1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/* Libreswan NAT-Traversal
* Copyright (C) 2002-2003 Mathieu Lafon - Arkoon Network Security
* Copyright (C) 2005 Michael Richardson <mcr@xelerance.com>
* Copyright (C) 2012-2013 Paul Wouters <pwouters@redhat.com>
* Copyright (C) 2013 D. Hugh Redelmeier <hugh@mimosa.com>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef _NAT_TRAVERSAL_H_
#define _NAT_TRAVERSAL_H_
#include "demux.h"
#include "lswalloc.h"
#include "state.h"
#include "ike_spi.h"
struct hash_desc;
extern deltatime_t nat_keepalive_period;
/*
* NAT-Traversal defines for nat_traversal type from nat_traversal.h
*/
/**
* NAT-Traversal methods that need NAT-D
*/
#if 0
/* not used anymore, since this is true for all supported natt methods */
#define NAT_T_WITH_NATD \
( LELEM(NAT_TRAVERSAL_METHOD_IETF_02_03) | \
LELEM(NAT_TRAVERSAL_METHOD_IETF_05) | \
LELEM(NAT_TRAVERSAL_METHOD_IETF_RFC) )
#endif
/**
* NAT-Traversal methods that need NAT-OA (Original Address)
*/
#define NAT_T_WITH_NATOA \
( LELEM(NAT_TRAVERSAL_METHOD_IETF_02_03) | \
LELEM(NAT_TRAVERSAL_METHOD_IETF_05) | \
LELEM(NAT_TRAVERSAL_METHOD_IETF_RFC) )
/**
* NAT-Traversal methods that use NAT-KeepAlive
*/
#define NAT_T_WITH_KA \
( LELEM(NAT_TRAVERSAL_METHOD_IETF_02_03) | \
LELEM(NAT_TRAVERSAL_METHOD_IETF_05) | \
LELEM(NAT_TRAVERSAL_METHOD_IETF_RFC) )
/**
* NAT-Traversal methods that use officials values (RFC)
*/
#define NAT_T_WITH_RFC_VALUES \
LELEM(NAT_TRAVERSAL_METHOD_IETF_RFC)
/**
* NAT-Traversal methods that use officials values (RFC) for encapsulation
*/
#define NAT_T_WITH_ENCAPSULATION_RFC_VALUES \
( LELEM(NAT_TRAVERSAL_METHOD_IETF_RFC) )
/**
* NAT-Traversal detected
*/
bool nat_traversal_detected(struct state *st);
void init_nat_traversal_timer(deltatime_t keep_alive_period, struct logger *logger);
void nat_traversal_change_port_lookup(struct msg_digest *md, struct state *st);
/**
* IKE port floating
*/
bool nat_traversal_port_float(struct state *st, struct msg_digest *md,
bool in);
/* NAT-T IKEv2 v2N */
void natd_lookup_common(struct state *st,
const ip_endpoint sender,
bool found_me, bool found_peer);
struct crypt_mac natd_hash(const struct hash_desc *hasher,
const ike_spis_t *spis,
const ip_endpoint endpoint,
struct logger *logger);
/**
* NAT-keep_alive
*/
void schedule_v2_nat_keepalive(struct ike_sa *ike, where_t where);
void schedule_v1_nat_keepalive(struct state *st);
void event_v1_nat_keepalive(struct state *st);
void event_v2_nat_keepalive(struct ike_sa *ike);
#endif /* _NAT_TRAVERSAL_H_ */
|
