ipsec_if.c

ipsec PNE 3.3 source code, running at more than vxworks6.x version.

/* ipsec_if.c - WindNet IPsec stack interface code */

/* 
 * Copyright (c) 2000-2006 Wind River Systems, Inc. 
 * 
 * The right to copy, distribute, modify or otherwise make use 
 * of this software may be licensed only pursuant to the terms 
 * of an applicable Wind River license agreement. 
 */

/* 
modification history
-------------------------------------
03n,15mar06,djp  fixed potential memory leaks
03m,13jan06,djp  removed rwos dependencies
03l,12jan06,djp  removed rwos dependencies
03k,28nov05,djp  replace WRN_INET with WRSEC_INET
03k,08nov05,rlm  Removed references to rw_packet routines.
03j,26may05,djp         Added NULL ptr check
03i,12jun03,rparkhil    Added support for STACK_NAME
03h,01may03,sam(teamf1) intializing ports to zero incase of AH & ESP.
03g,24apr03,mad(teamf1) Modified to guard include file ipsec_ipv6_utilities.h
            under ifdef __IPV6_STACK__
03f,24Apr03,sam(teamf1) renamed ipv6 utilities functions as part of code
            cleanup 
03e,05Mar03,mhb(teamf1)  code cleanup 
03d,24feb03,mad (teamf1) replaced wrSecCalloc with wrSecCalloc in the function
                         ipsec_create_ip_vi_message().
03c,10Jan03,mhb(teamf1)  Added check for fragments in ipsec_build_traffic_info. 
            Now we are setting dest,src ports to 0, incase of fragmentation.
03b,26Dec02,rks(teamf1)  replaced m_free with WRN_M_FREEM.
03a,10Oct02,rks(teamf1)	fixed a bug. In ipsec_create_ip_vi_message, ip_id was 
                    getting stored in network byte order.
03a,20Sep02,rks(teamf1)	added support for IPV6_STACK.
02a,19mar02,rpt   replaced ULONG ip address by WRN_INET_ADDR in func definition
01a,19mar02,rpt   extracted from WindNet IPSec 1.1, added modification history
*/
/******************************************************************************/


#include <vxWorks.h>
#include <string.h>
#include <netinet/in.h>

#include "../common/wrSecMem.h"
#include "../common/wrSecInetAddr.h"
#include "../common/wrSecTrace.h"
#include "../common/wrSecSerialize.h"
#include "../common/wrSecCommon.h"
#include "../sadb/sadb_if.h"

#include "ipsecP.h"
#include "packetBuf.h"
#include "ipsec_class.h"
#include "ipsec_globals.h"
#include "ipsec_print_routines.h"

#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)
#include "ipsec_ipv6_utilities.h"
#endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */
/******************************************************************************/

BOOL ipsecIsNetIfAttached
    (
    WRSEC_INET_ADDR *pAddress
    )
    {
    if (ipsec_global_class.ipsec_enabled == TRUE)
        {
        if (ipsec_find_network_interface_based_on_ip_address (pAddress) != NULL)
            {
            return (TRUE);
            }
        }
    return (FALSE);
    }

/*******************************************************************************
*
* ipsec_create_ip_vi_message - 
* 
* This function is called before calling IPsec 
*
* RETURNS: none
*
* SEE ALSO:
*
* NOMANUAL
*/
IP_VI_MESSAGE *ipsec_create_ip_vi_message
    (
    struct mbuf *m,
    int hlen,
    struct ip *ip
    )
    {
    IP_VI_MESSAGE * p_ip_message;
    PACKETBUF     * pPacket;
    struct ip     * ipHdr;

    PARAMETER_NOT_USED (hlen);

    p_ip_message = NULL;
    ipHdr = NULL;
    pPacket = NULL;

    if (ip->ip_v == 4)
        {
        IP_V4_MESSAGE *p_ip4_message = NULL;

        pPacket = packetBufCreateFromMBuf(m);
        if (pPacket == NULL)
            {
            return (NULL);
            }

        ipHdr = (struct ip *)packetBufDataGet(pPacket);

        if (ipHdr == NULL)
            {
            wrSecFree(pPacket);
            return (NULL);
            }

        p_ip4_message = wrSecCalloc (1, sizeof (IP_V4_MESSAGE));

        /* Here we will create IP message suitable 
           for passing the packet to IPsec */
        /* TRACKSPR #99857: Works need to be done in this function
           to take care of the IP options */

        if (p_ip4_message == NULL)
            {
            wrSecFree(pPacket);
            return (NULL);
            }

        p_ip4_message->type_of_service = ipHdr->ip_tos;
        p_ip4_message->datagram_identifier = ntohs (ipHdr->ip_id);
        p_ip4_message->dont_fragment_flag = FALSE;

        if (ipHdr->ip_off & IP_DF)
            {
            p_ip4_message->dont_fragment_flag = TRUE;
            }

        p_ip4_message->more_fragment_flag = FALSE;

        if (ipHdr->ip_off & IP_MF)
            {
            p_ip4_message->more_fragment_flag = TRUE;
            }

        p_ip4_message->fragment_offset = ipHdr->ip_off & IP_OFFMASK;
        p_ip4_message->time_to_live = ipHdr->ip_ttl;
        p_ip4_message->transport_protocol = ipHdr->ip_p;

        p_ip4_message->source_address.family.type = WRSEC_AF_INET4;
        WRSEC_INET4_SET_STRUCT_A_WITH_IN_ADDR_B (p_ip4_message->source_address, ipHdr->ip_src);

        p_ip4_message->destination_address.family.type = WRSEC_AF_INET4;
        WRSEC_INET4_SET_STRUCT_A_WITH_IN_ADDR_B (p_ip4_message->destination_address, ipHdr->ip_dst);

        p_ip4_message->vi_data.version = IP_V4;

        packetBufReduceFront(pPacket, MINIMUM_IP_V4_HEADER_LENGTH);
        p_ip4_message->vi_data.pPayload = pPacket;

        p_ip_message = (IP_VI_MESSAGE *)p_ip4_message;
        }
    else if (ip->ip_v == 6)
        {

#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)
        IP_V6_MESSAGE *p_ip6_message = NULL;
        struct ip6_hdr *ip6Hdr = NULL;

        pPacket = packetBufCreateFromMBuf(m);

        if (pPacket == NULL)
            {
            return (NULL);
            }

        ip6Hdr = (struct ip6_hdr *)packetBufDataGet(pPacket);

        if (ip6Hdr == NULL)
            {
            wrSecFree(pPacket);
            return (NULL);
            }

        p_ip6_message = wrSecCalloc (1, sizeof (IP_V6_MESSAGE));

        /* Here we will create IP message suitable 
           for passing the packet to IPsec */
        /* TODO: Works need to be done in this function
           to take care of the IP options */

        if (p_ip6_message == NULL)
            {
            wrSecFree(pPacket);
            return (NULL);
            }

        p_ip6_message->flow_label = ntohl (ip6Hdr->ip6_flow);
        p_ip6_message->payload_length = ntohs (ip6Hdr->ip6_plen);
        p_ip6_message->next_header = ip6Hdr->ip6_nxt;

        p_ip6_message->transport_protocol = ipsecIpv6GetIpsecOrTransportProtocol (NULL, ip6Hdr);

        p_ip6_message->extn_headers_len = 0;

        p_ip6_message->extn_headers_len = ipsecIpv6ExtnHdrLenGet (ip6Hdr);

        if (p_ip6_message->extn_headers_len)
            {
            p_ip6_message->first_extn_header = ip6Hdr->ip6_nxt;
            p_ip6_message->next_header = p_ip6_message->transport_protocol;
            }

        p_ip6_message->hop_limit = ip6Hdr->ip6_hlim;

        p_ip6_message->source_address.family.type = WRSEC_AF_INET6;
        WRSEC_INET6_SET_STRUCT_A_WITH_IN6_ADDR_B (p_ip6_message->source_address, ip6Hdr->ip6_src);

        p_ip6_message->destination_address.family.type = WRSEC_AF_INET6;
        WRSEC_INET6_SET_STRUCT_A_WITH_IN6_ADDR_B (p_ip6_message->destination_address, ip6Hdr->ip6_dst);

        p_ip6_message->vi_data.version = IP_V6;

        p_ip6_message->p_extn_headers = NULL;