《esp封装及解包代码》由会员分享,可在线阅读,更多相关《esp封装及解包代码(15页珍藏版)》请在金锄头文库上搜索。
1、/* processing code for ESP* Copyright (C) 2003 Michael Richardson * This program is free software; you can redistribute it and/or modify it* under the terms of the GNU General Public License as published by the* Free Software Foundation; either version 2 of the License, or (at your* option) any late
2、r version. See .* This program is distributed in the hope that it will be useful, but* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License* for more details.*/#include #if LINUX_VERSION_CODE #endif#define
3、 _NO_VERSION_ #include #include /* printk() */#include “openswan/ipsec_param.h“#ifdef MALLOC_SLAB # include /* kmalloc() */ #else /* MALLOC_SLAB */ # include /* kmalloc() */ #endif /* MALLOC_SLAB */ #include /* error codes */ #include /* size_t */ #include /* mark_bh */#include /* struct device, and
4、 other headers */ #include /* eth_type_trans */ #include /* struct iphdr */ #include #include #ifdef SPINLOCK # ifdef SPINLOCK_23 # include /* *lock* */ # else /* SPINLOCK_23 */# include /* *lock* */ # endif /* SPINLOCK_23 */ #endif /* SPINLOCK */#include #include #include “openswan/radij.h“ #includ
5、e “openswan/ipsec_encap.h“ #include “openswan/ipsec_sa.h“#include “openswan/ipsec_radij.h“ #include “openswan/ipsec_xform.h“ #include “openswan/ipsec_tunnel.h“ #include “openswan/ipsec_rcv.h“ #include “openswan/ipsec_xmit.h“#include “openswan/ipsec_auth.h“#ifdef CONFIG_KLIPS_ESP #include “openswan/i
6、psec_esp.h“ #endif /* CONFIG_KLIPS_ESP */#include “openswan/ipsec_proto.h“ #include “openswan/ipsec_alg.h“ #ifdef CONFIG_KLIPS_OCF # include “ipsec_ocf.h“ #endif#define ESP_DMP(_x,_y,_z) if(debug_rcv if(irs-stats) irs-stats-rx_errors+; return IPSEC_RCV_BADLEN; #if 0 /* The problem with this check ma
7、nifests itself when using l2tp over esp in* udp over pptp/ppp. This check seems to break for ESPinUDP packets, * probably because of how hard_header_len is used with decapsulation.* When pinging using -s 0 with Windows, one sees:* skb-len = Payload(0) + ICMP (8) + IP (20) + ESP (16) + UDP (16) = 60.
8、* hard_header_len is calculated as 14 (ethernet) instead of 22 (ppp)* Manifests itself only with Windows, not with xl2tpd as client.* Disabling this check should not be harmfull, as broken too-short* packets should fail their integrity check anyway.* Thanks to Hiren Joshi for his excellent debugging
9、 on this*/ if(skb-len hard_header_len + sizeof(struct iphdr) + sizeof(struct esphdr) KLIPS_PRINT(debug_rcv if(irs-stats) irs-stats-rx_errors+; return IPSEC_RCV_BADLEN; #endifirs-protostuff.espstuff.espp = (struct esphdr *)skb_transport_header(skb); irs-said.spi = irs-protostuff.espstuff.espp-esp_spi
10、;return IPSEC_RCV_OK; enum ipsec_rcv_valueipsec_rcv_esp_decrypt_setup(struct ipsec_rcv_state *irs,struct sk_buff *skb,_u32 *replay,unsigned char *authenticator) struct esphdr *espp = irs-protostuff.espstuff.espp; /* unsigned char *idat = (unsigned char *)espp; */KLIPS_PRINT(debug_rcv,“klips_debug:ip
11、sec_rcv: “packet from %s received with seq=%d (iv)=0x%08x%08x iplen=%d esplen=%d sa=%sn“,irs-ipsaddr_txt,(_u32)ntohl(espp-esp_rpl),(_u32)ntohl(*(_u32 *)(espp-esp_iv) ),(_u32)ntohl(*(_u32 *)(espp-esp_iv) + 1),irs-len,irs-ilen,irs-sa_len ? irs-sa : “ (error)“);*replay = ntohl(espp-esp_rpl); *authentic
12、ator = return IPSEC_RCV_OK; enum ipsec_rcv_value ipsec_rcv_esp_authcalc(struct ipsec_rcv_state *irs,struct sk_buff *skb) struct auth_alg *aa; struct esphdr *espp = irs-protostuff.espstuff.espp; union MD5_CTXmd5; SHA1_CTXsha1; tctx;#ifdef CONFIG_KLIPS_OCF if (irs-ipsp-ocf_in_use) return(ipsec_ocf_rcv
13、(irs); #endif#ifdef CONFIG_KLIPS_ALG if (irs-ipsp-ips_alg_auth) KLIPS_PRINT(debug_rcv, “klips_debug:ipsec_rcv: “ “ipsec_alg hashing proto=%d. “, irs-said.proto); if(irs-said.proto = IPPROTO_ESP) ipsec_alg_sa_esp_hash(irs-ipsp, (caddr_t)espp, irs-ilen, irs-hash, AHHMAC_HASHLEN); return IPSEC_RCV_OK;
14、return IPSEC_RCV_BADPROTO; #endif aa = irs-authfuncs;/* copy the initialized keying material */ memcpy(#ifdef HASH_DEBUG ESP_DMP(“ictx“, irs-ictx, irs-ictx_len);ESP_DMP(“mac_esp“, (caddr_t)espp, irs-ilen); #endif (*aa-update)(void *)(*aa-final)(irs-hash, (void *)#ifdef HASH_DEBUG ESP_DMP(“hash1“, ir
15、s-hash, aa-hashlen); #endifmemcpy(#ifdef HASH_DEBUG ESP_DMP(“octx“, irs-octx, irs-octx_len); #endif(*aa-update)(void *) (*aa-final)(irs-hash, (void *)return IPSEC_RCV_OK; enum ipsec_rcv_value ipsec_rcv_esp_decrypt(struct ipsec_rcv_state *irs) #if defined(CONFIG_KLIPS_ALG) | defined(CONFIG_KLIPS_OCF)
16、 struct ipsec_sa *ipsp = irs-ipsp; #endif #ifdef CONFIG_KLIPS_ALG struct esphdr *espp = irs-protostuff.espstuff.espp; _u8 *idat;/* pointer to content to be decrypted/authenticated */ int encaplen = 0; struct sk_buff *skb; struct ipsec_alg_enc *ixt_e=NULL; #endif#ifdef CONFIG_KLIPS_OCF if (ipsp-ocf_in_use) return(ipsec_ocf_rcv(irs); #endif#ifdef
