 int natt_compare_addr_hash (struct ph1handle *iph1, vchar_t *natd_received, int natd_seq); 80 int natt_udp_encap (int encmode); 81 int natt_fill_options (struct ph1natt_options *opts, int version); 82 void natt_float_ports (struct ph1handle *iph1); 83 void natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric); 84 85 86 struct payload_list * 87 isakmp_plist_append_natt_vids (struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]); 88 89 90 /* NAT keepalive functions */ 91 void natt_keepalive_init (void); 92 int natt_keepalive_add (struct sockaddr *src, struct sockaddr *dst); 93 int natt_keepalive_add_ph1 (struct ph1handle *iph1); 94 void natt_keepalive_remove (struct sockaddr *src, struct sockaddr *dst); 95 96 /* Walk through all rmconfigs and tell if NAT-T is enabled in at least one. */ 97 int natt_enabled_in_rmconf (void); 98 99 #endif /* _NATTRAVERSAL_H */ 100