diff options
Diffstat (limited to 'src/openvpn/proto.h')
-rw-r--r-- | src/openvpn/proto.h | 236 |
1 files changed, 236 insertions, 0 deletions
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h new file mode 100644 index 0000000..8cd4ede --- /dev/null +++ b/src/openvpn/proto.h @@ -0,0 +1,236 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef PROTO_H +#define PROTO_H + +#include "common.h" +#include "buffer.h" + +#pragma pack(1) + +/* + * Tunnel types + */ +#define DEV_TYPE_UNDEF 0 +#define DEV_TYPE_NULL 1 +#define DEV_TYPE_TUN 2 /* point-to-point IP tunnel */ +#define DEV_TYPE_TAP 3 /* ethernet (802.3) tunnel */ + +/* TUN topologies */ + +#define TOP_UNDEF 0 +#define TOP_NET30 1 +#define TOP_P2P 2 +#define TOP_SUBNET 3 + +/* + * IP and Ethernet protocol structs. For portability, + * OpenVPN needs its own definitions of these structs, and + * names have been adjusted to avoid collisions with + * native structs. + */ + +#define OPENVPN_ETH_ALEN 6 /* ethernet address length */ +struct openvpn_ethhdr +{ + uint8_t dest[OPENVPN_ETH_ALEN]; /* destination ethernet addr */ + uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */ + +# define OPENVPN_ETH_P_IPV4 0x0800 /* IPv4 protocol */ +# define OPENVPN_ETH_P_IPV6 0x86DD /* IPv6 protocol */ +# define OPENVPN_ETH_P_ARP 0x0806 /* ARP protocol */ + uint16_t proto; /* packet type ID field */ +}; + +struct openvpn_arp { +# define ARP_MAC_ADDR_TYPE 0x0001 + uint16_t mac_addr_type; /* 0x0001 */ + + uint16_t proto_addr_type; /* 0x0800 */ + uint8_t mac_addr_size; /* 0x06 */ + uint8_t proto_addr_size; /* 0x04 */ + +# define ARP_REQUEST 0x0001 +# define ARP_REPLY 0x0002 + uint16_t arp_command; /* 0x0001 for ARP request, 0x0002 for ARP reply */ + + uint8_t mac_src[OPENVPN_ETH_ALEN]; + in_addr_t ip_src; + uint8_t mac_dest[OPENVPN_ETH_ALEN]; + in_addr_t ip_dest; +}; + +struct openvpn_iphdr { +# define OPENVPN_IPH_GET_VER(v) (((v) >> 4) & 0x0F) +# define OPENVPN_IPH_GET_LEN(v) (((v) & 0x0F) << 2) + uint8_t version_len; + + uint8_t tos; + uint16_t tot_len; + uint16_t id; + +# define OPENVPN_IP_OFFMASK 0x1fff + uint16_t frag_off; + + uint8_t ttl; + +# define OPENVPN_IPPROTO_IGMP 2 /* IGMP protocol */ +# define OPENVPN_IPPROTO_TCP 6 /* TCP protocol */ +# define OPENVPN_IPPROTO_UDP 17 /* UDP protocol */ + uint8_t protocol; + + uint16_t check; + uint32_t saddr; + uint32_t daddr; + /*The options start here. */ +}; + +/* + * IPv6 header + */ +struct openvpn_ipv6hdr { + uint8_t version_prio; + uint8_t flow_lbl[3]; + uint16_t payload_len; + uint8_t nexthdr; + uint8_t hop_limit; + + struct in6_addr saddr; + struct in6_addr daddr; +}; + + +/* + * UDP header + */ +struct openvpn_udphdr { + uint16_t source; + uint16_t dest; + uint16_t len; + uint16_t check; +}; + +/* + * TCP header, per RFC 793. + */ +struct openvpn_tcphdr { + uint16_t source; /* source port */ + uint16_t dest; /* destination port */ + uint32_t seq; /* sequence number */ + uint32_t ack_seq; /* acknowledgement number */ + +# define OPENVPN_TCPH_GET_DOFF(d) (((d) & 0xF0) >> 2) + uint8_t doff_res; + +# define OPENVPN_TCPH_FIN_MASK (1<<0) +# define OPENVPN_TCPH_SYN_MASK (1<<1) +# define OPENVPN_TCPH_RST_MASK (1<<2) +# define OPENVPN_TCPH_PSH_MASK (1<<3) +# define OPENVPN_TCPH_ACK_MASK (1<<4) +# define OPENVPN_TCPH_URG_MASK (1<<5) +# define OPENVPN_TCPH_ECE_MASK (1<<6) +# define OPENVPN_TCPH_CWR_MASK (1<<7) + uint8_t flags; + + uint16_t window; + uint16_t check; + uint16_t urg_ptr; +}; + +#define OPENVPN_TCPOPT_EOL 0 +#define OPENVPN_TCPOPT_NOP 1 +#define OPENVPN_TCPOPT_MAXSEG 2 +#define OPENVPN_TCPOLEN_MAXSEG 4 + +struct ip_tcp_udp_hdr { + struct openvpn_iphdr ip; + union { + struct openvpn_tcphdr tcp; + struct openvpn_udphdr udp; + } u; +}; + +#pragma pack() + +/* + * The following macro is used to update an + * internet checksum. "acc" is a 32-bit + * accumulation of all the changes to the + * checksum (adding in old 16-bit words and + * subtracting out new words), and "cksum" + * is the checksum value to be updated. + */ +#define ADJUST_CHECKSUM(acc, cksum) { \ + int _acc = acc; \ + _acc += (cksum); \ + if (_acc < 0) { \ + _acc = -_acc; \ + _acc = (_acc >> 16) + (_acc & 0xffff); \ + _acc += _acc >> 16; \ + (cksum) = (uint16_t) ~_acc; \ + } else { \ + _acc = (_acc >> 16) + (_acc & 0xffff); \ + _acc += _acc >> 16; \ + (cksum) = (uint16_t) _acc; \ + } \ +} + +#define ADD_CHECKSUM_32(acc, u32) { \ + acc += (u32) & 0xffff; \ + acc += (u32) >> 16; \ +} + +#define SUB_CHECKSUM_32(acc, u32) { \ + acc -= (u32) & 0xffff; \ + acc -= (u32) >> 16; \ +} + +/* + * We are in a "liberal" position with respect to MSS, + * i.e. we assume that MSS can be calculated from MTU + * by subtracting out only the IP and TCP header sizes + * without options. + * + * (RFC 879, section 7). + */ +#define MTU_TO_MSS(mtu) (mtu - sizeof(struct openvpn_iphdr) \ + - sizeof(struct openvpn_tcphdr)) + +/* + * If raw tunnel packet is IPv4, return true and increment + * buffer offset to start of IP header. + */ +bool is_ipv4 (int tunnel_type, struct buffer *buf); + +#ifdef PACKET_TRUNCATION_CHECK +void ipv4_packet_size_verify (const uint8_t *data, + const int size, + const int tunnel_type, + const char + *prefix, + counter_type *errors); +#endif + +#endif |