path: root/src/Cedar/Cedar.h

// SoftEther VPN Source Code - Stable Edition Repository
// Cedar Communication Module
// 
// SoftEther VPN Server, Client and Bridge are free software under GPLv2.
// 
// Copyright (c) Daiyuu Nobori.
// Copyright (c) SoftEther VPN Project, University of Tsukuba, Japan.
// Copyright (c) SoftEther Corporation.
// 
// All Rights Reserved.
// 
// http://www.softether.org/
// 
// Author: Daiyuu Nobori, Ph.D.
// Comments: Tetsuo Sugiyama, Ph.D.
// 
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// version 2 as published by the Free Software Foundation.
// 
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// 
// You should have received a copy of the GNU General Public License version 2
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
// 
// THE LICENSE AGREEMENT IS ATTACHED ON THE SOURCE-CODE PACKAGE
// AS "LICENSE.TXT" FILE. READ THE TEXT FILE IN ADVANCE TO USE THE SOFTWARE.
// 
// 
// THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN,
// UNDER JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY,
// MERGE, PUBLISH, DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS
// SOFTWARE, THAT ANY JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS
// SOFTWARE OR ITS CONTENTS, AGAINST US (SOFTETHER PROJECT, SOFTETHER
// CORPORATION, DAIYUU NOBORI OR OTHER SUPPLIERS), OR ANY JURIDICAL
// DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND OF USING, COPYING,
// MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, AND/OR
// SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND
// CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO
// EXCLUSIVE JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO,
// JAPAN. YOU MUST WAIVE ALL DEFENSES OF LACK OF PERSONAL JURISDICTION
// AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN
// THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE.
// 
// USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS
// YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY
// CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS
// SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE
// SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO
// COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING
// PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR
// CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE
// NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR
// INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+
// COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE
// WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY
// COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE
// COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE
// SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR
// COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO
// RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL
// RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT
// JUST A STATEMENT FOR WARNING AND DISCLAIMER.
// 
// 
// SOURCE CODE CONTRIBUTION
// ------------------------
// 
// Your contribution to SoftEther VPN Project is much appreciated.
// Please send patches to us through GitHub.
// Read the SoftEther VPN Patch Acceptance Policy in advance:
// http://www.softether.org/5-download/src/9.patch
// 
// 
// DEAR SECURITY EXPERTS
// ---------------------
// 
// If you find a bug or a security vulnerability please kindly inform us
// about the problem immediately so that we can fix the security problem
// to protect a lot of users around the world as soon as possible.
// 
// Our e-mail address for security reports is:
// softether-vpn-security [at] softether.org
// 
// Please note that the above e-mail address is not a technical support
// inquiry address. If you need technical assistance, please visit
// http://www.softether.org/ and ask your question on the users forum.
// 
// Thank you for your cooperation.
// 
// 
// NO MEMORY OR RESOURCE LEAKS
// ---------------------------
// 
// The memory-leaks and resource-leaks verification under the stress
// test has been passed before release this source code.


// Cedar.h
// Header of Cedar.c

#ifndef	CEDAR_H
#define	CEDAR_H


//////////////////////////////////////////////////////////////////////
// 
// Products related constants
// 
//////////////////////////////////////////////////////////////////////

// Replace the function name
#ifdef	VPN_SPEED

#define	DecryptSecurePacket	__dsp
#define	CreateSecurePacket	__csp
#define	GetSecureRandomSize	__gsrs

#endif	// VPN_SPEED

#define	bool	UINT
#define	BOOL	UINT


// Version number
#define	CEDAR_VER					427

// Build Number
#define	CEDAR_BUILD					9664

// Beta number
//#define	BETA_NUMBER					3

// RC or not
#define	RELEASE_CANDIDATE

// Specify the name of the person in charge building
#ifndef	BUILDER_NAME
#define	BUILDER_NAME		"yagi"
#endif	// BUILDER_NAME

// Specify the location to build
#ifndef	BUILD_PLACE
#define	BUILD_PLACE			"pc33"
#endif	// BUILD_PLACE

// Specifies the build date
#define	BUILD_DATE_Y		2018
#define	BUILD_DATE_M		4
#define	BUILD_DATE_D		20
#define	BUILD_DATE_HO		16
#define	BUILD_DATE_MI		26
#define	BUILD_DATE_SE		40

// Tolerable time difference
#define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)


// Configuration of communication related control switch
#define	USE_DOS_ATTACK_DETECTION		// Enable the DOS attack detection
//#define	USE_SECURE_PACKET				// Enable the scrambled packet

// Designate the IDS detection signatures
#define	CEDAR_SIGNATURE_STR			"SE-VPN4-PROTOCOL"

// Default RSA certificate name of the smart card
#define	SECURE_DEFAULT_CERT_NAME	"VPN_RSA_CERT"

// Default RSA private key name of the smart card
#define	SECURE_DEFAULT_KEY_NAME		"VPN_RSA_KEY"

// Hidden password string of 8 characters
#define	HIDDEN_PASSWORD				"********"


//////////////////////////////////////////////////////////////////////
// 
// Definition of the maximum length of various string
// 
//////////////////////////////////////////////////////////////////////

#define	MAX_ACCOUNT_NAME_LEN		255		// Maximum account name length
#define	MAX_USERNAME_LEN			255		// User name maximum length
#define	MAX_PASSWORD_LEN			255		// Password name maximum length
#define	MAX_PROXY_USERNAME_LEN		255		// Proxy user name maximum length
#define	MAX_PROXY_PASSWORD_LEN		255		// Proxy Password maximum length
#define	MAX_SERVER_STR_LEN			255		// Maximum length of server string
#define	MAX_CLIENT_STR_LEN			255		// Maximum length of client string
#define	MAX_HUBNAME_LEN				255		// Maximum length of HUB name
#define	MAX_SESSION_NAME_LEN		255		// Session name maximum length
#define	MAX_CONNECTION_NAME_LEN		255		// Maximum length of connection name
#define	MAX_DEVICE_NAME_LEN			31		// Device name maximum length
#define	MAX_DEVICE_NAME_LEN_9X		4		// Maximum length of Virtual LAN card name in Win9x
#define	MAX_ACCESSLIST_NOTE_LEN		255		// Maximum length of the note of access list entry
#define	MAX_SECURE_DEVICE_FILE_LEN	255		// Secure device file name maximum length
#define	MAX_ADMIN_OPTION_NAME_LEN	63		// Management option name
#define	MAX_REDIRECT_URL_LEN		255		// URL length to redirect


//////////////////////////////////////////////////////////////////////
// 
// Server and session management related constants
// 
//////////////////////////////////////////////////////////////////////

#define	SERVER_MAX_SESSIONS			4096	// Maximum number of sessions that the server supports
#define SERVER_MAX_SESSIONS_FOR_CARRIER_EDITION	100000	// Maximum number of sessions that the server supports (Carrier Edition)
#define	NAT_MAX_SESSIONS			4096	// Maximum number of sessions that are supported by NAT
#define	NAT_MAX_SESSIONS_KERNEL		65536	// Maximum number of sessions that are supported by NAT (In the case of kernel-mode NAT)
#define	MAX_HUBS					4096	// The maximum number of virtual HUB
#define MAX_HUBS_FOR_CARRIER_EDITION	100000	// The maximum number of virtual HUB (Carrier Edition)
#define	MAX_ACCESSLISTS				(4096 * 8)	// Maximum number of access list entries
#define	MAX_USERS					10000	// The maximum number of users
#define	MAX_GROUPS					10000	// Maximum number of groups
#define	MAX_MAC_TABLES				VPN_GP(GP_MAX_MAC_TABLES, 65536)	// Maximum number of MAC address table entries
#define	MAX_IP_TABLES				VPN_GP(GP_MAX_IP_TABLES, 65536)	// Maximum number of IP address table entries
#define	MAX_HUB_CERTS				4096	// Maximum number of Root CA that can be registered
#define	MAX_HUB_CRLS				4096	// Maximum number of CRL that can be registered
#define	MAX_HUB_ACS					4096	// Maximum number of AC that can be registered
#define	MAX_HUB_LINKS				VPN_GP(GP_MAX_HUB_LINKS, 1024)	// Maximum number of Cascade that can be registered
#define	MAX_HUB_ADMIN_OPTIONS		4096	// Maximum number of Virtual HUB management options that can be registered

#ifndef	USE_STRATEGY_LOW_MEMORY
#define	MEM_FIFO_REALLOC_MEM_SIZE	VPN_GP(GP_MEM_FIFO_REALLOC_MEM_SIZE, (65536 * 10))
#define	QUEUE_BUDGET				VPN_GP(GP_QUEUE_BUDGET, 2048)
#define	FIFO_BUDGET					VPN_GP(GP_FIFO_BUDGET, 1600 * 1600 * 4)
#else	// USE_STRATEGY_LOW_MEMORY
#define	MEM_FIFO_REALLOC_MEM_SIZE	VPN_GP(GP_MEM_FIFO_REALLOC_MEM_SIZE, (65536))
#define	QUEUE_BUDGET				VPN_GP(GP_QUEUE_BUDGET, 1024)
#define	FIFO_BUDGET					VPN_GP(GP_FIFO_BUDGET, 1000000)
#endif	// USE_STRATEGY_LOW_MEMORY

#define	MAX_PACKET_SIZE				1600	// Maximum packet size
#define	UDP_BUF_SIZE				(32 * 1024) // Aim of the UDP packet size

#ifndef	USE_STRATEGY_LOW_MEMORY
#define	MAX_SEND_SOCKET_QUEUE_SIZE	VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_SIZE, (1600 * 1600 * 1))	// Maximum transmit queue size
#define	MIN_SEND_SOCKET_QUEUE_SIZE	VPN_GP(GP_MIN_SEND_SOCKET_QUEUE_SIZE, (1600 * 200 * 1))	// Minimum transmit queue size
#define	MAX_STORED_QUEUE_NUM		VPN_GP(GP_MAX_STORED_QUEUE_NUM, 1024)		// The number of queues that can be stored in each session
#define	MAX_BUFFERING_PACKET_SIZE	VPN_GP(GP_MAX_BUFFERING_PACKET_SIZE, (1600 * 1600))	// Maximum packet size can be buffered
#else	// USE_STRATEGY_LOW_MEMORY
#define	MAX_SEND_SOCKET_QUEUE_SIZE	VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_SIZE, (1600 * 200 * 1))	// Maximum transmit queue size
#define	MIN_SEND_SOCKET_QUEUE_SIZE	VPN_GP(GP_MIN_SEND_SOCKET_QUEUE_SIZE, (1600 * 50 * 1))	// Minimum transmit queue size
#define	MAX_STORED_QUEUE_NUM		VPN_GP(GP_MAX_STORED_QUEUE_NUM, 384)		// The number of queues that can be stored in each session
#define	MAX_BUFFERING_PACKET_SIZE	VPN_GP(GP_MAX_BUFFERING_PACKET_SIZE, (1600 * 300 * 1))	// Maximum packet size can be buffered
#endif	// USE_STRATEGY_LOW_MEMORY

#define	MAX_SEND_SOCKET_QUEUE_NUM	VPN_GP(GP_MAX_SEND_SOCKET_QUEUE_NUM, 128)		// Maximum number of transmission queue items per processing
#define	MAX_TCP_CONNECTION			32		// The maximum number of TCP connections
#define	NUM_TCP_CONNECTION_FOR_UDP_RECOVERY	2	// Maximum number of connections when using UDP recovery
#define	SELECT_TIME					VPN_GP(GP_SELECT_TIME, 256)
#define	SELECT_TIME_FOR_NAT			VPN_GP(GP_SELECT_TIME_FOR_NAT, 30)
#define	SELECT_TIME_FOR_DELAYED_PKT	1		// If there is a delayed packet

#define	TIMEOUT_MIN					(5 * 1000)	// Minimum timeout in seconds
#define	TIMEOUT_MAX					(60 * 1000)	// Maximum timeout in seconds
#define	TIMEOUT_DEFAULT				(30 * 1000) // Default number of seconds to timeout
#define	CONNECTING_TIMEOUT			(15 * 1000)	// Timeout in seconds of being connected
#define	CONNECTING_TIMEOUT_PROXY	(4 * 1000)	// Timeout in seconds of being connected (Proxy)
#define	CONNECTING_POOLING_SPAN		(3 * 1000) // Polling interval of connected
#define	MIN_RETRY_INTERVAL			(5 * 1000)		// Minimum retry interval
#define	MAX_RETRY_INTERVAL			(300 * 1000)	// Maximum retry interval
#define	RETRY_INTERVAL_SPECIAL		(60 * 1000)		// Reconnection interval of a special case

#define	MAX_ADDITONAL_CONNECTION_FAILED_COUNTER	16	// Allowable number that can be serially failed to additional connection
#define	ADDITIONAL_CONNECTION_COUNTER_RESET_INTERVAL	(30 * 60 * 1000)	// Reset period of additional connection failure counter

#define	MAC_MIN_LIMIT_COUNT			3		// Minimum number of MAC addresses
#define	IP_MIN_LIMIT_COUNT			4		// Number of IPv4 addresses minimum
#define	IP_MIN_LIMIT_COUNT_V6		5		// Number of IPv6 addresses minimum
#define	IP_LIMIT_WHEN_NO_ROUTING_V6	15		// Maximum number of IPv6 addresses when NoRouting policy is enabled

#define	MAC_TABLE_EXCLUSIVE_TIME	(13 * 1000)			// Period that can occupy the MAC address
#define	IP_TABLE_EXCLUSIVE_TIME		(13 * 1000)			// Period that can occupy the IP address
#define	MAC_TABLE_EXPIRE_TIME		VPN_GP(GP_MAC_TABLE_EXPIRE_TIME, (600 * 1000))			// MAC address table expiration time
#define	IP_TABLE_EXPIRE_TIME		VPN_GP(GP_IP_TABLE_EXPIRE_TIME, (60 * 1000))			// IP address table expiration time
#define	IP_TABLE_EXPIRE_TIME_DHCP	VPN_GP(GP_IP_TABLE_EXPIRE_TIME_DHCP, (5 * 60 * 1000))		// IP address table expiration time (In the case of DHCP)
#define	HUB_ARP_SEND_INTERVAL		VPN_GP(GP_HUB_ARP_SEND_INTERVAL, (5 * 1000))			// ARP packet transmission interval (alive check)

#define	LIMITER_SAMPLING_SPAN		1000	// Sampling interval of the traffic limiting device

#define	STORM_CHECK_SPAN			VPN_GP(GP_STORM_CHECK_SPAN, 500)		// Broadcast storm check interval
#define	STORM_DISCARD_VALUE_START	VPN_GP(GP_STORM_DISCARD_VALUE_START, 3)		// Broadcast packet discard value start value
#define	STORM_DISCARD_VALUE_END		VPN_GP(GP_STORM_DISCARD_VALUE_END, 1024)	// Broadcast packet discard value end value

#define	KEEP_INTERVAL_MIN			5		// Packet transmission interval minimum value
#define	KEEP_INTERVAL_DEFAULT		50		// Packet transmission interval default value
#define	KEEP_INTERVAL_MAX			600		// Packet transmission interval maximum value
#define KEEP_TCP_TIMEOUT			1000	// TCP time-out value

#define	TICKET_EXPIRES				(60 * 1000)	// Expiration date of ticket

#define	SEND_KILL_NUM_X				256			// Number of 'X' characters to send the Kill


#define	FARM_BASE_POINT				100000		// Reference value of the cluster score
#define	FARM_DEFAULT_WEIGHT			100			// Standard performance ratio



#define	SE_UDP_SIGN			"SE2P"		// Not used (only old UDP mode)

// R-UDP service name
#define	VPN_RUDP_SVC_NAME		"SoftEther_VPN"

// Traffic information update interval
#define	INCREMENT_TRAFFIC_INTERVAL		(10 * 1000)

// State of the client session
#define	CLIENT_STATUS_CONNECTING	0		// Connecting
#define	CLIENT_STATUS_NEGOTIATION	1		// Negotiating
#define	CLIENT_STATUS_AUTH			2		// During user authentication
#define	CLIENT_STATUS_ESTABLISHED	3		// Connection complete
#define	CLIENT_STATUS_RETRY			4		// Wait to retry
#define	CLIENT_STATUS_IDLE			5		// Idle state

// Expiration date of the black list
#define	BLACK_LIST_EXPIRES			(30 * 10000)

// Number Blacklist entries
#define	MAX_BLACK_LIST				4096
#define	BLACK_LIST_CHECK_SPAN		1000

// Blocks to be transmitted at one during the file transfer
#define	FTP_BLOCK_SIZE				(640 * 1024)

// Syslog configuration
#define SYSLOG_NONE							0		// Do not use syslog
#define SYSLOG_SERVER_LOG					1		// Only server log
#define SYSLOG_SERVER_AND_HUB_SECURITY_LOG	2		// Server and Virtual HUB security log
#define SYSLOG_SERVER_AND_HUB_ALL_LOG		3		// Server, Virtual HUB security, and packet log

#define SYSLOG_PORT					514			// Syslog port number
#define SYSLOG_POLL_IP_INTERVAL		(UINT64)(3600 * 1000)	// Interval to examine the IP address
#define	SYSLOG_POLL_IP_INTERVAL_NG	(UINT64)(60 * 1000)	// Interval to examine the IP address (previous failure)

//////////////////////////////////////////////////////////////////////
// 
// Connection-related constant
// 
//////////////////////////////////////////////////////////////////////

// Internet connection maintenance function (KeepAlive)

#define	KEEP_RETRY_INTERVAL		(60 * 1000)			// Reconnection interval on connection failure
#define	KEEP_MIN_PACKET_SIZE	1					// Minimum packet size
#define	KEEP_MAX_PACKET_SIZE	128					// Maximum packet size
#define	KEEP_POLLING_INTERVAL	250					// KEEP polling interval

// Constants
#define	RECV_BUF_SIZE				65536			// Buffer size to be received at a time

// Type of proxy
#define	PROXY_DIRECT			0	// Direct TCP connection
#define	PROXY_HTTP				1	// Connection via HTTP proxy server
#define	PROXY_SOCKS				2	// Connection via SOCKS proxy server

// Direction of data flow
#define	TCP_BOTH				0	// Bi-directional
#define	TCP_SERVER_TO_CLIENT	1	// Only server -> client direction
#define	TCP_CLIENT_TO_SERVER	2	// Only client -> server direction

// Type of connection
#define	CONNECTION_TYPE_CLIENT			0	// Client
#define	CONNECTION_TYPE_INIT			1	// During initialization
#define	CONNECTION_TYPE_LOGIN			2	// Login connection
#define	CONNECTION_TYPE_ADDITIONAL		3	// Additional connection
#define	CONNECTION_TYPE_FARM_RPC		4	// RPC for server farm
#define	CONNECTION_TYPE_ADMIN_RPC		5	// RPC for Management
#define	CONNECTION_TYPE_ENUM_HUB		6	// HUB enumeration
#define	CONNECTION_TYPE_PASSWORD		7	// Password change
#define	CONNECTION_TYPE_SSTP			8	// SSTP
#define	CONNECTION_TYPE_OPENVPN			9	// OpenVPN

// Protocol
#define	CONNECTION_TCP					0	// TCP protocol
#define	CONNECTION_UDP					1	// UDP protocol
#define	CONNECTION_HUB_LAYER3			6	// Layer-3 switch session
#define	CONNECTION_HUB_BRIDGE			7	// Bridge session
#define	CONNECTION_HUB_SECURE_NAT		8	// Secure NAT session
#define	CONNECTION_HUB_LINK_SERVER		9	// HUB link session


// Status
#define	CONNECTION_STATUS_ACCEPTED		0	// The connection is accepted (client side)
#define	CONNECTION_STATUS_NEGOTIATION	1	// Negotiating
#define	CONNECTION_STATUS_USERAUTH		2	// During user authentication
#define	CONNECTION_STATUS_ESTABLISHED	3	// Connection has been established
#define	CONNECTION_STATUS_CONNECTING	0	// Connecting (client side)

// Magic number of KeepAlive packet
#define	KEEP_ALIVE_MAGIC				0xffffffff
#define	MAX_KEEPALIVE_SIZE				512



//////////////////////////////////////////////////////////////////////
// 
// Virtual HUB-related constant
// 
//////////////////////////////////////////////////////////////////////

#define	SE_HUB_MAC_ADDR_SIGN				0xAE					// Sign virtual HUB MAC address

// Traffic difference value
#define	TRAFFIC_DIFF_USER		0		// User
#define	TRAFFIC_DIFF_HUB		1		// Virtual HUB
#define	MAX_TRAFFIC_DIFF		30000	// Maximum number of items

// Type of HUB
#define	HUB_TYPE_STANDALONE			0	// Stand-alone HUB
#define	HUB_TYPE_FARM_STATIC		1	// Static HUB
#define	HUB_TYPE_FARM_DYNAMIC		2	// Dynamic HUB

// Related to delay, jitter, packet loss in the access list
#define	HUB_ACCESSLIST_DELAY_MAX	10000		// Maximum delay
#define	HUB_ACCESSLIST_JITTER_MAX	100			// Maximum jitter
#define	HUB_ACCESSLIST_LOSS_MAX		100			// Maximum packet loss

// Message related
#define	HUB_MAXMSG_LEN				20000		// The maximum number of characters in a message



//////////////////////////////////////////////////////////////////////
// 
// Type of user authentication
// 
//////////////////////////////////////////////////////////////////////

// Constant in the server-side
#define	AUTHTYPE_ANONYMOUS				0			// Anonymous authentication
#define	AUTHTYPE_PASSWORD				1			// Password authentication
#define	AUTHTYPE_USERCERT				2			// User certificate authentication
#define	AUTHTYPE_ROOTCERT				3			// Root certificate which is issued by trusted Certificate Authority
#define	AUTHTYPE_RADIUS					4			// Radius authentication
#define	AUTHTYPE_NT						5			// Windows NT authentication
#define	AUTHTYPE_TICKET					99			// Ticket authentication

// Constant of the client side
#define	CLIENT_AUTHTYPE_ANONYMOUS		0			// Anonymous authentication
#define	CLIENT_AUTHTYPE_PASSWORD		1			// Password authentication
#define	CLIENT_AUTHTYPE_PLAIN_PASSWORD	2			// Plain password authentication
#define	CLIENT_AUTHTYPE_CERT			3			// Certificate authentication
#define	CLIENT_AUTHTYPE_SECURE			4			// Secure device authentication



//////////////////////////////////////////////////////////////////////
// 
// TCP listener related constants
// 
//////////////////////////////////////////////////////////////////////

// Retries in case it fails to Listen
#define	LISTEN_RETRY_TIME			(2 * 1000)		// If fail to Listen normally
#define LISTEN_RETRY_TIME_NOIPV6	(60 * 1000)		// If IPv6 support is disabled

#define	DOS_TABLE_EXPIRES_FIRST		250				// Initial value of the expiration date of DOS attack list
#define	DOS_TABLE_EXPIRES_MAX		1000			// Maximum value of the expiration date of DOS attack list
#define	DOS_TABLE_REFRESH_INTERVAL	(10 * 1000)		// Interval to update the DOS attack list
#define	DOS_TABLE_MAX_LIMIT_PER_IP	16				// Accessible number per an IP
#define	DOS_TABLE_EXPIRES_TOTAL		(3000 * 1000)	// Time to force delete the entry


// Protocol to be used for the listener
#define	LISTENER_TCP				0		// TCP/IP
#define	LISTENER_UDP				1		// UDP/IP (not being used)
#define	LISTENER_INPROC				2		// In-process communication
#define	LISTENER_RUDP				3		// R-UDP with NAT-T
#define	LISTENER_ICMP				4		// VPN over ICMP
#define	LISTENER_DNS				5		// VPN over DNS
#define	LISTENER_REVERSE			6		// Reverse socket

// Status of the listener
#define	LISTENER_STATUS_TRYING		0		// While attempting
#define	LISTENER_STATUS_LISTENING	1		// Listening

// Largest packet size of UDP
#define	UDP_PACKET_SIZE				65536

// Number of standard connections per IP address
#define DEFAULT_MAX_CONNECTIONS_PER_IP	256
#define MIN_MAX_CONNECTIONS_PER_IP	10		// Minimum value

// Allowed number of outstanding connections
#define	DEFAULT_MAX_UNESTABLISHED_CONNECTIONS	1000
#define	MIN_MAX_UNESTABLISHED_CONNECTIONS	30	// Minimum value


//////////////////////////////////////////////////////////////////////
// 
// Log related constant
// 
//////////////////////////////////////////////////////////////////////

#define	LOG_ENGINE_SAVE_START_CACHE_COUNT	100000		// Number to start saving forcibly
#define	LOG_ENGINE_BUFFER_CACHE_SIZE_MAX	(10 * 1024 * 1024)	// Write cache size

// Constant such as a file name
#define	SERVER_LOG_DIR_NAME			"@server_log"
#define	BRIDGE_LOG_DIR_NAME			SERVER_LOG_DIR_NAME
#define	SERVER_LOG_PERFIX			"vpn"

#define	HUB_SECURITY_LOG_DIR_NAME	"@security_log"
#define	HUB_SECURITY_LOG_FILE_NAME	"@security_log/%s"
#define	HUB_SECURITY_LOG_PREFIX		"sec"
#define	HUB_PACKET_LOG_DIR_NAME		"@packet_log"
#define	HUB_PACKET_LOG_FILE_NAME	"@packet_log/%s"
#define	HUB_PACKET_LOG_PREFIX		"pkt"

#define	NAT_LOG_DIR_NAME			"@secure_nat_log"
#define	NAT_LOG_FILE_NAME			"@secure_nat_log/%s"
#define	NAT_LOG_PREFIX				"snat"

#define	CLIENT_LOG_DIR_NAME			"@client_log"
#define	CLIENT_LOG_PREFIX			"client"

// Packet log settings
#define	NUM_PACKET_LOG				16
#define	PACKET_LOG_TCP_CONN			0		// TCP connection log
#define	PACKET_LOG_TCP				1		// TCP packet log
#define	PACKET_LOG_DHCP				2		// DHCP Log
#define	PACKET_LOG_UDP				3		// UDP log
#define	PACKET_LOG_ICMP				4		// ICMP log
#define	PACKET_LOG_IP				5		// IP log
#define	PACKET_LOG_ARP				6		// ARP log
#define	PACKET_LOG_ETHERNET			7		// Ethernet log

#define	PACKET_LOG_NONE				0		// Not save
#define	PACKET_LOG_HEADER			1		// Only header
#define	PACKET_LOG_ALL				2		// Store also data

// Timing of log switching
#define	LOG_SWITCH_NO				0		// No switching
#define	LOG_SWITCH_SECOND			1		// Secondly basis
#define	LOG_SWITCH_MINUTE			2		// Minutely basis
#define	LOG_SWITCH_HOUR				3		// Hourly basis
#define	LOG_SWITCH_DAY				4		// Daily basis
#define	LOG_SWITCH_MONTH			5		// Monthly basis

// Minimum amount of free disk space
#define	DISK_FREE_SPACE_MIN			1048576	// 1 MBytes
#define	DISK_FREE_SPACE_DEFAULT		(DISK_FREE_SPACE_MIN * 100)	// 100 Mbytes
#define	DISK_FREE_SPACE_DEFAULT_WINDOWS	((UINT64)(8ULL * 1024ULL * 1024ULL * 1024ULL))	// 8GBytes

// Interval to check the free space
#define	DISK_FREE_CHECK_INTERVAL_DEFAULT	(5 * 60 * 1000)

// Simple log
#define TINY_LOG_DIRNAME			"@tiny_log"
#define TINY_LOG_FILENAME			"@tiny_log/%04u%02u%02u_%02u%02u%02u.log"


//////////////////////////////////////////////////////////////////////
// 
// Constant related to Carrier Edition
// 
//////////////////////////////////////////////////////////////////////

#define CE_SNAPSHOT_INTERVAL		((UINT64)(3600 * 1000))
//#define CE_SNAPSHOT_INTERVAL		((UINT64)(3000))
#define CE_SNAPSHOT_POLLING_INTERVAL	(1 * 1000)
#define CE_SNAPSHOT_POLLING_INTERVAL_LICENSE	(30 * 1000)
#define CE_SNAPSHOT_DIR_NAME		"@carrier_log"
#define CE_SNAPSHOT_PREFIX			"carrier"


//////////////////////////////////////////////////////////////////////
// 
// Communication protocol related constant
// 
//////////////////////////////////////////////////////////////////////

// Administrator Username
#define	ADMINISTRATOR_USERNAME		"administrator"
// Maximum value of random size
#define	RAND_SIZE_MAX				4096
// Expiration date of random size cache
#define	RAND_SIZE_CACHE_EXPIRE		(24 * 60 * 60 * 1000)
// Management allowed IP address list file name
#define	ADMINIP_TXT					"@adminip.txt"

#define NON_SSL_MIN_COUNT			60
#define NON_SSL_ENTRY_EXPIRES		(10 * 60 * 1000)

//////////////////////////////////////////////////////////////////////
// 
// The cascade related constants
// 
//////////////////////////////////////////////////////////////////////

#define	LINK_DEVICE_NAME		"_SEHUBLINKCLI_"
#define	LINK_USER_NAME			"link"
#define	LINK_USER_NAME_PRINT	"Cascade"



//////////////////////////////////////////////////////////////////////
// 
// Constant related to SecureNAT connection
// 
//////////////////////////////////////////////////////////////////////

#define	SNAT_DEVICE_NAME		"_SEHUBSECURENAT_"
#define	SNAT_USER_NAME			"securenat"
#define	SNAT_USER_NAME_PRINT	"SecureNAT"



//////////////////////////////////////////////////////////////////////
// 
// Constant related to bridge connection
// 
//////////////////////////////////////////////////////////////////////

#define	BRIDGE_DEVICE_NAME				"_SEHUBBRIDGE_"
#define	BRIDGE_USER_NAME				"localbridge"
#define	BRIDGE_USER_NAME_PRINT			"Local Bridge"
#define	BRIDGE_TRY_SPAN					1000
#define	BRIDGE_NUM_DEVICE_CHECK_SPAN	(5 * 60 * 1000)
#define BRIDGE_NETWORK_CONNECTION_STR	L"%s [%S]"



//////////////////////////////////////////////////////////////////////
// 
// EtherLogger related constants
// 
//////////////////////////////////////////////////////////////////////

#define	EL_ADMIN_PORT			22888
#define	EL_CONFIG_FILENAME		"@etherlogger.config"
#define	EL_PACKET_LOG_DIR_NAME	"@etherlogger_log"
#define	EL_PACKET_LOG_FILE_NAME	"@etherlogger_log/%s"
#define	EL_PACKET_LOG_PREFIX	"pkt"
#define	EL_LICENSE_CHECK_SPAN	(10 * 1000)



//////////////////////////////////////////////////////////////////////
// 
// Layer-3 Switch related constants
// 
//////////////////////////////////////////////////////////////////////

#define	MAX_NUM_L3_SWITCH		4096
#define	MAX_NUM_L3_IF			4096
#define	MAX_NUM_L3_TABLE		4096



//////////////////////////////////////////////////////////////////////
// 
// Constant related to User-mode Router
// 
//////////////////////////////////////////////////////////////////////

#define	ARP_ENTRY_EXPIRES			(30 * 1000)		// ARP table expiration date
#define	ARP_ENTRY_POLLING_TIME		(1 * 1000)		// ARP table cleaning timer
#define	ARP_REQUEST_TIMEOUT			(1000)			// ARP request time-out period
#define	ARP_REQUEST_GIVEUP			(5 * 1000)		// Time to give up sending the ARP request
#define	IP_WAIT_FOR_ARP_TIMEOUT		(5 * 1000)		// Total time that an IP packet waiting for ARP table
#define	IP_COMBINE_TIMEOUT			(10 * 1000)		// Time-out of IP packet combining
#define	NAT_TCP_MAX_TIMEOUT			(2000000 * 1000)	// Maximum TCP session timeout in seconds
#define	NAT_UDP_MAX_TIMEOUT			(2000000 * 1000)	// Maximum UDP session timeout in seconds
#define	NAT_TCP_MIN_TIMEOUT			(1 * 60 * 1000)		// Minimum TCP session timeout in seconds
#define	NAT_UDP_MIN_TIMEOUT			(10 * 1000)			// Minimum UDP session timeout in seconds
#define	NAT_TCP_RECV_WINDOW_SIZE	64512				// TCP receive window size
#define	NAT_TCP_SYNACK_SEND_TIMEOUT	250					// Sending TCP SYN+ACK interval
#define	NAT_ICMP_TIMEOUT			(10 * 1000)			// ICMP timeout in seconds
#define	NAT_ICMP_TIMEOUT_WITH_API	(3 * 1000)			// Timeout in seconds in the case of using the ICMP API
#define	NAT_SEND_BUF_SIZE			(64 * 1024)			// TCP send buffer size
#define	NAT_RECV_BUF_SIZE			(64 * 1024)			// TCP receive buffer size
#define	NAT_TMPBUF_SIZE				(128 * 1024)		// TCP temporally memory area size
#define	NAT_ACK_KEEPALIVE_SPAN		(5 * 1000)			// ACK transmission interval for TCP keep alive
#define	NAT_INITIAL_RTT_VALUE		500					// Initial RTT value
#define	NAT_FIN_SEND_INTERVAL		1000				// FIN transmission interval
#define	NAT_FIN_SEND_MAX_COUNT		5					// Total number of FIN transmissions
#define	NAT_DNS_PROXY_PORT			53					// DNS proxy port number
#define	NAT_DNS_RESPONSE_TTL		(20 * 60)			// TTL of the DNS response
#define	NAT_DHCP_SERVER_PORT		67					// DHCP server port number
#define	NAT_DHCP_CLIENT_PORT		68					// DHCP client port number
#define	DHCP_MIN_EXPIRE_TIMESPAN	(15 * 1000)			// DHCP minimum expiration date
#define	DHCP_POLLING_INTERVAL		1000				// DHCP polling interval
#define	X32							((UINT64)4294967296ULL)	// 32bit + 1
#define	NAT_DNS_QUERY_TIMEOUT		(512)				// Time-out value of DNS queries

// Beacon transmission interval
#define	BEACON_SEND_INTERVAL		(5 * 1000)

// Total size quota allowed in the queue for the combining the IP packet
#define	IP_COMBINE_WAIT_QUEUE_SIZE_QUOTA	(50 * 1024 * 1024)

// Header size constant
#define	MAC_HEADER_SIZE				(sizeof(MAC_HEADER))
#define	ARP_HEADER_SIZE				(sizeof(ARP_HEADER))
#define	IP_HEADER_SIZE				(sizeof(IPV4_HEADER))
#define	TCP_HEADER_SIZE				(sizeof(TCP_HEADER))
#define	UDP_HEADER_SIZE				(sizeof(UDP_HEADER))

// Data maximum size constant
#define	MAX_L3_DATA_SIZE			(1500)
#define	MAX_IP_DATA_SIZE			(MAX_L3_DATA_SIZE - IP_HEADER_SIZE)
#define	MAX_TCP_DATA_SIZE			(MAX_IP_DATA_SIZE - TCP_HEADER_SIZE)
#define	MAX_UDP_DATA_SIZE			(MAX_IP_DATA_SIZE - UDP_HEADER_SIZE)
#define	MAX_IP_DATA_SIZE_TOTAL		(65535)

// IP packet option constant
#define	DEFAULT_IP_TOS				0				// TOS in the IP header
#define	DEFAULT_IP_TTL				128				// TTL in the IP header

// Type of NAT session
#define	NAT_TCP						0		// TCP NAT
#define	NAT_UDP						1		// UDP NAT
#define	NAT_DNS						2		// DNS NAT
#define	NAT_ICMP					3		// ICMP NAT

// State of NAT session
#define	NAT_TCP_CONNECTING			0		// Connecting
#define	NAT_TCP_SEND_RESET			1		// Send the RST (Connection failure or disconnected)
#define	NAT_TCP_CONNECTED			2		// Connection complete
#define	NAT_TCP_ESTABLISHED			3		// Connection established
#define	NAT_TCP_WAIT_DISCONNECT		4		// Wait for socket disconnection


//////////////////////////////////////////////////////////////////////
// 
// For UNIX virtual LAN card related constant
// 
//////////////////////////////////////////////////////////////////////

#define	TAP_FILENAME_1				"/dev/net/tun"
#define	TAP_FILENAME_2				"/dev/tun"
#ifdef	UNIX_MACOS
#ifdef	NO_VLAN
#define	TAP_MACOS_FILENAME			"/dev/tap0"
#else	// NO_VLAN
#define	TAP_MACOS_FILENAME			"tap"
#endif	// NO_VLAN
#define	TAP_MACOS_DIR				"/dev/"
#define	TAP_MACOS_NUMBER			(16)
#endif	// UNIX_MACOS





#define	LICENSE_EDITION_VPN3_NO_LICENSE					0		// Without license

#define	LICENSE_MAX_PRODUCT_NAME_LEN	255				// Maximum length of license product name
#define	LICENSE_NUM_SHA					10000			// Number of times to hash with SHA
#define	LICENSE_SYSTEM_KEY_NUM			2048			// Key number for system
#define	LICENSE_SYSTEM_KEYSIZE_BIT		144				// Number of key bits for system
#define	LICENSE_PRODUCT_KEY_NUM			16384			// Number of keys for product
#define	LICENSE_PRODUCT_KEYSIZE_BIT		56				// Number of key bits for product
#define	LICENSE_PRODUCT_COMMON_KEYSIZE_BIT	48			// Number of common key bits for product
#define	LICENSE_MASTER_KEYSIZE_BIT		1024			// Number of master key bits
#define	LICENSE_SYSTEM_ID_MIN			0ULL			// System ID minimum value
#define	LICENSE_SYSTEM_ID_MAX			549755813887ULL	// System ID maximum value
#define	LICENSE_SERIAL_ID_MIN			0				// Serial ID minimum value
#define	LICENSE_SERIAL_ID_MAX			65535			// Serial ID maximum value
#define	LICENSE_EXPIRES_MIN				0				// Expiration date minimum
#define	LICENSE_EXPIRES_MAX				16383			// Expiration date maximum
#define	LICENSE_KEYSTR_LEN				41				// Length of the license key
#define	LICENSE_LICENSEID_STR_LEN		33				// Length of the license ID

#define	LICENSE_STATUS_OK				0		// Enabled
#define	LICENSE_STATUS_EXPIRED			1		// Invalid (expired)
#define	LICENSE_STATUS_ID_DIFF			2		// Invalid (System ID mismatch)
#define	LICENSE_STATUS_DUP				3		// Invalid (duplicated)
#define	LICENSE_STATUS_INSUFFICIENT		4		// Invalid (other necessary license shortage)
#define	LICENSE_STATUS_COMPETITION		5		// Invalid (conflict with other licenses)
#define	LICENSE_STATUS_NONSENSE			6		// Invalid (meaningless in the current edition)
#define	LICENSE_STATUS_CPU				7		// Invalid (CPU type mismatch)

#define	BIT_TO_BYTE(x)					(((x) + 7) / 8)
#define	BYTE_TO_BIT(x)					((x) * 8)


//////////////////////////////////////////////////////////////////////
// 
// Error code
// 
//////////////////////////////////////////////////////////////////////

#define	ERR_NO_ERROR					0	// No error
#define	ERR_CONNECT_FAILED				1	// Connection to the server has failed
#define	ERR_SERVER_IS_NOT_VPN			2	// The destination server is not a VPN server
#define	ERR_DISCONNECTED				3	// The connection has been interrupted
#define	ERR_PROTOCOL_ERROR				4	// Protocol error
#define	ERR_CLIENT_IS_NOT_VPN			5	// Connecting client is not a VPN client
#define	ERR_USER_CANCEL					6	// User cancel
#define	ERR_AUTHTYPE_NOT_SUPPORTED		7	// Specified authentication method is not supported
#define	ERR_HUB_NOT_FOUND				8	// The HUB does not exist
#define	ERR_AUTH_FAILED					9	// Authentication failure
#define	ERR_HUB_STOPPING				10	// HUB is stopped
#define	ERR_SESSION_REMOVED				11	// Session has been deleted
#define	ERR_ACCESS_DENIED				12	// Access denied
#define	ERR_SESSION_TIMEOUT				13	// Session times out
#define	ERR_INVALID_PROTOCOL			14	// Protocol is invalid
#define	ERR_TOO_MANY_CONNECTION			15	// Too many connections
#define	ERR_HUB_IS_BUSY					16	// Too many sessions of the HUB
#define	ERR_PROXY_CONNECT_FAILED		17	// Connection to the proxy server fails
#define	ERR_PROXY_ERROR					18	// Proxy Error
#define	ERR_PROXY_AUTH_FAILED			19	// Failed to authenticate on the proxy server
#define	ERR_TOO_MANY_USER_SESSION		20	// Too many sessions of the same user
#define	ERR_LICENSE_ERROR				21	// License error
#define	ERR_DEVICE_DRIVER_ERROR			22	// Device driver error
#define	ERR_INTERNAL_ERROR				23	// Internal error
#define	ERR_SECURE_DEVICE_OPEN_FAILED	24	// The secure device cannot be opened
#define	ERR_SECURE_PIN_LOGIN_FAILED		25	// PIN code is incorrect
#define	ERR_SECURE_NO_CERT				26	// Specified certificate is not stored
#define	ERR_SECURE_NO_PRIVATE_KEY		27	// Specified private key is not stored
#define	ERR_SECURE_CANT_WRITE			28	// Write failure
#define	ERR_OBJECT_NOT_FOUND			29	// Specified object can not be found
#define	ERR_VLAN_ALREADY_EXISTS			30	// Virtual LAN card with the specified name already exists
#define	ERR_VLAN_INSTALL_ERROR			31	// Specified virtual LAN card cannot be created
#define	ERR_VLAN_INVALID_NAME			32	// Specified name of the virtual LAN card is invalid
#define	ERR_NOT_SUPPORTED				33	// Unsupported
#define	ERR_ACCOUNT_ALREADY_EXISTS		34	// Account already exists
#define	ERR_ACCOUNT_ACTIVE				35	// Account is operating
#define	ERR_ACCOUNT_NOT_FOUND			36	// Specified account doesn't exist
#define	ERR_ACCOUNT_INACTIVE			37	// Account is offline
#define	ERR_INVALID_PARAMETER			38	// Parameter is invalid
#define	ERR_SECURE_DEVICE_ERROR			39	// Error has occurred in the operation of the secure device
#define	ERR_NO_SECURE_DEVICE_SPECIFIED	40	// Secure device is not specified
#define	ERR_VLAN_IS_USED				41	// Virtual LAN card in use by account
#define	ERR_VLAN_FOR_ACCOUNT_NOT_FOUND	42	// Virtual LAN card of the account can not be found
#define	ERR_VLAN_FOR_ACCOUNT_USED		43	// Virtual LAN card of the account is already in use
#define	ERR_VLAN_FOR_ACCOUNT_DISABLED	44	// Virtual LAN card of the account is disabled
#define	ERR_INVALID_VALUE				45	// Value is invalid
#define	ERR_NOT_FARM_CONTROLLER			46	// Not a farm controller
#define	ERR_TRYING_TO_CONNECT			47	// Attempting to connect
#define	ERR_CONNECT_TO_FARM_CONTROLLER	48	// Failed to connect to the farm controller
#define	ERR_COULD_NOT_HOST_HUB_ON_FARM	49	// A virtual HUB on farm could not be created
#define	ERR_FARM_MEMBER_HUB_ADMIN		50	// HUB cannot be managed on a farm member
#define	ERR_NULL_PASSWORD_LOCAL_ONLY	51	// Accepting only local connections for an empty password
#define	ERR_NOT_ENOUGH_RIGHT			52	// Right is insufficient
#define	ERR_LISTENER_NOT_FOUND			53	// Listener can not be found
#define	ERR_LISTENER_ALREADY_EXISTS		54	// Listener already exists
#define	ERR_NOT_FARM_MEMBER				55	// Not a farm member
#define	ERR_CIPHER_NOT_SUPPORTED		56	// Encryption algorithm is not supported
#define	ERR_HUB_ALREADY_EXISTS			57	// HUB already exists
#define	ERR_TOO_MANY_HUBS				58	// Too many HUBs
#define	ERR_LINK_ALREADY_EXISTS			59	// Link already exists
#define	ERR_LINK_CANT_CREATE_ON_FARM	60	// The link can not be created on the server farm
#define	ERR_LINK_IS_OFFLINE				61	// Link is off-line
#define	ERR_TOO_MANY_ACCESS_LIST		62	// Too many access list
#define	ERR_TOO_MANY_USER				63	// Too many users
#define	ERR_TOO_MANY_GROUP				64	// Too many Groups
#define	ERR_GROUP_NOT_FOUND				65	// Group can not be found
#define	ERR_USER_ALREADY_EXISTS			66	// User already exists
#define	ERR_GROUP_ALREADY_EXISTS		67	// Group already exists
#define	ERR_USER_AUTHTYPE_NOT_PASSWORD	68	// Authentication method of the user is not a password authentication
#define	ERR_OLD_PASSWORD_WRONG			69	// The user does not exist or the old password is wrong
#define	ERR_LINK_CANT_DISCONNECT		73	// Cascade session cannot be disconnected
#define	ERR_ACCOUNT_NOT_PRESENT			74	// Not completed configure the connection to the VPN server
#define	ERR_ALREADY_ONLINE				75	// It is already online
#define	ERR_OFFLINE						76	// It is offline
#define	ERR_NOT_RSA_1024				77	// The certificate is not RSA 1024bit
#define	ERR_SNAT_CANT_DISCONNECT		78	// SecureNAT session cannot be disconnected
#define	ERR_SNAT_NEED_STANDALONE		79	// SecureNAT works only in stand-alone HUB
#define	ERR_SNAT_NOT_RUNNING			80	// SecureNAT function is not working
#define	ERR_SE_VPN_BLOCK				81	// Stopped by PacketiX VPN Block
#define	ERR_BRIDGE_CANT_DISCONNECT		82	// Bridge session can not be disconnected
#define	ERR_LOCAL_BRIDGE_STOPPING		83	// Bridge function is stopped
#define	ERR_LOCAL_BRIDGE_UNSUPPORTED	84	// Bridge feature is not supported
#define	ERR_CERT_NOT_TRUSTED			85	// Certificate of the destination server can not be trusted
#define	ERR_PRODUCT_CODE_INVALID		86	// Product code is different
#define	ERR_VERSION_INVALID				87	// Version is different
#define	ERR_CAPTURE_DEVICE_ADD_ERROR	88	// Adding capture device failure
#define	ERR_VPN_CODE_INVALID			89	// VPN code is different
#define	ERR_CAPTURE_NOT_FOUND			90	// Capture device can not be found
#define	ERR_LAYER3_CANT_DISCONNECT		91	// Layer-3 session cannot be disconnected
#define	ERR_LAYER3_SW_EXISTS			92	// L3 switch of the same already exists
#define	ERR_LAYER3_SW_NOT_FOUND			93	// Layer-3 switch can not be found
#define	ERR_INVALID_NAME				94	// Name is invalid
#define	ERR_LAYER3_IF_ADD_FAILED		95	// Failed to add interface
#define	ERR_LAYER3_IF_DEL_FAILED		96	// Failed to delete the interface
#define	ERR_LAYER3_IF_EXISTS			97	// Interface that you specified already exists
#define	ERR_LAYER3_TABLE_ADD_FAILED		98	// Failed to add routing table
#define	ERR_LAYER3_TABLE_DEL_FAILED		99	// Failed to delete the routing table
#define	ERR_LAYER3_TABLE_EXISTS			100	// Routing table entry that you specified already exists
#define	ERR_BAD_CLOCK					101	// Time is queer
#define	ERR_LAYER3_CANT_START_SWITCH	102	// The Virtual Layer 3 Switch can not be started
#define	ERR_CLIENT_LICENSE_NOT_ENOUGH	103	// Client connection licenses shortage
#define	ERR_BRIDGE_LICENSE_NOT_ENOUGH	104 // Bridge connection licenses shortage
#define	ERR_SERVER_CANT_ACCEPT			105	// Not Accept on the technical issues
#define	ERR_SERVER_CERT_EXPIRES			106	// Destination VPN server has expired
#define	ERR_MONITOR_MODE_DENIED			107	// Monitor port mode was rejected
#define	ERR_BRIDGE_MODE_DENIED			108	// Bridge-mode or Routing-mode was rejected
#define	ERR_IP_ADDRESS_DENIED			109	// Client IP address is denied
#define	ERR_TOO_MANT_ITEMS				110	// Too many items
#define	ERR_MEMORY_NOT_ENOUGH			111	// Out of memory
#define	ERR_OBJECT_EXISTS				112	// Object already exists
#define	ERR_FATAL						113	// A fatal error occurred
#define	ERR_SERVER_LICENSE_FAILED		114	// License violation has occurred on the server side
#define	ERR_SERVER_INTERNET_FAILED		115	// Server side is not connected to the Internet
#define	ERR_CLIENT_LICENSE_FAILED		116	// License violation occurs on the client side
#define	ERR_BAD_COMMAND_OR_PARAM		117	// Command or parameter is invalid
#define	ERR_INVALID_LICENSE_KEY			118	// License key is invalid
#define	ERR_NO_VPN_SERVER_LICENSE		119	// There is no valid license for the VPN Server
#define	ERR_NO_VPN_CLUSTER_LICENSE		120	// There is no cluster license
#define ERR_NOT_ADMINPACK_SERVER		121	// Not trying to connect to a server with the Administrator Pack license
#define ERR_NOT_ADMINPACK_SERVER_NET	122	// Not trying to connect to a server with the Administrator Pack license (for .NET)
#define ERR_BETA_EXPIRES				123	// Destination Beta VPN Server has expired
#define ERR_BRANDED_C_TO_S				124 // Branding string of connection limit is different (Authentication on the server side)
#define ERR_BRANDED_C_FROM_S			125	// Branding string of connection limit is different (Authentication for client-side)
#define	ERR_AUTO_DISCONNECTED			126	// VPN session is disconnected for a certain period of time has elapsed
#define	ERR_CLIENT_ID_REQUIRED			127	// Client ID does not match
#define	ERR_TOO_MANY_USERS_CREATED		128	// Too many created users
#define	ERR_SUBSCRIPTION_IS_OLDER		129	// Subscription expiration date Is earlier than the build date of the VPN Server
#define	ERR_ILLEGAL_TRIAL_VERSION		130	// Many trial license is used continuously
#define	ERR_NAT_T_TWO_OR_MORE			131	// There are multiple servers in the back of a global IP address in the NAT-T connection
#define	ERR_DUPLICATE_DDNS_KEY			132	// DDNS host key duplicate
#define	ERR_DDNS_HOSTNAME_EXISTS		133	// Specified DDNS host name already exists
#define	ERR_DDNS_HOSTNAME_INVALID_CHAR	134	// Characters that can not be used for the host name is included
#define	ERR_DDNS_HOSTNAME_TOO_LONG		135	// Host name is too long
#define	ERR_DDNS_HOSTNAME_IS_EMPTY		136	// Host name is not specified
#define	ERR_DDNS_HOSTNAME_TOO_SHORT		137	// Host name is too short
#define	ERR_MSCHAP2_PASSWORD_NEED_RESET	138	// Necessary that password is changed
#define	ERR_DDNS_DISCONNECTED			139	// Communication to the dynamic DNS server is disconnected
#define	ERR_SPECIAL_LISTENER_ICMP_ERROR	140	// The ICMP socket can not be opened
#define	ERR_SPECIAL_LISTENER_DNS_ERROR	141	// Socket for DNS port can not be opened
#define	ERR_OPENVPN_IS_NOT_ENABLED		142	// OpenVPN server feature is not enabled
#define	ERR_NOT_SUPPORTED_AUTH_ON_OPENSOURCE	143	// It is the type of user authentication that are not supported in the open source version
#define	ERR_VPNGATE						144 // Operation on VPN Gate Server is not available
#define	ERR_VPNGATE_CLIENT				145 // Operation on VPN Gate Client is not available
#define	ERR_VPNGATE_INCLIENT_CANT_STOP	146	// Can not be stopped if operating within VPN Client mode
#define	ERR_NOT_SUPPORTED_FUNCTION_ON_OPENSOURCE	147	// It is a feature that is not supported in the open source version
#define	ERR_SUSPENDING					148	// System is suspending


////////////////////////////
// Generally used structure

// Network Services
typedef struct NETSVC
{
	bool Udp;						// false=TCP, true=UDP
	UINT Port;						// Port number
	char *Name;						// Name
} NETSVC;

// Traffic data entry
typedef struct TRAFFIC_ENTRY
{
	UINT64 BroadcastCount;			// Number of broadcast packets
	UINT64 BroadcastBytes;			// Broadcast bytes
	UINT64 UnicastCount;			// Unicast count
	UINT64 UnicastBytes;			// Unicast bytes
} TRAFFIC_ENTRY;

// Traffic data
typedef struct TRAFFIC
{
	TRAFFIC_ENTRY Send;				// Transmitted data
	TRAFFIC_ENTRY Recv;				// Received data
} TRAFFIC;

// Non-SSL connection source
typedef struct NON_SSL
{
	IP IpAddress;					// IP address
	UINT64 EntryExpires;			// Expiration date of entry
	UINT Count;						// Number of connection count
} NON_SSL;

// Simple log storage
typedef struct TINY_LOG
{
	char FileName[MAX_PATH];		// File name
	IO *io;							// File
	LOCK *Lock;						// Lock
} TINY_LOG;

// CEDAR structure
typedef struct CEDAR
{
	LOCK *lock;						// Lock
	REF *ref;						// Reference counter
	COUNTER *AcceptingSockets;		// Number of sockets in Accept
	UINT Type;						// Type
	LIST *ListenerList;				// Listener list
	LIST *HubList;					// HUB list
	LIST *ConnectionList;			// Negotiating connection list
	LIST *CaList;					// List of CA
	volatile bool Halt;				// Halt flag
	COUNTER *ConnectionIncrement;	// Connection increment counter
	X *ServerX;						// Server certificate
	K *ServerK;						// Private key of the server certificate
	char *CipherList;				// List of encryption algorithms
	UINT Version;					// Version information
	UINT Build;						// Build Number
	char *ServerStr;				// Server string
	char *MachineName;				// Computer name
	char *HttpUserAgent;			// HTTP user agent
	char *HttpAccept;				// HTTP Accept
	char *HttpAcceptLanguage;		// HTTP Accept Language
	char *HttpAcceptEncoding;		// HTTP Accept Encoding
	TRAFFIC *Traffic;				// Traffic information
	LOCK *TrafficLock;				// Traffic information lock
	LIST *UDPEntryList;				// UDP entry list
	COUNTER *CurrentSessions;		// The current number of sessions
	COUNTER *CurrentTcpConnections;	// Number of current TCP connections
	LIST *NetSvcList;				// Network service list
	char *VerString;				// Version string
	char *BuildInfo;				// Build Information
	struct CLIENT *Client;			// Client
	struct SERVER *Server;			// Server
	UINT64 CreatedTick;				// Generation date and time
	bool CheckExpires;				// Check the expiration date
	LIST *TrafficDiffList;			// Traffic difference list
	struct LOG *DebugLog;			// Debug log
	UCHAR UniqueId[16];				// Unique ID
	LIST *LocalBridgeList;			// Local bridge list
	bool Bridge;					// Bridge version
	LIST *L3SwList;					// Layer-3 switch list
	COUNTER *AssignedClientLicense;	// Number of assigned client licenses
	COUNTER *AssignedBridgeLicense;	// Number of assigned bridge licenses
	UINT64 LicenseViolationTick;	// License violation occurs
	LIST *NonSslList;				// Non-SSL connection list
	struct WEBUI *WebUI;			// Data for WebUI service
	UINT Beta;						// Beta number
	LOCK *CedarSuperLock;			// Cedar super lock!
	bool DisableIPv6Listener;		// Disable IPv6 listener
	UINT ClientId;					// Client ID
	UINT64 BuiltDate;				// Build Date
	LIST *UdpPortList;				// UDP port list in use
	char CurrentDDnsFqdn[MAX_SIZE];	// FQDN of the current DDNS
	char OpenVPNPublicPorts[MAX_SIZE];	// OpenVPN public UDP port list
	LOCK *OpenVPNPublicPortsLock;	// Lock of OpenVPN public UDP port list
	LOCK *CurrentRegionLock;		// Current region lock
	char CurrentRegion[128];		// Current region
	LOCK *CurrentTcpQueueSizeLock;	// Current TCP send queue size lock
	UINT CurrentTcpQueueSize;		// Current TCP send queue size
	COUNTER *CurrentActiveLinks;	// Current active cascade connections
	LOCK *QueueBudgetLock;			// Queue budget lock
	UINT QueueBudget;				// Queue budget
	LOCK *FifoBudgetLock;			// Fifo budget lock
	UINT FifoBudget;				// Fifo budget
	SSL_ACCEPT_SETTINGS SslAcceptSettings;	// SSL Accept Settings
	char OpenVPNDefaultClientOption[MAX_SIZE];	// OpenVPN Default Client Option String
} CEDAR;

// Type of CEDAR
#define	CEDAR_CLIENT				0	// Client
#define	CEDAR_STANDALONE_SERVER		1	// Stand-alone server
#define	CEDAR_FARM_CONTROLLER		2	// Server farm controller
#define	CEDAR_FARM_MEMBER			3	// Server farm member


////////////////////////////
// Read the header file

// Type
#include <Cedar/CedarType.h>
// Account Manager
#include <Cedar/Account.h>
// Listener module
#include <Cedar/Listener.h>
// Log storage module
#include <Cedar/Logging.h>
// Connection management
#include <Cedar/Connection.h>
// Session Management
#include <Cedar/Session.h>
// RPC
#include <Cedar/Remote.h>
// HUB management
#include <Cedar/Hub.h>
// Security Accounts Manager
#include <Cedar/Sam.h>
// Radius authentication module
#include <Cedar/Radius.h>
// Protocol
#include <Cedar/Protocol.h>
// Inter-HUB link
#include <Cedar/Link.h>
// User-mode virtual host
#include <Cedar/Virtual.h>
// SecureNAT
#include <Cedar/SecureNAT.h>
// Digital watermark
#include <Cedar/WaterMark.h>
// Secure data
#include <Cedar/SecureInfo.h>
// Console service
#include <Cedar/Console.h>
// Vpncmd utility
#include <Cedar/Command.h>
// RPC over HTTP
#include <Cedar/Wpc.h>
// IPsec
#include <Cedar/IPsec.h>
#include <Cedar/IPsec_L2TP.h>
#include <Cedar/IPsec_PPP.h>
#include <Cedar/IPsec_IPC.h>
#include <Cedar/IPsec_IkePacket.h>
#include <Cedar/IPsec_IKE.h>
#include <Cedar/IPsec_Win7.h>
#include <Cedar/IPsec_EtherIP.h>
// SSTP
#include <Cedar/Interop_SSTP.h>
// OpenVPN
#include <Cedar/Interop_OpenVPN.h>
// UDP Acceleration
#include <Cedar/UdpAccel.h>
// DDNS Client
#include <Cedar/DDNS.h>
// VPN Azure Client
#include <Cedar/AzureClient.h>
// VPN Azure Server
#include <Cedar/AzureServer.h>
// Native IP Stack
#include <Cedar/NativeStack.h>

#ifdef	OS_WIN32
// Neo device driver
#include <Neo/Neo.h>
// SeLow User-mode
#include <Cedar/SeLowUser.h>
#endif	// OS_WIN32

// Neo device driver manipulation library
#include <Cedar/VLan.h>
// Bridge
#include <Cedar/Bridge.h>
// Layer-3 switch
#include <Cedar/Layer3.h>
// Virtual LAN card for test
#include <Cedar/NullLan.h>
// Client
#include <Cedar/Client.h>
// Server
#include <Cedar/Server.h>
// License database
#include <Cedar/Database.h>
// EtherLogger
#include <Cedar/EtherLog.h>
// Management RPC
#include <Cedar/Admin.h>
// User-mode Router
#include <Cedar/Nat.h>

// Web UI
#include <Cedar/WebUI.h>

// VPN Gate Plugin DLL
#include <VGate/VGateCommon.h>

// VPN Gate Main Implementation
#include <Cedar/VG.h>


#ifdef	OS_WIN32

// Win32 user interface
#include <Cedar/WinUi.h>
// Win32 Client Connection Manager
#include <Cedar/CM.h>
// Win32 Server Manager
#include <Cedar/SM.h>
// Win32 User-mode Router Manager
#include <Cedar/NM.h>
// Win32 EtherLogger Manager
#include <Cedar/EM.h>
// Win32 Network Utility
#include <Cedar/UT.h>
// Win32 Setup Wizard
#include <Cedar/SW.h>
// Win32 COM calling module
#include <Cedar/Win32Com.h>

#endif




////////////////////////////
// Function prototype

TRAFFIC *NewTraffic();
void FreeTraffic(TRAFFIC *t);
CEDAR *NewCedar(X *server_x, K *server_k);
void CedarForceLink();
void SetCedarVpnBridge(CEDAR *c);
void SetCedarCert(CEDAR *c, X *server_x, K *server_k);
void ReleaseCedar(CEDAR *c);
void CleanupCedar(CEDAR *c);
void StopCedar(CEDAR *c);
void AddListener(CEDAR *c, LISTENER *r);
void StopAllListener(CEDAR *c);
void AddTraffic(TRAFFIC *dst, TRAFFIC *diff);
void AddHub(CEDAR *c, HUB *h);
void DelHub(CEDAR *c, HUB *h);
void DelHubEx(CEDAR *c, HUB *h, bool no_lock);
void StopAllHub(CEDAR *c);
void StopAllConnection(CEDAR *c);
void AddConnection(CEDAR *cedar, CONNECTION *c);
UINT GetUnestablishedConnections(CEDAR *cedar);
void DelConnection(CEDAR *cedar, CONNECTION *c);
void SetCedarCipherList(CEDAR *cedar, char *name);
void InitCedar();
void FreeCedar();
void AddCa(CEDAR *cedar, X *x);
bool DeleteCa(CEDAR *cedar, UINT ptr);
bool CheckSignatureByCa(CEDAR *cedar, X *x);
bool CheckSignatureByCaLinkMode(SESSION *s, X *x);
X *FindCaSignedX(LIST *o, X *x);
void InitNetSvcList(CEDAR *cedar);
void FreeNetSvcList(CEDAR *cedar);
int CompareNetSvc(void *p1, void *p2);
char *GetSvcName(CEDAR *cedar, bool udp, UINT port);
void InitHiddenPassword(char *str, UINT size);
bool IsHiddenPasswordChanged(char *str);
UINT64 GetTrafficPacketSize(TRAFFIC *t);
UINT64 GetTrafficPacketNum(TRAFFIC *t);
void EnableDebugLog(CEDAR *c);
void StartCedarLog();
void StopCedarLog();
void CedarLog(char *str);
int CompareNoSslList(void *p1, void *p2);
void InitNoSslList(CEDAR *c);
void FreeNoSslList(CEDAR *c);
bool AddNoSsl(CEDAR *c, IP *ip);
void DecrementNoSsl(CEDAR *c, IP *ip, UINT num_dec);
void DeleteOldNoSsl(CEDAR *c);
NON_SSL *SearchNoSslList(CEDAR *c, IP *ip);
bool IsInNoSsl(CEDAR *c, IP *ip);
void FreeTinyLog(TINY_LOG *t);
void WriteTinyLog(TINY_LOG *t, char *str);
TINY_LOG *NewTinyLog();
void GetWinVer(RPC_WINVER *v);
bool IsSupportedWinVer(RPC_WINVER *v);
bool IsLaterBuild(CEDAR *c, UINT64 t);
SOCK *GetInProcListeningSock(CEDAR *c);
SOCK *GetReverseListeningSock(CEDAR *c);
void GetCedarVersion(char *tmp, UINT size);
UINT64 GetCurrentBuildDate();
void CedarAddCurrentTcpQueueSize(CEDAR *c, int diff);
UINT CedarGetCurrentTcpQueueSize(CEDAR *c);
void CedarAddQueueBudget(CEDAR *c, int diff);
void CedarAddFifoBudget(CEDAR *c, int diff);
UINT CedarGetQueueBudgetConsuming(CEDAR *c);
UINT CedarGetFifoBudgetConsuming(CEDAR *c);
UINT CedarGetQueueBudgetBalance(CEDAR *c);
UINT CedarGetFifoBudgetBalance(CEDAR *c);
bool CedarIsThereAnyEapEnabledRadiusConfig(CEDAR *c);



#endif	// CEDAR_H