--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/vpnengine/ikev1lib/inc/ikev1private.h Thu Dec 17 09:14:51 2009 +0200
@@ -0,0 +1,179 @@
+/*
+* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* This module contains the private vendor specific extension of IKE.
+* All of the current private extensions are related to Nokia VPN gateway
+* and shall be used ONLY when the EPOC IKE is acting as a Nokia VPN remote
+* access client.
+* The following private extension are implemented:
+*
+* 1) Internal Address payload usage
+* Internal address payload is used to the deliver a secure network
+* adderess and secure network DNS address(es) from VPN gateway to a client.
+* The Internal address payloads are used in the last two IKE main mode
+* messages as follows:
+*
+* Client (initiator) Gateway (responder)
+* .. SA, KE ... --->
+* <--- ..SA, KE ...
+* HDR*, INT_ADDR --->
+* <--- HDR*, INT_ADDR
+*
+* Client sends an INT_ADDR payload with PRI_INTERNAL_ADDRESS attribute
+* Attribute value is 0.0.0.0.
+*
+* Gateway responds with an INT_ADDR payload with PRI_INTERNAL_ADDRESS
+* attribute containing client internal address x.y.z.w
+* Gateway INT_ADDR payload may also contain attributes PRI_INTERNAL_DNS and
+* PRI_INTERNAL_WINS. PRI_INTERNAL_DNS contains a list of DNS IP addresses and
+* PRI_INTERNAL_WINS a list of WINS IP addresses.
+*
+*
+* 2) The NAT Traversal probing
+* The expanded Vendor-Id payload usage for the NAT Traversal probing.
+* The expanded Vendor-Id payloads contains the following information:
+*
+* Client (initiator) Gateway (responder)
+* VID(hash, ip_addr, port) --->
+* <--- VID(hash, detected_ip_addr,
+* detected_port)
+*
+* Client sends a expanded Vendor-Id payload containing the following information:
+* hash = Nokia VPN vendor specific hash data (used to recognize peer)
+* ip_addr = Client IKE own IP address
+* port = Client IKE own port (=500)
+*
+* Gateway responds with expanded Vendor-Id payload containing the following information:
+* hash = Nokia VPN vendor specific hash data (used to recognize peer)
+* detected_ip_addr = Client IP address as detected in received IKE message
+* IP header (=source IP address)
+* detected_port = Client port as detected in received IKE message
+* UDP header (=source port)
+*
+* Both client and gateway do the following examination
+* if ( ip_addr != detected_ip_addr ) || ( port != detected_port )
+* then NAT Traversal shall be used IPSEC ESP traffic between
+* the client and gateway
+*
+* Nokia VPN specific NAT Traversal means that IPSEC ESP traffic shall be
+* capsulated with UDP header.
+* The used UDP port for that purpose is 9872
+*/
+
+#ifndef IKEV1PRIVATE_H
+#define IKEV1PRIVATE_H
+
+#include <f32file.h>
+#include "ikemsgheader.h"
+
+
+class TIkev1IsakmpStream;
+class CIkeIPSocket;
+class CIkeData;
+class TVendorISAKMP;
+class TINTNETISAKMP;
+class CInternalAddress;
+class TInetAddr;
+
+TInt ConstructVendorId(TBool aNATProbe,
+ TUint8 *aICOOKIE,
+ TUint8 *aRCOOKIE,
+ TInetAddr &aLocalAddr,
+ TVendorISAKMP *vendor_payload);
+TInt BuildVendorIdHash(TUint8 *aICOOKIE,
+ TUint8 *aRCOOKIE,
+ TUint8 *hash_data);
+TBool ProcessVendorId(TBool *aFamiliarPeer,
+ TUint8 *aICOOKIE,
+ TUint8 *aRCOOKIE,
+ TInetAddr &aLocalAddr,
+ TVendorISAKMP *aVendorPayload);
+void BuildDPDVendorId(TIkev1IsakmpStream &aMsg);
+TBool CheckDPDVendorId(const TVendorISAKMP *aVendorPayload);
+CInternalAddress* ProcessIntNetL(TINTNETISAKMP *aIntNetpayload);
+
+TBool InsertVPNInterfaceL(CInternalAddress *aInternalAddr, CIkeIPSocket *aSocket, TUint32 *aIfNbr, RFs *aFS);
+TBool RemoveVPNInterfaceL(CInternalAddress *aInternalAddr, CIkeIPSocket *aSocket, TUint32 *aIfNbr, RFs *aFS);
+TBool AddVPNRoute(CInternalAddress *aInternalAddr, CIkeIPSocket *aSocket,
+ TInetAddr &aDstAddr, TInetAddr &aDstMask);
+TInt CheckCredentials(CIkeData *aHostData);
+/*---------------------------------------------------------------------------
+ *
+ * Expanded Vendor Id payload option VENDOR_OPTION_NAT_TRAVERSAL handling:
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ! sin_lth ! sin_family ! sin_port !
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ! sin_addr !
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ! !
+ * . Zero * 2(?) .
+ * ! !
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ *
+ *---------------------------------------------------------------------------*/
+#define SIN_LTH 16 // VENDOR_OPTION_NAT_TRAVERSAL data part length
+#define SIN_FAMILY 2 // = IPv4 Address
+
+
+class TNATTOption
+ {
+public:
+ inline void InitOption() { Mem::FillZ(&u.iData8[0], SIN_LTH);
+ u.iData8[0] = SIN_LTH; u.iData8[1] = SIN_FAMILY;}
+ inline void SetPort(TUint16 aPort) { PUT16(&u.iData8[2], aPort);}
+ inline void SetAddress(TUint32 aAddr) { PUT32(&u.iData8[4], aAddr);}
+ inline TUint16 GetPort() {return (TUint16)GET16(&u.iData8[2]);}
+ inline TUint32 GetAddress() {return (TUint32)GET32(&u.iData8[4]);}
+private:
+ union
+ {
+ TUint32 iData32[4];
+ TUint16 iData16[8];
+ TUint8 iData8[16];
+ } u;
+ };
+
+/*---------------------------------------------------------------------------
+ *
+ * Expanded Vendor Id payload option VENDOR_OPTION_VERSION handling:
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ! MAJOR VERSION ! MINOR VERSION !
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ *---------------------------------------------------------------------------*/
+#define VERSION_LTH 4 // VENDOR_OPTION_VERSION data part length
+#define MAJOR_VERSION 3 // ???????????!!!!!!!!!!!!!!!!????????????
+#define MINOR_VERSION 3 // ???????????!!!!!!!!!!!!!!!!????????????
+
+class TVersionOption
+ {
+public:
+ inline void SetVersion(TUint16 aMajor,
+ TUint16 aMinor) { PUT16(&u.iData8[0], aMajor);
+ PUT16(&u.iData8[2], aMinor);}
+private:
+ union
+ {
+ TUint32 iData32[1];
+ TUint16 iData16[2];
+ TUint8 iData8[4];
+ } u;
+ };
+
+#endif // IKEV1PRIVATE_H