diff -r 000000000000 -r 33413c0669b9 vpnengine/ikev1lib/inc/ikev1private.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/vpnengine/ikev1lib/inc/ikev1private.h	Thu Dec 17 09:14:51 2009 +0200
@@ -0,0 +1,179 @@
+/*
+* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+* This module contains the private vendor specific extension of IKE.
+* All of the current private extensions are related to Nokia VPN gateway
+* and shall be used ONLY when the EPOC IKE is acting as a Nokia VPN remote
+* access client.
+* The following private extension are implemented:
+*
+* 1) Internal Address payload usage
+*    Internal address payload is used to the deliver a secure network
+*    adderess and secure network DNS address(es) from VPN gateway to a client.
+*    The Internal address payloads are used in the last two IKE main mode
+*    messages as follows:
+*
+*    Client (initiator)                           Gateway (responder)
+*    .. SA, KE ...             --->
+*                              <---               ..SA, KE ...
+*    HDR*, INT_ADDR            --->
+*                              <---               HDR*, INT_ADDR
+*
+*    Client sends an INT_ADDR payload with PRI_INTERNAL_ADDRESS attribute
+*    Attribute value is 0.0.0.0.
+*
+*    Gateway responds with an INT_ADDR payload with PRI_INTERNAL_ADDRESS
+*    attribute containing client internal address x.y.z.w
+*    Gateway INT_ADDR payload may also contain attributes PRI_INTERNAL_DNS and
+*    PRI_INTERNAL_WINS. PRI_INTERNAL_DNS contains a list of DNS IP addresses and
+*    PRI_INTERNAL_WINS a list of WINS IP addresses.
+*        
+*
+* 2) The NAT Traversal probing
+*    The expanded Vendor-Id payload usage for the NAT Traversal probing.
+*    The expanded Vendor-Id payloads contains the following information:
+*
+*    Client (initiator)                           Gateway (responder)
+*    VID(hash, ip_addr, port)  --->
+*                              <---               VID(hash, detected_ip_addr,
+*                                                           detected_port)
+* 
+*    Client sends a expanded Vendor-Id payload containing the following information:
+*    hash    = Nokia VPN vendor specific hash data (used to recognize peer)
+*    ip_addr = Client IKE own IP address
+*    port    = Client IKE own port (=500)
+*
+*    Gateway responds with expanded Vendor-Id payload containing the following information:
+*    hash    = Nokia VPN vendor specific hash data (used to recognize peer)
+*    detected_ip_addr = Client IP address as detected in received IKE message
+*                       IP header (=source IP address)
+*    detected_port    = Client port as detected in received IKE message
+*                       UDP header (=source port)
+*
+*    Both client and gateway do the following examination
+*    if ( ip_addr != detected_ip_addr ) || ( port != detected_port )
+*    then NAT Traversal shall be used IPSEC ESP traffic between
+*    the client and gateway
+*
+*    Nokia VPN specific NAT Traversal means that IPSEC ESP traffic shall be
+*    capsulated with UDP header.
+*    The used UDP port for that purpose is 9872
+*/
+
+#ifndef IKEV1PRIVATE_H
+#define IKEV1PRIVATE_H
+
+#include <f32file.h>
+#include "ikemsgheader.h"
+
+
+class TIkev1IsakmpStream;
+class CIkeIPSocket;
+class CIkeData;
+class TVendorISAKMP;
+class TINTNETISAKMP;
+class CInternalAddress;
+class TInetAddr;
+
+TInt ConstructVendorId(TBool  aNATProbe,
+                       TUint8 *aICOOKIE,
+                       TUint8 *aRCOOKIE,
+                       TInetAddr &aLocalAddr,
+                       TVendorISAKMP *vendor_payload);
+TInt BuildVendorIdHash(TUint8 *aICOOKIE,
+                       TUint8 *aRCOOKIE,
+                       TUint8 *hash_data);
+TBool ProcessVendorId(TBool  *aFamiliarPeer,
+                      TUint8 *aICOOKIE,
+                      TUint8 *aRCOOKIE,
+                      TInetAddr &aLocalAddr,
+                      TVendorISAKMP *aVendorPayload);
+void BuildDPDVendorId(TIkev1IsakmpStream &aMsg);
+TBool CheckDPDVendorId(const TVendorISAKMP *aVendorPayload);
+CInternalAddress* ProcessIntNetL(TINTNETISAKMP *aIntNetpayload);
+
+TBool InsertVPNInterfaceL(CInternalAddress *aInternalAddr, CIkeIPSocket *aSocket, TUint32 *aIfNbr, RFs *aFS);
+TBool RemoveVPNInterfaceL(CInternalAddress *aInternalAddr, CIkeIPSocket *aSocket, TUint32 *aIfNbr, RFs *aFS);
+TBool AddVPNRoute(CInternalAddress *aInternalAddr, CIkeIPSocket *aSocket,
+                  TInetAddr &aDstAddr, TInetAddr &aDstMask);
+TInt CheckCredentials(CIkeData *aHostData);
+/*---------------------------------------------------------------------------
+ *
+ *  Expanded Vendor Id payload option VENDOR_OPTION_NAT_TRAVERSAL handling:
+ *                      1                   2                   3
+ *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  !    sin_lth    !   sin_family  !           sin_port            !
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  !                        sin_addr                               !
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  !                                                               !
+ *  .                     Zero * 2(?)                               .
+ *  !                                                               ! 
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ *
+ *---------------------------------------------------------------------------*/
+#define SIN_LTH        16   // VENDOR_OPTION_NAT_TRAVERSAL data part length
+#define SIN_FAMILY      2   // = IPv4 Address 
+
+
+class TNATTOption
+    {
+public:
+    inline void InitOption() { Mem::FillZ(&u.iData8[0], SIN_LTH);
+                               u.iData8[0] = SIN_LTH; u.iData8[1] = SIN_FAMILY;}
+    inline void SetPort(TUint16 aPort) { PUT16(&u.iData8[2], aPort);}   
+    inline void SetAddress(TUint32 aAddr) { PUT32(&u.iData8[4], aAddr);}
+    inline TUint16 GetPort() {return (TUint16)GET16(&u.iData8[2]);} 
+    inline TUint32 GetAddress() {return (TUint32)GET32(&u.iData8[4]);}  
+private:
+    union
+        {
+        TUint32 iData32[4];
+        TUint16 iData16[8];
+        TUint8  iData8[16];
+        } u;
+    };
+
+/*---------------------------------------------------------------------------
+ *
+ *  Expanded Vendor Id payload option VENDOR_OPTION_VERSION handling:
+ *                      1                   2                   3
+ *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
+ *  !        MAJOR VERSION          !         MINOR VERSION         !
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  *
+ *---------------------------------------------------------------------------*/
+#define VERSION_LTH     4   // VENDOR_OPTION_VERSION data part length
+#define MAJOR_VERSION   3   // ???????????!!!!!!!!!!!!!!!!????????????
+#define MINOR_VERSION   3   // ???????????!!!!!!!!!!!!!!!!????????????
+
+class TVersionOption
+    {
+public:
+    inline void SetVersion(TUint16 aMajor,
+                           TUint16 aMinor) { PUT16(&u.iData8[0], aMajor);
+                                             PUT16(&u.iData8[2], aMinor);}   
+private:
+    union
+        {
+        TUint32 iData32[1];
+        TUint16 iData16[2];
+        TUint8  iData8[4];
+        } u;
+    };
+
+#endif // IKEV1PRIVATE_H