ipsec_icmp_pmtu.c

ipsec PNE 3.3 source code, running at more than vxworks6.x version.

/* ipsec_icmp_pmtu.c - contains functions to process pmtu message */

/* 
 * Copyright (c) 2000-2006 Wind River Systems, Inc. 
 * 
 * The right to copy, distribute, modify or otherwise make use 
 * of this software may be licensed only pursuant to the terms 
 * of an applicable Wind River license agreement. 
 */

/*
modification history
--------------------
03s,13jan06,djp  removed rwos dependencies
03r,12jan06,djp  removed rwos dependencies
03q,12dec05,djp  removed compiler warnings
03p,28nov05,djp  replace WRN_INET with WRSEC_INET
03o,14sep05,djp  Removed extern declaration of in_cksum
03n,14apr05,djp  Fixed VxWorks 6.x compiler error
03m,12apr05,djp  Fixed compiler errors
03l,22sep04,msa Added return value checks to ipsecPmtuTunnelMessageProcess and
                ipsecPmtuDataCopy. Added NULL values checks after calls to
                ipsecPmtuSaBundleFind and
                ipsecFindNetworkInterfaceBasedOnIfnet.
03k,05sep03,rlm ipsecPmtuForwardPmtuMessage(): changed cast to (UCHAR *) to
                (char *) for mbuf *m->m_data (this is its proper type),
                also added LOCAL keyword to function declaration to match
                prototype
03j,18jun03,sam(teamf1) fixed memory leak in ipsecPmtuMessageDelete
12jun03,rparkhil added support for STACK_NAME
03i,05jun03,mad(teamf1) added ifdef for IPV4_DUAL_STACK
03h,05jun03,mad(teamf1) removed nested ifdef __IPV6_STACK__ from the function
      ipsecPmtuForwardPmtuMessage().
03g,03jun03,sam(teamf1) added changes to check for fragment offset before 
            processing the pmtu message.
03f,03jun03,sam(teamf1) incorporated review changes.
03e,01jun03,sam(teamf1) added code to use new mbuf to send a pmtu message +
            calling icmp(6)_input if the packet is ours.
03d,01may03,sam(teamf1) added check to process pmtu message only if we are the
      destination. Changed calculation of packetLength in
                        case of v6 in function
                        ipsecPmtuIsPacketBiggerThanPmtu(). 
03c,24apr03,sam(teamf1)  code cleanup. Renamed all functions to follow
      coding conventions.
03b,14apr03,sam(teamf1) incorporated review comments(SPR #86677).
02a,10apr02,sam(teamf1)   Added code for PMTU support (SPR #86677).  
01b,11Nov02,mhb(teamf1)  Added ipsecIsIcmp6Message function.
01a,20Sep02,rks(teamf1)  written 
*/

/*
DESCRIPTION
This file contains functions to process the PMTU message received and send 
the PMTU message to appropriate host.
*/

/* includes */

#include <vxWorks.h>

#include <string.h>
#include <stdlib.h>
#include <stdio.h>


#include <netinet/in.h>
#include <netinet/ip.h>

#ifdef VIRTUAL_STACK
#include <netinet/vsData.h> /* for vsTbl[] */
#include <netinet/vsNetCore.h>
#else
#include <net/mbuf.h>
#endif /* VIRTUAL_STACK */
#include <netinet/ip_icmp.h>
#include <netinet/icmp_var.h>

#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)
#include "ipsec_ipv6_utilities.h"
#include <netinet6/ip6.h>

#ifdef _KERNEL
#define _KERNEL_PREDEFINED
#else
#define _KERNEL
#endif
#include <netinet6/icmp6.h>

#ifndef _KERNEL_PREDEFINED
#undef _KERNEL
#else
#undef _KERNEL_PREDEFINED
#endif
#endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */

#include "../common/wrSecMem.h"
#include "../common/wrSecSerialize.h"
#include "../common/wrSecInetAddr.h"
#include "../common/wrSecTrace.h"
#include "../sadb/sadb_if.h"
#include "../sadb/sadbP.h"
#include "../sadb/sadb_class.h"
#include "../sadb/sadb_globals.h"

#include "ipsecP.h"
#include "ipsec_class.h"
#include "ipsec_network_interface.h"
#include "ipsec_ah_message.h"
#include "ipsec_esp_message.h"
#include "ipsec_icmp_pmtu.h"
#include "packetBuf.h"
#include "ipsec_globals.h"
#include "ipsec_print_routines.h"


#if 1

/* Externs */
#if STACK_NAME == STACK_NAME_V4_V6
extern void icmp_input __P ((struct mbuf *,
                             int,
                             int));
#endif /* (__IPV6_STACK__) || defined (__IPV4_DUAL_STACK__)_ */
#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)
extern int in6_cksum __P ((struct mbuf *,
                           u_int8_t,
                           u_int32_t,
                           u_int32_t));

extern int ip6_output __P ((struct mbuf *,
                            struct ip6_pktopts *,
                            struct route_in6 *,
                            int,
                            struct ip6_moptions *,
                            struct ifnet **));

extern void icmp6_error __P ((struct mbuf *,
                              int,
                              int,
                              int));

extern int icmp6_input __P ((struct mbuf **,
                             int *,
                             int));
#endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */
#endif /* 0 */

extern IPSEC_NETWORK_INTERFACE *ipsecFindNetworkInterfaceBasedOnIfnet
    (
    struct ifnet *,
    WRSEC_INET_FAMILY
    );

/* LOCALS */
LOCAL STATUS ipsecPmtuDataCopy
    (
    IPSEC_PMTU_MESSAGE *pmtu_message,
    UCHAR *data,
    UINT data_len
    );

LOCAL STATUS ipsecPmtuDestinationFind
    (
    IPSEC_PMTU_MESSAGE *pmtu_message,
    SA_BUNDLE *p_sa_bundle
    );

LOCAL SA_BUNDLE *ipsecPmtuSaBundleFind
    (
    SA_BUNDLE_INFO *pmtu_message
    );

LOCAL void ipsecPmtuMessageCreate
    (
    IPSEC_PMTU_MESSAGE *pmtu_message,
    WRSEC_INET_ADDR_FAMILY type
    );

LOCAL void ipsecPmtuSaInfoCreate
    (
    SA_BUNDLE_INFO *sa_info,
    WRSEC_INET_ADDR_FAMILY type
    );

LOCAL void ipsecPmtuMessageDelete
    (
    IPSEC_PMTU_MESSAGE *pmtu_message
    );

LOCAL void ipsecSAInfoDestroy
    (
    SA_BUNDLE_INFO *sa_info
    );

LOCAL STATUS ipsecPmtuAhMessageProcess
    (
    UCHAR *bptr_ah_hdr,
    int data_len,
    UINT complete_packet_len,
    IPSEC_PMTU_MESSAGE *pmtu_message,
    SA_BUNDLE_INFO *sa_info
    );

LOCAL STATUS ipsecPmtuEspMessageProcess
    (
    UCHAR *bptr_esp_hdr,
    int data_len,
    UINT complete_packet_len,
    IPSEC_PMTU_MESSAGE *pmtu_message,
    SA_BUNDLE_INFO *sa_info
    );

LOCAL STATUS ipsecPmtuTransportMessageProcess
    (
    struct mbuf *m,
    IPSEC_PMTU_MESSAGE *pmtu_message
    );

LOCAL STATUS ipsecPmtuTunnelMessageProcess
    (
    struct ip *ip,
    UINT data_len,
    IPSEC_PMTU_MESSAGE *pmtu_message,
    SA_BUNDLE_INFO *sa_info
    );

LOCAL STATUS ipsecPmtuForwardPmtuMessage
    (
    struct mbuf *m,
    IPSEC_PMTU_MESSAGE *pmtu_message
    );

LOCAL STATUS ipsecPmtuStorePmtuInfo
    (
    IPSEC_PMTU_MESSAGE *pmtu_message,
    SA_BUNDLE_INFO *sa_info
    );

/******************************************************************************
* ipsecIsIcmpPmtuMessage - Check if the packet is an icmp pmtu message.
*
* Check if the packet is an icmp pmtu message.
*
* NOMANUAL
*
* RETURNS : TRUE if it is a pmtu message else FALSE
*/
BOOL ipsecIsIcmpPmtuMessage
    (
    struct mbuf *m, /* pointer to mbuf */
    struct ip *ip   /* pointer to ip header */
    )
    {
    if (ip->ip_v == IP_V4)
        {
        struct icmp *icmp4;

        if (ip->ip_p != IPPROTO_ICMP)
            {
            return (FALSE);
            }

        icmp4 = (struct icmp *) (mtod (m, char *) + (ip->ip_hl << 2));

        if (icmp4->icmp_type == ICMP_UNREACH && icmp4->icmp_code == ICMP_UNREACH_NEEDFRAG)
            {
            return (TRUE);
            }
        }

    #if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)
    else if (ip->ip_v == IP_V6)
        {
        struct icmp6_hdr *icmp6;
        int transport_protocol;

        transport_protocol = ipsecIpv6GetIpsecOrTransportProtocol (m, NULL);

        if (transport_protocol != IPPROTO_ICMPV6)
            {
            return (FALSE);
            }

        icmp6 = (struct icmp6_hdr *) (mtod (m, char *) + ipsecIpv6HdrLenGet (m, NULL));

        if (icmp6->icmp6_type == ICMP6_PACKET_TOO_BIG && icmp6->icmp6_code == 0)
            {
            return (TRUE);
            }
        }
    #endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */

    return (FALSE);
    }

#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)

/******************************************************************************
 *
 *  ipsecIsIcmp6Message - checks if the packet is an icmp6 packet.
 *
 *  NOMANUAL
 *
 *  RETURNS : TRUE if it is an icmp6 packet else FALSE
 */
BOOL ipsecIsIcmp6Message
    (
    struct mbuf *m /* pointer to mbuf */
    )
    {
    struct icmp6_hdr *icmp6;
    int transport_protocol;
    struct ip *iphdr = mtod (m, struct ip *);

    if (iphdr->ip_v == IP_V4)
        {
        return (FALSE);
        }

    transport_protocol = ipsecIpv6GetIpsecOrTransportProtocol (m, NULL);

    if (transport_protocol != IPPROTO_ICMPV6)
        {
        return (FALSE);
        }

    icmp6 = (struct icmp6_hdr *) (mtod (m, char *) + ipsecIpv6HdrLenGet (m, NULL));

    if ((icmp6->icmp6_type == ND_ROUTER_SOLICIT
             || icmp6->icmp6_type == ND_ROUTER_ADVERT   || icmp6->icmp6_type
                                                           == ND_NEIGHBOR_SOLICIT
             || icmp6->icmp6_type == ND_NEIGHBOR_ADVERT || icmp6->icmp6_type
                                                           == ND_REDIRECT))
        {
        return (TRUE);
        }
    return (FALSE);
    }
#endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */
/******************************************************************************
* ipsecIcmpPmtuMessageProcess - processes the pmtu message.
*
* This is the main pmtu message handling function.This function checks for the
* ipsec headers ( if any) that are applied to the payload of the pmtu message 
* and removes the ipsec headers .In all the cases the pmtu field in the sa is 
* intialized with the PMTU in the PMTU message 
* 
* NOMANUAL
*
* RETURNS :
* OK if the packet has been bypassed to the upper layers.
* ERROR  if a pmtu message is generated from this packet.
*/

STATUS ipsecIcmpPmtuMessageProcess
    (
    struct mbuf ** pp_m, /* double pointer to mbuf */
    struct ip *ip        /* pointer to ip header */
    )
    {
    IPSEC_PMTU_MESSAGE ipsec_pmtu_message;
    SA_BUNDLE_INFO ipsec_sa_info;
    IPSEC_PMTU_MESSAGE *pmtu_message;
    SA_BUNDLE_INFO *sa_info;
    STATUS status;
    UINT offset;
    UINT total_packet_length;
    UINT complete_packet_len;
    UCHAR next_protocol;
    UINT age;
    struct ip *ip1;
    struct mbuf *m = *pp_m;

    total_packet_length = 0;
    complete_packet_len = 0;
    next_protocol = 0;
    age = 0;
    offset = 0;
    ip1 = NULL;
    status = OK;
    pmtu_message = &ipsec_pmtu_message;
    sa_info = &ipsec_sa_info;

    /* packet format:
     * IP1  ICMP IP2 AH/ESP/AH+ESP  [IP3*] TCP* /UDP* /OTHERS* 
     * (*:may be encrypted)
     */
    if (((struct ip *)ip)->ip_v == IP_V4)
        {
        struct icmp *icmp4;
        struct ip *ip2;

        ip1 = ip;

        /* initialize pmtu_mesage */
        ipsecPmtuMessageCreate (pmtu_message, WRSEC_AF_INET4);
        ipsecPmtuSaInfoCreate (sa_info, WRSEC_AF_INET4);