1 /*	$NetBSD: nattraversal.h,v 1.6 2006/09/09 16:22:09 manu Exp $	*/
2 
3 /*
4  * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
5  * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the project nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 #ifndef _NATTRAVERSAL_H
34 #define _NATTRAVERSAL_H
35 
36 #include "vendorid.h"
37 
38 #define	NAT_ANNOUNCED		(1L<<0)
39 #define	NAT_DETECTED_ME		(1L<<1)
40 #define	NAT_DETECTED_PEER	(1L<<2)
41 #define	NAT_PORTS_CHANGED	(1L<<3)
42 #define	NAT_KA_QUEUED		(1L<<4)
43 #define	NAT_ADD_NON_ESP_MARKER	(1L<<5)
44 
45 #define	NATT_AVAILABLE(ph1)	((iph1)->natt_flags & NAT_ANNOUNCED)
46 
47 #define	NAT_DETECTED	(NAT_DETECTED_ME | NAT_DETECTED_PEER)
48 
49 #define	NON_ESP_MARKER_LEN	sizeof(u_int32_t)
50 #define	NON_ESP_MARKER_USE(iph1)	((iph1)->natt_flags & NAT_ADD_NON_ESP_MARKER)
51 
52 /* These are the values from parsing "remote {}"
53    block of the config file. */
54 #define NATT_OFF	FLASE	/* = 0 */
55 #define NATT_ON		TRUE	/* = 1 */
56 #define NATT_FORCE	2
57 
58 struct ph1natt_options {
59   int		version;
60   u_int16_t	float_port;
61   u_int16_t	mode_udp_tunnel;
62   u_int16_t	mode_udp_transport;
63   u_int16_t	encaps_type; /* ESPINUDP / ESPINUDP_NON_IKE */
64   u_int16_t	mode_udp_diff;
65   u_int16_t	payload_nat_d;
66   u_int16_t	payload_nat_oa;
67 };
68 
69 struct ph2natt {
70   u_int8_t	type;
71   u_int16_t	sport;
72   u_int16_t	dport;
73   struct sockaddr	*oa;
74   u_int16_t	frag;
75 };
76 
77 int natt_vendorid (int vid);
78 vchar_t *natt_hash_addr (struct ph1handle *iph1, struct sockaddr *addr);
79 int natt_compare_addr_hash (struct ph1handle *iph1, vchar_t *natd_received, int natd_seq);
80 int natt_udp_encap (int encmode);
81 int natt_fill_options (struct ph1natt_options *opts, int version);
82 void natt_float_ports (struct ph1handle *iph1);
83 void natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric);
84 
85 
86 struct payload_list *
87 isakmp_plist_append_natt_vids (struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]);
88 
89 
90 /* NAT keepalive functions */
91 void natt_keepalive_init (void);
92 int natt_keepalive_add (struct sockaddr *src, struct sockaddr *dst);
93 int natt_keepalive_add_ph1 (struct ph1handle *iph1);
94 void natt_keepalive_remove (struct sockaddr *src, struct sockaddr *dst);
95 
96 /* Walk through all rmconfigs and tell if NAT-T is enabled in at least one. */
97 int natt_enabled_in_rmconf (void);
98 
99 #endif /* _NATTRAVERSAL_H */
100