-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
/
Cedar.h
1074 lines (902 loc) · 48.1 KB
/
Cedar.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// SoftEther VPN Source Code - Developer Edition Master Branch
// Cedar Communication Module
// © 2020 Nokia
// Cedar.h
// Header of Cedar.c
#ifndef CEDAR_H
#define CEDAR_H
#include "CedarType.h"
#include "GlobalConst.h"
#include "Mayaqua/Network.h"
//////////////////////////////////////////////////////////////////////
//
// Products related constants
//
//////////////////////////////////////////////////////////////////////
// Replace the function name
#ifdef VPN_SPEED
#define DecryptSecurePacket __dsp
#define CreateSecurePacket __csp
#define GetSecureRandomSize __gsrs
#endif // VPN_SPEED
// Version number
#ifndef CEDAR_VERSION_MAJOR
#define CEDAR_VERSION_MAJOR 0
#endif // CEDAR_VERSION_MAJOR
#ifndef CEDAR_VERSION_MINOR
#define CEDAR_VERSION_MINOR 0
#endif // CEDAR_VER_MINOR
// Build number
#ifndef CEDAR_VERSION_BUILD
#define CEDAR_VERSION_BUILD 0
#endif // CEDAR_VERSION_BUILD
// Beta number
//#define BETA_NUMBER 3
// RC or not
#define RELEASE_CANDIDATE
// Specify the name of the person in charge building
#ifndef BUILDER_NAME
#define BUILDER_NAME "Unknown"
#endif // BUILDER_NAME
// Specify the location to build
#ifndef BUILD_PLACE
#define BUILD_PLACE "Unknown"
#endif // BUILD_PLACE
// Specifies the build date
#ifndef BUILD_DATE_Y
#define BUILD_DATE_Y 1970
#endif // BUILD_DATE_Y
#ifndef BUILD_DATE_M
#define BUILD_DATE_M 1
#endif // BUILD_DATE_M
#ifndef BUILD_DATE_D
#define BUILD_DATE_D 1
#endif // BUILD_DATE_D
#ifndef BUILD_DATE_HO
#define BUILD_DATE_HO 0
#endif // BUILD_DATE_HO
#ifndef BUILD_DATE_MI
#define BUILD_DATE_MI 0
#endif // BUILD_DATE_MI
#ifndef BUILD_DATE_SE
#define BUILD_DATE_SE 0
#endif // BUILD_DATE_SE
// Tolerable time difference
#define ALLOW_TIMESTAMP_DIFF (UINT64)(3 * 24 * 60 * 60 * 1000)
// Configuration of communication related control switch
#define USE_DOS_ATTACK_DETECTION // Enable the DOS attack detection
//#define USE_SECURE_PACKET // Enable the scrambled packet
// Designate the IDS detection signatures
#define CEDAR_SIGNATURE_STR "SE-VPN4-PROTOCOL"
// Default RSA certificate name of the smart card
#define SECURE_DEFAULT_CERT_NAME "VPN_RSA_CERT"
// Default RSA private key name of the smart card
#define SECURE_DEFAULT_KEY_NAME "VPN_RSA_KEY"
// Hidden password string of 8 characters
#define HIDDEN_PASSWORD "********"
// Default separator character for the hub name in the username
#define DEFAULT_USERNAME_HUB_SEPARATOR '@'
//////////////////////////////////////////////////////////////////////
//
// Definition of the maximum length of various string
//
//////////////////////////////////////////////////////////////////////
#define MAX_ACCOUNT_NAME_LEN 255 // Maximum account name length
#define MAX_USERNAME_LEN 255 // User name maximum length
#define MAX_PASSWORD_LEN 255 // Password name maximum length
#define MAX_SERVER_STR_LEN 255 // Maximum length of server string
#define MAX_CLIENT_STR_LEN 255 // Maximum length of client string
#define MAX_HUBNAME_LEN 255 // Maximum length of HUB name
#define MAX_SESSION_NAME_LEN 255 // Session name maximum length
#define MAX_CONNECTION_NAME_LEN 255 // Maximum length of connection name
#define MAX_DEVICE_NAME_LEN 31 // Device name maximum length
#define MAX_ACCESSLIST_NOTE_LEN 255 // Maximum length of the note of access list entry
#define MAX_SECURE_DEVICE_FILE_LEN 255 // Secure device file name maximum length
#define MAX_ADMIN_OPTION_NAME_LEN 63 // Management option name
#define MAX_REDIRECT_URL_LEN 255 // URL length to redirect
//////////////////////////////////////////////////////////////////////
//
// Server and session management related constants
//
//////////////////////////////////////////////////////////////////////
#define SERVER_MAX_SESSIONS 4096 // Maximum number of sessions that the server supports
#define SERVER_MAX_SESSIONS_FOR_CARRIER_EDITION 100000 // Maximum number of sessions that the server supports (Carrier Edition)
#define NAT_MAX_SESSIONS 4096 // Maximum number of sessions that are supported by NAT
#define NAT_MAX_SESSIONS_KERNEL 65536 // Maximum number of sessions that are supported by NAT (In the case of kernel-mode NAT)
#define MAX_HUBS 4096 // The maximum number of virtual HUB
#define MAX_HUBS_FOR_CARRIER_EDITION 100000 // The maximum number of virtual HUB (Carrier Edition)
#define MAX_ACCESSLISTS (4096 * 8) // Maximum number of access list entries
#define MAX_USERS 10000 // The maximum number of users
#define MAX_GROUPS 10000 // Maximum number of groups
#define MAX_MAC_TABLES VPN_GP(GP_MAX_MAC_TABLES, 65536) // Maximum number of MAC address table entries
#define MAX_IP_TABLES VPN_GP(GP_MAX_IP_TABLES, 65536) // Maximum number of IP address table entries
#define MAX_HUB_CERTS 4096 // Maximum number of Root CA that can be registered
#define MAX_HUB_CRLS 4096 // Maximum number of CRL that can be registered
#define MAX_HUB_ACS 4096 // Maximum number of AC that can be registered
#define MAX_HUB_LINKS VPN_GP(GP_MAX_HUB_LINKS, 1024) // Maximum number of Cascade that can be registered
#define MAX_HUB_ADMIN_OPTIONS 4096 // Maximum number of Virtual HUB management options that can be registered
#ifndef USE_STRATEGY_LOW_MEMORY
#define MEM_FIFO_REALLOC_MEM_SIZE VPN_GP(GP_MEM_FIFO_REALLOC_MEM_SIZE, (65536 * 10))
#define QUEUE_BUDGET VPN_GP(GP_QUEUE_BUDGET, 2048)
#define FIFO_BUDGET VPN_GP(GP_FIFO_BUDGET, 1600 * 1600 * 4)
#else // USE_STRATEGY_LOW_MEMORY
#define MEM_FIFO_REALLOC_MEM_SIZE VPN_GP(GP_MEM_FIFO_REALLOC_MEM_SIZE, (65536))
#define QUEUE_BUDGET VPN_GP(GP_QUEUE_BUDGET, 1024)
#define FIFO_BUDGET VPN_GP(GP_FIFO_BUDGET, 1000000)
#endif // USE_STRATEGY_LOW_MEMORY
#define MAX_PACKET_SIZE 1600 // Maximum packet size
#define UDP_BUF_SIZE (32 * 1024) // Aim of the UDP packet size
#ifndef USE_STRATEGY_LOW_MEMORY
#define MAX_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_SIZE, (1600 * 1600 * 1)) // Maximum transmit queue size
#define MIN_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MIN_SEND_SOCKET_QUEUE_SIZE, (1600 * 200 * 1)) // Minimum transmit queue size
#define MAX_STORED_QUEUE_NUM VPN_GP(GP_MAX_STORED_QUEUE_NUM, 1024) // The number of queues that can be stored in each session
#define MAX_BUFFERING_PACKET_SIZE VPN_GP(GP_MAX_BUFFERING_PACKET_SIZE, (1600 * 1600)) // Maximum packet size can be buffered
#else // USE_STRATEGY_LOW_MEMORY
#define MAX_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_SIZE, (1600 * 200 * 1)) // Maximum transmit queue size
#define MIN_SEND_SOCKET_QUEUE_SIZE VPN_GP(GP_MIN_SEND_SOCKET_QUEUE_SIZE, (1600 * 50 * 1)) // Minimum transmit queue size
#define MAX_STORED_QUEUE_NUM VPN_GP(GP_MAX_STORED_QUEUE_NUM, 384) // The number of queues that can be stored in each session
#define MAX_BUFFERING_PACKET_SIZE VPN_GP(GP_MAX_BUFFERING_PACKET_SIZE, (1600 * 300 * 1)) // Maximum packet size can be buffered
#endif // USE_STRATEGY_LOW_MEMORY
#define MAX_SEND_SOCKET_QUEUE_NUM VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_NUM, 128) // Maximum number of transmission queue items per processing
#define MAX_TCP_CONNECTION 32 // The maximum number of TCP connections
#define NUM_TCP_CONNECTION_FOR_UDP_RECOVERY 2 // Maximum number of connections when using UDP recovery
#define SELECT_TIME VPN_GP(GP_SELECT_TIME, 256)
#define SELECT_TIME_FOR_NAT VPN_GP(GP_SELECT_TIME_FOR_NAT, 30)
#define SELECT_TIME_FOR_DELAYED_PKT 1 // If there is a delayed packet
#define TIMEOUT_MIN (5 * 1000) // Minimum timeout in seconds
#define TIMEOUT_MAX (60 * 1000) // Maximum timeout in seconds
#define TIMEOUT_DEFAULT (30 * 1000) // Default number of seconds to timeout
#define CONNECTING_TIMEOUT (15 * 1000) // Timeout in seconds of being connected
#define CONNECTING_POOLING_SPAN (3 * 1000) // Polling interval of connected
#define MIN_RETRY_INTERVAL (5 * 1000) // Minimum retry interval
#define MAX_RETRY_INTERVAL (300 * 1000) // Maximum retry interval
#define RETRY_INTERVAL_SPECIAL (60 * 1000) // Reconnection interval of a special case
#define MAX_ADDITIONAL_CONNECTION_FAILED_COUNTER 16 // Allowable number that can be serially failed to additional connection
#define ADDITIONAL_CONNECTION_COUNTER_RESET_INTERVAL (30 * 60 * 1000) // Reset period of additional connection failure counter
#define MAC_MIN_LIMIT_COUNT 3 // Minimum number of MAC addresses
#define IP_MIN_LIMIT_COUNT 4 // Number of IPv4 addresses minimum
#define IP_MIN_LIMIT_COUNT_V6 5 // Number of IPv6 addresses minimum
#define IP_LIMIT_WHEN_NO_ROUTING_V6 15 // Maximum number of IPv6 addresses when NoRouting policy is enabled
#define MAC_TABLE_EXCLUSIVE_TIME (13 * 1000) // Period that can occupy the MAC address
#define IP_TABLE_EXCLUSIVE_TIME (13 * 1000) // Period that can occupy the IP address
#define MAC_TABLE_EXPIRE_TIME VPN_GP(GP_MAC_TABLE_EXPIRE_TIME, (600 * 1000)) // MAC address table expiration time
#define IP_TABLE_EXPIRE_TIME VPN_GP(GP_IP_TABLE_EXPIRE_TIME, (60 * 1000)) // IP address table expiration time
#define IP_TABLE_EXPIRE_TIME_DHCP VPN_GP(GP_IP_TABLE_EXPIRE_TIME_DHCP, (5 * 60 * 1000)) // IP address table expiration time (In the case of DHCP)
#define HUB_ARP_SEND_INTERVAL VPN_GP(GP_HUB_ARP_SEND_INTERVAL, (5 * 1000)) // ARP packet transmission interval (alive check)
#define LIMITER_SAMPLING_SPAN 1000 // Sampling interval of the traffic limiting device
#define STORM_CHECK_SPAN VPN_GP(GP_STORM_CHECK_SPAN, 500) // Broadcast storm check interval
#define STORM_DISCARD_VALUE_START VPN_GP(GP_STORM_DISCARD_VALUE_START, 3) // Broadcast packet discard value start value
#define STORM_DISCARD_VALUE_END VPN_GP(GP_STORM_DISCARD_VALUE_END, 1024) // Broadcast packet discard value end value
#define KEEP_INTERVAL_MIN 5 // Packet transmission interval minimum value
#define KEEP_INTERVAL_DEFAULT 50 // Packet transmission interval default value
#define KEEP_INTERVAL_MAX 600 // Packet transmission interval maximum value
#define KEEP_TCP_TIMEOUT 1000 // TCP time-out value
#define TICKET_EXPIRES (60 * 1000) // Expiration date of ticket
#define SEND_KILL_NUM_X 256 // Number of 'X' characters to send the Kill
#define FARM_BASE_POINT 100000 // Reference value of the cluster score
#define FARM_DEFAULT_WEIGHT 100 // Standard performance ratio
#define DH_PARAM_BITS_DEFAULT 2048 // Bits of Diffie-Hellman Parameters
#define SE_UDP_SIGN "SE2P" // Not used (only old UDP mode)
// R-UDP service name
#define VPN_RUDP_SVC_NAME "SoftEther_VPN"
// Traffic information update interval
#define INCREMENT_TRAFFIC_INTERVAL (10 * 1000)
// State of the client session
#define CLIENT_STATUS_CONNECTING 0 // Connecting
#define CLIENT_STATUS_NEGOTIATION 1 // Negotiating
#define CLIENT_STATUS_AUTH 2 // During user authentication
#define CLIENT_STATUS_ESTABLISHED 3 // Connection complete
#define CLIENT_STATUS_RETRY 4 // Wait to retry
#define CLIENT_STATUS_IDLE 5 // Idle state
// Expiration date of the black list
#define BLACK_LIST_EXPIRES (30 * 10000)
// Number Blacklist entries
#define MAX_BLACK_LIST 4096
#define BLACK_LIST_CHECK_SPAN 1000
// Blocks to be transmitted at one during the file transfer
#define FTP_BLOCK_SIZE (640 * 1024)
// Syslog configuration
#define SYSLOG_NONE 0 // Do not use syslog
#define SYSLOG_SERVER_LOG 1 // Only server log
#define SYSLOG_SERVER_AND_HUB_SECURITY_LOG 2 // Server and Virtual HUB security log
#define SYSLOG_SERVER_AND_HUB_ALL_LOG 3 // Server, Virtual HUB security, and packet log
#define SYSLOG_PORT 514 // Syslog port number
#define SYSLOG_POLL_IP_INTERVAL (UINT64)(3600 * 1000) // Interval to examine the IP address
#define SYSLOG_POLL_IP_INTERVAL_NG (UINT64)(60 * 1000) // Interval to examine the IP address (previous failure)
//////////////////////////////////////////////////////////////////////
//
// Connection-related constant
//
//////////////////////////////////////////////////////////////////////
// Internet connection maintenance function (KeepAlive)
#define KEEP_RETRY_INTERVAL (60 * 1000) // Reconnection interval on connection failure
#define KEEP_MIN_PACKET_SIZE 1 // Minimum packet size
#define KEEP_MAX_PACKET_SIZE 128 // Maximum packet size
#define KEEP_POLLING_INTERVAL 250 // KEEP polling interval
// Constants
#define RECV_BUF_SIZE 65536 // Buffer size to be received at a time
// Type of proxy
#define PROXY_DIRECT 0 // Direct TCP connection
#define PROXY_HTTP 1 // Connection via HTTP proxy server
#define PROXY_SOCKS 2 // Connection via SOCKS4 proxy server
#define PROXY_SOCKS5 3 // Connection via SOCKS5 proxy server
// Direction of data flow
#define TCP_BOTH 0 // Bi-directional
#define TCP_SERVER_TO_CLIENT 1 // Only server -> client direction
#define TCP_CLIENT_TO_SERVER 2 // Only client -> server direction
// Type of connection
#define CONNECTION_TYPE_CLIENT 0 // Client
#define CONNECTION_TYPE_INIT 1 // During initialization
#define CONNECTION_TYPE_LOGIN 2 // Login connection
#define CONNECTION_TYPE_ADDITIONAL 3 // Additional connection
#define CONNECTION_TYPE_FARM_RPC 4 // RPC for server farm
#define CONNECTION_TYPE_ADMIN_RPC 5 // RPC for Management
#define CONNECTION_TYPE_ENUM_HUB 6 // HUB enumeration
#define CONNECTION_TYPE_PASSWORD 7 // Password change
#define CONNECTION_TYPE_OTHER 0xffffffff // E.g. Third-party protocol
// Protocol
#define CONNECTION_TCP 0 // TCP protocol
#define CONNECTION_UDP 1 // UDP protocol
#define CONNECTION_HUB_LAYER3 6 // Layer-3 switch session
#define CONNECTION_HUB_BRIDGE 7 // Bridge session
#define CONNECTION_HUB_SECURE_NAT 8 // Secure NAT session
#define CONNECTION_HUB_LINK_SERVER 9 // HUB link session
// Status
#define CONNECTION_STATUS_ACCEPTED 0 // The connection is accepted (client side)
#define CONNECTION_STATUS_NEGOTIATION 1 // Negotiating
#define CONNECTION_STATUS_USERAUTH 2 // During user authentication
#define CONNECTION_STATUS_ESTABLISHED 3 // Connection has been established
#define CONNECTION_STATUS_CONNECTING 0 // Connecting (client side)
// Magic number of KeepAlive packet
#define KEEP_ALIVE_MAGIC 0xffffffff
#define MAX_KEEPALIVE_SIZE 512
//////////////////////////////////////////////////////////////////////
//
// Virtual HUB-related constant
//
//////////////////////////////////////////////////////////////////////
#define SE_HUB_MAC_ADDR_SIGN 0xAE // Sign virtual HUB MAC address
// Traffic difference value
#define TRAFFIC_DIFF_USER 0 // User
#define TRAFFIC_DIFF_HUB 1 // Virtual HUB
#define MAX_TRAFFIC_DIFF 30000 // Maximum number of items
// Type of HUB
#define HUB_TYPE_STANDALONE 0 // Stand-alone HUB
#define HUB_TYPE_FARM_STATIC 1 // Static HUB
#define HUB_TYPE_FARM_DYNAMIC 2 // Dynamic HUB
// Related to delay, jitter, packet loss in the access list
#define HUB_ACCESSLIST_DELAY_MAX 10000 // Maximum delay
#define HUB_ACCESSLIST_JITTER_MAX 100 // Maximum jitter
#define HUB_ACCESSLIST_LOSS_MAX 100 // Maximum packet loss
// Message related
#define HUB_MAXMSG_LEN 20000 // The maximum number of characters in a message
//////////////////////////////////////////////////////////////////////
//
// Type of user authentication
//
//////////////////////////////////////////////////////////////////////
// Constant in the server-side
#define AUTHTYPE_ANONYMOUS 0 // Anonymous authentication
#define AUTHTYPE_PASSWORD 1 // Password authentication
#define AUTHTYPE_USERCERT 2 // User certificate authentication
#define AUTHTYPE_ROOTCERT 3 // Root certificate which is issued by trusted Certificate Authority
#define AUTHTYPE_RADIUS 4 // Radius authentication
#define AUTHTYPE_NT 5 // Windows NT authentication
#define AUTHTYPE_EXTERNAL 96 // External authentication (completed)
#define AUTHTYPE_WIREGUARD_KEY 97 // WireGuard public key authentication
#define AUTHTYPE_OPENVPN_CERT 98 // TLS client certificate authentication
#define AUTHTYPE_TICKET 99 // Ticket authentication
// Constant of the client side
#define CLIENT_AUTHTYPE_ANONYMOUS 0 // Anonymous authentication
#define CLIENT_AUTHTYPE_PASSWORD 1 // Password authentication
#define CLIENT_AUTHTYPE_PLAIN_PASSWORD 2 // Plain password authentication
#define CLIENT_AUTHTYPE_CERT 3 // Certificate authentication
#define CLIENT_AUTHTYPE_SECURE 4 // Secure device authentication
#define CLIENT_AUTHTYPE_OPENSSLENGINE 5 // Openssl engine authentication
//////////////////////////////////////////////////////////////////////
//
// TCP listener related constants
//
//////////////////////////////////////////////////////////////////////
// Retries in case it fails to Listen
#define LISTEN_RETRY_TIME (2 * 1000) // If fail to Listen normally
#define LISTEN_RETRY_TIME_NOIPV6 (60 * 1000) // If IPv6 support is disabled
#define DOS_TABLE_EXPIRES_FIRST 250 // Initial value of the expiration date of DOS attack list
#define DOS_TABLE_EXPIRES_MAX 1000 // Maximum value of the expiration date of DOS attack list
#define DOS_TABLE_REFRESH_INTERVAL (10 * 1000) // Interval to update the DOS attack list
#define DOS_TABLE_MAX_LIMIT_PER_IP 16 // Accessible number per an IP
#define DOS_TABLE_EXPIRES_TOTAL (3000 * 1000) // Time to force delete the entry
// Protocol to be used for the listener
#define LISTENER_TCP 0 // TCP/IP
#define LISTENER_UDP 1 // UDP/IP (not being used)
#define LISTENER_INPROC 2 // In-process communication
#define LISTENER_RUDP 3 // R-UDP with NAT-T
#define LISTENER_ICMP 4 // VPN over ICMP
#define LISTENER_DNS 5 // VPN over DNS
#define LISTENER_REVERSE 6 // Reverse socket
// Status of the listener
#define LISTENER_STATUS_TRYING 0 // While attempting
#define LISTENER_STATUS_LISTENING 1 // Listening
// Largest packet size of UDP
#define UDP_PACKET_SIZE 65536
// Number of standard connections per IP address
#define DEFAULT_MAX_CONNECTIONS_PER_IP 256
#define MIN_MAX_CONNECTIONS_PER_IP 10 // Minimum value
// Allowed number of outstanding connections
#define DEFAULT_MAX_UNESTABLISHED_CONNECTIONS 1000
#define MIN_MAX_UNESTABLISHED_CONNECTIONS 30 // Minimum value
//////////////////////////////////////////////////////////////////////
//
// Log related constant
//
//////////////////////////////////////////////////////////////////////
#define LOG_ENGINE_SAVE_START_CACHE_COUNT 100000 // Number to start saving forcibly
#define LOG_ENGINE_BUFFER_CACHE_SIZE_MAX (10 * 1024 * 1024) // Write cache size
// Constant such as a file name
//
// These placeholders will be replaced in InnerFilePathW().
//
// @ - placeholder for LogDir
// $ - placeholder for DbDir (config directory)
//
#define SERVER_LOG_DIR "server_log"
#define SERVER_LOG_DIR_NAME "@"SERVER_LOG_DIR
#define BRIDGE_LOG_DIR_NAME SERVER_LOG_DIR_NAME
#define SERVER_LOG_PERFIX "vpn"
#define HUB_SECURITY_LOG_DIR "security_log"
#define HUB_SECURITY_LOG_DIR_NAME "@"HUB_SECURITY_LOG_DIR
#define HUB_SECURITY_LOG_FILE_NAME HUB_SECURITY_LOG_DIR_NAME"/%s"
#define HUB_SECURITY_LOG_PREFIX "sec"
#define HUB_PACKET_LOG_DIR "packet_log"
#define HUB_PACKET_LOG_DIR_NAME "@"HUB_PACKET_LOG_DIR
#define HUB_PACKET_LOG_FILE_NAME HUB_PACKET_LOG_DIR_NAME"/%s"
#define HUB_PACKET_LOG_PREFIX "pkt"
#define NAT_LOG_DIR "secure_nat_log"
#define NAT_LOG_DIR_NAME "@"NAT_LOG_DIR
#define NAT_LOG_FILE_NAME NAT_LOG_DIR_NAME"/%s"
#define NAT_LOG_PREFIX "snat"
#define CLIENT_LOG_DIR_NAME "@client_log"
#define CLIENT_LOG_PREFIX "client"
// Packet log settings
#define NUM_PACKET_LOG 16
#define PACKET_LOG_TCP_CONN 0 // TCP connection log
#define PACKET_LOG_TCP 1 // TCP packet log
#define PACKET_LOG_DHCP 2 // DHCP Log
#define PACKET_LOG_UDP 3 // UDP log
#define PACKET_LOG_ICMP 4 // ICMP log
#define PACKET_LOG_IP 5 // IP log
#define PACKET_LOG_ARP 6 // ARP log
#define PACKET_LOG_ETHERNET 7 // Ethernet log
#define PACKET_LOG_NONE 0 // Not save
#define PACKET_LOG_HEADER 1 // Only header
#define PACKET_LOG_ALL 2 // Store also data
// Timing of log switching
#define LOG_SWITCH_NO 0 // No switching
#define LOG_SWITCH_SECOND 1 // Secondly basis
#define LOG_SWITCH_MINUTE 2 // Minutely basis
#define LOG_SWITCH_HOUR 3 // Hourly basis
#define LOG_SWITCH_DAY 4 // Daily basis
#define LOG_SWITCH_MONTH 5 // Monthly basis
// Minimum amount of free disk space
#define DISK_FREE_SPACE_MIN 1048576 // 1 MBytes
#define DISK_FREE_SPACE_DEFAULT (DISK_FREE_SPACE_MIN * 100) // 100 Mbytes
#define DISK_FREE_SPACE_DEFAULT_WINDOWS ((UINT64)(8ULL * 1024ULL * 1024ULL * 1024ULL)) // 8GBytes
// Interval to check the free space
#define DISK_FREE_CHECK_INTERVAL_DEFAULT (5 * 60 * 1000)
// Simple log
#define TINY_LOG_DIRNAME "@tiny_log"
#define TINY_LOG_FILENAME "@tiny_log/%04u%02u%02u_%02u%02u%02u.log"
//////////////////////////////////////////////////////////////////////
//
// Constant related to Carrier Edition
//
//////////////////////////////////////////////////////////////////////
#define CE_SNAPSHOT_INTERVAL ((UINT64)(3600 * 1000))
//#define CE_SNAPSHOT_INTERVAL ((UINT64)(3000))
#define CE_SNAPSHOT_POLLING_INTERVAL (1 * 1000)
#define CE_SNAPSHOT_POLLING_INTERVAL_LICENSE (30 * 1000)
#define CE_SNAPSHOT_DIR_NAME "@carrier_log"
#define CE_SNAPSHOT_PREFIX "carrier"
//////////////////////////////////////////////////////////////////////
//
// Communication protocol related constant
//
//////////////////////////////////////////////////////////////////////
// Administrator Username
#define ADMINISTRATOR_USERNAME "administrator"
// Maximum value of random size
#define RAND_SIZE_MAX 4096
// Expiration date of random size cache
#define RAND_SIZE_CACHE_EXPIRE (24 * 60 * 60 * 1000)
// Management allowed IP address list file name
#define ADMINIP_TXT "$adminip.txt"
#define NON_SSL_MIN_COUNT 60
#define NON_SSL_ENTRY_EXPIRES (10 * 60 * 1000)
//////////////////////////////////////////////////////////////////////
//
// The cascade related constants
//
//////////////////////////////////////////////////////////////////////
#define LINK_DEVICE_NAME "_SEHUBLINKCLI_"
#define LINK_USER_NAME "link"
#define LINK_USER_NAME_PRINT "Cascade"
//////////////////////////////////////////////////////////////////////
//
// Constant related to SecureNAT connection
//
//////////////////////////////////////////////////////////////////////
#define SNAT_DEVICE_NAME "_SEHUBSECURENAT_"
#define SNAT_USER_NAME "securenat"
#define SNAT_USER_NAME_PRINT "SecureNAT"
//////////////////////////////////////////////////////////////////////
//
// Constant related to bridge connection
//
//////////////////////////////////////////////////////////////////////
#define BRIDGE_DEVICE_NAME "_SEHUBBRIDGE_"
#define BRIDGE_USER_NAME "localbridge"
#define BRIDGE_USER_NAME_PRINT "Local Bridge"
#define BRIDGE_TRY_SPAN 1000
#define BRIDGE_NUM_DEVICE_CHECK_SPAN (5 * 60 * 1000)
#define BRIDGE_NETWORK_CONNECTION_STR L"%s [%S]"
//////////////////////////////////////////////////////////////////////
//
// EtherLogger related constants
//
//////////////////////////////////////////////////////////////////////
#define EL_ADMIN_PORT 22888
#define EL_CONFIG_FILENAME "$etherlogger.config"
#define EL_PACKET_LOG_DIR "etherlogger_log"
#define EL_PACKET_LOG_DIR_NAME "@"EL_PACKET_LOG_DIR
#define EL_PACKET_LOG_FILE_NAME EL_PACKET_LOG_DIR_NAME"/%s"
#define EL_PACKET_LOG_PREFIX "pkt"
#define EL_LICENSE_CHECK_SPAN (10 * 1000)
//////////////////////////////////////////////////////////////////////
//
// Layer-3 Switch related constants
//
//////////////////////////////////////////////////////////////////////
#define MAX_NUM_L3_SWITCH 4096
#define MAX_NUM_L3_IF 4096
#define MAX_NUM_L3_TABLE 4096
//////////////////////////////////////////////////////////////////////
//
// Constant related to User-mode Router
//
//////////////////////////////////////////////////////////////////////
#define ARP_ENTRY_EXPIRES (30 * 1000) // ARP table expiration date
#define ARP_ENTRY_POLLING_TIME (1 * 1000) // ARP table cleaning timer
#define ARP_REQUEST_TIMEOUT (1000) // ARP request time-out period
#define ARP_REQUEST_GIVEUP (5 * 1000) // Time to give up sending the ARP request
#define IP_WAIT_FOR_ARP_TIMEOUT (5 * 1000) // Total time that an IP packet waiting for ARP table
#define IP_COMBINE_TIMEOUT (10 * 1000) // Time-out of IP packet combining
#define NAT_TCP_MAX_TIMEOUT (2000000 * 1000) // Maximum TCP session timeout in seconds
#define NAT_UDP_MAX_TIMEOUT (2000000 * 1000) // Maximum UDP session timeout in seconds
#define NAT_TCP_MIN_TIMEOUT (1 * 60 * 1000) // Minimum TCP session timeout in seconds
#define NAT_UDP_MIN_TIMEOUT (10 * 1000) // Minimum UDP session timeout in seconds
#define NAT_TCP_RECV_WINDOW_SIZE 64512 // TCP receive window size
#define NAT_TCP_SYNACK_SEND_TIMEOUT 250 // Sending TCP SYN+ACK interval
#define NAT_ICMP_TIMEOUT (10 * 1000) // ICMP timeout in seconds
#define NAT_ICMP_TIMEOUT_WITH_API (3 * 1000) // Timeout in seconds in the case of using the ICMP API
#define NAT_SEND_BUF_SIZE (64 * 1024) // TCP send buffer size
#define NAT_RECV_BUF_SIZE (64 * 1024) // TCP receive buffer size
#define NAT_TMPBUF_SIZE (128 * 1024) // TCP temporally memory area size
#define NAT_ACK_KEEPALIVE_SPAN (5 * 1000) // ACK transmission interval for TCP keep alive
#define NAT_INITIAL_RTT_VALUE 500 // Initial RTT value
#define NAT_FIN_SEND_INTERVAL 1000 // FIN transmission interval
#define NAT_FIN_SEND_MAX_COUNT 5 // Total number of FIN transmissions
#define NAT_DNS_PROXY_PORT 53 // DNS proxy port number
#define NAT_DNS_RESPONSE_TTL (20 * 60) // TTL of the DNS response
#define NAT_DHCP_SERVER_PORT 67 // DHCP server port number
#define NAT_DHCP_CLIENT_PORT 68 // DHCP client port number
#define DHCP_MIN_EXPIRE_TIMESPAN (15 * 1000) // DHCP minimum expiration date
#define DHCP_POLLING_INTERVAL 1000 // DHCP polling interval
#define X32 ((UINT64)4294967296ULL) // 32bit + 1
#define NAT_DNS_QUERY_TIMEOUT (512) // Time-out value of DNS queries
// Beacon transmission interval
#define BEACON_SEND_INTERVAL (5 * 1000)
// Total size quota allowed in the queue for the combining the IP packet
#define IP_COMBINE_WAIT_QUEUE_SIZE_QUOTA (50 * 1024 * 1024)
// Header size constant
#define MAC_HEADER_SIZE (sizeof(MAC_HEADER))
#define ARP_HEADER_SIZE (sizeof(ARP_HEADER))
#define IP_HEADER_SIZE (sizeof(IPV4_HEADER))
#define TCP_HEADER_SIZE (sizeof(TCP_HEADER))
#define UDP_HEADER_SIZE (sizeof(UDP_HEADER))
// Data maximum size constant
#define MAX_L3_DATA_SIZE (1500)
#define MAX_IP_DATA_SIZE (MAX_L3_DATA_SIZE - IP_HEADER_SIZE)
#define MAX_TCP_DATA_SIZE (MAX_IP_DATA_SIZE - TCP_HEADER_SIZE)
#define MAX_UDP_DATA_SIZE (MAX_IP_DATA_SIZE - UDP_HEADER_SIZE)
#define MAX_IP_DATA_SIZE_TOTAL (65535)
// IP packet option constant
#define DEFAULT_IP_TOS 0 // TOS in the IP header
#define DEFAULT_IP_TTL 128 // TTL in the IP header
// Type of NAT session
#define NAT_TCP 0 // TCP NAT
#define NAT_UDP 1 // UDP NAT
#define NAT_DNS 2 // DNS NAT
#define NAT_ICMP 3 // ICMP NAT
// State of NAT session
#define NAT_TCP_CONNECTING 0 // Connecting
#define NAT_TCP_SEND_RESET 1 // Send the RST (Connection failure or disconnected)
#define NAT_TCP_CONNECTED 2 // Connection complete
#define NAT_TCP_ESTABLISHED 3 // Connection established
#define NAT_TCP_WAIT_DISCONNECT 4 // Wait for socket disconnection
//////////////////////////////////////////////////////////////////////
//
// For UNIX virtual LAN card related constant
//
//////////////////////////////////////////////////////////////////////
#define UNIX_VLAN_CLIENT_IFACE_PREFIX "vpn" // Prefix of UNIX virtual LAN card interface (used for client)
#define UNIX_VLAN_BRIDGE_IFACE_PREFIX "tap" // Prefix of UNIX virtual LAN card interface (used for bridge destination)
#ifndef UNIX_BSD
#define TAP_FILENAME_1 "/dev/net/tun"
#define TAP_FILENAME_2 "/dev/tun"
#else // UNIX_BSD
#define TAP_NAME "tap"
#define TAP_DIR "/dev/"
#define TAP_MAX (512)
#endif // UNIX_BSD
#define LICENSE_EDITION_VPN3_NO_LICENSE 0 // Without license
#define LICENSE_MAX_PRODUCT_NAME_LEN 255 // Maximum length of license product name
#define LICENSE_NUM_SHA 10000 // Number of times to hash with SHA
#define LICENSE_SYSTEM_KEY_NUM 2048 // Key number for system
#define LICENSE_SYSTEM_KEYSIZE_BIT 144 // Number of key bits for system
#define LICENSE_PRODUCT_KEY_NUM 16384 // Number of keys for product
#define LICENSE_PRODUCT_KEYSIZE_BIT 56 // Number of key bits for product
#define LICENSE_PRODUCT_COMMON_KEYSIZE_BIT 48 // Number of common key bits for product
#define LICENSE_MASTER_KEYSIZE_BIT 1024 // Number of master key bits
#define LICENSE_SYSTEM_ID_MIN 0ULL // System ID minimum value
#define LICENSE_SYSTEM_ID_MAX 549755813887ULL // System ID maximum value
#define LICENSE_SERIAL_ID_MIN 0 // Serial ID minimum value
#define LICENSE_SERIAL_ID_MAX 65535 // Serial ID maximum value
#define LICENSE_EXPIRES_MIN 0 // Expiration date minimum
#define LICENSE_EXPIRES_MAX 16383 // Expiration date maximum
#define LICENSE_KEYSTR_LEN 41 // Length of the license key
#define LICENSE_LICENSEID_STR_LEN 33 // Length of the license ID
#define LICENSE_STATUS_OK 0 // Enabled
#define LICENSE_STATUS_EXPIRED 1 // Invalid (expired)
#define LICENSE_STATUS_ID_DIFF 2 // Invalid (System ID mismatch)
#define LICENSE_STATUS_DUP 3 // Invalid (duplicated)
#define LICENSE_STATUS_INSUFFICIENT 4 // Invalid (other necessary license shortage)
#define LICENSE_STATUS_COMPETITION 5 // Invalid (conflict with other licenses)
#define LICENSE_STATUS_NONSENSE 6 // Invalid (meaningless in the current edition)
#define LICENSE_STATUS_CPU 7 // Invalid (CPU type mismatch)
#define BIT_TO_BYTE(x) (((x) + 7) / 8)
#define BYTE_TO_BIT(x) ((x) * 8)
//////////////////////////////////////////////////////////////////////
//
// Error code
//
//////////////////////////////////////////////////////////////////////
#define ERR_NO_ERROR 0 // No error
#define ERR_CONNECT_FAILED 1 // Connection to the server has failed
#define ERR_SERVER_IS_NOT_VPN 2 // The destination server is not a VPN server
#define ERR_DISCONNECTED 3 // The connection has been interrupted
#define ERR_PROTOCOL_ERROR 4 // Protocol error
#define ERR_CLIENT_IS_NOT_VPN 5 // Connecting client is not a VPN client
#define ERR_USER_CANCEL 6 // User cancel
#define ERR_AUTHTYPE_NOT_SUPPORTED 7 // Specified authentication method is not supported
#define ERR_HUB_NOT_FOUND 8 // The HUB does not exist
#define ERR_AUTH_FAILED 9 // Authentication failure
#define ERR_HUB_STOPPING 10 // HUB is stopped
#define ERR_SESSION_REMOVED 11 // Session has been deleted
#define ERR_ACCESS_DENIED 12 // Access denied
#define ERR_SESSION_TIMEOUT 13 // Session times out
#define ERR_INVALID_PROTOCOL 14 // Protocol is invalid
#define ERR_TOO_MANY_CONNECTION 15 // Too many connections
#define ERR_HUB_IS_BUSY 16 // Too many sessions of the HUB
#define ERR_PROXY_CONNECT_FAILED 17 // Connection to the proxy server fails
#define ERR_PROXY_ERROR 18 // Proxy Error
#define ERR_PROXY_AUTH_FAILED 19 // Failed to authenticate on the proxy server
#define ERR_TOO_MANY_USER_SESSION 20 // Too many sessions of the same user
#define ERR_LICENSE_ERROR 21 // License error
#define ERR_DEVICE_DRIVER_ERROR 22 // Device driver error
#define ERR_INTERNAL_ERROR 23 // Internal error
#define ERR_SECURE_DEVICE_OPEN_FAILED 24 // The secure device cannot be opened
#define ERR_SECURE_PIN_LOGIN_FAILED 25 // PIN code is incorrect
#define ERR_SECURE_NO_CERT 26 // Specified certificate is not stored
#define ERR_SECURE_NO_PRIVATE_KEY 27 // Specified private key is not stored
#define ERR_SECURE_CANT_WRITE 28 // Write failure
#define ERR_OBJECT_NOT_FOUND 29 // Specified object can not be found
#define ERR_VLAN_ALREADY_EXISTS 30 // Virtual LAN card with the specified name already exists
#define ERR_VLAN_INSTALL_ERROR 31 // Specified virtual LAN card cannot be created
#define ERR_VLAN_INVALID_NAME 32 // Specified name of the virtual LAN card is invalid
#define ERR_NOT_SUPPORTED 33 // Unsupported
#define ERR_ACCOUNT_ALREADY_EXISTS 34 // Account already exists
#define ERR_ACCOUNT_ACTIVE 35 // Account is operating
#define ERR_ACCOUNT_NOT_FOUND 36 // Specified account doesn't exist
#define ERR_ACCOUNT_INACTIVE 37 // Account is offline
#define ERR_INVALID_PARAMETER 38 // Parameter is invalid
#define ERR_SECURE_DEVICE_ERROR 39 // Error has occurred in the operation of the secure device
#define ERR_NO_SECURE_DEVICE_SPECIFIED 40 // Secure device is not specified
#define ERR_VLAN_IS_USED 41 // Virtual LAN card in use by account
#define ERR_VLAN_FOR_ACCOUNT_NOT_FOUND 42 // Virtual LAN card of the account can not be found
#define ERR_VLAN_FOR_ACCOUNT_USED 43 // Virtual LAN card of the account is already in use
#define ERR_VLAN_FOR_ACCOUNT_DISABLED 44 // Virtual LAN card of the account is disabled
#define ERR_INVALID_VALUE 45 // Value is invalid
#define ERR_NOT_FARM_CONTROLLER 46 // Not a farm controller
#define ERR_TRYING_TO_CONNECT 47 // Attempting to connect
#define ERR_CONNECT_TO_FARM_CONTROLLER 48 // Failed to connect to the farm controller
#define ERR_COULD_NOT_HOST_HUB_ON_FARM 49 // A virtual HUB on farm could not be created
#define ERR_FARM_MEMBER_HUB_ADMIN 50 // HUB cannot be managed on a farm member
#define ERR_NULL_PASSWORD_LOCAL_ONLY 51 // Accepting only local connections for an empty password
#define ERR_NOT_ENOUGH_RIGHT 52 // Right is insufficient
#define ERR_LISTENER_NOT_FOUND 53 // Listener can not be found
#define ERR_LISTENER_ALREADY_EXISTS 54 // Listener already exists
#define ERR_NOT_FARM_MEMBER 55 // Not a farm member
#define ERR_CIPHER_NOT_SUPPORTED 56 // Encryption algorithm is not supported
#define ERR_HUB_ALREADY_EXISTS 57 // HUB already exists
#define ERR_TOO_MANY_HUBS 58 // Too many HUBs
#define ERR_LINK_ALREADY_EXISTS 59 // Link already exists
#define ERR_LINK_CANT_CREATE_ON_FARM 60 // The link can not be created on the server farm
#define ERR_LINK_IS_OFFLINE 61 // Link is off-line
#define ERR_TOO_MANY_ACCESS_LIST 62 // Too many access list
#define ERR_TOO_MANY_USER 63 // Too many users
#define ERR_TOO_MANY_GROUP 64 // Too many Groups
#define ERR_GROUP_NOT_FOUND 65 // Group can not be found
#define ERR_USER_ALREADY_EXISTS 66 // User already exists
#define ERR_GROUP_ALREADY_EXISTS 67 // Group already exists
#define ERR_USER_AUTHTYPE_NOT_PASSWORD 68 // Authentication method of the user is not a password authentication
#define ERR_OLD_PASSWORD_WRONG 69 // The user does not exist or the old password is wrong
#define ERR_LINK_CANT_DISCONNECT 73 // Cascade session cannot be disconnected
#define ERR_ACCOUNT_NOT_PRESENT 74 // Not completed configure the connection to the VPN server
#define ERR_ALREADY_ONLINE 75 // It is already online
#define ERR_OFFLINE 76 // It is offline
#define ERR_NOT_RSA_1024 77 // The certificate is not RSA 1024bit
#define ERR_SNAT_CANT_DISCONNECT 78 // SecureNAT session cannot be disconnected
#define ERR_SNAT_NEED_STANDALONE 79 // SecureNAT works only in stand-alone HUB
#define ERR_SNAT_NOT_RUNNING 80 // SecureNAT function is not working
#define ERR_SE_VPN_BLOCK 81 // Stopped by PacketiX VPN Block
#define ERR_BRIDGE_CANT_DISCONNECT 82 // Bridge session can not be disconnected
#define ERR_LOCAL_BRIDGE_STOPPING 83 // Bridge function is stopped
#define ERR_LOCAL_BRIDGE_UNSUPPORTED 84 // Bridge feature is not supported
#define ERR_CERT_NOT_TRUSTED 85 // Certificate of the destination server can not be trusted
#define ERR_PRODUCT_CODE_INVALID 86 // Product code is different
#define ERR_VERSION_INVALID 87 // Version is different
#define ERR_CAPTURE_DEVICE_ADD_ERROR 88 // Adding capture device failure
#define ERR_VPN_CODE_INVALID 89 // VPN code is different
#define ERR_CAPTURE_NOT_FOUND 90 // Capture device can not be found
#define ERR_LAYER3_CANT_DISCONNECT 91 // Layer-3 session cannot be disconnected
#define ERR_LAYER3_SW_EXISTS 92 // L3 switch of the same already exists
#define ERR_LAYER3_SW_NOT_FOUND 93 // Layer-3 switch can not be found
#define ERR_INVALID_NAME 94 // Name is invalid
#define ERR_LAYER3_IF_ADD_FAILED 95 // Failed to add interface
#define ERR_LAYER3_IF_DEL_FAILED 96 // Failed to delete the interface
#define ERR_LAYER3_IF_EXISTS 97 // Interface that you specified already exists
#define ERR_LAYER3_TABLE_ADD_FAILED 98 // Failed to add routing table
#define ERR_LAYER3_TABLE_DEL_FAILED 99 // Failed to delete the routing table
#define ERR_LAYER3_TABLE_EXISTS 100 // Routing table entry that you specified already exists
#define ERR_BAD_CLOCK 101 // Time is queer
#define ERR_LAYER3_CANT_START_SWITCH 102 // The Virtual Layer 3 Switch can not be started
#define ERR_CLIENT_LICENSE_NOT_ENOUGH 103 // Client connection licenses shortage
#define ERR_BRIDGE_LICENSE_NOT_ENOUGH 104 // Bridge connection licenses shortage
#define ERR_SERVER_CANT_ACCEPT 105 // Not Accept on the technical issues
#define ERR_SERVER_CERT_EXPIRES 106 // Destination VPN server has expired
#define ERR_MONITOR_MODE_DENIED 107 // Monitor port mode was rejected
#define ERR_BRIDGE_MODE_DENIED 108 // Bridge-mode or Routing-mode was rejected
#define ERR_IP_ADDRESS_DENIED 109 // Client IP address is denied
#define ERR_TOO_MANT_ITEMS 110 // Too many items
#define ERR_MEMORY_NOT_ENOUGH 111 // Out of memory
#define ERR_OBJECT_EXISTS 112 // Object already exists
#define ERR_FATAL 113 // A fatal error occurred
#define ERR_SERVER_LICENSE_FAILED 114 // License violation has occurred on the server side
#define ERR_SERVER_INTERNET_FAILED 115 // Server side is not connected to the Internet
#define ERR_CLIENT_LICENSE_FAILED 116 // License violation occurs on the client side
#define ERR_BAD_COMMAND_OR_PARAM 117 // Command or parameter is invalid
#define ERR_INVALID_LICENSE_KEY 118 // License key is invalid
#define ERR_NO_VPN_SERVER_LICENSE 119 // There is no valid license for the VPN Server
#define ERR_NO_VPN_CLUSTER_LICENSE 120 // There is no cluster license
#define ERR_NOT_ADMINPACK_SERVER 121 // Not trying to connect to a server with the Administrator Pack license
#define ERR_NOT_ADMINPACK_SERVER_NET 122 // Not trying to connect to a server with the Administrator Pack license (for .NET)
#define ERR_BETA_EXPIRES 123 // Destination Beta VPN Server has expired
#define ERR_BRANDED_C_TO_S 124 // Branding string of connection limit is different (Authentication on the server side)
#define ERR_BRANDED_C_FROM_S 125 // Branding string of connection limit is different (Authentication for client-side)
#define ERR_AUTO_DISCONNECTED 126 // VPN session is disconnected for a certain period of time has elapsed
#define ERR_CLIENT_ID_REQUIRED 127 // Client ID does not match
#define ERR_TOO_MANY_USERS_CREATED 128 // Too many created users
#define ERR_SUBSCRIPTION_IS_OLDER 129 // Subscription expiration date Is earlier than the build date of the VPN Server
#define ERR_ILLEGAL_TRIAL_VERSION 130 // Many trial license is used continuously
#define ERR_NAT_T_TWO_OR_MORE 131 // There are multiple servers in the back of a global IP address in the NAT-T connection
#define ERR_DUPLICATE_DDNS_KEY 132 // DDNS host key duplicate
#define ERR_DDNS_HOSTNAME_EXISTS 133 // Specified DDNS host name already exists
#define ERR_DDNS_HOSTNAME_INVALID_CHAR 134 // Characters that can not be used for the host name is included
#define ERR_DDNS_HOSTNAME_TOO_LONG 135 // Host name is too long
#define ERR_DDNS_HOSTNAME_IS_EMPTY 136 // Host name is not specified
#define ERR_DDNS_HOSTNAME_TOO_SHORT 137 // Host name is too short
#define ERR_MSCHAP2_PASSWORD_NEED_RESET 138 // Necessary that password is changed
#define ERR_DDNS_DISCONNECTED 139 // Communication to the dynamic DNS server is disconnected
#define ERR_SPECIAL_LISTENER_ICMP_ERROR 140 // The ICMP socket can not be opened
#define ERR_SPECIAL_LISTENER_DNS_ERROR 141 // Socket for DNS port can not be opened
#define ERR_OPENVPN_IS_NOT_ENABLED 142 // OpenVPN server feature is not enabled
#define ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE 143 // It is the type of user authentication that are not supported in the open source version
#define ERR_VPNGATE 144 // Operation on VPN Gate Server is not available
#define ERR_VPNGATE_CLIENT 145 // Operation on VPN Gate Client is not available
#define ERR_VPNGATE_INCLIENT_CANT_STOP 146 // Can not be stopped if operating within VPN Client mode
#define ERR_NOT_SUPPORTED_FUNCTION_ON_OPENSOURCE 147 // It is a feature that is not supported in the open source version
#define ERR_SUSPENDING 148 // System is suspending
#define ERR_HOSTNAME_MISMATCH 149 // SSL hostname mismatch
#define ERR_SSL_PROTOCOL_VERSION 150 // SSL version not supported
#define ERR_SSL_SHARED_CIPHER 151 // Can't find common cipher
#define ERR_SSL_HANDSHAKE 152 // Other SSL handshake error
////////////////////////////
// Generally used structure
// Network Services
typedef struct NETSVC
{
bool Udp; // false=TCP, true=UDP
UINT Port; // Port number
char *Name; // Name
} NETSVC;
// Traffic data entry
typedef struct TRAFFIC_ENTRY
{
UINT64 BroadcastCount; // Number of broadcast packets
UINT64 BroadcastBytes; // Broadcast bytes
UINT64 UnicastCount; // Unicast count
UINT64 UnicastBytes; // Unicast bytes
} TRAFFIC_ENTRY;
// Traffic data
struct TRAFFIC
{
TRAFFIC_ENTRY Send; // Transmitted data
TRAFFIC_ENTRY Recv; // Received data
};
// Non-SSL connection source
typedef struct NON_SSL
{
IP IpAddress; // IP address
UINT64 EntryExpires; // Expiration date of entry
UINT Count; // Number of connection count
} NON_SSL;
// Simple log storage
typedef struct TINY_LOG
{
char FileName[MAX_PATH]; // File name
IO *io; // File
LOCK *Lock; // Lock
} TINY_LOG;
// CEDAR structure
struct CEDAR
{
LOCK *lock; // Lock
REF *ref; // Reference counter
COUNTER *AcceptingSockets; // Number of sockets in Accept
UINT Type; // Type
LIST *ListenerList; // Listener list
LIST *HubList; // HUB list
LIST *WgkList; // WireGuard key list
LIST *ConnectionList; // Negotiating connection list
LIST *CaList; // List of CA
volatile bool Halt; // Halt flag
COUNTER *ConnectionIncrement; // Connection increment counter
X *ServerX; // Server certificate
K *ServerK; // Private key of the server certificate
LIST *ServerChain; // Server trust chain
char UsernameHubSeparator; // Character which separates the username from the hub name
char *CipherList; // List of encryption algorithms
UINT Version; // Version information
UINT Build; // Build Number
char *ServerStr; // Server string
char *MachineName; // Computer name
char *HttpUserAgent; // HTTP user agent
char *HttpAccept; // HTTP Accept
char *HttpAcceptLanguage; // HTTP Accept Language
char *HttpAcceptEncoding; // HTTP Accept Encoding
TRAFFIC *Traffic; // Traffic information
LOCK *TrafficLock; // Traffic information lock
LIST *UDPEntryList; // UDP entry list
COUNTER *CurrentSessions; // The current number of sessions
COUNTER *CurrentTcpConnections; // Number of current TCP connections
LIST *NetSvcList; // Network service list
char *VerString; // Version string
char *BuildInfo; // Build Information
struct CLIENT *Client; // Client
struct SERVER *Server; // Server
UINT64 CreatedTick; // Generation date and time
bool CheckExpires; // Check the expiration date
LIST *TrafficDiffList; // Traffic difference list
struct LOG *DebugLog; // Debug log
UCHAR UniqueId[16]; // Unique ID
LIST *LocalBridgeList; // Local bridge list
bool Bridge; // Bridge version
LIST *L3SwList; // Layer-3 switch list
COUNTER *AssignedClientLicense; // Number of assigned client licenses
COUNTER *AssignedBridgeLicense; // Number of assigned bridge licenses
UINT64 LicenseViolationTick; // License violation occurs
LIST *NonSslList; // Non-SSL connection list
struct WEBUI *WebUI; // Data for WebUI service
UINT Beta; // Beta number
LOCK *CedarSuperLock; // Cedar super lock!
bool DisableIPv6Listener; // Disable IPv6 listener
UINT ClientId; // Client ID
UINT64 BuiltDate; // Build Date
LIST *UdpPortList; // UDP port list in use
char CurrentDDnsFqdn[MAX_SIZE]; // FQDN of the current DDNS
char OpenVPNPublicPorts[MAX_SIZE]; // OpenVPN public UDP port list
LOCK *OpenVPNPublicPortsLock; // Lock of OpenVPN public UDP port list
LOCK *CurrentRegionLock; // Current region lock
char CurrentRegion[128]; // Current region
LOCK *CurrentTcpQueueSizeLock; // Current TCP send queue size lock
UINT CurrentTcpQueueSize; // Current TCP send queue size
COUNTER *CurrentActiveLinks; // Current active cascade connections
LOCK *QueueBudgetLock; // Queue budget lock
UINT QueueBudget; // Queue budget
LOCK *FifoBudgetLock; // Fifo budget lock
UINT FifoBudget; // Fifo budget
SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings
UINT DhParamBits; // Bits of Diffie-Hellman parameters
};
// Type of CEDAR
#define CEDAR_CLIENT 0 // Client
#define CEDAR_STANDALONE_SERVER 1 // Stand-alone server
#define CEDAR_FARM_CONTROLLER 2 // Server farm controller