source
code documentation
ipsecdev.h File Reference
Detailed Description
Header of IPsec network adapter for lwIP.
- Author:
- Christian Scheurer <http://www.christianscheurer.ch>
This document is part of embedded IPsec
Copyright (c) 2003 Niklaus Schild and Christian Scheurer, HTI Biel/Bienne
All rights reserved.
Definition in file ipsecdev.h.
#include "lwip/netif.h"
Go to the source code of this file.
Define Documentation
#define IPSEC_HLEN (PBUF_IP_HLEN + 24 + PBUF_TRANSPORT_HLEN)
|
|
|
Add room for an other IP header and AH(24 bytes with HMAC-xxx-96)/ESP(8 bytes) data
Definition at line 56 of file ipsecdev.h. |
#define IPSEC_MTU (PBUF_POOL_BUFSIZE - PBUF_LINK_HLEN - IPSEC_HLEN)
|
|
|
maximum packet size which can be handled by ipsecdev
Definition at line 57 of file ipsecdev.h. |
Function Documentation
void ipsec_set_tunnel |
( |
char * |
src, |
|
|
char * |
dst |
|
) |
|
|
|
Setter function for tunnel source and destination address
- Parameters:
-
src | source address as string (i.g. "192.168.1.3") |
dst | destination address as string (i.g. "192.168.1.5") |
- Returns:
- void
Definition at line 481 of file ipsecdev.c. |
err_t ipsecdev_init |
( |
struct netif * |
netif |
) |
|
|
|
Initialize the ipsec network device
This function must be called prior to any other operation with this device.
- Parameters:
-
netif | lwIP network interface data structure for this device. The structure must be initialized with IP, netmask and gateway address. |
- Returns:
- err_t return code
- Todo:
- this should be somewhere else
selecting the right interface for mapping must be replaced by an more generic method
MAC addresses should be set somewhere else
Definition at line 402 of file ipsecdev.c. |
err_t ipsecdev_input |
( |
struct pbuf * |
p, |
|
|
struct netif * |
inp |
|
) |
|
|
|
This function is used to process incomming IP packets.
This function is called by the physical network driver when a new packet has been received. To decide how to handle the packet, the Security Policy Database is called. ESP and AH packets are directly forwarded to ipsec_input() while other packets must pass the SPD lookup.
- Parameters:
-
p | pbuf containing the received packet |
inp | lwIP network interface data structure for this device. The structure must be initialized with IP, netmask and gateway address. |
- Returns:
- err_t return code
- Todo:
- Attention: the pbuf structure should be updated using pbuf_header()
Definition at line 123 of file ipsecdev.c. |
err_t ipsecdev_netlink_output |
( |
struct netif * |
netif, |
|
|
struct pbuf * |
p |
|
) |
|
|
|
This function is used to send a packet directly out of the network device.
The packet is directly sent as-is the network device output function. It is used to serve ARP traffic.
- Parameters:
-
netif | initialized lwIP network interface data structure of this device |
p | pbuf containing a complete IP packet as payload |
- Returns:
- err_t status
Definition at line 378 of file ipsecdev.c. |
err_t ipsecdev_output |
( |
struct netif * |
netif, |
|
|
struct pbuf * |
p, |
|
|
struct ip_addr * |
ipaddr |
|
) |
|
|
|
This function is used to send a packet out to the network device.
IPsec processing for outbound traffic is done here before forwarding the IP packet to the physical network device. The SPD is queried in order to know how the packet must be handled.
- Parameters:
-
netif | initialized lwIP network interface data structure of this device |
p | pbuf containing a complete IP packet as payload |
ipaddr | destination IP address |
- Returns:
- err_t status
backup of physical destination IP address (inner IP header may become encrypted)
- Todo:
- this static access to the HW device must be replaced by a more flexible method
lwIP TCP ESP outbound processing needs to add data after the original packet. Since the lwIP TCP does leave any room after the original packet, we copy the packet into a larger buffer. This step can be avoided if enough room is left after the packet when TCP allocates memory.
Definition at line 243 of file ipsecdev.c. |
void ipsecdev_service |
( |
struct netif * |
netif |
) |
|
|
|
This is just used to provide an consisstend interface. This function has no functionality.
- Parameters:
-
netif | initialized lwIP network interface data structure of this device |
- Returns:
- void
Definition at line 100 of file ipsecdev.c. |
|