📄 ipsec_network_interface.c
字号:
/* ipsec_network_interface.c - WindNet IPsec and IKE - network i/f code *//* * Copyright (c) 2000-2005 Wind River Systems, Inc. * * The right to copy, distribute, modify or otherwise make use * of this software may be licensed only pursuant to the terms * of an applicable Wind River license agreement. *//*modification history--------------------02o,12dec05,djp removed compiler warnings02n,28nov05,djp replace WRN_INET with WRSEC_INET02m,12apr05,djp Fixed compiler warnings02l,13jan05,ps eliminate aliased function names.02i,10sep04,rlm Minor fixes to #include stmts for compile errors with -DINCLUDE_IPFW_HOOKS -DVIRTUAL_STACK02h,30jul04,rlm Fixes to virtual stack variable names to match new unified network stack02g,12jun03,rparkhil added support for STACK_NAME02f,24Apr03,sam(teamf1) renamed ipsec_get_pmtu_message to ipsecPmtuMessageGet.02e,19Apr03,rks(teamf1) semaphore was not getting released when returning from a error path in ipsecDetachIfMapi.02d,15apr03,sam(teamf1) added functions to set and get PMTU age(SPR #86677).02c,24feb03,mad(teamf1) replaced wrSecFree with wrSecFree in the functions ipsecAttachIfMapi() and ipsecDetachIfMapi().02b,18Dec02,mhb(teamf1) added code for deleting the spd policies that are added when ipsecAttachIf is called. 03a,20Sep02,rks(teamf1) added support for IPV6_STACK02b,25mar02,rpt added mapi func "ipsecDFBitMapi" for DF bit configuration02a,19mar02,rpt updated func definitions to support IPv4 and IPv6 address data structures 01a,20oct00,aos written*//******************************************************************************/#include <stdio.h>#include <stdarg.h>#include <stdlib.h>#include <vxWorks.h>/* Following two #includes required to get quad_t datatype when VIRTUAL_STACK and INCLUDE_IPFW_HOOKS are defined. */#if (_WRS_VXWORKS_MAJOR < 6)#include <osdep.h>#include <machdep.h>#endif#include <netinet/in.h>#ifdef _KERNEL#define _KERNEL_PREDEFINED#else#define _KERNEL#endif#include <net/if.h>#include <net/if_var.h>#include <netinet/in_var.h> /* for _in_ifaddrhead */#ifndef _KERNEL_PREDEFINED#undef _KERNEL#else#undef _KERNEL_PREDEFINED#endif#include "ipsecP.h"#include "ipsec_class.h"#include "ipsec_globals.h"#include "ipsec_network_interface.h"#include "ipsec_print_routines.h"#ifdef VIRTUAL_STACK#include <netinet/vsLib.h>#include <netinet/vsData.h> /* for vsTbl[] */#include <vs/vsIf.h> /* for ifnet_head *//* required if INCLUDE_IPFW_HOOKS defined */#ifdef _KERNEL#define _KERNEL_PREDEFINED#else#define _KERNEL#endif#include <netinet/vsIp.h> /* for _in_ifaddrhead */#ifndef _KERNEL_PREDEFINED#undef _KERNEL#else#undef _KERNEL_PREDEFINED#endif#else#include <net/if_var.h> /* for ifnet_head */#endif /* VIRTUAL_STACK *//*******************************************************************************//*DESCRIPTION*//* defines *//* globals *//* forward declarations */NET_IF *sadb_create_network_interface(void);/******************************************************************************** ipsecAttachIfMapi - Attaches a network interface to IPsec* RETURNS: OK if network interface is successfully attached to IPsec, * otherwise ERROR*/STATUS ipsecAttachIfMapi ( WRSEC_INET_ADDR *pAddress ) { int s; IPSEC_NETWORK_INTERFACE *p_ipsec_network_interface; STATUS return_value; struct ifnet ifnet_clone; struct ifnet *sptr_ifnet; struct ifnet *sptr_ifnet_original; char addr_string[40]; WRSEC_INET_ADDR_FAMILY wrn_inet_address_family; DF_BIT_CONFIG df_bit_config = CLEAR; if (ipsec_global_class.ipsec_enabled == FALSE) { return (ERROR); } wrn_inet_address_family = pAddress->type; if (wrn_inet_address_family != WRSEC_AF_INET4 && wrn_inet_address_family != WRSEC_AF_INET6) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPsec: Invalid Address\n"); return (ERROR); } if (ipsec_find_network_interface_based_on_ip_address (pAddress) != NULL) { wrSecFree (pAddress); return (OK); } sptr_ifnet = NULL; p_ipsec_network_interface = NULL; return_value = ERROR; s = splnet (); /* Find the corresponding ifnet entry */ sptr_ifnet = ipsec_get_ifnet_handle (pAddress); if (sptr_ifnet != NULL) { ifnet_clone = *sptr_ifnet; splx (s); sptr_ifnet_original = sptr_ifnet; sptr_ifnet = &ifnet_clone; p_ipsec_network_interface = wrSecCalloc (1, sizeof (IPSEC_NETWORK_INTERFACE)); if (p_ipsec_network_interface != NULL) { p_ipsec_network_interface->net_interface = sadb_create_network_interface (); if (!p_ipsec_network_interface->net_interface) { ipsec_printf_mon ( IPSEC_ERROR_PRINTF, "IPsec: Failed to add network interface %s%u into SADB\n", sptr_ifnet->if_name, sptr_ifnet->if_unit); wrSecFree (p_ipsec_network_interface); } else { strcpy (p_ipsec_network_interface->cptr_netif_name, sptr_ifnet->if_name); p_ipsec_network_interface->enabled = TRUE; p_ipsec_network_interface->port_number = sptr_ifnet->if_index; p_ipsec_network_interface->port_sub_unit = sptr_ifnet->if_unit; p_ipsec_network_interface->sptr_ifnet = sptr_ifnet_original; p_ipsec_network_interface->p_address = pAddress; p_ipsec_network_interface->df_bit = df_bit_config; p_ipsec_network_interface->pmtu_age = IPSEC_DEFAULT_PMTU_AGE; if (sadbAddNetIfAddr(p_ipsec_network_interface->net_interface, p_ipsec_network_interface->p_address) == FALSE) { wrSecInetAddrToString(addr_string, 40, pAddress); ipsec_printf_mon ( IPSEC_ERROR_PRINTF, "IPsec: Failed to add address %s %s %s%u into SADB\n", addr_string, "to network interface", sptr_ifnet->if_name, sptr_ifnet->if_unit); wrSecFree (p_ipsec_network_interface); } else { /* Add a secure network interface to IPsec */ if (wrSecListAddFront (ipsec_global_class.ipsec_network_interface_list, p_ipsec_network_interface) == ERROR) { wrSecInetAddrToString(addr_string, 40, pAddress); ipsec_printf_mon (IPSEC_ERROR_PRINTF, "IPsec: %s %s to list\n", "Failed to add network interface", addr_string); } else { return_value = OK; } } } } else { ipsec_printf_mon (IPSEC_ERROR_PRINTF, "IPsec: Error: ipsecAttachIfMapi(): wrSecAlloc failed\n"); } } else { splx (s); wrSecInetAddrToString(addr_string, 40, pAddress); ipsec_printf_mon (IPSEC_ERROR_PRINTF, "IPsec: Failed to get NETINTERFACE for IP Address: %s\n", addr_string); } return (return_value); }/******************************************************************************** ipsecDetachIfMapi - Detaches a network interface from IPsec** RETURNS: OK if network interface is successfully detached from IPsec, * otherwise ERROR*/STATUS ipsecDetachIfMapi ( WRSEC_INET_ADDR *pAddress ) { void *iterator = (void*)NULL; IPSEC_NETWORK_INTERFACE *p_ipsec_network_interface; STATUS return_value; WRSEC_INET_ADDR_FAMILY wrn_inet_address_family; char addr_string[40]; struct ifnet ifnet_clone; struct ifnet *sptr_ifnet; struct ifnet *sptr_ifnet_original; int s; DF_BIT_CONFIG df_bit_config = CLEAR; if (ipsec_global_class.ipsec_enabled == FALSE) { return (ERROR); } return_value = ERROR; p_ipsec_network_interface = NULL; wrn_inet_address_family = pAddress->type; if (wrn_inet_address_family != WRSEC_AF_INET4 && wrn_inet_address_family != WRSEC_AF_INET6) { ipsec_printf (IPSEC_ERROR_PRINTF, "IPsec: Invalid Address format\n"); return (ERROR); } wrSecListScanLock( ipsec_global_class.ipsec_network_interface_list ); while ((p_ipsec_network_interface = wrSecListScan(ipsec_global_class.ipsec_network_interface_list, &iterator)) != NULL) { if ((pAddress->type == p_ipsec_network_interface->p_address->type) && wrSecInetAddrEquals(pAddress, p_ipsec_network_interface->p_address)) { sptr_ifnet = NULL; s = splimp (); /* Find the corresponding ifnet entry */ sptr_ifnet = ipsec_get_ifnet_handle (pAddress); if (sptr_ifnet != NULL) { ifnet_clone = *sptr_ifnet; splx (s); sptr_ifnet_original = sptr_ifnet; sptr_ifnet = &ifnet_clone; strcpy (p_ipsec_network_interface->cptr_netif_name, sptr_ifnet->if_name); p_ipsec_network_interface->enabled = TRUE; p_ipsec_network_interface->port_number = sptr_ifnet->if_index; p_ipsec_network_interface->port_sub_unit = sptr_ifnet->if_unit; p_ipsec_network_interface->sptr_ifnet = sptr_ifnet_original; p_ipsec_network_interface->p_address = pAddress; p_ipsec_network_interface->df_bit = df_bit_config; if (sadbDeleteNetIfAddr (p_ipsec_network_interface->net_interface, p_ipsec_network_interface->p_address) == FALSE) { wrSecInetAddrToString(addr_string, 40, pAddress); ipsec_printf_mon ( IPSEC_ERROR_PRINTF, "IPsec: Failed to delete address %s %s %s%u from SADB\n", addr_string, "from network interface", sptr_ifnet->if_name, sptr_ifnet->if_unit); return ERROR; } } else { splx (s); wrSecInetAddrToString(addr_string, 40, pAddress); ipsec_printf_mon (IPSEC_ERROR_PRINTF, "IPsec: Failed to get NETINTERFACE for IP Address: %s\n", addr_string); return ERROR; } /* delete the network interface from the security association database */ if (sadbDeleteNetIf (p_ipsec_network_interface->net_interface) == FALSE) { ipsec_printf_mon ( IPSEC_WARNING_PRINTF, "IPsec: %s %s%u\n", "Failed to delete SADB for network interface", p_ipsec_network_interface->cptr_netif_name, p_ipsec_network_interface->port_sub_unit); } else { /* remove the remove ipsec network interface */ if (!wrSecListScanRemove(ipsec_global_class.ipsec_network_interface_list, &iterator)) { ipsec_printf_mon ( IPSEC_WARNING_PRINTF, "IPsec: %s %s%u\n", "Failed to remove iterator network interface", p_ipsec_network_interface->cptr_netif_name, p_ipsec_network_interface->port_sub_unit); } ipsec_printf ( IPSEC_DEBUG_PRINTF, "IPSec: Network interface removed %s%u\n", p_ipsec_network_interface->cptr_netif_name, p_ipsec_network_interface->port_sub_unit); wrSecFree (pAddress); wrSecFree (p_ipsec_network_interface); p_ipsec_network_interface = NULL; return_value = OK; } break; } } wrSecListScanUnlock( ipsec_global_class.ipsec_network_interface_list ); return (return_value); }/******************************************************************************** ipsecDFBitMapi - Configures the DF bit handling (SET/COPY/CLEAR) for each * interface enabled with IPSec. * RETURNS: OK if DF bit is successfully configured for the given IPSec enabled * interface otherwise ERROR*/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -