2 * OpenConnect (SSL + DTLS) VPN client
4 * Copyright © 2008-2011 Intel Corporation.
5 * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
7 * Author: David Woodhouse <dwmw2@infradead.org>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * version 2.1, as published by the Free Software Foundation.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to:
21 * Free Software Foundation, Inc.
22 * 51 Franklin Street, Fifth Floor,
23 * Boston, MA 02110-1301 USA
26 #ifndef __OPENCONNECT_INTERNAL_H__
27 #define __OPENCONNECT_INTERNAL_H__
29 #include "openconnect.h"
31 #include <openssl/ssl.h>
34 #include <sys/socket.h>
35 #include <sys/select.h>
37 #include <sys/types.h>
39 #ifdef OPENCONNECT_LIBPROXY
44 /****************************************************************************/
56 struct vpn_option *next;
62 #define KA_KEEPALIVE 3
65 struct keepalive_info {
75 struct split_include {
77 struct split_include *next;
80 #define RECONNECT_INTERVAL_MIN 10
81 #define RECONNECT_INTERVAL_MAX 100
83 #define CERT_TYPE_UNKNOWN 0
84 #define CERT_TYPE_PEM 1
85 #define CERT_TYPE_PKCS12 2
86 #define CERT_TYPE_TPM 3
88 struct openconnect_info {
102 #ifdef OPENCONNECT_LIBPROXY
103 pxProxyFactory *proxy_factory;
109 const char *localname;
119 const char *servercert;
120 const char *xmlconfig;
121 char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
130 int no_http_keepalive;
133 struct vpn_option *cookies;
134 struct vpn_option *cstp_options;
135 struct vpn_option *dtls_options;
139 struct keepalive_info ssl_times;
140 int owe_ssl_dpd_response;
141 struct pkt *deflate_pkt;
142 struct pkt *current_ssl_pkt;
144 z_stream inflate_strm;
145 uint32_t inflate_adler32;
146 z_stream deflate_strm;
147 uint32_t deflate_adler32;
150 int reconnect_timeout;
151 int reconnect_interval;
152 int dtls_attempt_period;
153 time_t new_dtls_started;
157 SSL_SESSION *dtls_session;
158 struct keepalive_info dtls_times;
159 unsigned char dtls_session_id[32];
160 unsigned char dtls_secret[48];
169 const char *vpn_addr;
170 const char *vpn_netmask;
171 const char *vpn_addr6;
172 const char *vpn_netmask6;
173 const char *vpn_dns[3];
174 const char *vpn_nbns[3];
175 const char *vpn_domain;
176 const char *vpn_proxy_pac;
177 struct split_include *split_includes;
178 struct split_include *split_excludes;
194 struct pkt *incoming_queue;
195 struct pkt *outgoing_queue;
199 socklen_t peer_addrlen;
200 struct sockaddr *peer_addr;
201 struct sockaddr *dtls_addr;
208 int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert, const char *reason);
209 int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
210 int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form);
212 void __attribute__ ((format(printf, 3, 4)))
213 (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
218 #define AC_PKT_DATA 0 /* Uncompressed data */
219 #define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */
220 #define AC_PKT_DPD_RESP 4 /* DPD response */
221 #define AC_PKT_DISCONN 5 /* Client disconnection notice */
222 #define AC_PKT_KEEPALIVE 7 /* Keepalive */
223 #define AC_PKT_COMPRESSED 8 /* Compressed data */
224 #define AC_PKT_TERM_SERVER 9 /* Server kick */
227 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
228 #define method_const const
233 /****************************************************************************/
236 int setup_tun(struct openconnect_info *vpninfo);
237 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
238 void shutdown_tun(struct openconnect_info *vpninfo);
241 unsigned char unhex(const char *data);
242 int setup_dtls(struct openconnect_info *vpninfo);
243 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
244 int dtls_try_handshake(struct openconnect_info *vpninfo);
245 int connect_dtls_socket(struct openconnect_info *vpninfo);
248 int make_cstp_connection(struct openconnect_info *vpninfo);
249 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
250 int cstp_bye(struct openconnect_info *vpninfo, char *reason);
251 int cstp_reconnect(struct openconnect_info *vpninfo);
254 int __attribute__ ((format (printf, 2, 3)))
255 openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
256 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
257 int openconnect_open_https(struct openconnect_info *vpninfo);
258 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
260 void report_ssl_errors(struct openconnect_info *vpninfo);
263 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
264 int vpn_mainloop(struct openconnect_info *vpninfo);
265 int queue_new_packet(struct pkt **q, void *buf, int len);
266 void queue_packet(struct pkt **q, struct pkt *new);
267 int keepalive_action(struct keepalive_info *ka, int *timeout);
268 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
273 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
276 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
277 char *request_body, int req_len, char **method,
278 char **request_body_type);
281 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
284 int set_openssl_ui(void);
287 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
288 int add_securid_pin(char *token, char *pin);
291 extern char openconnect_version[];
293 #endif /* __OPENCONNECT_INTERNAL_H__ */