hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00161
[Branch ~rene-hummen/hipl/ipsec_esp] Rev 4928: esp tokens now explicitly use user-space ipsec-based SA updates
------------------------------------------------------------
revno: 4928
committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
branch nick: ipsec_esp
timestamp: Wed 2010-09-08 17:54:51 +0200
message:
esp tokens now explicitly use user-space ipsec-based SA updates
modified:
modules/esp_tokens/hipd/esp_prot_hipd_msg.c
modules/esp_tokens/hipd/esp_prot_light_update.c
modules/user_ipsec/hipd/user_ipsec_sadb_api.c
modules/user_ipsec/hipd/user_ipsec_sadb_api.h
--
lp:~rene-hummen/hipl/ipsec_esp
https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp
Your team HIPL core team is subscribed to branch lp:~rene-hummen/hipl/ipsec_esp.
To unsubscribe from this branch go to https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp/+edit-subscription
=== modified file 'modules/esp_tokens/hipd/esp_prot_hipd_msg.c'
--- modules/esp_tokens/hipd/esp_prot_hipd_msg.c 2010-09-03 11:40:19 +0000
+++ modules/esp_tokens/hipd/esp_prot_hipd_msg.c 2010-09-08 15:54:51 +0000
@@ -44,7 +44,7 @@
#include "lib/core/hip_udp.h"
#include "lib/core/ife.h"
#include "lib/core/protodefs.h"
-#include "lib/tool/xfrmapi.h"
+#include "modules/user_ipsec/hipd/user_ipsec_sadb_api.h"
#include "modules/esp_tokens/lib/esp_prot_common.h"
#include "hipd/cookie.h"
#include "esp_prot_anchordb.h"
@@ -1074,16 +1074,17 @@
entry->update_state = 0;
// notify sadb about next anchor
- HIP_IFEL(hip_add_sa(dst_ip, src_ip,
- &entry->hit_our,
- &entry->hit_peer,
- entry->spi_outbound_new,
- entry->esp_transform,
- &entry->esp_out,
- &entry->auth_out,
- HIP_SPI_DIRECTION_OUT,
- 1,
- entry),
+ HIP_IFEL(hip_userspace_ipsec_add_sa(dst_ip, src_ip,
+ &entry->hit_our,
+ &entry->hit_peer,
+ entry->spi_outbound_new,
+ entry->esp_transform,
+ &entry->esp_out,
+ &entry->auth_out,
+ entry->retrans_state,
+ HIP_SPI_DIRECTION_OUT,
+ 1,
+ entry),
-1, "failed to notify sadb about next anchor\n");
out_err:
=== modified file 'modules/esp_tokens/hipd/esp_prot_light_update.c'
--- modules/esp_tokens/hipd/esp_prot_light_update.c 2010-09-03 11:56:17 +0000
+++ modules/esp_tokens/hipd/esp_prot_light_update.c 2010-09-08 15:54:51 +0000
@@ -42,7 +42,7 @@
#include "lib/core/hip_udp.h"
#include "lib/core/ife.h"
#include "lib/core/protodefs.h"
-#include "lib/tool/xfrmapi.h"
+#include "modules/user_ipsec/hipd/user_ipsec_sadb_api.h"
#include "modules/esp_tokens/lib/esp_prot_common.h"
#include "esp_prot_anchordb.h"
#include "esp_prot_hipd_msg.h"
@@ -301,19 +301,19 @@
esp_tokens_state->light_update_retrans = 0;
// notify sadb about next anchor
- HIP_IFEL(hip_add_sa(ctx->dst_addr,
- ctx->src_addr,
- &(ctx->hadb_entry)->hit_our,
- &(ctx->hadb_entry)->hit_peer,
- ctx->hadb_entry->spi_outbound_new,
- ctx->hadb_entry->esp_transform,
- &(ctx->hadb_entry)->esp_out,
- &(ctx->hadb_entry)->auth_out,
- HIP_SPI_DIRECTION_OUT,
- 1,
- ctx->hadb_entry),
- -1,
- "failed to notify sadb about next anchor\n");
+ HIP_IFEL(hip_userspace_ipsec_add_sa(ctx->dst_addr,
+ ctx->src_addr,
+ &(ctx->hadb_entry)->hit_our,
+ &(ctx->hadb_entry)->hit_peer,
+ ctx->hadb_entry->spi_outbound_new,
+ ctx->hadb_entry->esp_transform,
+ &(ctx->hadb_entry)->esp_out,
+ &(ctx->hadb_entry)->auth_out,
+ ctx->hadb_entry->retrans_state,
+ HIP_SPI_DIRECTION_OUT,
+ 1,
+ ctx->hadb_entry),
+ -1, "failed to notify sadb about next anchor\n");
} else {
HIP_ERROR("light update message received, but no SEQ or ACK found\n");
=== modified file 'modules/user_ipsec/hipd/user_ipsec_sadb_api.c'
--- modules/user_ipsec/hipd/user_ipsec_sadb_api.c 2010-09-08 14:52:49 +0000
+++ modules/user_ipsec/hipd/user_ipsec_sadb_api.c 2010-09-08 15:54:51 +0000
@@ -101,7 +101,7 @@
* @param entry host association entry for this connection
* @return 0, if correct, otherwise -1
*/
-static int hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
+int hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
const struct in6_addr *daddr,
const struct in6_addr *src_hit,
const struct in6_addr *dst_hit,
@@ -143,6 +143,14 @@
return err;
}
+/**
+ * Handle ESP parameters and sets up IPsec SAs during BEX
+ *
+ * @param packet_type the packet type
+ * @param ha_state the HA state
+ * @param ctx the packet context
+ * @return zero on success or negative on failure
+ */
int hip_setup_user_ipsec_sa(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
=== modified file 'modules/user_ipsec/hipd/user_ipsec_sadb_api.h'
--- modules/user_ipsec/hipd/user_ipsec_sadb_api.h 2010-09-08 14:52:49 +0000
+++ modules/user_ipsec/hipd/user_ipsec_sadb_api.h 2010-09-08 15:54:51 +0000
@@ -39,6 +39,18 @@
#include "lib/core/builder.h"
#include "lib/core/common.h"
+int hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
+ const struct in6_addr *daddr,
+ const struct in6_addr *src_hit,
+ const struct in6_addr *dst_hit,
+ const uint32_t spi,
+ const int ealg,
+ const struct hip_crypto_key *enckey,
+ const struct hip_crypto_key *authkey,
+ const int retransmission,
+ const int direction,
+ const int update,
+ hip_ha_t *entry);
int hip_setup_user_ipsec_sa(UNUSED const uint8_t packet_type,
UNUSED const uint32_t ha_state,