1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
/*
* Copyright (C) 2010 Tobias Brunner
* Hochschule fuer Technik Rapperswil
* Copyright (C) 2002-2003 Mathieu Lafon
* Arkoon Network Security
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef _NAT_TRAVERSAL_H
#define _NAT_TRAVERSAL_H
#include "packet.h"
#define NAT_TRAVERSAL_IETF_00_01 1
#define NAT_TRAVERSAL_IETF_02_03 2
#define NAT_TRAVERSAL_RFC 3
#define NAT_TRAVERSAL_NAT_BHND_ME 30
#define NAT_TRAVERSAL_NAT_BHND_PEER 31
#define NAT_TRAVERSAL_METHOD (0xffffffff - LELEM(30) - LELEM(31))
/**
* NAT-Traversal methods which need NAT-D
*/
#define NAT_T_WITH_NATD \
( LELEM(NAT_TRAVERSAL_IETF_00_01) | LELEM(NAT_TRAVERSAL_IETF_02_03) | \
LELEM(NAT_TRAVERSAL_RFC) )
/**
* NAT-Traversal methods which need NAT-OA
*/
#define NAT_T_WITH_NATOA \
( LELEM(NAT_TRAVERSAL_IETF_00_01) | LELEM(NAT_TRAVERSAL_IETF_02_03) | \
LELEM(NAT_TRAVERSAL_RFC) )
/**
* NAT-Traversal methods which use NAT-KeepAlive
*/
#define NAT_T_WITH_KA \
( LELEM(NAT_TRAVERSAL_IETF_00_01) | LELEM(NAT_TRAVERSAL_IETF_02_03) | \
LELEM(NAT_TRAVERSAL_RFC) )
/**
* NAT-Traversal methods which use floating port
*/
#define NAT_T_WITH_PORT_FLOATING \
( LELEM(NAT_TRAVERSAL_IETF_02_03) | LELEM(NAT_TRAVERSAL_RFC) )
/**
* NAT-Traversal methods which use officials values (RFC)
*/
#define NAT_T_WITH_RFC_VALUES \
( LELEM(NAT_TRAVERSAL_RFC) )
/**
* NAT-Traversal detected
*/
#define NAT_T_DETECTED \
( LELEM(NAT_TRAVERSAL_NAT_BHND_ME) | LELEM(NAT_TRAVERSAL_NAT_BHND_PEER) )
/**
* NAT-T Port Floating
*/
#define NAT_T_IKE_FLOAT_PORT 4500
void init_nat_traversal (bool activate, unsigned int keep_alive_period,
bool fka, bool spf);
extern bool nat_traversal_enabled;
extern bool nat_traversal_support_non_ike;
extern bool nat_traversal_support_port_floating;
/**
* NAT-D
*/
void nat_traversal_natd_lookup(struct msg_digest *md);
#ifndef PB_STREAM_UNDEFINED
bool nat_traversal_add_natd(u_int8_t np, pb_stream *outs,
struct msg_digest *md);
#endif
/**
* NAT-OA
*/
void nat_traversal_natoa_lookup(struct msg_digest *md);
#ifndef PB_STREAM_UNDEFINED
bool nat_traversal_add_natoa(u_int8_t np, pb_stream *outs,
struct state *st);
#endif
/**
* NAT-keep_alive
*/
void nat_traversal_new_ka_event (void);
void nat_traversal_ka_event (void);
void nat_traversal_show_result (u_int32_t nt, u_int16_t sport);
int nat_traversal_espinudp_socket (int sk, u_int32_t type);
/**
* Vendor ID
*/
#ifndef PB_STREAM_UNDEFINED
bool nat_traversal_add_vid(u_int8_t np, pb_stream *outs);
#endif
u_int32_t nat_traversal_vid_to_method(unsigned short nat_t_vid);
void nat_traversal_change_port_lookup(struct msg_digest *md, struct state *st);
/**
* New NAT mapping
*/
void process_nat_t_new_mapping(u_int32_t reqid, u_int32_t spi,
ip_address *new_end);
/**
* IKE port floating
*/
bool
nat_traversal_port_float(struct state *st, struct msg_digest *md, bool in);
/**
* Encapsulation mode macro (see demux.c)
*/
#define NAT_T_ENCAPSULATION_MODE(st,nat_t_policy) ( \
((st)->nat_traversal & NAT_T_DETECTED) \
? ( ((nat_t_policy) & POLICY_TUNNEL) \
? ( ((st)->nat_traversal & NAT_T_WITH_RFC_VALUES) \
? (ENCAPSULATION_MODE_UDP_TUNNEL_RFC) \
: (ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS) \
) \
: ( ((st)->nat_traversal & NAT_T_WITH_RFC_VALUES) \
? (ENCAPSULATION_MODE_UDP_TRANSPORT_RFC) \
: (ENCAPSULATION_MODE_UDP_TRANSPORT_DRAFTS) \
) \
) \
: ( ((st)->st_policy & POLICY_TUNNEL) \
? (ENCAPSULATION_MODE_TUNNEL) \
: (ENCAPSULATION_MODE_TRANSPORT) \
) \
)
#endif /* _NAT_TRAVERSAL_H */
|
