IPsec协议相关结构2

版权声明:如有需要,可供转载,但请注明出处:https://blog.csdn.net/City_of_skey/article/details/86563402

目录

1、xfrm_type

2、xfrm_mode

3、xfrm_policy_afinfo

4、xfrm_state_afinfo

5、xfrm_mgr


1、xfrm_type

ah、esp、ipcomp协议的通过struct xfrm_type结构体描述,包括协议字符串、协议值、标志、初始化函数、析构函数、数据包输入处理函数、数据包输出处理函数等,定义如下:

struct xfrm_type {
	char			*description;		/*描述字符串*/
	struct module		*owner;		/*协议末班*/
	u8			proto;			/*协议值*/
	u8			flags;			/*标志*/
#define XFRM_TYPE_NON_FRAGMENT	1
#define XFRM_TYPE_REPLAY_PROT	2
#define XFRM_TYPE_LOCAL_COADDR	4
#define XFRM_TYPE_REMOTE_COADDR	8

	int			(*init_state)(struct xfrm_state *x);		/*初始化函数*/
	void			(*destructor)(struct xfrm_state *);		/*析构函数*/
	int			(*input)(struct xfrm_state *, struct sk_buff *skb);/*数据包输入函数*/
	int			(*output)(struct xfrm_state *, struct sk_buff *pskb);/*数据包输出函数*/
	int			(*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *);/*拒绝函数*/
	int			(*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);/*头部偏移函数*/
	/* Estimate maximal size of result of transformation of a dgram */	
	u32			(*get_mtu)(struct xfrm_state *, int size);	/*最大数据包长度函数*/
};

ah协议实例定义在/net/ipv4/ah4.c文件中

static const struct xfrm_type ah_type =
{
	.description	= "AH4",
	.owner		= THIS_MODULE,
	.proto	     	= IPPROTO_AH,
	.flags		= XFRM_TYPE_REPLAY_PROT,
	.init_state	= ah_init_state,
	.destructor	= ah_destroy,
	.input		= ah_input,
	.output		= ah_output
};

esp协议实例定义在/net/ipv4/esp4.c文件中

static const struct xfrm_type esp_type =
{
	.description	= "ESP4",
	.owner		= THIS_MODULE,
	.proto	     	= IPPROTO_ESP,
	.flags		= XFRM_TYPE_REPLAY_PROT,
	.init_state	= esp_init_state,
	.destructor	= esp_destroy,
	.get_mtu	= esp4_get_mtu,
	.input		= esp_input,
	.output		= esp_output
};

ipcomp协议实例定义在/net/ipv4/ipcomp.c文件中

static const struct xfrm_type ipcomp_type = {
	.description	= "IPCOMP4",
	.owner		= THIS_MODULE,
	.proto	     	= IPPROTO_COMP,
	.init_state	= ipcomp4_init_state,
	.destructor	= ipcomp_destroy,
	.input		= ipcomp_input,
	.output		= ipcomp_output
};

 

2、xfrm_mode

struct xfrm_mode是Ipsec连接描述结构体,主要有传输模式、隧道模式两种

struct xfrm_mode {

	int (*input2)(struct xfrm_state *x, struct sk_buff *skb);

	int (*input)(struct xfrm_state *x, struct sk_buff *skb);		/*数据输入函数*/


	int (*output2)(struct xfrm_state *x,struct sk_buff *skb);

	int (*output)(struct xfrm_state *x, struct sk_buff *skb);	/*输出函数*/

	struct xfrm_state_afinfo *afinfo;
	struct module *owner;
	unsigned int encap;
	int flags;
};

隧道模式结构体实例:

static struct xfrm_mode xfrm4_tunnel_mode = {
	.input2 = xfrm4_mode_tunnel_input,
	.input = xfrm_prepare_input,
	.output2 = xfrm4_mode_tunnel_output,
	.output = xfrm4_prepare_output,
	.owner = THIS_MODULE,
	.encap = XFRM_MODE_TUNNEL,
	.flags = XFRM_MODE_FLAG_TUNNEL,
};

传输模式结构体实例:

static struct xfrm_mode xfrm4_transport_mode = {
	.input = xfrm4_transport_input,
	.output = xfrm4_transport_output,
	.owner = THIS_MODULE,
	.encap = XFRM_MODE_TRANSPORT,
};

beet模式结构体实例:

static struct xfrm_mode xfrm4_beet_mode = {
	.input2 = xfrm4_beet_input,
	.input = xfrm_prepare_input,
	.output2 = xfrm4_beet_output,
	.output = xfrm4_prepare_output,
	.owner = THIS_MODULE,
	.encap = XFRM_MODE_BEET,
	.flags = XFRM_MODE_FLAG_TUNNEL,
};

 

3、xfrm_policy_afinfo

struct xfrm_policy_afinfo结构体是策略数据结构

struct xfrm_policy_afinfo {
	/*协议族*/
	unsigned short		family;
	/*目的操作结构*/
	struct dst_ops		*dst_ops;
	void			(*garbage_collect)(struct net *net);
	/*路由选项*/
	struct dst_entry	*(*dst_lookup)(struct net *net, int tos,
					       xfrm_address_t *saddr,
					       xfrm_address_t *daddr);
	/*获取源地址*/
	int			(*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
	/*解码会话*/
	void			(*decode_session)(struct sk_buff *skb,
						  struct flowi *fl,
						  int reverse);
	int			(*get_tos)(struct flowi *fl);
	int			(*init_path)(struct xfrm_dst *path,
					     struct dst_entry *dst,
					     int nfheader_len);
	/*查找路由选项*/
	int			(*fill_dst)(struct xfrm_dst *xdst,
					    struct net_device *dev,
					    struct flowi *fl);
};

struct xfrm_policy_afinfo结构体实例

static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
	.family = 		AF_INET,
	.dst_ops =		&xfrm4_dst_ops,
	.dst_lookup =		xfrm4_dst_lookup,
	.get_saddr =		xfrm4_get_saddr,
	.decode_session =	_decode_session4,
	.get_tos =		xfrm4_get_tos,
	.init_path =		xfrm4_init_path,
	.fill_dst =		xfrm4_fill_dst,
};

 

4、xfrm_state_afinfo

状态的相关协议结构体

struct xfrm_state_afinfo {
	/*协议族*/
	unsigned int		family;
	unsigned int		proto;
	__be16			eth_proto;
	struct module		*owner;
	/*协议类型*/
	const struct xfrm_type	*type_map[IPPROTO_MAX];
	/*模式*/
	struct xfrm_mode	*mode_map[XFRM_MODE_MAX];
	int			(*init_flags)(struct xfrm_state *x);
	void			(*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
						struct xfrm_tmpl *tmpl,
						xfrm_address_t *daddr, xfrm_address_t *saddr);
	/*模板排序*/
	int			(*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
	/*状态排序*/
	int			(*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
	int			(*output)(struct sk_buff *skb);
	int			(*extract_input)(struct xfrm_state *x,
						 struct sk_buff *skb);
	int			(*extract_output)(struct xfrm_state *x,
						  struct sk_buff *skb);
	int			(*transport_finish)(struct sk_buff *skb,
						    int async);
};

状态协议结构体实例:

static struct xfrm_state_afinfo xfrm4_state_afinfo = {
	.family			= AF_INET,
	.proto			= IPPROTO_IPIP,
	.eth_proto		= htons(ETH_P_IP),
	.owner			= THIS_MODULE,
	.init_flags		= xfrm4_init_flags,
	.init_tempsel		= __xfrm4_init_tempsel,
	.output			= xfrm4_output,
	.extract_input		= xfrm4_extract_input,
	.extract_output		= xfrm4_extract_output,
	.transport_finish	= xfrm4_transport_finish,
};

5、xfrm_mgr

回调通知结构体

struct xfrm_mgr {
	struct list_head	list;
	char			*id;
	/*状态通知*/
	int			(*notify)(struct xfrm_state *x, struct km_event *c);
	/*状态获取*/
	int			(*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
	/*编译策略*/
	struct xfrm_policy	*(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
	/*映射*/
	int			(*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
	/*策略通知*/
	int			(*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
	/*报告*/
	int			(*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
	int			(*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k);
};

回调通知结构体实例

static struct xfrm_mgr pfkeyv2_mgr =
{
	.id		= "pfkeyv2",
	.notify		= pfkey_send_notify,
	.acquire	= pfkey_send_acquire,
	.compile_policy	= pfkey_compile_policy,
	.new_mapping	= pfkey_send_new_mapping,
	.notify_policy	= pfkey_send_policy_notify,
	.migrate	= pfkey_send_migrate,
};

 

你可能感兴趣的:(网络,IPsec,安全)