mn.h

Go to the documentation of this file.

/* $Id: mn.h,v 1.95 2001/09/30 09:00:48 jm Exp $
 * Header files for Mobile Node module
 *
 * Dynamic hierarchial IP tunnel
 * Copyright (C) 1998-2001, Dynamics group
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation. See README and COPYING for
 * more details.
 */

#ifndef MN_H
#define MN_H

#include "config.h"

#include <stdio.h>
#include <syslog.h>
#include <asm/types.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/un.h>
#ifdef DYN_TARGET_LINUX
#if 1
/* linux/wireless.h does not like net/if.h and wireless.h is not available
 * from glibc :( */
#include <linux/if.h>
#else
#include <net/if.h>
#endif
#endif
#ifdef DYN_TARGET_WINDOWS
#include "windows_extra.h"
#endif

#include "message.h"
#include "list.h"
#include "mn_agentadv.h"
#include "dyn_api.h"
#include "dyn_ip.h"

/* defines */

#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif

#define DEBUG_MESSAGES 'M'
#define DEBUG_STATES 'S'
#define DEBUG_INFO 'I'
#define DEBUG_API 'A'
#define DEBUG_AGENTADV '1'
#define DEBUG_HANDLERS '2'
#define DEBUG_TIMERS 't'

/* Comment this out, if you do not want to mess your
 * routing table during testing. (for example remotely) */
#define MN_ENABLE_TUNNELING

/* Comment out for running tests without message validation */
#define MN_ENABLE_VALIDATION

/* minimum time that must pass between two registration requests/solicitations
 * in microseconds (default: 1000000 usec = 1 sec)
 * Location update signal with API call clears the timers, so this does not
 * limit the locupd frequency */
#define MIN_REGISTRATION_DELAY 1000000
#define MIN_SOLICITATION_DELAY 1000000

#define ASSERT assert
#define MIN(x, y) (((x) < (y)) ? (x) : (y))
#define MAX(x, y) (((x) > (y)) ? (x) : (y))
#define LOG2(lev, fmt, args...) { DEBUG(DEBUG_INFO, fmt, ## args); \
  syslog(lev, fmt, ## args); }

/* Maximum message length */
#define MAXMSG 2048

#define MAX_INTERFACES 10
#define DEFAULT_INTERFACE_PRIORITY 100

#define SYSLOG_IDENT                        "mobile node"
#define SYSLOG_OPTIONS                      LOG_PID | LOG_CONS

/* general timer */
#define TIMER_GEN                           0
/* tunnel lifetime */
#define TIMER_LIFETIME                      1
/* lifetime of last advertisement */
#define TIMER_ADV                           2
/* time when last registration request was sent */
#define TIMER_REQUEST                       3
/* timer for next reregistration */
#define TIMER_REREG                         4
/* timer for wireless LAN AP handoff detection */
#define TIMER_WLAN_AP_POLL                  5
/* timer for agent solicitation sending */
#define TIMER_SOLICITATION                  6
#define TIMER_COUNT                         7


/* registration request types */
#define REG_DISC       0
#define REG_CONNECT    1
#define REG_REREG      2

/* connect types:
*   CON_HA: Connection approved by Home Agent
*   CON_FA: Connection approved by Foreign Agent */
#define CON_HA 0
#define CON_FA 1

/* state entry types */
#define STATE_INIT    0
#define STATE_TIMEOUT 1

/* number of seconds that the tunnel to the old FA is kept alive */
#define OLD_TUNNEL_EXTRA_TIME 3

/* Registration retry interval in seconds
 * Min interval is used as initial reply interval, but for each
 * successive retry, the timeout is doubled until
 * max time is reached */
#define MIN_REGISTRATION_TIME  1
#define MAX_REGISTRATION_TIME  32

#define DEREGISTRATION_INTERVAL 8

/* 10% priority degrade when first registration request fails */
#define DEFAULT_PRIO_DEGRADE_INITIAL 10    

/* Additional degrades: multiply last one. 
   E.g. 10%, 20%, 40%, 80%, 100% */
#define DEFAULT_PRIO_DEGRADE_FACTOR 2 

/* When agent advertisements are heard, degrade the priority
   degradation value by 10% (0.9) */
#define DEFAULT_PRIO_DEGRADE_DEGRADE 0.9  

/* Additional degrade percentage if mobility agent does not reply to a periodic
 * solicitation (add this to adv->prio_degrade_percent) */
#define SOLICITATION_PRIO_DEGRADE 10

/* Number of microseconds to wait for agent advertisement before considering
 * mobility agent not to have replied to agent solicitation */
#define MAX_AGENTSOL_REPLY_WAIT 1500000

/* Solicitation intervals in seconds (see RFC 2002, sec. 2.4) */
#define SOLICITATION_INTERVALS {1, 1, 1, 2, 4, 8, 16, 32, 64}

/* Randomized delay added to solicitation interval in usecs
 * (0 .. MAX_RANDOM_SOLICITATION_DELAY usecs is added to the delay)
 */
#define MAX_RANDOM_SOLICITATION_DELAY 500000

/* Normal reregistration time in seconds before tunnel lifetime ends */
#define NORMAL_REREGISTRATION_TIME  32

/* Re-register via AAA MN_AAA_REG_TIME seconds before expiration of dynamic
 * security association */
#define MN_AAA_REG_TIME 15

/* Max number of deregistration messages sent to HA in state Close for home */
#define MAX_DEREGISTRATION_TO_HA 5

/* Minimum allowed lifetime (in seconds) */
#define MIN_ALLOWED_LIFETIME  1

/* Maximum errors allowed during registration with HA */
#define MAX_HA_ERRORS 5


#define MN_CONF_FILE         "dynmnd.conf"
#define MN_LOCAL_CONF_FILE   MN_CONF_FILE
#define MN_GLOBAL_CONF_FILE  SYSCONFDIR "/" MN_CONF_FILE
/* The process id of the daemon is saved here to make it easier to
   kill the correct daemon when necessary. */
#define MN_PID_FILE           PIDDIR "/dynmnd.pid"

#define MAXFILENAMELEN                      256
#define MAXSHAREDSECRETLEN                  32
#define MAXDEVICENAMELEN                    80
#define MAXOWNERNAMELEN                     8
#define MAXGROUPNAMELEN                     8
#define MAXROUTELEN                         256

#define MN_DEFAULT_TUNNEL_LIFETIME          400
#define MN_DEFAULT_SYSLOG_FACILITY          LOG_LOCAL0

/* Uncomment this to bind UDP socket to a configurable
 * (dynmnd.conf: BindAddress, BindPort) address.
 * This can be used for testing several MNs on one machine with multiple alias
 * addressed. */
/* #define BIND_UDP_SOCKET */


#define MNDECAPS_ROUTE_DEFAULT 0
#define MNDECAPS_ROUTE_HOME_NET 1
#define MNDECAPS_ROUTE_NONE 2

#define TUNMODE_AUTO_REVERSE 1
#define TUNMODE_AUTO_TRIANGLE 2
#define TUNMODE_REVERSE 3
#define TUNMODE_TRIANGLE 4


/* States */

enum mobile_state {
        MN_STARTUP,
        MN_DISCONNECTED,
        MN_FIND_AGENT,
        MN_PASSIVE_FIND,
        MN_REQUEST_TUNNEL,
        MN_CONNECTED,
        MN_CLOSE_FOR_HOME,
        MN_AT_HOME,
        MN_ERROR,
        MN_STOP,
        MN_STATE_COUNT
};


/* structures */

struct fa_spi_entry {
        struct node node;
        int spi;
        struct in_addr addr;
        int alg;
        unsigned char shared_secret[MAXSHAREDSECRETLEN];
        int shared_secret_len;
        time_t created; /* 0:  static security association,
                         * != 0: timestamp of dynamic security association */
        unsigned int lifetime; /* for dynamic security associations:
                                * lifetime of the key in seconds */
};

struct ignore_iflist_entry {
        struct node node;
        char ifname[IFNAMSIZ];
};

struct dev_prio_entry {
        struct node node;
        int priority;
        unsigned char name[MAXDEVICENAMELEN];
};

struct alt_ha_entry {
        struct node node;
        struct in_addr addr;
};

struct mn_config {
        struct in_addr mn_home_ip_addr, mn_home_ip_addr_orig;
        struct in_addr ha_ip_addr, ha_ip_addr_orig;
        struct list alt_ha_ip_addrs;
        int use_hadisc;
        struct in_addr home_net_addr;
        int home_net_addr_plen;
        struct in_addr home_net_subnet_bc; /* from home_net_addr/plen */
        struct in_addr home_net_gateway;
        int mndecaps_route_handling;
        unsigned char shared_secret[MAXSHAREDSECRETLEN];
        int shared_secret_len;
        int spi;
        int auth_alg;
        int replay_meth;
        int udp_port;
        int enable_fa_decapsulation;
        int tunneling_mode;
        __u16 mn_default_tunnel_lifetime;
        int wlan_ap_poll_interval; /* interval in usec or -1 = disabled */
        int solicitation_interval; /* interval in usec or -1 = disabled */
        int syslog_facility;
        char mn_api_read_socket_path[MAXFILENAMELEN + 1];
        char mn_api_read_socket_group[MAXGROUPNAMELEN + 1];
        char mn_api_read_socket_owner[MAXOWNERNAMELEN + 1];
        int mn_api_read_socket_permissions;
        char mn_api_admin_socket_path[MAXFILENAMELEN + 1];
        char mn_api_admin_socket_group[MAXGROUPNAMELEN + 1];
        char mn_api_admin_socket_owner[MAXOWNERNAMELEN + 1];
        int mn_api_admin_socket_permissions;
        int socket_priority;
        struct list fa_spi_list;
        struct list ignore_iflist;
        struct list dev_prio_list;
        int enforce_routes;
        struct in_addr priv_ha_ip_addr;
        __u32 priv_ha;
        char mn_nai[MAX_NAI_LEN + 1];
        int mn_nai_len;
        char ha_nai[MAX_NAI_LEN + 1];
        int ha_nai_len;

        /* RFC 3012 */
        int use_aaa;
        int mn_aaa_spi;
        unsigned char mn_aaa_shared_secret[MAXSHAREDSECRETLEN];
        int mn_aaa_shared_secret_len;
        int mn_aaa_auth_alg;

        int mn_aaa_keygen_alg;

        time_t mn_ha_key_timestamp; /* timestamp for MN-HA key generation
                                     * using material from AAA */
        int mn_ha_key_lifetime; /* lifetime for MN-HA key generated by AAA,
                                 * 0 = infinite */
        int allow_home_addr_from_foreign_net;

#ifdef BIND_UDP_SOCKET
        struct in_addr bind_addr;
        unsigned short bind_port;
#endif
#ifdef INCLUDE_IPAY
        struct in_addr ipay_mn_addr;
        int ipay_mn_port;
        struct in_addr ipay_buyer_addr;
        int ipay_buyer_port;
        int ipay_fa_port;
#endif
};

struct interface_data {
        int s; /* socket */
        int s_adv;
        int index;
        int handlers_off;
        int priority;
        char device[IFNAMSIZ];
        struct timeval last_solicitation;
};

#ifdef INCLUDE_IPAY
struct nai_data {
        int len;
        char *nai;
};
#endif

struct mn_data {
        /* Is tunnel up? */
        int tunnel_up; /* if tunneling is working, i.e. if connection is
                          working. Mainly for get_mobile_status */
        int opt_connect; /* 1 = try to connect immediately */
        int registration_socket; /* Socket for registration requests and
                                  * replies */
        struct interface_data iface[MAX_INTERFACES];
        int device_count; /* number of available interfaces in the iface list
                           */
        int api_ro_socket, api_rw_socket; /* sockets for api calls */
        int rtnetlink_socket; /* socket for rtnetlink monitoring */
        int dev_info_sock; /* socket for device information query daemon */
        struct sockaddr_un dev_info_addr;
        __u32 registration_id[2]; /* id field of last sent registration request
                                   */
        __u32 last_nonce; /* last nonce received in a reply */
        int clock_correction; /* time difference to home agent's clock */
        struct current_route_info cur_route_info;
        struct timeval last_reg_send_time; /* time of last registration
                                            * sending */

        struct in_addr local_addr; /* address of mobile in connected network */
        struct in_addr co_addr; /* current care-of address of the MN */
        struct in_addr force_fa_addr; /* only accept this FA if != 0.0.0.0 */

        __u16 req_lifetime; /* lifetime to be requested */


        unsigned char *session_key; /* session key */
        unsigned int session_key_len; /* length of session key */

        /* State variables */
        enum mobile_state state; /* current state */
        struct in_addr fa_addr; /* address of current mobility agent (FA/HA),
                                 * for signalling, routing, tunneling */
        int expire_check; /* is it ok to monitor agent adv. expiring;
                           * set when received accepted registration 
                           * in handle_reg_accept(), and used in 
                           * get_next_timeout() */
        /* the data of the Dynamics extension, if it was sent */
        struct agent_adv_dynamics fa_dynamics_ext;
        struct agentadv_data *current_adv; /* advertisement matching the lowest
                                              mobilty agent we are currently 
                                              using */
        int ha_error_count; /* errors during registration with ha */
        __u8 last_reply_code;
        time_t last_reply_rcvd;
        time_t last_request_sent;

        /* tunneling variables */
        struct in_addr tunnel_addr; /* address used in tunnel FA endpoint */
        int tunnel_mode; /* API_TUNNEL_{NONE,FULL,TRIANGLE,FULL_HA} */
        int use_auth_alg; /* currently used authentication algorithm,
                           * same as config.auth_alg if HA is using standard
                           * method */
        struct hashtable *agentadv;
        char start_default_device[IFNAMSIZ]; /* device that was used when the
                                              * MN daemon was started */
        char *info_str; /* information text to the user */
        char *warn_str; /* warning text to the user */

        int prev_req_replied; /* whether the MN has received a reply to its
                               * previous request */
        struct fa_nai_ext *last_req_FA_NAI;
        unsigned long discarded_msgs;

        int HA_reg_retry_time; /* like adv->reg_retry_time but for direct
                                * HA registrations (that do not usually
                                * have received an agentadv) */

        struct challenge_ext *last_challenge_ext;
        struct timeval last_challenge_time;

        int try_to_fix_sec_assoc; /* whether MN should try to fix a dynamic
                                   * security association by reregistering */

        /* dynamic home address added by Dynamics MN (or 0 if not used);
         * this address will be removed when the binding expires/is removed */
        struct in_addr dynamic_home_addr;
        char dynamic_home_addr_dev[IFNAMSIZ];

        int aaa_rekey; /* 1 = try to rekey AAA-based security assoc. */

        int home_net_route_set_via_fa; /* whether home net is set via FA;
                                        * currently used only with Windows */

        struct timeval last_scheduled_solicitation;

        int policy_bits; /* Handoff policy */

        pid_t pcap_capturer;

#ifdef MN_LOCUPD_PROFILER
        FILE *profile;
        struct timeval last_api;
#endif
#ifdef INCLUDE_IPAY
        int ipay_sock;
        int ipay_sock_fa;
        struct nai_data nai;
        int ipay_in_use;
#endif
};


/* policy bit field operations */
#define POLICY_SET_BIT(bits, bit) (bits |= bit)
#define POLICY_CLR_BIT(bits, bit) (bits &= ~bit)
#define POLICY_BIT(bits, bit)     (bits &  bit)

#define POLICY(bit) POLICY_BIT(mn.policy_bits, bit)
#define POLICY_SET(bit) POLICY_SET_BIT(mn.policy_bits, bit)
#define POLICY_CLR(bit) POLICY_CLR_BIT(mn.policy_bits, bit)

/* POLICIES: */
#define DEFAULT_POLICY_BIT   0 /* average and treshold */
#define EARLY_EXPIRE_BIT     1 /* use own aging for agent advertisements */
#define NEWEST_FA_BIT        2 /* Use FA with newest agent advert. 
                                  (infra mode) */
#define EAGER_SWITCH_BIT     4 /* no average nor treshold */
#define NEWEST_ADV_BIT       8 /* use newest agent adv.; like NEWEST_FA, but
                                * without limiting threshold etc. */

#define EARLY_EXPIRE_STR       "Early-expire    "
#define NEWEST_FA_STR          "Newest-FA       "
#define EAGER_SWITCH_STR       "Eager-switching "
#define NEWEST_ADV_STR         "Newest-ADV      "

/* Policy variables */
struct policy_vars {
        char *name; /* name of the policy */
        int bit;    /* the bit used for this policy in policy_bits */
};


/* function prototypes */

/* mn.c */
void request_tunnel(int entry, int forced, int check_timer);
void close_for_home(int entry);
void at_home(void);
void passive_find(void);
void find_agent(int entry);
void disconnect(void);
void connected(int type, __u16 lifetime);
int degrade_current_fa_priority(void);

/* mn_util.c */
struct fa_spi_entry* get_fa_spi(int spi, struct in_addr addr);
int add_fa_spi(struct fa_spi_entry *spi, int replace_any_spi);
void remove_fa_spi(struct fa_spi_entry *spi);
void send_gratuitous_arp(struct in_addr route_addr, 
                         struct in_addr gratuitous_addr);
#ifdef MN_LOCUPD_PROFILER
void write_profiler(char *msg);
#endif
int check_interfaces(struct interface_data *iface, int iface_n);
int create_registration_socket(void);
int mn_parse_command_line(int argc, char *argv[]);
int restart_tunneling(void);
int start_tunneling(void);
int stop_tunneling(void);
int mn_init(void);
void clean_up(int sig);
void add_fa_host_route(char *dev, struct hashtable *adv_hash,
                       int ifindex, struct in_addr addr);
void remove_fa_host_routes(int all);
void check_old_tunnel_expiration(void);
int is_coloc_addr_foreign(void);
int device_up(int ifindex);
char *event_type_str(int event_type);
int update_fa_decaps_routes(const char *ifname, int ifindex, 
                            struct in_addr fa_addr, 
                            struct in_addr home_net_addr, 
                            int home_net_addr_plen);
int mn_remove_dynamic_home_addr(void);
int monitor_check_policy(int bit);
int copy_str(char *buffer, int len, int *curr, char *str, char *attr);

/* mn_config.c */
int load_mn(struct mn_config *cfg, char *program_name, char *config_file);

/* mn_api.c */
void handle_api(int sock, int admin);
void reply_waiting_api(int code, unsigned char *data, int datalen);

/* mn_reg.c */
int send_registration(int request_type);
int handle_registration(int s);

/* mn_agentadv.c */
int adv_ok_fa(struct agentadv_data *adv);
int check_expired_agent_advs(void);

/* win_adv_capture.c */
pid_t init_pcap_for_advs(void);

#endif /* MN_H */

---