ipsec_ipv6_io.c

ipsec PNE 3.3 source code, running at more than vxworks6.x version.

/* ipsec_ipv6_io.c - IPSec input and output routines for IPv6 */

/* 
 * Copyright (c) 2000-2005 Wind River Systems, Inc. 
 * 
 * The right to copy, distribute, modify or otherwise make use 
 * of this software may be licensed only pursuant to the terms 
 * of an applicable Wind River license agreement. 
 */

/*
modification history
--------------------
01j,14sep05,jfb  Fix for TRACE issue B0010
01i,14apr05,djp  Fixed headers for VxWorks 6.x
01h,30nov04,jfb  Beautified again
01g,29nov04,jfb  Beautified
01f,11aug04,rlm  Removed commented out #include <sockLib.h> (// comments cause
                 compile error)
01e,12jun03,rparkhil added support for STACK_NAME
01d,29May03,rks	added check for the return value of ipsecOuput in 
                ipsecOutputIPv6. ipsecOutput frees mbuf inside ipsecOutput in 
                case of tunnel and returns ERROR.
01c,24Apr03,sam changed ipsec_ipv6_hdrlen  to ipsecIpv6HdrLenGet 
01b,24apr03,mhb added function headers
01a,23apr03,mad moved the routines ipsecInputIPv6(), ipsecOutputIPv6()
                 and ipsecForwardIPv6() from ipsec_io.c to this file.
*/

/*
DESCRIPTION
This has the IPSec input, output and forward routines for IPv6. These are
called in IP layer via hooks for IPv6 traffic if IPSec is enabled.
*/

/* include files */

#include <stdio.h>
#include <stdarg.h>
#include <time.h>

#include <vxWorks.h>

#if (_WRS_VXWORKS_MAJOR < 6)
#include <osdep.h>
#include <machdep.h> /* needed for in_addr_t definition in netinet/in.h below */
#endif

#ifdef _KERNEL
#define _KERNEL_PREDEFINED
#else
#define _KERNEL
#endif
#include <netinet/in.h>

#ifndef _KERNEL_PREDEFINED
#undef _KERNEL
#else
#undef _KERNEL_PREDEFINED
#endif
#include <netLib.h>

#include <net/if.h>     /* for if_data type, used in ifaddr type */
#include <net/if_var.h> /* for ifaddr type */

#include "ipsecP.h"

#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)
#include <netinet6/icmp6.h>

#ifdef _KERNEL
#define _KERNEL_PREDEFINED
#else
#define _KERNEL
#endif
#include <netinet6/in6_var.h> /* for IFP_TO_IA6 macro */
#ifndef _KERNEL_PREDEFINED
#undef _KERNEL
#else
#undef _KERNEL_PREDEFINED
#endif
#include "ipsec_ipv6_utilities.h"
#endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */
#include "../spd/spd_if.h"

#include "ipsec_class.h"
#include "ipsec_globals.h"
#include "ipsec_network_interface.h"
#include "ipsec_print_routines.h"
#include "ipsec_spd.h"
#include "ipsec_icmp_pmtu.h"

/* defines */

/* externs */

extern STATUS ipsecInput
    (
    struct mbuf ** m,
    int hlen,
    struct ip ** ip
    );

/* forward declarations */

#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)

/******************************************************************************
* ipsecInputIPv6 - This function is called by IPv6 if ipsec is enabled.
*
* This function will create a message suitable to be processed by IPsec and pass
* the packet to IPsec module.
*
* NOMANUAL
* 
* RETURNS: TRUE OR FALSE if ipsec processing on packet fails
*/

BOOL ipsecInputIPv6
    (
    struct ifnet *rcvIf,
    struct mbuf ** pp_memory_buffer,
    struct ip6_hdr ** pp_ip
    )
    {
    int ip_hlen;
    struct ip6_hdr *ip6 = mtod (( *pp_memory_buffer), struct ip6_hdr *);

    if (ip6->ip6_nxt == IPPROTO_FRAGMENT)
        {
        return FALSE;
        }

    if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_src) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_src))
        ip6->ip6_src.__u6_addr.__u6_addr16[1] = 0;

    if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_dst) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst))
        ip6->ip6_dst.__u6_addr.__u6_addr16[1] = 0;

    ((struct mbuf *) *pp_memory_buffer)->m_pkthdr.rcvif = rcvIf;

    ip_hlen = ipsecIpv6HdrLenGet (*pp_memory_buffer, NULL);

    if (ipsecInput (pp_memory_buffer, ip_hlen, (struct ip ** )pp_ip) == OK)
        {
        ip6 = mtod (( *pp_memory_buffer), struct ip6_hdr *);

        if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_src) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_src))
            ip6->ip6_src.__u6_addr.__u6_addr16[1] = htons (rcvIf->if_index);

        if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_dst) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst))
            ip6->ip6_dst.__u6_addr.__u6_addr16[1] = htons (rcvIf->if_index);

        return FALSE;
        }
    return TRUE;
    }

/******************************************************************************
*
* ipsecOutputIPv6 - This function is called by IPv6 if ipsec is enabled
*
* This function processes an IPv6 packet received from the transport layer 
* and does IPsec processing on that.
* 
* RETURNS: OK, ERROR, or EHOSTUNREACH
*
* NOMANUAL
*/

STATUS ipsecOutputIPv6
    (
    struct mbuf ** pp_memory_buffer,
    struct ip6_pktopts *options,
    struct route_in6 *ro,
    int flags,
    struct ip6_moptions *imo,
    struct sockaddr_in6 *dest,
    struct ifnet *ifp
    )
    {
    struct in6_ifaddr *ia;
    int ret_val;

    /*
     * The arguments to ipsecOutputIPv6 are similar with ipsecOutput
     * except options, ro, imo, dst. But these arguments are not used in
     * ipsecOutput.  So we are calling ipsecOutput here to avoid code
     * duplication.
     */

    IFP_TO_IA6 (ifp, ia);

    ret_val = ipsecOutput (pp_memory_buffer, NULL, (struct route *)ro, flags, NULL, NULL, (struct in_ifaddr *)ia);

    return ret_val;
    }

/******************************************************************************
*
* ipsecForwardIPv6 - This function is called by IPv6 if ipsec is enabled
*
* This function processes an IPv6 packet that has to be forwarded. It is
* called by the IP layer.
* 
* RETURNS: OK, ERROR, or EHOSTUNREACH
*
* NOMANUAL
*/

STATUS ipsecForwardIPv6
    (
    struct mbuf ** pp_memory_buffer,
    struct ip6_pktopts *options,
    struct route_in6 *ro,
    int flags,
    struct ip6_moptions *imo,
    struct sockaddr_in6 *dest,
    struct ifnet *ifp
    )
    {
    struct in6_ifaddr *ia;
    int ret_val;
    struct ip6_hdr *ip6 = mtod (( *pp_memory_buffer), struct ip6_hdr *);

    IFP_TO_IA6 (ifp, ia);

    if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_src) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_src))
        ip6->ip6_src.__u6_addr.__u6_addr16[1] = 0;

    if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_dst) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst))
        ip6->ip6_dst.__u6_addr.__u6_addr16[1] = 0;

    ret_val = ipsecOutput (pp_memory_buffer, NULL, (struct route *)ro, flags, NULL, NULL, (struct in_ifaddr *)ia);

    /* If the ret_val is ERROR, packet is tunneled and mbuf is
       freed. Else, revert the interface index in scope LINK LOCAL address
       */

    if (ret_val != ERROR)
        {
        ip6 = mtod (( *pp_memory_buffer), struct ip6_hdr *);

        if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_src) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_src))
            ip6->ip6_src.__u6_addr.__u6_addr16[1] = htons (ifp->if_index);

        if (IN6_IS_SCOPE_LINKLOCAL (&ip6->ip6_dst) || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst))
            ip6->ip6_dst.__u6_addr.__u6_addr16[1] = htons (ifp->if_index);
        }

    return ret_val;
    }
#endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */