ipsec_if.c

ipsec PNE 3.3 source code, running at more than vxworks6.x version.

        /* Copy Extension Headers */
        if (p_ip6_message->extn_headers_len)
            {
            /* we store extenstion headers in the begining of mbuf_data
             * to make sure it never gets overwritten.
             */
            p_ip6_message->p_extn_headers = (UCHAR *)ip6Hdr - packetBufMaxWritableHeaderSizeGet(pPacket);
            }

        memmove (p_ip6_message->p_extn_headers, (UCHAR *)ip6Hdr + MINIMUM_IP_V6_HEADER_LENGTH,
                 p_ip6_message->extn_headers_len);

        packetBufReduceFront(pPacket, MINIMUM_IP_V6_HEADER_LENGTH + p_ip6_message->extn_headers_len);
        p_ip6_message->vi_data.pPayload = pPacket;

        p_ip_message = (IP_VI_MESSAGE *)p_ip6_message;
#else /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */
        ipsec_printf (IPSEC_ERROR_PRINTF, "IPsec: Invalid IP Header format\n");
        return (NULL);
#endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */

        }
    return (p_ip_message);
    }

/******************************************************************************/
BOOL ipsec_build_traffic_info
    (
    struct mbuf ** m,
    struct ip ** ip,
    int hlen,
	NET_IF *net_interface,
    VI_NETWORK_TRAFFIC_INFO *p_traffic_info,
    int flags
    )
    {
    PORT_SELECTOR *p_port_selector;
    UCHAR *bptr_packet;
    UINT spi;
    WRSEC_INET_FAMILY wrn_inet_family;

    bptr_packet = NULL;
    spi = 0x0000000L;
    wrn_inet_family = p_traffic_info->type;

    /* Get IP and tranport layer header together in first mbuf. */
    if (((*m)->m_len < (int) (hlen + sizeof (struct tcphdr))) && ((*m)->m_len < (*m)->m_pkthdr.len))
        {
        UINT length_to_pullup = ((*m)->m_pkthdr.len
                                     >= (int) (hlen + sizeof (struct tcphdr))) ? (int) (hlen + sizeof (struct tcphdr))
                                    : (*m)->m_pkthdr.len;

        if ((*m = m_pullup (*m, length_to_pullup)) == 0)
            {
            WRN_M_FREEM (*m); /* drop the packet*/
			wrSecTrace( TRACE_ALL, L1, "PACKET DROPPED!! 'function::%s'\n", __FUNCTION__);
            return (FALSE);
            }
        }
    if (wrn_inet_family == WRSEC_PF_INET4)
        {
        V4_NETWORK_TRAFFIC_INFO *p_v4_traffic_info;

        /* re-set the pointer to the ip header in case of fragmentation */
        *ip = mtod (*m, struct ip *);

        p_v4_traffic_info = (V4_NETWORK_TRAFFIC_INFO *)p_traffic_info;

        /* build the packet selector */
        WRSEC_INET4_SET_STRUCT_A_WITH_IN_ADDR_B (p_v4_traffic_info->selector.source_address, ((struct ip *) *ip)->ip_src);

        WRSEC_INET4_SET_STRUCT_A_WITH_IN_ADDR_B (
            p_v4_traffic_info->selector.destination_address, ((struct ip *) *ip)->ip_dst);

        p_v4_traffic_info->selector.vi_data.protocol = (UCHAR) ((struct ip *) *ip)->ip_p;

        /*Set traffic type */
        if ((flags & IP_FORWARDING) == 0)
            {
            p_v4_traffic_info->selector.vi_data.traffic_type = TERMINATING_TRAFFIC;
            }

        if (((struct ip *) *ip)->ip_p == TRANSPORT_PROTO_ESP)
            {
            /* get protocol spi */
            bptr_packet = (UCHAR *) ((ULONG) * ip + hlen);
            p_v4_traffic_info->selector.vi_data.proto_info.spi = wrSecDeserializeULong (&bptr_packet);
            p_v4_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
            p_v4_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
            }
        else if (((struct ip *) *ip)->ip_p == TRANSPORT_PROTO_AH)
            {
            /* get protocol spi */
            bptr_packet = (UCHAR *) ((ULONG) * ip + hlen);
            bptr_packet += sizeof (UCHAR) + sizeof (UCHAR) + sizeof (USHORT);
            p_v4_traffic_info->selector.vi_data.proto_info.spi = wrSecDeserializeULong (&bptr_packet);
            p_v4_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
            p_v4_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
            }
        else if (
            (((struct ip *) *ip)->ip_p == TRANSPORT_PROTO_TCP) || (((struct ip *) *ip)->ip_p == TRANSPORT_PROTO_UDP))
            {
            if ((((struct ip *) *ip)->ip_off & IP_OFFMASK) != 0 || (((struct ip *) *ip)->ip_off & IP_MF))
                {
                /* In case of fragmentation , we create SA for ANY ports */
                p_v4_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
                p_v4_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
                }
            else
                {
                p_port_selector = (PORT_SELECTOR *) ((ULONG) * ip + hlen);

                p_v4_traffic_info->selector.vi_data.proto_info.port.source = p_port_selector->source;

                NTOHS (((V4_NETWORK_TRAFFIC_INFO *)p_traffic_info)->selector.vi_data.proto_info.port.source);

                p_v4_traffic_info->selector.vi_data.proto_info.port.destination = p_port_selector->destination;

                NTOHS (((V4_NETWORK_TRAFFIC_INFO *)p_traffic_info)->selector.vi_data.proto_info.port.destination);
                }
            }
        else
            {
            p_v4_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
            p_v4_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
            }

        WRSEC_INET4_CLEAR_STRUCT (p_v4_traffic_info->network_if_address);

        p_traffic_info->net_interface = net_interface;

        return (TRUE);
        }
    else if (wrn_inet_family == WRSEC_PF_INET6)
        {

        #if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)
        V6_NETWORK_TRAFFIC_INFO *p_v6_traffic_info;
        struct ip6_hdr *ip6;
        int transport_protocol;

        /* re-set the pointer to the ip header in case of fragmentation */
        ip6 = *(struct ip6_hdr ** )ip = mtod (*m, struct ip6_hdr *);

        p_v6_traffic_info = (V6_NETWORK_TRAFFIC_INFO *)p_traffic_info;

        /* build the packet selector */
        WRSEC_INET6_SET_STRUCT_A_WITH_IN6_ADDR_B (p_v6_traffic_info->selector.source_address, ip6->ip6_src);

        if (ip6->ip6_src.__u6_addr.__u6_addr8[0] == 0xfe && ip6->ip6_src.__u6_addr.__u6_addr8[1] == 0x80)
            {
            p_v6_traffic_info->selector.source_address.data._ba16[2] = 0;
            p_v6_traffic_info->selector.source_address.data._ba16[3] = 0;
            }

        WRSEC_INET6_SET_STRUCT_A_WITH_IN6_ADDR_B (p_v6_traffic_info->selector.destination_address, ip6->ip6_dst);

        if (ip6->ip6_dst.__u6_addr.__u6_addr8[0] == 0xfe && ip6->ip6_dst.__u6_addr.__u6_addr8[1] == 0x80)
            {
            p_v6_traffic_info->selector.destination_address.data._ba16[2] = 0;
            p_v6_traffic_info->selector.destination_address.data._ba16[3] = 0;
            }

        p_v6_traffic_info->selector.vi_data.protocol = transport_protocol
                                                           = ipsecIpv6GetIpsecOrTransportProtocol (*m, NULL);

        /*Set traffic type */
        if ((flags & IP_FORWARDING) == 0)
            {
            p_v6_traffic_info->selector.vi_data.traffic_type = TERMINATING_TRAFFIC;
            }

        if ((bptr_packet = ipsecIpv6AhHdrPtrGet (*m)) != NULL)
            {
            /* get protocol spi */
            bptr_packet += sizeof (UCHAR) + sizeof (UCHAR) + sizeof (USHORT);
            p_v6_traffic_info->selector.vi_data.proto_info.spi = wrSecDeserializeULong (&bptr_packet);
            p_v6_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
            p_v6_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
            }
        else if ((bptr_packet = ipsecIpv6EspHdrPtrGet (*m)) != NULL)
            {
            /* get protocol spi */
            p_v6_traffic_info->selector.vi_data.proto_info.spi = wrSecDeserializeULong (&bptr_packet);
            p_v6_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
            p_v6_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
            }
        else if ((transport_protocol == TRANSPORT_PROTO_TCP) || (transport_protocol == TRANSPORT_PROTO_UDP))
            {
            if (ipsecIpv6ExtnsFragmentHdrGet (*m) != NULL)
                {
                /* In case of fragmentation , we create SA for ANY ports */
                p_v6_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
                p_v6_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
                }
            else
                {
                p_port_selector = (PORT_SELECTOR *)ipsecIpv6TransportHdrPtrGet (*m);

                p_v6_traffic_info->selector.vi_data.proto_info.port.source = p_port_selector->source;

                NTOHS (((V6_NETWORK_TRAFFIC_INFO *)p_traffic_info)->selector.vi_data.proto_info.port.source);

                p_v6_traffic_info->selector.vi_data.proto_info.port.destination = p_port_selector->destination;

                NTOHS (((V6_NETWORK_TRAFFIC_INFO *)p_traffic_info)->selector.vi_data.proto_info.port.destination);
                }
            }
        else
            {
            p_v6_traffic_info->selector.vi_data.proto_info.port.source = 0x00;
            p_v6_traffic_info->selector.vi_data.proto_info.port.destination = 0x00;
            }

        WRSEC_INET6_CLEAR_STRUCT (p_v6_traffic_info->network_if_address);

        p_traffic_info->net_interface = net_interface;

        return (TRUE);
        #else  /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */
        return (FALSE);
        #endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */

        }
    else
        {
        return (FALSE);
        }
    }
/******************************************************************************/