hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00160
[Branch ~rene-hummen/hipl/ipsec_esp] Rev 4927: also unified user-space IPsec SA handling
------------------------------------------------------------
revno: 4927
committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
branch nick: ipsec_esp
timestamp: Wed 2010-09-08 16:52:49 +0200
message:
also unified user-space IPsec SA handling
modified:
modules/user_ipsec/hipd/user_ipsec.c
modules/user_ipsec/hipd/user_ipsec_sadb_api.c
modules/user_ipsec/hipd/user_ipsec_sadb_api.h
--
lp:~rene-hummen/hipl/ipsec_esp
https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp
Your team HIPL core team is subscribed to branch lp:~rene-hummen/hipl/ipsec_esp.
To unsubscribe from this branch go to https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp/+edit-subscription
=== modified file 'modules/user_ipsec/hipd/user_ipsec.c'
--- modules/user_ipsec/hipd/user_ipsec.c 2010-09-08 14:46:11 +0000
+++ modules/user_ipsec/hipd/user_ipsec.c 2010-09-08 14:52:49 +0000
@@ -71,27 +71,27 @@
HIP_IFEL(hip_unregister_handle_function(HIP_I2, HIP_STATE_NONE, &hip_setup_ipsec_sa),
-1, "Error when unregistered kernel-space IPsec handle functions\n");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_setup_user_ipsec_sa_i2, 30500),
- -1, "Error when registering userspace IPsec handle functions");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_setup_user_ipsec_sa_i2, 30500),
- -1, "Error when registering userspace IPsec handle functions");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_setup_user_ipsec_sa_i2, 30500),
- -1, "Error when registering userspace IPsec handle functions");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_setup_user_ipsec_sa_i2, 30500),
- -1, "Error when registering userspace IPsec handle functions");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_setup_user_ipsec_sa_i2, 30500),
- -1, "Error when registering userspace IPsec handle functions");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_setup_user_ipsec_sa_i2, 30500),
- -1, "Error when registering userspace IPsec handle functions");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_setup_user_ipsec_sa_i2, 30500),
- -1, "Error when registering userspace IPsec handle functions");
- HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_setup_user_ipsec_sa_i2, 30500),
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_setup_user_ipsec_sa, 30500),
+ -1, "Error when registering userspace IPsec handle functions");
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_setup_user_ipsec_sa, 30500),
+ -1, "Error when registering userspace IPsec handle functions");
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_setup_user_ipsec_sa, 30500),
+ -1, "Error when registering userspace IPsec handle functions");
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_setup_user_ipsec_sa, 30500),
+ -1, "Error when registering userspace IPsec handle functions");
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_setup_user_ipsec_sa, 30500),
+ -1, "Error when registering userspace IPsec handle functions");
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_setup_user_ipsec_sa, 30500),
+ -1, "Error when registering userspace IPsec handle functions");
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_setup_user_ipsec_sa, 30500),
+ -1, "Error when registering userspace IPsec handle functions");
+ HIP_IFEL(hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_setup_user_ipsec_sa, 30500),
-1, "Error when registering userspace IPsec handle functions");
HIP_IFEL(hip_unregister_handle_function(HIP_R2, HIP_STATE_I2_SENT, &hip_setup_ipsec_sa),
-1, "Error when unregistered kernel-space IPsec handle functions\n");
- HIP_IFEL(hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &hip_setup_user_ipsec_sa_r2, 30500),
+ HIP_IFEL(hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &hip_setup_user_ipsec_sa, 30500),
-1, "Error when registering userspace IPsec handle functions");
// remove default IPsec hooks from kernel-space for HIP namespace
=== modified file 'modules/user_ipsec/hipd/user_ipsec_sadb_api.c'
--- modules/user_ipsec/hipd/user_ipsec_sadb_api.c 2010-09-06 17:09:57 +0000
+++ modules/user_ipsec/hipd/user_ipsec_sadb_api.c 2010-09-08 14:52:49 +0000
@@ -143,24 +143,17 @@
return err;
}
-int hip_setup_user_ipsec_sa_i2(UNUSED const uint8_t packet_type,
- UNUSED const uint32_t ha_state,
- struct hip_packet_context *ctx)
+int hip_setup_user_ipsec_sa(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
{
- const struct hip_esp_transform *esp_tfm = NULL;
const struct hip_esp_info *esp_info = NULL;
int err = 0;
- HIP_IFEL(!(esp_tfm = hip_get_param(ctx->input_msg,
- HIP_PARAM_ESP_TRANSFORM)),
- -ENOENT, "Did not find ESP transform on i2\n");
HIP_IFEL(!(esp_info = hip_get_param(ctx->input_msg,
HIP_PARAM_ESP_INFO)),
-ENOENT, "Did not find SPI on i2\n");
- HIP_IFEL(!(ctx->hadb_entry->esp_transform = hip_select_esp_transform(esp_tfm)),
- -1, "Could not select proper ESP transform\n");
-
ctx->hadb_entry->spi_outbound_current = ntohl(esp_info->new_spi);
ctx->hadb_entry->spi_outbound_new = ntohl(esp_info->new_spi);
@@ -203,59 +196,3 @@
return err;
}
-
-int hip_setup_user_ipsec_sa_r2(UNUSED const uint8_t packet_type,
- UNUSED const uint32_t ha_state,
- struct hip_packet_context *ctx)
-{
- const struct hip_esp_info *esp_info = NULL;
- int err = 0;
-
- HIP_IFEL(!(esp_info = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_INFO)),
- -EINVAL, "Parameter SPI not found.\n");
-
- ctx->hadb_entry->spi_outbound_current = ntohl(esp_info->new_spi);
- /* Copy SPI out value here or otherwise ICE code has zero SPI */
- ctx->hadb_entry->spi_outbound_new = ntohl(esp_info->new_spi);
-
- // set up inbound IPsec SA
- HIP_IFEL(hip_userspace_ipsec_add_sa(ctx->src_addr,
- ctx->dst_addr,
- &ctx->input_msg->hits,
- &ctx->input_msg->hitr,
- ctx->hadb_entry->spi_inbound_current,
- ctx->hadb_entry->esp_transform,
- &(ctx->hadb_entry)->esp_in,
- &(ctx->hadb_entry)->auth_in,
- ctx->hadb_entry->retrans_state,
- HIP_SPI_DIRECTION_IN,
- 0,
- ctx->hadb_entry),
- -1,
- "Failed to setup IPsec SPD/SA entries, peer:src\n");
-
- // set up outbound IPsec SA
- HIP_IFEL(hip_userspace_ipsec_add_sa(ctx->dst_addr,
- ctx->src_addr,
- &ctx->input_msg->hitr,
- &ctx->input_msg->hits,
- ctx->hadb_entry->spi_outbound_current,
- ctx->hadb_entry->esp_transform,
- &ctx->hadb_entry->esp_out,
- &ctx->hadb_entry->auth_out,
- ctx->hadb_entry->retrans_state,
- HIP_SPI_DIRECTION_OUT,
- 0,
- ctx->hadb_entry),
- -1,
- "Failed to setup IPsec SPD/SA entries, peer:dst\n");
-
- out_err:
- if (err) {
- HIP_ERROR("Failed to setup IPsec SAs, removing IPsec state!");
-
- // TODO remove existing entries
- }
-
- return err;
-}
=== modified file 'modules/user_ipsec/hipd/user_ipsec_sadb_api.h'
--- modules/user_ipsec/hipd/user_ipsec_sadb_api.h 2010-09-06 17:09:57 +0000
+++ modules/user_ipsec/hipd/user_ipsec_sadb_api.h 2010-09-08 14:52:49 +0000
@@ -40,11 +40,7 @@
#include "lib/core/common.h"
-int hip_setup_user_ipsec_sa_i2(UNUSED const uint8_t packet_type,
- UNUSED const uint32_t ha_state,
- struct hip_packet_context *ctx);
-
-int hip_setup_user_ipsec_sa_r2(UNUSED const uint8_t packet_type,
+int hip_setup_user_ipsec_sa(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx);