hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00169
[Branch ~rene-hummen/hipl/ipsec_esp] Rev 4936: moved HIP ESP parameter parsing from IPsec to packet handle functions
------------------------------------------------------------
revno: 4936
committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
branch nick: ipsec_esp
timestamp: Fri 2010-09-10 16:33:51 +0200
message:
moved HIP ESP parameter parsing from IPsec to packet handle functions
This allows to delay the setup of IPsec SAs and SPs until packet
processing has completed and the possible reply packet has been sent.
modified:
hipd/input.c
modules/user_ipsec/hipd/user_ipsec_sadb_api.c
--
lp:~rene-hummen/hipl/ipsec_esp
https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp
Your team HIPL core team is subscribed to branch lp:~rene-hummen/hipl/ipsec_esp.
To unsubscribe from this branch go to https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp/+edit-subscription
=== modified file 'hipd/input.c'
--- hipd/input.c 2010-09-08 14:44:25 +0000
+++ hipd/input.c 2010-09-10 14:33:51 +0000
@@ -1083,6 +1083,7 @@
{
int err = 0, retransmission = 0;
const struct hip_locator *locator = NULL;
+ const struct hip_esp_info *esp_info = NULL;
if (ha_state == HIP_STATE_ESTABLISHED) {
retransmission = 1;
@@ -1097,6 +1098,13 @@
ctx->hadb_entry->peer_udp_port = ctx->msg_ports->src_port;
}
+ HIP_IFEL(!(esp_info = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_INFO)),
+ -EINVAL, "Parameter SPI not found.\n");
+
+ ctx->hadb_entry->spi_outbound_current = ntohl(esp_info->new_spi);
+ /* Copy SPI out value here or otherwise ICE code has zero SPI */
+ ctx->hadb_entry->spi_outbound_new = ntohl(esp_info->new_spi);
+
/***** LOCATOR PARAMETER *****/
locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
if (locator) {
@@ -1151,6 +1159,8 @@
hip_perf_stop_benchmark(perf_set, PERF_R2);
hip_perf_write_benchmark(perf_set, PERF_R2);
#endif
+
+ out_err:
return err;
}
@@ -1158,16 +1168,8 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- const struct hip_esp_info *esp_info = NULL;
int err = 0;
- HIP_IFEL(!(esp_info = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_INFO)),
- -EINVAL, "Parameter SPI not found.\n");
-
- ctx->hadb_entry->spi_outbound_current = ntohl(esp_info->new_spi);
- /* Copy SPI out value here or otherwise ICE code has zero SPI */
- ctx->hadb_entry->spi_outbound_new = ntohl(esp_info->new_spi);
-
// set up inbound IPsec SA
HIP_IFEL(hip_add_sa(ctx->src_addr,
ctx->dst_addr,
@@ -1692,6 +1694,7 @@
int if_index = 0;
struct sockaddr_storage ss_addr;
struct sockaddr *addr = NULL;
+ const struct hip_esp_info *esp_info = NULL;
const struct hip_esp_transform *esp_tfm = NULL;
/* Get the interface index of the network device which has our
@@ -1736,6 +1739,13 @@
/*hip_hadb_set_xmit_function_set(ctx->hadb_entry, &nat_xmit_func_set);*/
}
+ HIP_IFEL(!(esp_info = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_INFO)),
+ -EINVAL, "Parameter SPI not found.\n");
+
+ ctx->hadb_entry->spi_outbound_current = ntohl(esp_info->new_spi);
+ /* Copy SPI out value here or otherwise ICE code has zero SPI */
+ ctx->hadb_entry->spi_outbound_new = ntohl(esp_info->new_spi);
+
ctx->hadb_entry->peer_controls |= ntohs(ctx->input_msg->control);
HIP_IFEL(hip_hadb_add_peer_addr(ctx->hadb_entry,
=== modified file 'modules/user_ipsec/hipd/user_ipsec_sadb_api.c'
--- modules/user_ipsec/hipd/user_ipsec_sadb_api.c 2010-09-10 14:29:43 +0000
+++ modules/user_ipsec/hipd/user_ipsec_sadb_api.c 2010-09-10 14:33:51 +0000
@@ -157,16 +157,8 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- const struct hip_esp_info *esp_info = NULL;
int err = 0;
- HIP_IFEL(!(esp_info = hip_get_param(ctx->input_msg,
- HIP_PARAM_ESP_INFO)),
- -ENOENT, "Did not find SPI on i2\n");
-
- ctx->hadb_entry->spi_outbound_current = ntohl(esp_info->new_spi);
- ctx->hadb_entry->spi_outbound_new = ntohl(esp_info->new_spi);
-
/* Set up inbound IPsec associations */
HIP_IFEL(hip_userspace_ipsec_add_sa(ctx->src_addr,
ctx->dst_addr,
