📄 ipsec_tunnel_utilities.c
字号:
** ===================== */ WRSEC_INET4_ASSIGN_B_TO_A ( (&((IP_V4_MESSAGE *)p_ip_message)->destination_address), ((WRSEC_INET4_ADDR *) (((OUTBOUND_TUNNEL_SA_SPEC *)p_spec)->p_dst_address))); /* ** options - never copied ** ===================== */ return (TRUE); } else if (ip_version == IP_V6) { /*IPv6 Processing*/ /* ** version - construct ** ===================== */ /*IP_VERSION_6;*/ /* ** type of service - copied from inner header ** ===================== */ /* p_ip_message->type_of_service = ; */ /* ** total length ** ===================== */ ((IP_V6_MESSAGE *)p_ip_message)->payload_length = packetBufDataSizeGet(p_ip_message->pPayload); /* ** protocol - AH, ESP, routing hdr ** ===================== */ ((IP_V6_MESSAGE *)p_ip_message)->next_header = TRANSPORT_PROTO_IP_IN_IP_IPV6; ((IP_V6_MESSAGE *)p_ip_message)->transport_protocol = TRANSPORT_PROTO_IP_IN_IP_IPV6; /* We don't support extenstion header for outer ipv6 header*/ ((IP_V6_MESSAGE *)p_ip_message)->extn_headers_len = 0; ((IP_V6_MESSAGE *)p_ip_message)->p_extn_headers = NULL; /* ** source IP Address - Tunnel endpoint ** ===================== */ WRSEC_INET6_ASSIGN_B_TO_A ( (&((IP_V6_MESSAGE *)p_ip_message)->source_address), ((WRSEC_INET6_ADDR *) (((OUTBOUND_TUNNEL_SA_SPEC *)p_spec)->p_src_address))); /* ** destination IP Address - Tunnel endpoint ** ===================== */ WRSEC_INET6_ASSIGN_B_TO_A ( (&((IP_V6_MESSAGE *)p_ip_message)->destination_address), ((WRSEC_INET6_ADDR *) (((OUTBOUND_TUNNEL_SA_SPEC *)p_spec)->p_dst_address))); return (TRUE); } else { ipsec_printf (IPSEC_WARNING_PRINTF, "IPsec: IP Message: INVALID_VERSION\n"); return (FALSE); } }/******************************************************************************/BOOL ipsec_tunnel_manager_serialize_inner_ip_header ( IP_VI_MESSAGE *p_ip_message ) { UINT version_and_header_length; UINT flags_and_fragment_offset; UINT total_length, time_to_live; #if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) UINT hop_limit, payload_len; #endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */ UINT checksum; BOOL packet_extended; UCHAR *p_packet_header; IP_VERSION_NUMBER ip_version; p_packet_header = NULL; version_and_header_length = 0; flags_and_fragment_offset = 0; time_to_live = 0; total_length = 0; checksum = 0; packet_extended = FALSE; ip_version = p_ip_message->version; if (ip_version == IP_V4) { /*IPv4 Processing*/ /* ** version - ** ================= */ p_packet_header = packetBufWritableHeaderGet(p_ip_message->pPayload, IP_PACKET_HEADER_MINIMUM_LENGTH); if (p_packet_header == NULL) { return (FALSE); } version_and_header_length = IP_VERSION_4; version_and_header_length <<= 4; /* ** header length - ** ================= */ version_and_header_length |= IP_PACKET_HEADER_MINIMUM_LENGTH / IP_WORD_SIZE; wrSecSerializeUChar (version_and_header_length, &p_packet_header); /* ** type_of_service - No change to decapsulater ** ================= */ wrSecSerializeUChar (((IP_V4_MESSAGE *)p_ip_message)->type_of_service, &p_packet_header); /* ** total length - No change to decapsulater -- TRACKSPR #99857: support IP options ** or IP fragmentation. ** ================= */ total_length = packetBufDataSizeGet(p_ip_message->pPayload) + IP_PACKET_HEADER_MINIMUM_LENGTH; wrSecSerializeUShort(total_length, &p_packet_header); /* ** identification - No change to decapsulater ** ================= */ wrSecSerializeUShort(((IP_V4_MESSAGE *)p_ip_message)->datagram_identifier, &p_packet_header); /* ** flags and fragment offset - No change decapsulator ** ================= */ flags_and_fragment_offset = 0; flags_and_fragment_offset = ((IP_V4_MESSAGE *)p_ip_message)->dont_fragment_flag; flags_and_fragment_offset <<= 1; flags_and_fragment_offset |= ((IP_V4_MESSAGE *)p_ip_message)->more_fragment_flag; flags_and_fragment_offset <<= 13; flags_and_fragment_offset |= ((IP_V4_MESSAGE *)p_ip_message)->fragment_offset; wrSecSerializeUShort(flags_and_fragment_offset, &p_packet_header); /* ** time to live - Decrement ** ================= ** RFC2402 - The TTL in the inner header is decremented by the ** encapsulator prior to forwarding and by the ** decapsulator if it forwards the packet. ** (The checksum changes when the TTL changes.) ** ** Note: The decrementing of the TTL is one of the ** usual actions that takes place when forwarding a packet. ** Packets originating from the same node as the ** encapsulator do not have their TTL's decremented, as ** the sending node is originating the packet rather than ** forwarding it. */ time_to_live = ((IP_V4_MESSAGE *)p_ip_message)->time_to_live; /* We used to decrement TTL here, but the stack does that for us. */ wrSecSerializeUChar(time_to_live, &p_packet_header); /* ** protocol - No change ** ================= */ wrSecSerializeUChar(((IP_V4_MESSAGE *)p_ip_message)->transport_protocol, &p_packet_header); /* ** header checksum - constructed ** ================= */ wrSecSerializeUShort(checksum, &p_packet_header); /* ** source IP Address - No change ** ================= */ wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&(((IP_V4_MESSAGE *)p_ip_message)->source_address), &p_packet_header); /* ** destination IP Address - No change ** ================= */ wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&(((IP_V4_MESSAGE *)p_ip_message)->destination_address), &p_packet_header); /* ** options - No change ** ================= */ packet_extended = packetBufExtendFront(p_ip_message->pPayload, IP_PACKET_HEADER_MINIMUM_LENGTH); if (packet_extended == FALSE) { return (FALSE); } p_packet_header = packetBufDataGet(p_ip_message->pPayload); checksum = ipsec_tunnel_manager_compute_internet_checksum (p_packet_header, IP_PACKET_HEADER_MINIMUM_LENGTH); p_packet_header += IP_PACKET_HEADER_CHECKSUM_OFFSET; wrSecSerializeUShort(checksum, &p_packet_header); return (TRUE); } #if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) else if (ip_version == IP_V6) { IP_V6_MESSAGE *p_ip6_message = (IP_V6_MESSAGE *)p_ip_message; UCHAR next_header; /*IPv6 Processing*/ p_packet_header = packetBufWritableHeaderGet(p_ip_message->pPayload, IPV6_PACKET_HEADER_MINIMUM_LENGTH + p_ip6_message->extn_headers_len); if (p_packet_header == NULL) { return (FALSE); } /* ** version , Traffic Class, Flow Label ** =================================== */ wrSecSerializeULong((p_ip6_message)->flow_label, &p_packet_header); /* ** Payload len ** ================= */ payload_len = packetBufDataSizeGet(p_ip_message->pPayload) + (p_ip6_message)->extn_headers_len; wrSecSerializeUShort(payload_len, &p_packet_header); /* ** next_header - No change ** ================= */ next_header = (p_ip6_message)->next_header; if ((p_ip6_message)->extn_headers_len) { next_header = (p_ip6_message)->first_extn_header; } wrSecSerializeUChar (next_header, &p_packet_header); /* ** Hop Limit - Decrement ** ================= */ hop_limit = (p_ip6_message)->hop_limit; /* We used to decrement hop_limit, but the stack does that for us. */ wrSecSerializeUChar (hop_limit, &p_packet_header); /* ** source IP Address - No change ** ================= */ wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&((p_ip6_message)->source_address), &p_packet_header); /* ** destination IP Address - No change ** ================= */ wrSecInetAddrSerialize((WRSEC_INET_ADDR *)&((p_ip6_message)->destination_address), &p_packet_header); memmove (p_packet_header, (p_ip6_message)->p_extn_headers, p_ip6_message->extn_headers_len); packet_extended = packetBufExtendFront( p_ip_message->pPayload, IPV6_PACKET_HEADER_MINIMUM_LENGTH + p_ip6_message->extn_headers_len); if (packet_extended == FALSE) { return (FALSE); } return (TRUE); } #endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */ else { ipsec_printf (IPSEC_WARNING_PRINTF, "IPsec: IP Message: INVALID_VERSION\n"); return (FALSE); } }/******************************************************************************/UINT ipsec_tunnel_manager_compute_internet_checksum ( UCHAR *p_data, UINT data_size ) { UINT number_of_words; UINT sum; UINT last_ushort; UINT word_count; if (p_data == NULL) { return (0); } number_of_words = data_size >> 1; sum = 0; for (word_count = 0; word_count < number_of_words; ++word_count) { sum += wrSecDeserializeUShort(&p_data); } if ((data_size & 0x1) != 0) { last_ushort = wrSecDeserializeUChar(&p_data); last_ushort <<= 8; sum += last_ushort; } while( sum > 0x0FFFF ) { sum = (sum & 0x0FFFF) + (sum >> 16); } sum = ~(sum) & 0x0FFFF; return (sum); }/******************************************************************************/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -