embedded IPsec source code documentation

Main Page | Alphabetical List | Data Structures | File List | Data Fields | Globals | Related Pages

Todo List

Global ipsec_ah_check (ipsec_ip_header *outer_packet, int *payload_offset, int *payload_size, sad_entry *sa)
Extend function to support transport mode

Global ipsec_ah_encapsulate (ipsec_ip_header *inner_packet, int *payload_offset, int *payload_size, sad_entry *sa, __u32 src, __u32 dst)
Extend function to support transport mode

Global ipsec_ah_encapsulate (ipsec_ip_header *inner_packet, int *payload_offset, int *payload_size, sad_entry *sa, __u32 src, __u32 dst)
fix TTL update and checksum calculation

id must be generated properly and incremented

Global DUMPDEV_IGNORE_RESPONSE
this feature is not implemented

Global dumpdev_input (struct netif *netif)
simulate reception of new packets HERE

replace this loop with memcpy()

ATTENTION: should be real IP, not -1

Global ipsec_esp_encapsulate (ipsec_ip_header *packet, int *offset, int *len, sad_entry *sa, __u32 src_addr, __u32 dest_addr)
fix TTL update and checksum calculation

id must be generated properly and incremented

Global ipsec_output (unsigned char *packet, int packet_size, int *payload_offset, int *payload_size, __u32 src, __u32 dst, spd_entry *spd)
invoke IKE to generate a proper SA for this SPD entry

Global ipsecdev_init (struct netif *netif)
this should be somewhere else

selecting the right interface for mapping must be replaced by an more generic method

MAC addresses should be set somewhere else

Global ipsecdev_input (struct pbuf *p, struct netif *inp)
Attention: the pbuf structure should be updated using pbuf_header()

Global ipsecdev_output (struct netif *netif, struct pbuf *p, struct ip_addr *ipaddr)
this static access to the HW device must be replaced by a more flexible method

lwIP TCP ESP outbound processing needs to add data after the original packet. Since the lwIP TCP does leave any room after the original packet, we copy the packet into a larger buffer. This step can be avoided if enough room is left after the packet when TCP allocates memory.

Global ipsec_sad_add (sad_entry *entry, sad_table *table)
right now there is no special order implemented, maybe this is needed

Global ipsec_sad_add (sad_entry *entry, sad_table *table)
this part needs to be rewritten when an order is introduced

Global ipsec_sad_del (sad_entry *entry, sad_table *table)
right now there is no special order implemented, maybe this is needed

Global ipsec_sad_get_free (sad_table *table)
this function should probably be static

Global ipsec_spd_add (__u32 src, __u32 src_net, __u32 dst, __u32 dst_net, __u8 proto, __u16 src_port, __u16 dst_port, __u8 policy, spd_table *table)
right now there is no special order implemented, maybe this is needed

Global ipsec_spd_add (__u32 src, __u32 src_net, __u32 dst, __u32 dst_net, __u8 proto, __u16 src_port, __u16 dst_port, __u8 policy, spd_table *table)
this part needs to be rewritten when an order is introduced

Global ipsec_spd_del (spd_entry *entry, spd_table *table)
right now there is no special order implemented, maybe this is needed

Global ipsec_spd_del (spd_entry *entry, spd_table *table)
probably the SA should also be deleted

Global ipsec_spd_get_free (spd_table *table)
this function should probably be static

Global ipsec_spd_lookup (ipsec_ip_header *header, spd_table *table)
port checking should be implemnted also

Global IPSEC_TESTING_EVALUATE (__retcode__, __sub_results__, __functionname__, __msg__)
this doxygen tag is not working. probably because of the complexity of the macro
Copyright 2003 by Christian Scheurer and Niklaus Schild