source
code documentation
esp.c File Reference
Detailed Description
This module contains the Encapsulating Security Payload code.
- Author:
- Niklaus Schild <n.schild@gmx.ch>
OUTLINE:
IMPLEMENTATION: All functions work in-place (i.g. mainipulate directly the original packet without copying any data). For the encapsulation routine, the caller must ensure that space for the new IP and ESP header are available in front of the packet:
| pointer to packet header
________________________\/________________________________________________
| ¦ ¦ ¦ ¦ padd ¦ ev. |
| Ethernet ¦ newIP ¦ ESP ¦ original (inner) packet ¦ next-proto ¦ ICV |
|__________¦_______¦______¦_____________________________¦____________¦_____|
¦ ¦ ¦ ¦
¦<-room for new headers-->¦ ¦<- room tail ->¦
This document is part of embedded IPsec
Copyright (c) 2003 Niklaus Schild and Christian Scheurer, HTI Biel/Bienne
All rights reserved.
This file contains code from the OpenSSL Project
portions Copyright (c) 1998-2003 OpenSSL (www.openssl.org)
Definition in file esp.c.
#include <string.h>
#include "ipsec/ipsec.h"
#include "ipsec/util.h"
#include "ipsec/debug.h"
#include "ipsec/sa.h"
#include "ipsec/des.h"
#include "ipsec/md5.h"
#include "ipsec/sha1.h"
#include "ipsec/esp.h"
Go to the source code of this file.
Function Documentation
|
Decapsulates an IP packet containing an ESP header.
- Parameters:
-
packet | pointer to the ESP header |
offset | pointer to the offset which is passed back |
len | pointer to the length of the decapsulated packet |
sa | pointer to the SA |
- Returns:
- IPSEC_STATUS_SUCCESS if the packet could be decapsulated properly
IPSEC_STATUS_FAILURE if the SA's authentication algorithm was invalid or if ICV comparison failed
IPSEC_STATUS_BAD_PACKET if the decryption gave back a strange packet
Definition at line 111 of file esp.c. |
|
Encapsulates an IP packet into an ESP packet which will again be added to an IP packet.
- Parameters:
-
packet | pointer to the IP packet |
offset | pointer to the offset which will point to the new encapsulated packet |
len | pointer to the length of the new encapsulated packet |
sa | pointer to the SA |
src_addr | source IP address of the outer IP header |
dest_addr | destination IP address of the outer IP header |
- Returns:
- IPSEC_STATUS_SUCCESS if the packet was properly encapsulated
IPSEC_STATUS_TTL_EXPIRED if the TTL expired
IPSEC_STATUS_FAILURE if the SA contained a bad authentication algorithm
- Todo:
- fix TTL update and checksum calculation
id must be generated properly and incremented
1st packet needs to be sent out with squ = 1
Definition at line 230 of file esp.c. |
__u8 ipsec_esp_get_padding |
( |
int |
len |
) |
|
|
|
Returns the number of padding needed for a certain ESP packet size
- Parameters:
-
len | the length of the packet |
- Returns:
- the length of padding needed
Definition at line 90 of file esp.c. |
Variable Documentation
|
save session state to detect replays - must be 32 bits. Note: must be initialized with zero (0x00000000) when a new SA is established!
Definition at line 75 of file esp.c. |
|
save session state to detect replays Note: must be initialized with zero (0x00000000) when a new SA is established!
Definition at line 78 of file esp.c. |
|