2 * OpenConnect (SSL + DTLS) VPN client
4 * Copyright © 2008-2011 Intel Corporation.
5 * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
7 * Author: David Woodhouse <dwmw2@infradead.org>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * version 2.1, as published by the Free Software Foundation.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to:
21 * Free Software Foundation, Inc.
22 * 51 Franklin Street, Fifth Floor,
23 * Boston, MA 02110-1301 USA
26 #ifndef __OPENCONNECT_INTERNAL_H__
27 #define __OPENCONNECT_INTERNAL_H__
29 #include "openconnect.h"
31 #include <openssl/ssl.h>
34 #include <sys/socket.h>
35 #include <sys/select.h>
37 #include <sys/types.h>
39 #ifdef OPENCONNECT_LIBPROXY
44 /****************************************************************************/
56 struct vpn_option *next;
62 #define KA_KEEPALIVE 3
65 struct keepalive_info {
75 struct split_include {
77 struct split_include *next;
80 #define RECONNECT_INTERVAL_MIN 10
81 #define RECONNECT_INTERVAL_MAX 100
83 #define CERT_TYPE_UNKNOWN 0
84 #define CERT_TYPE_PEM 1
85 #define CERT_TYPE_PKCS12 2
86 #define CERT_TYPE_TPM 3
88 struct openconnect_info {
100 #ifdef OPENCONNECT_LIBPROXY
101 pxProxyFactory *proxy_factory;
107 const char *localname;
117 const char *servercert;
118 const char *xmlconfig;
119 char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
128 int no_http_keepalive;
130 char *cookie; /* Pointer to within cookies list */
131 struct vpn_option *cookies;
132 struct vpn_option *cstp_options;
133 struct vpn_option *dtls_options;
137 struct keepalive_info ssl_times;
138 int owe_ssl_dpd_response;
139 struct pkt *deflate_pkt;
140 struct pkt *current_ssl_pkt;
142 z_stream inflate_strm;
143 uint32_t inflate_adler32;
144 z_stream deflate_strm;
145 uint32_t deflate_adler32;
148 int reconnect_timeout;
149 int reconnect_interval;
150 int dtls_attempt_period;
151 time_t new_dtls_started;
155 SSL_SESSION *dtls_session;
156 struct keepalive_info dtls_times;
157 unsigned char dtls_session_id[32];
158 unsigned char dtls_secret[48];
167 const char *vpn_addr;
168 const char *vpn_netmask;
169 const char *vpn_addr6;
170 const char *vpn_netmask6;
171 const char *vpn_dns[3];
172 const char *vpn_nbns[3];
173 const char *vpn_domain;
174 const char *vpn_proxy_pac;
175 struct split_include *split_includes;
176 struct split_include *split_excludes;
192 struct pkt *incoming_queue;
193 struct pkt *outgoing_queue;
197 socklen_t peer_addrlen;
198 struct sockaddr *peer_addr;
199 struct sockaddr *dtls_addr;
206 int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert, const char *reason);
207 int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
208 int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form);
210 void __attribute__ ((format(printf, 3, 4)))
211 (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
216 #define AC_PKT_DATA 0 /* Uncompressed data */
217 #define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */
218 #define AC_PKT_DPD_RESP 4 /* DPD response */
219 #define AC_PKT_DISCONN 5 /* Client disconnection notice */
220 #define AC_PKT_KEEPALIVE 7 /* Keepalive */
221 #define AC_PKT_COMPRESSED 8 /* Compressed data */
222 #define AC_PKT_TERM_SERVER 9 /* Server kick */
225 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
226 #define method_const const
231 /****************************************************************************/
234 int setup_tun(struct openconnect_info *vpninfo);
235 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
236 void shutdown_tun(struct openconnect_info *vpninfo);
239 unsigned char unhex(const char *data);
240 int setup_dtls(struct openconnect_info *vpninfo);
241 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
242 int dtls_try_handshake(struct openconnect_info *vpninfo);
243 int connect_dtls_socket(struct openconnect_info *vpninfo);
246 int make_cstp_connection(struct openconnect_info *vpninfo);
247 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
248 int cstp_bye(struct openconnect_info *vpninfo, char *reason);
249 int cstp_reconnect(struct openconnect_info *vpninfo);
252 int __attribute__ ((format (printf, 2, 3)))
253 openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
254 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
255 int openconnect_open_https(struct openconnect_info *vpninfo);
256 void openconnect_close_https(struct openconnect_info *vpninfo);
257 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
259 void report_ssl_errors(struct openconnect_info *vpninfo);
262 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
263 int vpn_mainloop(struct openconnect_info *vpninfo);
264 int queue_new_packet(struct pkt **q, void *buf, int len);
265 void queue_packet(struct pkt **q, struct pkt *new);
266 int keepalive_action(struct keepalive_info *ka, int *timeout);
267 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
272 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
275 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
276 char *request_body, int req_len, char **method,
277 char **request_body_type);
280 char *openconnect_create_useragent(char *base);
281 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
282 int internal_parse_url(char *url, char **res_proto, char **res_host,
283 int *res_port, char **res_path, int default_port);
286 int set_openssl_ui(void);
289 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
290 int add_securid_pin(char *token, char *pin);
293 extern char openconnect_version[];
295 #endif /* __OPENCONNECT_INTERNAL_H__ */