2
* OpenConnect (SSL + DTLS) VPN client
4
* Copyright © 2008 Intel Corporation.
6
* Author: David Woodhouse <dwmw2@infradead.org>
8
* This program is free software; you can redistribute it and/or
9
* modify it under the terms of the GNU Lesser General Public License
10
* version 2.1, as published by the Free Software Foundation.
12
* This program is distributed in the hope that it will be useful, but
13
* WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15
* Lesser General Public License for more details.
17
* You should have received a copy of the GNU Lesser General Public
18
* License along with this library; if not, write to:
20
* Free Software Foundation, Inc.
21
* 51 Franklin Street, Fifth Floor,
22
* Boston, MA 02110-1301 USA
25
#ifndef __OPENCONNECT_ANYCONNECT_H
26
#define __OPENCONNECT_ANYCONNECT_H
28
#include <openssl/ssl.h>
31
#include <sys/socket.h>
32
#include <sys/select.h>
34
#include <sys/types.h>
48
struct vpn_option *next;
54
#define KA_KEEPALIVE 3
57
struct keepalive_info {
67
struct split_include {
69
struct split_include *next;
72
#define RECONNECT_INTERVAL_MIN 10
73
#define RECONNECT_INTERVAL_MAX 100
75
struct openconnect_info {
78
char sid_tokencode[9];
79
char sid_nexttokencode[9];
81
const char *localname;
89
const char *xmlconfig;
90
char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
96
struct vpn_option *cookies;
97
struct vpn_option *cstp_options;
98
struct vpn_option *dtls_options;
102
struct keepalive_info ssl_times;
103
int owe_ssl_dpd_response;
104
struct pkt *deflate_pkt;
105
struct pkt *current_ssl_pkt;
107
z_stream inflate_strm;
108
uint32_t inflate_adler32;
109
z_stream deflate_strm;
110
uint32_t deflate_adler32;
112
int reconnect_timeout;
113
int reconnect_interval;
114
int dtls_attempt_period;
115
time_t new_dtls_started;
119
SSL_SESSION *dtls_session;
120
struct keepalive_info dtls_times;
121
unsigned char dtls_session_id[32];
122
unsigned char dtls_secret[48];
129
const char *vpn_addr;
130
const char *vpn_netmask;
131
const char *vpn_dns[3];
132
const char *vpn_nbns[3];
133
const char *vpn_domain;
134
struct split_include *split_includes;
146
struct pkt *incoming_queue;
147
struct pkt *outgoing_queue;
151
socklen_t peer_addrlen;
152
struct sockaddr *peer_addr;
155
const char *useragent;
159
int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert);
160
int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
162
void __attribute__ ((format(printf, 3, 4)))
163
(*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
173
#define AC_PKT_DATA 0 /* Uncompressed data */
174
#define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */
175
#define AC_PKT_DPD_RESP 4 /* DPD response */
176
#define AC_PKT_DISCONN 5 /* Client disconnection notice */
177
#define AC_PKT_KEEPALIVE 7 /* Keepalive */
178
#define AC_PKT_COMPRESSED 8 /* Compressed data */
179
#define AC_PKT_TERM_SERVER 9 /* Server kick */
183
int setup_tun(struct openconnect_info *vpninfo);
184
int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
187
int setup_dtls(struct openconnect_info *vpninfo);
188
int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
189
int dtls_try_handshake(struct openconnect_info *vpninfo);
190
int connect_dtls_socket(struct openconnect_info *vpninfo);
193
int make_cstp_connection(struct openconnect_info *vpninfo);
194
int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
195
int cstp_bye(struct openconnect_info *vpninfo, char *reason);
198
void openconnect_init_openssl(void);
199
int __attribute__ ((format (printf, 2, 3)))
200
openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
201
int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
202
int openconnect_open_https(struct openconnect_info *vpninfo);
203
void openconnect_close_https(struct openconnect_info *vpninfo);
209
int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
210
int vpn_mainloop(struct openconnect_info *vpninfo);
211
int queue_new_packet(struct pkt **q, int type, void *buf, int len);
212
void queue_packet(struct pkt **q, struct pkt *new);
213
int keepalive_action(struct keepalive_info *ka, int *timeout);
214
int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
219
int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
222
int openconnect_obtain_cookie(struct openconnect_info *vpninfo);
223
char *openconnect_create_useragent(char *base);
226
int set_openssl_ui(void);
229
int generate_securid_tokencodes(struct openconnect_info *vpninfo);
230
int add_securid_pin(char *token, char *pin);
233
extern char openconnect_version[];
235
#endif /* __OPENCONNECT_ANYCONNECT_H */