OpenHIP 0.9svn1
|
00001 /* -*- Mode:cc-mode; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ 00002 /* vim: set ai sw=2 ts=2 et cindent cino={1s: */ 00003 /* 00004 * Host Identity Protocol 00005 * Copyright (c) 2002-2012 the Boeing Company 00006 * 00007 * Permission is hereby granted, free of charge, to any person obtaining a copy 00008 * of this software and associated documentation files (the "Software"), to deal 00009 * in the Software without restriction, including without limitation the rights 00010 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 00011 * copies of the Software, and to permit persons to whom the Software is 00012 * furnished to do so, subject to the following conditions: 00013 * 00014 * The above copyright notice and this permission notice shall be included in 00015 * all copies or substantial portions of the Software. 00016 * 00017 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 00018 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 00019 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 00020 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 00021 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 00022 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 00023 * THE SOFTWARE. 00024 * 00025 * \file hip_types.h 00026 * 00027 * \authors Jeff Ahrenholz, <jeffrey.m.ahrenholz@boeing.com> 00028 * Tom Henderson, <thomas.r.henderson@boeing.com> 00029 * 00030 * \brief Data type definitions for the HIP protocol. 00031 * 00032 */ 00033 00034 #ifndef _HIP_TYPES_H_ 00035 #define _HIP_TYPES_H_ 00036 00037 /* XXX clean up type portability */ 00038 #if defined (__MACOSX__) 00039 #include <mac/mac_types.h> 00040 #elif defined (__WIN32__) 00041 #include <win32/types.h> 00042 #else /* Linux */ 00043 #include <asm/types.h> 00044 #endif 00045 00046 #ifdef __MACOSX__ 00047 #include <sys/types.h> 00048 #include <sys/time.h> 00049 #endif 00050 #ifdef __WIN32__ 00051 #include <winsock2.h> 00052 #else 00053 #include <sys/socket.h> /* sockaddr */ 00054 #include <netinet/in.h> 00055 #endif 00056 #include <sys/types.h> 00057 #include <openssl/bn.h> 00058 #include <openssl/hmac.h> 00059 #include <openssl/rsa.h> 00060 #include <time.h> 00061 00062 #include <hip/hip_proto.h> 00063 00064 #ifdef HIP_VPLS 00065 #define NIPQUAD(addr) \ 00066 ((unsigned char *)&addr)[0], \ 00067 ((unsigned char *)&addr)[1], \ 00068 ((unsigned char *)&addr)[2], \ 00069 ((unsigned char *)&addr)[3] 00070 #endif 00071 00072 /* 00073 * Implementation configuration options 00074 */ 00075 #define HIP_CONF_FILENAME "hip.conf" 00076 #define HIP_MYID_FILENAME "my_host_identities.xml" 00077 #define HIP_KNOWNID_FILENAME "known_host_identities.xml" 00078 #define HIP_REG_FILENAME "registered_host_identities.xml" 00079 #define HIP_PUB_PREFIX "" 00080 #define HIP_PUB_SUFFIX "_host_identities.pub.xml" 00081 00082 #define HIP_LOCK_FILENAME "hip.pid" 00083 #define HIP_LOG_FILENAME "hip.log" 00084 00085 /* 00086 * Implementation limits 00087 */ 00088 #define MAX_HITS 255 00089 #define MAX_CONNECTIONS MAX_HITS 00090 #define MAX_OPAQUE_SIZE 255 /* how many bytes we may echo in response */ 00091 #define MAX_HI_NAMESIZE 255 /* number of bytes for HI Domain Identifier */ 00092 #define MAX_HI_BITS 2048 /* number of bits of largest HI accepted - this 00093 * may limit the time spent w/ DSA verification */ 00094 #define MAX_LOCATORS 8 /* number of LOCATORs accepted in an UPDATE message */ 00095 00096 #define MAX_REGISTRATIONS 1024 00097 #define MAX_REGISTRATION_TYPES 8 /* number of registration services */ 00098 #ifdef HIP_VPLS 00099 #define MAX_LEGACY_HOSTS 255 /* how many legacy hosts can attached to endbox */ 00100 #endif /* HIP_VPLS */ 00101 #define MAX_MR_CLIENTS MAX_CONNECTIONS /* Number of mobile router clients */ 00102 00103 /* 00104 * IPsec-related constants 00105 */ 00106 #define DSA_PRIV 20 /* Size in bytes of DSA private key and Q value */ 00107 #define HIP_KEY_SIZE 24 /* Must be large enough to hold largest possible key */ 00108 #define HIP_DSA_SIG_SIZE 41 /* T(1) + R(20) + S(20) from RFC 2536 */ 00109 #define MAX_SIG_SIZE 512 /* RFC 3110 4096-bits max RSA length */ 00110 #define NUMKEYS 8 /* HIP, HMAC, HIP, HMAC, ESP, AUTH, ESP, AUTH */ 00111 #define KEYMAT_SIZE (4 * NUMKEYS * HIP_KEY_SIZE) /* 768 bytes, enough space for 00112 * 32 ESP keys */ 00113 #define MAX_CERT_LEN 128 /* max lengh of a certificate URL */ 00114 /* 3DES keys = 192 bits, 24 bytes; SHA-1 keys = 160 bits, 20 bytes. 00115 * We need 4 3DES and 2 SHA for our 6 keys, 136 bytes, so 144 is enough. 00116 */ 00117 00118 /* 00119 * Protocol constants 00120 */ 00121 #define HIP_RES_SHIM6_BITS 0x01 00122 00123 00124 #define H_PROTO_UDP 17 00125 00126 00127 /* 00128 * Miscellaneous constants and enums 00129 */ 00130 #define TRUE 1 00131 #define FALSE 0 00132 /* 00133 * #define UNKNOWN -1 00134 */ 00135 #define SPI_RESERVED 255 00136 #define HIP_ALIGN 4 00137 #define R1_CACHE_SIZE 8 00138 #define ACCEPTABLE_R1_COUNT_RANGE 2 00139 #ifndef HIP_UPDATE_BIND_CHECKS 00140 #define HIP_UPDATE_BIND_CHECKS 5 00141 #endif 00142 00143 /* Messages from the ESP input/output thread to hipd */ 00144 typedef enum { 00145 ESP_ACQUIRE_LSI = 1, 00146 ESP_EXPIRE_SPI, 00147 ESP_UDP_CTL, 00148 ESP_ADDR_LOSS, 00149 } ESP_MESSAGES; 00150 00151 typedef struct _espmsg { 00152 __u8 message_type; 00153 __u32 message_data; 00154 } espmsg; 00155 00156 /* Unoffical Registration states */ 00157 00158 typedef enum { 00159 REG_OFFERED, 00160 REG_REQUESTED, 00161 REG_SEND_RESP, 00162 REG_GRANTED, 00163 REG_SEND_FAILED, 00164 REG_FAILED, 00165 REG_SEND_CANCELLED, 00166 REG_CANCELLED 00167 } REG_STATES; 00168 00169 /* Official Failure Codes */ 00170 00171 typedef enum { 00172 REG_FAIL_REQ_ADD_CRED = 0, 00173 REG_FAIL_TYPE_UNAVAIL 00174 } REQ_FAILURE_CODES; 00175 00176 /* 00177 * Macros 00178 */ 00179 #define DBG(x) x /* Debugging */ 00180 #define TDIFF(a, b) ((a).tv_sec - (b).tv_sec) /* Time diff in seconds */ 00181 00182 /* get pointer to IP from a sockaddr 00183 * useful for inet_ntop calls */ 00184 #define SA2IP(x) (((struct sockaddr*)x)->sa_family == AF_INET) ? \ 00185 (__u8*)&((struct sockaddr_in*)x)->sin_addr : \ 00186 (__u8*)&((struct sockaddr_in6*)x)->sin6_addr 00187 /* get socket address length in bytes */ 00188 #define SALEN(x) (((struct sockaddr*)x)->sa_family == AF_INET) ? \ 00189 sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6) 00190 /* get IP address length in bytes */ 00191 #define SAIPLEN(x) (((struct sockaddr*)x)->sa_family == AF_INET) ? 4 : 16 00192 /* get (__u16) port from socket address */ 00193 #define SA2PORT(x) (((struct sockaddr*)x)->sa_family == AF_INET) ? \ 00194 ((struct sockaddr_in*)x)->sin_port : \ 00195 ((struct sockaddr_in6*)x)->sin6_port 00196 /* cast to sockaddr */ 00197 #define SA(x) ((struct sockaddr*)x) 00198 00199 /* boolean to text yes/no */ 00200 #define yesno(x) x ? "yes" : "no" 00201 00202 /* Host Identity Tag is 128 bits long */ 00203 #define HIT_SIZE 16 00204 /* The below prefix applies to the uppermost 28 bits only (RFC 4843) */ 00205 #define HIT_PREFIX_SHA1_32BITS 0x20010010 00206 /* convert lower 24-bits of HIT to LSI */ 00207 #define HIT2LSI(a) (0x01000000L | \ 00208 ((a[HIT_SIZE - 3] << 16) + \ 00209 (a[HIT_SIZE - 2] << 8) + (a[HIT_SIZE - 1]))) 00210 00211 /* compute the exponent of registration lifetime */ 00212 #define YLIFE(x) ((float)x - (float)64) / (float)8 00213 00214 /* 00215 * typedefs 00216 */ 00217 typedef __u8 hip_hit[HIT_SIZE]; /* 16-byte (128 bit) Host Identity Tag */ 00218 00219 00220 #ifdef __WIN32__ 00221 typedef HANDLE hip_mutex_t; 00222 typedef HANDLE hip_cond_t; /* not implemented for WIN32 */ 00223 #else 00224 typedef pthread_mutex_t hip_mutex_t; 00225 typedef pthread_cond_t hip_cond_t; 00226 #endif 00227 00228 #define HIP_KEEPALIVE_TIMEOUT 20 00229 00230 /* 00231 * UDP header, used for UDP encapsulation 00232 */ 00233 typedef struct _udphdr { 00234 __u16 src_port; 00235 __u16 dst_port; 00236 __u16 len; 00237 __u16 checksum; 00238 } udphdr; 00239 00240 /* 00241 * HIP header 00242 * This HIP protocol header defines the structure of HIP packets. 00243 */ 00244 typedef struct _hiphdr { 00245 __u8 nxt_hdr; /* payload protocol */ 00246 __u8 hdr_len; /* header length */ 00247 __u8 packet_type; /* packet type */ 00248 00249 #if defined(__MACOSX__) && defined(__BIG_ENDIAN__) 00250 __u8 version : 4,res : 4; /* Endian - not OSX specific */ 00251 #else 00252 __u8 res : 4,version : 4; /* version, reserved */ 00253 #endif 00254 __u16 checksum; /* checksum */ 00255 __u16 control; /* control */ 00256 hip_hit hit_sndr; /* Sender's Host Identity Tag */ 00257 hip_hit hit_rcvr; /* Receiver's Host Identity Tag */ 00258 /* HIP TLV parameters follow ... */ 00259 } hiphdr; 00260 00261 /* 00262 * HIP Cookie 00263 */ 00264 typedef struct _hipcookie { 00265 __u8 k; 00266 __u8 lifetime; 00267 __u16 opaque; 00268 __u64 i __attribute__ ((packed)); 00269 } hipcookie; 00270 00271 struct key_entry { 00272 int type; 00273 int length; 00274 __u8 key[HIP_KEY_SIZE]; 00275 }; 00276 00277 struct rekey_info { 00278 __u32 update_id; /* to be ACKed */ 00279 __u32 new_spi; /* SPI that will be adopted */ 00280 __u16 keymat_index; /* keymat index */ 00281 __u8 need_ack; /* set to FALSE when update_id has been ACKed */ 00282 __u8 dh_group_id; /* new DH group given by peer */ 00283 DH *dh; /* new DH given by the peer */ 00284 struct timeval rk_time; /* creation time, so struct can be freed */ 00285 }; 00286 00287 /* timers for tracking loss multihoming state */ 00288 struct multihoming_info { 00289 struct timeval mh_time; /* time since we are in multi-h. state*/ 00290 struct timeval mh_last_loss; /* time of last loss report */ 00291 struct sockaddr_storage mh_addr; /* address having reported loss */ 00292 }; 00293 00294 /* 00295 * HIP Packet Entry 00296 */ 00297 struct hip_packet_entry { 00298 __u8 *packet; 00299 int len; 00300 struct timeval xmit_time; 00301 __u32 retransmits; 00302 struct sockaddr_storage dst; /* for address checks */ 00303 }; 00304 00305 /* 00306 * Registration types 00307 */ 00308 struct reg_info { 00309 __u8 type; 00310 int state; 00311 struct timeval state_time; 00312 __u8 failure_code; 00313 __u8 lifetime; 00314 struct reg_info *next; 00315 }; 00316 00317 struct reg_entry { 00318 int number; 00319 struct reg_info *reginfos; 00320 __u8 min_lifetime; 00321 __u8 max_lifetime; 00322 }; 00323 00324 /* 00325 * HIP association entry 00326 * 00327 */ 00328 typedef struct _hip_assoc { 00329 /* Identities */ 00330 struct _hi_node *hi; 00331 struct _hi_node *peer_hi; 00332 /* Misc. state variables */ 00333 int state; 00334 struct timeval state_time; 00335 struct timeval use_time; 00336 __u64 used_bytes_in; 00337 __u64 used_bytes_out; 00338 __u32 spi_in; 00339 __u32 spi_out; 00340 __u32 spi_nat; 00341 hipcookie cookie_r; 00342 __u64 cookie_j; 00343 struct hip_packet_entry rexmt_cache; 00344 struct opaque_entry *opaque; 00345 struct reg_entry *regs; /* registrations with registrar or client */ 00346 struct rekey_info *rekey; /* new parameters to use after REKEY */ 00347 struct rekey_info *peer_rekey; /* peer's REKEY data from UPDATE */ 00348 struct _tlv_from *from_via; /* including FROM in I1 or VIA RVS in R1 */ 00349 struct multihoming_info *mh; /* state for loss multihoming */ 00350 /* Other crypto */ 00351 __u16 hip_transform; 00352 __u16 esp_transform; 00353 __u16 available_transforms; /* bit mask used to flag available xfrms */ 00354 __u8 dh_group_id; 00355 DH *dh; 00356 DH *peer_dh; /* needed for rekeying */ 00357 __u8 *dh_secret; /* without packing, these cause memset segfaults! */ 00358 __u16 keymat_index; 00359 __u16 mr_keymat_index; 00360 __u8 keymat[KEYMAT_SIZE]; 00361 struct key_entry keys[NUMKEYS]; 00362 struct key_entry mr_key; 00363 __u8 preserve_outbound_policy; 00364 __u8 udp; 00365 #ifdef __MACOSX__ 00366 __u16 ipfw_rule; 00367 #endif 00368 } hip_assoc; 00369 #define HIPA_SRC(h) ((struct sockaddr*)&h->hi->addrs.addr) 00370 #define HIPA_DST(h) ((struct sockaddr*)&h->peer_hi->addrs.addr) 00371 #define HIPA_SRC_LSI(h) ((struct sockaddr*)&h->hi->lsi) 00372 #define HIPA_DST_LSI(h) ((struct sockaddr*)&h->peer_hi->lsi) 00373 00374 /* 00375 * list of struct sockaddrs 00376 */ 00377 typedef struct _sockaddr_list 00378 { 00379 struct _sockaddr_list *next; 00380 struct sockaddr_storage addr; /* 128 bytes, enough to store any size */ 00381 int if_index; /* link index */ 00382 int lifetime; /* address lifetime in seconds*/ 00383 int status; /* status from enum ADDRESS_STATES */ 00384 int preferred; /* set to TRUE if it's a new pending preferred addr */ 00385 __u32 nonce; /* random value for address verification */ 00386 struct timeval creation_time; 00387 } sockaddr_list; 00388 00389 /* 00390 * R1 Cache 00391 */ 00392 typedef struct _r1_cache_entry 00393 { 00394 /* the precomputed R1 packet */ 00395 __u8 *packet; 00396 int len; 00397 /* stored cookie solutions */ 00398 hipcookie *current_puzzle; /* the cookie that is in packet */ 00399 hipcookie *previous_puzzle; /* old cookie */ 00400 /* the DH context used in the R1 */ 00401 struct _dh_cache_entry *dh_entry; 00402 /* time of entry creation */ 00403 struct timeval creation_time; 00404 } r1_cache_entry; 00405 00406 /* For reference: struct DSA definition from openssl/dsa.h */ 00407 /* 00408 * struct dsa_st { 00409 * 00410 * * This first variable is used to pick up errors where 00411 * * a DSA is passed instead of of a EVP_PKEY * 00412 * int pad; 00413 * int version; 00414 * int write_params; 00415 * BIGNUM *p; 00416 * BIGNUM *q; * == 20 * 00417 * BIGNUM *g; 00418 * 00419 * BIGNUM *pub_key; * y public key * 00420 * BIGNUM *priv_key; * x private key * 00421 * 00422 * ... (plus some other fields not used in HIP) 00423 */ 00424 00425 typedef struct _hi_node { 00426 struct _hi_node *next; 00427 hip_hit hit; 00428 struct sockaddr_storage lsi; 00429 00430 hip_mutex_t *rvs_mutex; /* Sync for DNS rvs resolving threads */ 00431 00432 /* 00433 * Do not try to contact the node until the 00434 * RVS servers are resolved. 00435 */ 00436 hip_cond_t *rvs_cond; 00437 int *rvs_count; /* Number of RVS DNS petitions still to 00438 * resolve */ 00439 int *copies; /* Number of copies of the mutex structures */ 00440 00441 /* 00442 * List of hostnames of all RVS servers as received from the 00443 * DNS server. 00444 * (Double zero ended list) 00445 */ 00446 char **rvs_hostnames; 00447 00448 /* 00449 * List of IP addresses corresponding to the RVS hostnames. 00450 * Each hostname can be resolved to multiple addresses or 00451 * to none, so there cannot be direct 1-1 reationship between 00452 * RVS hostnames and addresses. 00453 */ 00454 struct _sockaddr_list **rvs_addrs; 00455 00456 /* 00457 * IP address is needed to select a HIT corresponding to 00458 * an IP address. This value needs update upon readdress. 00459 * Only the first entry of addrs is used for hip_assoc, 00460 * while the list addrs->next is populated when building the 00461 * HI tables. 00462 */ 00463 hip_mutex_t addrs_mutex; /* provide DHT thread synchronization */ 00464 struct _sockaddr_list addrs; 00465 /* Key data */ 00466 int size; /* Size in bytes of the Host Identity */ 00467 DSA *dsa; /* HI in DSA format */ 00468 RSA *rsa; /* HI in RSA format */ 00469 struct _r1_cache_entry r1_cache[R1_CACHE_SIZE]; /* the R1 cache */ 00470 __u64 r1_gen_count; /* R1 generation counter */ 00471 __u32 update_id; /* this host's Update ID */ 00472 /* Options */ 00473 char algorithm_id; 00474 char anonymous; 00475 char allow_incoming; 00476 char skip_addrcheck; 00477 char name[MAX_HI_NAMESIZE]; 00478 int name_len; /* use this instead of strlen() */ 00479 } hi_node; 00480 00481 #ifdef HIP_VPLS 00482 struct peer_node 00483 { 00484 hip_hit hit; 00485 int size; /* Size in bytes of the Host Identity */ 00486 __u64 r1_gen_count; 00487 char algorithm_id; 00488 char anonymous; 00489 char allow_incoming; 00490 char skip_addrcheck; 00491 char name[MAX_HI_NAMESIZE]; 00492 struct _sockaddr_list **rvs_addrs; 00493 }; 00494 #endif /* HIP_VPLS */ 00495 00496 /* DH Cache 00497 */ 00498 typedef struct _dh_cache_entry 00499 { 00500 struct _dh_cache_entry *next; /* the cache is a linked-list */ 00501 __u8 group_id; /* can have various group_ids */ 00502 DH *dh; /* the Diffie-Hellman context */ 00503 __u8 is_current; /* if this is the latest DH context 00504 * for this group_id, then TRUE */ 00505 int ref_count; /* number of hip_assoc that point to this entry */ 00506 struct timeval creation_time; /* determines age */ 00507 } dh_cache_entry; 00508 00509 /* Opaque Data 00510 */ 00511 struct opaque_entry 00512 { 00513 __u16 opaque_len; 00514 __u8 opaque_data[MAX_OPAQUE_SIZE]; 00515 __u8 opaque_nosig; 00516 }; 00517 00518 typedef struct _pseudo_header6 00519 { 00520 unsigned char src_addr[16]; 00521 unsigned char dst_addr[16]; 00522 __u32 packet_length; 00523 char zero[3]; 00524 __u8 next_hdr; 00525 } pseudo_header6; 00526 00527 typedef struct _pseudo_header 00528 { 00529 unsigned char src_addr[4]; 00530 unsigned char dst_addr[4]; 00531 __u8 zero; 00532 __u8 protocol; 00533 __u16 packet_length; 00534 } pseudo_header; 00535 00536 /* 00537 * TLV parameters 00538 */ 00539 00540 typedef struct _tlv_head 00541 { 00542 __u16 type; 00543 __u16 length; 00544 } tlv_head; 00545 00546 typedef struct _tlv_esp_info 00547 { 00548 __u16 type; 00549 __u16 length; 00550 __u16 reserved; 00551 __u16 keymat_index; 00552 __u32 old_spi; 00553 __u32 new_spi; 00554 } tlv_esp_info; 00555 00556 typedef struct _tlv_r1_counter 00557 { 00558 __u16 type; 00559 __u16 length; 00560 __u32 reserved; 00561 __u64 r1_gen_counter; 00562 } tlv_r1_counter; 00563 00564 typedef struct _tlv_puzzle 00565 { 00566 __u16 type; 00567 __u16 length; 00568 hipcookie cookie; 00569 } tlv_puzzle; 00570 00571 typedef struct _tlv_solution 00572 { 00573 __u16 type; 00574 __u16 length; 00575 hipcookie cookie; 00576 __u64 j; 00577 } tlv_solution; 00578 00579 typedef struct _tlv_diffie_hellman 00580 { 00581 __u16 type; 00582 __u16 length; 00583 __u8 group_id; 00584 __u16 pub_len; 00585 __u8 pub[1]; /* variable length */ 00586 } __attribute__ ((packed)) tlv_diffie_hellman; 00587 00588 /* used for second DH public value */ 00589 typedef struct _tlv_diffie_hellman_pub_value 00590 { 00591 __u8 group_id; 00592 __u16 pub_len; 00593 __u8 pub[1]; /* variable length */ 00594 } __attribute__ ((packed)) tlv_diffie_hellman_pub_value; 00595 00596 typedef struct _tlv_hip_transform 00597 { 00598 __u16 type; 00599 __u16 length; 00600 __u16 transform_id; 00601 } tlv_hip_transform; 00602 00603 typedef struct _tlv_esp_transform 00604 { 00605 __u16 type; 00606 __u16 length; 00607 __u16 reserved; /* LSB is E-bit */ 00608 __u16 suite_id; 00609 } tlv_esp_transform; 00610 00611 typedef struct _tlv_encrypted 00612 { 00613 __u16 type; 00614 __u16 length; 00615 __u8 reserved[4]; 00616 __u8 iv[8]; /* 64-bits for 3-DES and Blowfish */ 00617 /* adjust for 128-bits if using AES */ 00618 __u8 enc_data[1]; /* variable length */ 00619 } tlv_encrypted; 00620 00621 typedef struct _tlv_host_id 00622 { 00623 __u16 type; 00624 __u16 length; 00625 __u16 hi_length; 00626 __u16 di_type_length; 00627 __u8 hi_hdr[4]; 00628 /* for DSA: for RSA: 00629 * __u8 hi_t; __u8 e_len 00630 * __u8 hi_q[DSA_PRIV]; __u8 e[1] or __u8 e[3]; 00631 * P, G, Y are here, variable __u8 n[]; variable 00632 * length based on t (64 + 3*t) 00633 * 00634 * also DI is variable 00635 * 00636 */ 00637 } tlv_host_id; 00638 00639 typedef struct _tlv_cert 00640 { 00641 __u16 type; 00642 __u16 length; 00643 __u8 cert_group; 00644 __u8 cert_count; 00645 __u8 cert_id; 00646 __u8 cert_type; 00647 __u8 certificate[1]; /* variable length */ 00648 } tlv_cert; 00649 00650 typedef struct _tlv_reg_info 00651 { 00652 __u16 type; 00653 __u16 length; 00654 __u8 min_lifetime; 00655 __u8 max_lifetime; 00656 __u8 reg_type; 00657 } tlv_reg_info; 00658 00659 typedef struct _tlv_reg_request 00660 { 00661 __u16 type; 00662 __u16 length; 00663 __u8 lifetime; 00664 __u8 reg_type; 00665 } tlv_reg_request; 00666 00667 typedef struct _tlv_reg_response 00668 { 00669 __u16 type; 00670 __u16 length; 00671 __u8 lifetime; 00672 __u8 reg_type; 00673 } tlv_reg_response; 00674 00675 typedef struct _tlv_reg_failed 00676 { 00677 __u16 type; 00678 __u16 length; 00679 __u8 fail_type; /* if 1, error in registration type */ 00680 __u8 reg_type; 00681 } tlv_reg_failed; 00682 00683 00684 typedef struct _tlv_echo /* response and request the same */ 00685 { 00686 __u16 type; 00687 __u16 length; 00688 __u8 opaque_data[1]; /* variable length */ 00689 00690 } tlv_echo; 00691 00692 typedef struct _tlv_hmac 00693 { 00694 __u16 type; 00695 __u16 length; 00696 __u8 hmac[20]; 00697 } tlv_hmac; 00698 00699 typedef struct _tlv_hip_sig 00700 { 00701 __u16 type; 00702 __u16 length; 00703 __u8 algorithm; 00704 __u8 signature[0]; /* variable length */ 00705 } tlv_hip_sig; 00706 00707 typedef struct _tlv_seq 00708 { 00709 __u16 type; 00710 __u16 length; 00711 __u32 update_id; 00712 } tlv_seq; 00713 00714 typedef struct _tlv_ack 00715 { 00716 __u16 type; 00717 __u16 length; 00718 __u32 peer_update_id; 00719 } tlv_ack; 00720 00721 typedef struct _tlv_notify 00722 { 00723 __u16 type; 00724 __u16 length; 00725 __u16 reserved; 00726 __u16 notify_type; 00727 __u8 notify_data[0]; /* variable length */ 00728 } tlv_notify; 00729 00730 typedef struct _locator 00731 { 00732 __u8 traffic_type; 00733 __u8 locator_type; 00734 __u8 locator_length; 00735 __u8 reserved; 00736 __u32 locator_lifetime; 00737 __u8 locator[20]; /* 32-bit SPI + 128-bit IPv6/IPv4-in-IPv6 address */ 00738 } locator; 00739 #define LOCATOR_PREFERRED 0x01 00740 #define LOCATOR_TRAFFIC_TYPE_BOTH 0x00 00741 #define LOCATOR_TRAFFIC_TYPE_SIGNALING 0x01 00742 #define LOCATOR_TRAFFIC_TYPE_DATA 0x02 00743 #define LOCATOR_TYPE_IPV6 0x00 00744 #define LOCATOR_TYPE_SPI_IPV6 0x01 00745 00746 typedef struct _tlv_locator 00747 { 00748 __u16 type; 00749 __u16 length; 00750 locator locator1[1]; /* one or more */ 00751 } tlv_locator; 00752 00753 typedef struct _tlv_from 00754 { 00755 __u16 type; 00756 __u16 length; 00757 __u8 address[16]; 00758 } tlv_from; 00759 00760 typedef struct _tlv_via_rvs 00761 { 00762 __u16 type; 00763 __u16 length; 00764 __u8 address[16]; 00765 } tlv_via_rvs; 00766 00767 typedef struct _tlv_proxy_ticket 00768 { 00769 __u16 type; 00770 __u16 length; 00771 hip_hit mn_hit; 00772 hip_hit peer_hit; 00773 __u8 hmac_key[20]; 00774 __u16 hmac_key_index; 00775 __u16 transform_type; 00776 __u16 action; 00777 __u16 lifetime; 00778 __u8 hmac[20]; 00779 } tlv_proxy_ticket; 00780 00781 typedef struct _tlv_auth_ticket 00782 { 00783 __u16 type; 00784 __u16 length; 00785 __u16 hmac_key_index; 00786 __u16 transform_type; 00787 __u16 action; 00788 __u16 lifetime; 00789 __u8 hmac[20]; 00790 } tlv_auth_ticket; 00791 00792 /* 00793 * Struct to use in the set_lifetime_thread 00794 */ 00795 typedef struct _thread_arg { 00796 hiphdr hip_header; 00797 tlv_reg_response resp; 00798 } thread_arg; 00799 00800 00801 /* 00802 * Logging 00803 */ 00804 typedef enum { 00805 D_DEFAULT, 00806 D_VERBOSE, 00807 D_QUIET, 00808 } DEBUG_MODES; 00809 00810 typedef enum { 00811 NORM, 00812 NORMT, 00813 WARN, 00814 ERR, 00815 QOUT, 00816 } LOG_LEVELS; 00817 00818 00819 /* 00820 * Global options 00821 */ 00822 struct hip_opt { 00823 int daemon; 00824 int debug; 00825 int debug_R1; 00826 int no_retransmit; 00827 int permissive; 00828 int opportunistic; 00829 int allow_any; 00830 struct sockaddr *trigger; 00831 int rvs; 00832 int mr; 00833 int mh; 00834 }; 00835 00836 struct name { 00837 char *name; 00838 struct name *next; 00839 }; 00840 00841 /* 00842 * Global configuration data 00843 */ 00844 struct hip_conf { 00845 __u32 cookie_difficulty; /* 2 raised to this power */ 00846 __u32 cookie_lifetime; /* valid 2^(life-32) seconds */ 00847 __u32 packet_timeout; /* seconds */ 00848 __u32 max_retries; /* retransmissions */ 00849 __u32 sa_lifetime; /* lifetime of SAs in seconds */ 00850 __u32 loc_lifetime; /* lifetime of locators in seconds */ 00851 char *preferred_hi; /* which HI to use */ 00852 __u8 send_hi_name; /* flag to include DI (FQDN) in HI */ 00853 __u8 dh_group; /* which DH group to propose in R1 */ 00854 __u32 dh_lifetime; /* seconds until DH expires */ 00855 __u32 r1_lifetime; /* seconds until an R1 is replaced */ 00856 __u32 failure_timeout; /* seconds to wait in state E_FAILED */ 00857 __u32 msl; /* max segment lifetime */ 00858 __u32 ual; /* seconds until unused SA expires */ 00859 __u16 esp_transforms[SUITE_ID_MAX]; /* ESP transforms proposed in R1 */ 00860 __u16 hip_transforms[SUITE_ID_MAX]; /* HIP transforms proposed in R1 */ 00861 char *log_filename; /* non-default pathname for log */ 00862 struct sockaddr_storage dht_server; /* address+port of DHT server */ 00863 struct sockaddr_storage dns_server; /* address of server w/HIP RRs */ 00864 __u8 disable_dns_lookups; /* T/F disable DNS lookups */ 00865 __u8 disable_notify; /* T/F disable sending NOTIFY packets */ 00866 __u8 disable_dns_thread; /* T/F disable DNS thread */ 00867 __u8 disable_udp; /* T/F disable sending HIP over UDP */ 00868 __u8 enable_bcast; /* T/F unicast packets from bcast LSI */ 00869 char *master_interface; 00870 char *master_interface2; 00871 struct sockaddr_storage preferred; /* preferred address */ 00872 struct sockaddr_storage ignored_addr; /* address to ignore */ 00873 char *preferred_iface; /* preferred interface name */ 00874 struct name *outbound_ifaces; /* if mobile router */ 00875 __u8 save_known_identities; /* save known_host_id's on exit */ 00876 __u8 save_my_identities; /* save my_host_id's on exit */ 00877 __u8 reg_types[MAX_REGISTRATION_TYPES]; /* registration types offered */ 00878 __u8 num_reg_types; /* number of registration types */ 00879 __u8 min_reg_lifetime; /* offered min registration lifetime */ 00880 __u8 max_reg_lifetime; /* offered max registration lifetime */ 00881 __u8 peer_certificate_required; 00882 #ifdef HIP_VPLS 00883 char *cfg_library; /* filename of configuration library */ 00884 __u8 use_my_identities_file; /* use my_host_identities file */ 00885 __u32 endbox_hello_time; /* frequency of endbox hellos on overlay 00886 */ 00887 __u32 endbox_allow_core_dump; /* whether or not to allow endbox to 00888 *core dump */ 00889 #endif /* HIP_VPLS */ 00890 char conf_filename[255]; 00891 char my_hi_filename[255]; 00892 char known_hi_filename[255]; 00893 }; 00894 00895 #endif /* _HIP_TYPES_H_*/ 00896 00897