natipsecptalg.c

vxworks下ppp的实现源码

LOCAL ESP_TRANSLATION_ENTRY *new_esp_translation_entry (
	ESP_TRANSLATION_HEADER *sptr_esp_translation_list,
    ULONG outbound_spi,  IP_ADDRESS local_address, IP_ADDRESS remote_address)
{
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry;

	nat_printf (NAT_PRINTF_TRACE, "new_esp_translation_entry: "
                "local addr = %08lx, remote addr = %08lx\n\t outbound_spi = %08lx\n",
                local_address, remote_address, outbound_spi);

	sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) calloc (1, sizeof (ESP_TRANSLATION_ENTRY));

	if (sptr_esp_translation_entry == NULL)
		{
		nat_printf (NAT_PRINTF_ERROR, "new_esp_translation_entry: NAT failed calloc\n");
		return (NULL);
		}

	sptr_esp_translation_entry->esp_translation_entry_timer = ESP_INIT_TIMEOUT;
	sptr_esp_translation_entry->inbound_spi = 0;
	sptr_esp_translation_entry->blocking = FALSE;
	sptr_esp_translation_entry->squelched = FALSE;
	sptr_esp_translation_entry->outbound_retry_count = 0;
	sptr_esp_translation_entry->outbound_spi = outbound_spi;
	sptr_esp_translation_entry->local_address = local_address;
	sptr_esp_translation_entry->remote_address = remote_address;

	dllAdd ((DL_LIST *) sptr_esp_translation_list, (DL_NODE *) sptr_esp_translation_entry);

	return (sptr_esp_translation_entry);	
}

/*****************************************************************************
Function:	match_outbound_spi_with_esp_entry

Description:
Look for ESP entry with matching outbound si, local address
and remote address.
*****************************************************************************/
LOCAL ESP_TRANSLATION_ENTRY *match_outbound_spi_with_esp_entry (
	ULONG outbound_spi, IP_ADDRESS local_address, IP_ADDRESS remote_address, 
    ESP_TRANSLATION_HEADER *sptr_esp_translation_list)
{
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry;

	semTake (espListLock, WAIT_FOREVER);

	for (sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) 
		DLL_FIRST ((DL_LIST *) sptr_esp_translation_list);
		sptr_esp_translation_entry != NULL;
		sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) 
			DLL_NEXT ((DL_NODE *) sptr_esp_translation_entry))
		{
			if ((sptr_esp_translation_entry->outbound_spi == outbound_spi) &&
				(sptr_esp_translation_entry->local_address == local_address) &&
				(sptr_esp_translation_entry->remote_address == remote_address))
				{
				nat_printf (NAT_PRINTF_TRACE, 
					"Found match for local addr = %08lx, remote addr = %08lx\n\t outbound_spi = %08lx in ESP list\n",
					local_address, remote_address, outbound_spi);

				semGive (espListLock);

				return (sptr_esp_translation_entry);
				}
		}

	nat_printf (NAT_PRINTF_TRACE, 
				"No match for local addr = %08lx, remote addr = %08lx\n\t outbound_spi = %08lx in ESP list\n",
				local_address, remote_address, outbound_spi);

	semGive (espListLock);

	return (NULL);
}

/*****************************************************************************
Function:	match_inbound_spi_with_esp_entry

Description:
Look for ESP entry with matching inbound si and remote address
*****************************************************************************/
LOCAL ESP_TRANSLATION_ENTRY *match_inbound_spi_with_esp_entry (
	ULONG inbound_spi, IP_ADDRESS remote_address, 
    ESP_TRANSLATION_HEADER *sptr_esp_translation_list)
{
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry;

	semTake (espListLock, WAIT_FOREVER);

	for (sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) 
		DLL_FIRST ((DL_LIST *) sptr_esp_translation_list);
		sptr_esp_translation_entry != NULL;
		sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) 
			DLL_NEXT ((DL_NODE *) sptr_esp_translation_entry))
		{
			if ((sptr_esp_translation_entry->inbound_spi == inbound_spi) &&
				(sptr_esp_translation_entry->remote_address == remote_address))
				{
				nat_printf (NAT_PRINTF_TRACE, 
					"Found match for remote addr = %08lx, inbound_spi = %08lx in ESP list\n",
					remote_address, inbound_spi);

				semGive (espListLock);

				return (sptr_esp_translation_entry);
				}
		}

	nat_printf (NAT_PRINTF_TRACE, 
			    "No match for remote addr = %08lx, inbound_spi = %08lx in ESP list\n",
				remote_address, inbound_spi);

	semGive (espListLock);

	return (NULL);
}

/*****************************************************************************
Function:	find_pending_esp_entry

Description:
Look for ESP entry with matching remote address and zero inbound si.
*****************************************************************************/
LOCAL ESP_TRANSLATION_ENTRY *find_pending_esp_entry (
	IP_ADDRESS remote_address, 
    ESP_TRANSLATION_HEADER *sptr_esp_translation_list)
{
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry;

	semTake (espListLock, WAIT_FOREVER);

	for (sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) 
		DLL_FIRST ((DL_LIST *) sptr_esp_translation_list);
		sptr_esp_translation_entry != NULL;
		sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) 
			DLL_NEXT ((DL_NODE *) sptr_esp_translation_entry))
		{
			if ((sptr_esp_translation_entry->remote_address == remote_address) &&
                (sptr_esp_translation_entry->inbound_spi == 0))
				{
				nat_printf (NAT_PRINTF_TRACE, 
					"Found pending entry for remote addr = %08lx, inbound_spi = 0 in ESP list\n",
					remote_address);

				semGive (espListLock);

				return (sptr_esp_translation_entry);
				}
		}

	nat_printf (NAT_PRINTF_TRACE, 
				"No pending entries for remote addr = %08lx, inbound_spi = 0 in ESP list\n",
				remote_address);

	semGive (espListLock);

	return (NULL);
}

/************************************************************************/
LOCAL void nat_ipsec_timer (void)
{
    if (nat.single_global_address_enabled == TRUE)
        {
        check_isakmp_translation_entry_timer (&isakmp_translation_list);

        check_esp_translation_entry_timer (&esp_translation_list);
        }
}

/************************************************************************/
static void check_isakmp_translation_entry_timer (ISAKMP_TRANSLATION_HEADER *sptr_isakmp_translation_list)
{
	ISAKMP_TRANSLATION_ENTRY *sptr_isakmp_translation_entry;
	ISAKMP_TRANSLATION_ENTRY *sptr_isakmp_translation_entry_next;
	char addr_str[32];

	semTake (isakmpListLock, WAIT_FOREVER);
	for (sptr_isakmp_translation_entry = (ISAKMP_TRANSLATION_ENTRY *) DLL_FIRST ((DL_LIST *) sptr_isakmp_translation_list);
		sptr_isakmp_translation_entry != NULL;
		sptr_isakmp_translation_entry = sptr_isakmp_translation_entry_next)
		{
		sptr_isakmp_translation_entry_next = (ISAKMP_TRANSLATION_ENTRY *) DLL_NEXT ((DL_NODE *) sptr_isakmp_translation_entry);

		if (sptr_isakmp_translation_entry->isakmp_translation_entry_timer > 0x00000000L)
			{
			--sptr_isakmp_translation_entry->isakmp_translation_entry_timer;
			}
		else
			{
			if (nat.printing_enabled == true || nat.logging_enabled == true)
			    {
			    struct in_addr iaddr;

			    iaddr.s_addr = sptr_isakmp_translation_entry->local_address;
			    iaddr.s_addr = htonl(iaddr.s_addr);
			    inet_ntoa_b(iaddr,addr_str);

			    nat_printf (NAT_PRINTF_TRACE, "ISAKMP translation entry expired, addr: %s\n",addr_str);
                            }

			dllRemove ((DL_LIST *) sptr_isakmp_translation_list, 
				(DL_NODE *) sptr_isakmp_translation_entry);

			free (sptr_isakmp_translation_entry);
			}
        }
	semGive (isakmpListLock);
}


/************************************************************************/
static void check_esp_translation_entry_timer (ESP_TRANSLATION_HEADER *sptr_esp_translation_list)
{
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry;
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry_next;
	char addr_str[32];

	semTake (espListLock, WAIT_FOREVER);
	for (sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) DLL_FIRST ((DL_LIST *) sptr_esp_translation_list);
		sptr_esp_translation_entry != NULL;
		sptr_esp_translation_entry = sptr_esp_translation_entry_next)
		{
		sptr_esp_translation_entry_next = (ESP_TRANSLATION_ENTRY *) DLL_NEXT ((DL_NODE *) sptr_esp_translation_entry);

		if (sptr_esp_translation_entry->esp_translation_entry_timer > 0x00000000L)
			{
			--sptr_esp_translation_entry->esp_translation_entry_timer;
			}
		else
			{
			if (nat.printing_enabled == true || nat.logging_enabled == true)
			    {
		   	    struct in_addr iaddr;

			    iaddr.s_addr = htonl(sptr_esp_translation_entry->local_address);
			    inet_ntoa_b(iaddr,addr_str);

			    nat_printf (NAT_PRINTF_TRACE, "ESP translation entry expired, addr: %s\n",addr_str);
                            }

			dllRemove ((DL_LIST *) sptr_esp_translation_list, 
				(DL_NODE *) sptr_esp_translation_entry);

			free (sptr_esp_translation_entry);
			}
		}
	semGive (espListLock);
}
/************************************************************************/
static void clear_isakmp_translation_entry_list (ISAKMP_TRANSLATION_HEADER *sptr_isakmp_translation_list)
{
	ISAKMP_TRANSLATION_ENTRY *sptr_isakmp_translation_entry;
	ISAKMP_TRANSLATION_ENTRY *sptr_isakmp_translation_entry_next;

	semTake (isakmpListLock, WAIT_FOREVER);
	for (sptr_isakmp_translation_entry = (ISAKMP_TRANSLATION_ENTRY *) DLL_FIRST ((DL_LIST *) sptr_isakmp_translation_list);
		sptr_isakmp_translation_entry != NULL;
		sptr_isakmp_translation_entry = sptr_isakmp_translation_entry_next)
		{
		sptr_isakmp_translation_entry_next = (ISAKMP_TRANSLATION_ENTRY *) DLL_NEXT ((DL_NODE *) sptr_isakmp_translation_entry);

    	dllRemove ((DL_LIST *) sptr_isakmp_translation_list, 
				(DL_NODE *) sptr_isakmp_translation_entry);

		free (sptr_isakmp_translation_entry);
        }
	semGive (isakmpListLock);
}


/************************************************************************/
static void clear_esp_translation_entry_list (ESP_TRANSLATION_HEADER *sptr_esp_translation_list)
{
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry;
	ESP_TRANSLATION_ENTRY *sptr_esp_translation_entry_next;

	semTake (espListLock, WAIT_FOREVER);
	for (sptr_esp_translation_entry = (ESP_TRANSLATION_ENTRY *) DLL_FIRST ((DL_LIST *) sptr_esp_translation_list);
		sptr_esp_translation_entry != NULL;
		sptr_esp_translation_entry = sptr_esp_translation_entry_next)
		{
		sptr_esp_translation_entry_next = (ESP_TRANSLATION_ENTRY *) DLL_NEXT ((DL_NODE *) sptr_esp_translation_entry);

		dllRemove ((DL_LIST *) sptr_esp_translation_list, 
				(DL_NODE *) sptr_esp_translation_entry);

		free (sptr_esp_translation_entry);
		}
	semGive (espListLock);
}

/**********************************************************************************/
void natEspXlatShow()
{
	char					local_addr[INET_ADDR_LEN];
	char					remote_addr[INET_ADDR_LEN];
	int						entry_num;
	ESP_TRANSLATION_ENTRY*	esp_entry;
	struct in_addr			iaddr;

	entry_num = 0;
	esp_entry = (ESP_TRANSLATION_ENTRY *) DLL_FIRST(
			(DL_LIST *) &esp_translation_list);

	while (esp_entry != NULL) 
		{

		if(entry_num==0)
			{
			printf("\n");
			printf("NAT ESP Client Translation List\n");
			printf("-------------------------------\n");
			printf("#    %-*s Output SPI"
					  "    %-*s  Input SPI   Timer\n"
				,15,"Local Address"
				,15,"Remote Address");
			}

			entry_num++;

			iaddr.s_addr = htonl(esp_entry->local_address);
			inet_ntoa_b(iaddr, local_addr);

			iaddr.s_addr = htonl(esp_entry->remote_address);
			inet_ntoa_b(iaddr, remote_addr);

			
			printf("%-3d  %-*s %08lx   " 
					 "   %-*s  %08lx    %5lu\n",
				entry_num, 
				15,local_addr, 
				esp_entry->outbound_spi,
				15,remote_addr,
				esp_entry->inbound_spi,
				esp_entry->esp_translation_entry_timer
				);
				
			esp_entry = (ESP_TRANSLATION_ENTRY *) DLL_NEXT(
				(DL_NODE *) esp_entry);
			}
}

/**********************************************************************************/
void natIsakmpXlatShow()
{
	char					    local_addr[INET_ADDR_LEN];
	char					    remote_addr[INET_ADDR_LEN];
	int						    entry_num;
	ISAKMP_TRANSLATION_ENTRY*	isakmp_entry;
	struct in_addr			    iaddr;

	entry_num = 0;
	isakmp_entry = (ISAKMP_TRANSLATION_ENTRY *) DLL_FIRST(
			(DL_LIST *) &isakmp_translation_list);

	while (isakmp_entry != NULL) 
		{

		if(entry_num==0)
			{
			printf("\n");
			printf("NAT ISAKMP Client Translation List\n");
			printf("-------------------------------\n");
			printf("#   %-*s  Initiator Cookie"
					  "   %-*s  Responder Cookie  Timer\n"
				,15,"Local Address"
				,15,"Remote Address");
			}

			entry_num++;

			iaddr.s_addr = htonl(isakmp_entry->local_address);
			inet_ntoa_b(iaddr, local_addr);

			iaddr.s_addr = htonl(isakmp_entry->remote_address);
			inet_ntoa_b(iaddr, remote_addr);

			
			printf("%-3d  %-*s %08lx%08lx" 
					 "   %-*s  %08lx%08lx  %5lu\n",
				entry_num, 
				15,local_addr, 
                *((unsigned long *) &isakmp_entry->initiator_cookie),
                *(((unsigned long *) &isakmp_entry->initiator_cookie) + 1),
				15,remote_addr,
                *((unsigned long *) &isakmp_entry->responder_cookie),
                *(((unsigned long *) &isakmp_entry->responder_cookie) + 1),
				isakmp_entry->isakmp_translation_entry_timer
				);
				
			isakmp_entry = (ISAKMP_TRANSLATION_ENTRY *) DLL_NEXT(
				(DL_NODE *) isakmp_entry);
			}

}


/**********************************************************************************/
void natIpsecXlatShow()
{
    natIsakmpXlatShow();
    printf("\n");
    natEspXlatShow();
}