?? ipsec_init.c
字號:
/* ipsec_init.c - IPSec Initialization. *//* * Copyright (c) 2000-2006 Wind River Systems, Inc. * * The right to copy, distribute, modify or otherwise make use * of this software may be licensed only pursuant to the terms * of an applicable Wind River license agreement. *//*modification history--------------------02n,12jan06,djp removed rwos dependencies02m,20jun05,djp Removed reference ipsec_tsi.h (obsolete)02l,13may05,djp Added KERNEL doc tag to ipsecShutdown()02k,27apr05,djp Added NOMANUAL Flag to ipsecInit()02j,12apr05,djp Fixed compile errors and include paths02i,08apr05,djp Added logger initialization02h,25Jul03,cdw ifdef out the i/o funcptr declarations for virtual stacks02g,12jun03,rparkhil added support for STACK_NAME02f,04jun03,mad(teamf1) added ifdef for IPV4_DUAL_STACK02e,22Apr03,mhb(teamf1) Code cleanup (added function header for ipsecShutdown)02d,04Feb03,rks(teamf1) removed _ipsecFilterHook initialization.02c,28Dec02,rks(teamf1) Added code to delete tIPsec task02b,22Sep02,sam(teamf1) Added ipsecShutdown routine.02a,20Sep02 rks(teamf1) Added code for Initializing IPsec hooks for Clarinet01c,19mar02,rtp added semaphore delete, code clean up01b,24jul01,tkp removed configuration strings(supported in usrNetIpsecInit.c)01a,20oct00,aos written*//******************************************************************************//*DESCRIPTIONThis module implements IPSec initialization routines.INCLUDE: ipsecInit.h*/#define GLOBAL_FILE#include <vxWorks.h>#include <taskLib.h>#include <stdio.h>#if (_WRS_VXWORKS_MAJOR < 6)#include <osdep.h>#include <machdep.h>#endif#include <net/if.h>#include <net/if_var.h>#include <netinet/in.h>#include <netinet/in_var.h>#include <netinet/ip.h>#include <netinet/ip_var.h>#include <wrn/ipsec/ipsecInit.h>#include "../common/wrSecNvram.h"#if defined (VIRTUAL_STACK)#ifdef _KERNEL#define _KERNEL_PREDEFINED#else#define _KERNEL#endif#include <netinet/vsLib.h>#include <netinet/vsData.h> /* for vsTbl[] */#include <netinet/vsIp.h> /* for IPSEC_INPUT_FUNCPTR, IPSEC_OUTPUT_FUNCPTR definitions */#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)#include <netinet6/in6_var.h>#include <vs/vsIp6.h>#endif /* STACK_NAME_V4_V6 && defined (INET6) */#ifndef _KERNEL_PREDEFINED#undef _KERNEL#else#undef _KERNEL_PREDEFINED#endif#else#if STACK_NAME == STACK_NAME_V4_V6#include <netinet/ip4_ext_in.h> /* for IPSEC_INPUT_FUNCPTR definition */#include <netinet/ip4_ext_out.h> /* for IPSEC_OUTPUT_FUNCPTR definition */#endif#if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6)#include <netinet6/ip6_var.h>#include <netinet6/ip6_ext_in.h> /* for INPUT_HOOK_IPV6_FUNCPTR definition */#include <netinet6/ip6_ext_out.h> /* for IPSEC_OUTPUT_IPV6_FUNCPTR definition */#endif#endif /* defined (VIRTUAL_STACK) */#include "../common/wrSecList.h"#include "../common/wrSecUtil.h"#include "../common/wrSecNvram.h"#include "ipsecP.h"#include "ipsec_class.h"#include "ipsec_globals.h"#include "ipsec_configuration_table.h"#include "ipsec_network_interface.h"/******************************************************************************/extern void ipsecLoggerKernelInit(void);/* globals *//* defines */#define IPSEC_NAME "IP Security"/* typedefs *//* locals *//* forward declarations *//******************************************************************************/LOCAL STATUS ipsecConfigure ( char *ipsecCfg );LOCAL STATUS ipsecBuildManualConfig ( char *ipsec_configuration_text, UINT configuration_text_size );/******************************************************************************//******************************************************************************** * ipsecInit - initialize the IPSec library** This routine initializes the IPsec module. If IPSec queuing is used (as determined* by the compiler preprocessor '_IPSEC_QUEUING_') the IPSec task is also spawned. ** Parameters:* \is* \i <ipsecCfg>* A character array containing configuration statements as described below.* \i <task_priority>* If IPsec queuing is used (as determined by the compiler preprocessor* '_IPSEC_QUEUING_'), this is the task priority to be assigned to the IPsec task,* 'tIPsecTask'. This value should be slightly more than that of the NEt task, 'tNetTask'.* The default value is 49.* \ie** CONFIGURATION STRING SYNTAX** Use a comma (,) to separate arguments in a parameter string. Do not code * whitespace anywhere in a parameter string, for example, * * "IPsec DF Bit = 204.31.186.45,COPY" is correct, whereas * * "IPsec DF Bit = 204.31.186.45, COPY" is not correct.* * \sh IPsec Printf* \ts* Syntax: | 'IPsec Printf = enabled \| disabled'* Description: | Enables/disables all IPsec console printing.* Example: | 'IPsec Printf = enabled'* \te* * \sh IPsec Error Printf* \ts * Syntax: | 'IPsec Error Printf = enabled \| disabled'* Description: | Enable/disable printing of critical events that require attention.* Example: | 'IPsec Error Printf = disabled'* \te* \sh IPsec Warning Printf* \ts* Syntax: | 'IPsec Warning Printf = enabled \| disabled'* Description: | Enable/disable printing of non-critical errors that may be ignored.* Example: | 'IPsec Warning Printf = disabled'* \te* * \sh IPsec Initialization Printf* \ts* Syntax: | 'IPsec Initialization Printf = enabled \| disabled'* Description: | Enable/disable printing of error messages for Tornado shell interface* | routines, and for task or component initialization.* Example: | 'IPsec Initialization Printf = enabled'* \te* * \sh IPsec Debug Printf* \ts* Syntax: | 'IPsec Debug Printf = enabled \| disabled'* Description: | Enable/disable printing of all debug messages; useful when* | troubleshooting.* Example: | 'IPsec Debug Printf = disabled'* \te* * \sh IPsec Attach Network Interface* \ts* Syntax: | 'IPsec Attach Network Interface = <ipAddress>'* Description: | Bind a network interface to IPsec.* Examples: | For IPv4:* | 'IPsec Attach Network Interface = 204.31.186.45'* | For IPv6:* | 'IPsec Attach Network Interface = 3ffe:2::2'* \te* * \sh IPsec DF Bit* \ts* Syntax: | 'IPsec DF Bit = <ipAddress>,<dfBitConfig>'* Description:| Used in tunneled IP header construction to clear, set, or copy the* | inner IP header DF (Don抰 Fragment) bit.* Arguments: | <ipAddress> is the IP address of an IPsec-enabled network interface.* | <dfBitConfig> values are 'CLEAR' \| 'SET' \| 'COPY' (to clear, set, or copy the DF bit).* Example: | 'IPsec DF Bit = 204.31.186.45,COPY'* \te* * * RETURNS: OK if successful, otherwise ERROR.** ERRNO: N/A** NOMANUAL*/STATUS ipsecInit ( char *ipsecCfg, /* IPsec configuration string */ unsigned int task_priority /* IPsec task priority */ ) { if (ipsec_global_class.ipsec_enabled == FALSE) { { ipsec_global_class.ipsec_network_interface_list = wrSecListCreate (NULL); if (ipsec_global_class.ipsec_network_interface_list == NULL) { printf ("IPsec: ipsecInit() : %s\r\n", "failed! to create network interface list"); return (ERROR); } ipsec_global_class.ipsec_enabled = TRUE; if (ipsecConfigure (ipsecCfg) == ERROR) { cleanup_network_interface_container (ipsec_global_class.ipsec_network_interface_list); ipsec_global_class.ipsec_enabled = FALSE; wrSecListDestroy (ipsec_global_class.ipsec_network_interface_list); ipsec_global_class.ipsec_network_interface_list = (WRSEC_LIST)NULL; return (ERROR); } if (ipsecTaskEntry (task_priority) == ERROR) { cleanup_network_interface_container (ipsec_global_class.ipsec_network_interface_list); ipsec_global_class.ipsec_enabled = FALSE; wrSecListDestroy (ipsec_global_class.ipsec_network_interface_list); ipsec_global_class.ipsec_network_interface_list = (WRSEC_LIST)NULL; return (ERROR); } /* Register WindNet IPsec hooks into VxWorks IP stack */ #if STACK_NAME == STACK_NAME_V4_V6 _ipsecInput = ipsecInput; _ipsecOutput = ipsecOutput; #if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) _ipsecInputIPv6 = ipsecInputIPv6; _ipsecOutputIPv6 = (IPSEC_OUTPUT_IPV6_FUNCPTR)ipsecOutputIPv6; _ipsecForwardIPv6 = (IPSEC_OUTPUT_IPV6_FUNCPTR)ipsecForwardIPv6; #endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */ #else _func_ipsecInput = ipsecInput; _func_ipsecOutput = ipsecOutput; #endif /* STACK_NAME == STACK_NAME_V4_V6 */ _ipsecSizing = ipsecSizing; }#ifdef INCLUDE_LOGGING_IPSEC ipsecLoggerKernelInit();#endif } return (OK); }/******************************************************************************/LOCAL STATUS ipsecConfigure ( char *ipsecCfg ) { if (ipsecCfg == NULL) { char ipsec_configuration_text[MAXIMUM_CONFIGURATION_TEXT_SIZE + 1]; if (ipsecBuildManualConfig (ipsec_configuration_text, MAXIMUM_CONFIGURATION_TEXT_SIZE + 1) == ERROR) { printf ("IPsec: Error building configuration data. \r\n"); return (ERROR); } if (wrSecNvramInitialize (NULL, (ULONG)ipsec_configuration_text, IPSEC_NAME, (void *)&ipsec_configuration_table) == FAIL) { printf ("IPsec: Error, NVRAM Initialization failed. \r\n"); return (ERROR); } } else { if (wrSecNvramInitialize (NULL, (ULONG)ipsecCfg, IPSEC_NAME, (void *)&ipsec_configuration_table) == FAIL) { printf ("IPsec: Error, NVRAM Initialization failed. \r\n"); return (ERROR); } } return (OK); }/******************************************************************************/LOCAL STATUS ipsecBuildManualConfig ( char *ipsec_configuration_text, UINT configuration_text_size ) { memset (ipsec_configuration_text, '\0', configuration_text_size); return (OK); }/******************************************************************************//********************************************************************************* ipsecShutdown - shut down the IPSec module** This routine shuts down the IPSec module. If IPSec queuing is used (as determined* by the compiler preprocessor '_IPSEC_QUEUING_'), the IPSec task, which is spawned* when 'ipsecInit()' routine is called, is deleted.** EXAMPLES:* \cs* ipsecShutdown()* \ce* * RETURNS: OK if successful, otherwise ERROR.** ERRNO: N/A** \IFSET KERNEL*/STATUS ipsecShutdown ( void ) { #if defined(__IPSEC_QUEUING__) int task_id; IPSEC_QUEUE_MSG ipsec_queue_msg; #endif if (ipsec_global_class.ipsec_enabled != TRUE) { printf (" IPSEC: ipsec module not initialized "); return (ERROR); } /* Mark as uninitialized */ ipsec_global_class.ipsec_enabled = FALSE; /* Unregister WindNet IPsec hooks into VxWorks IP stack */ #if STACK_NAME == STACK_NAME_V4_V6 _ipsecInput = NULL; _ipsecOutput = NULL; #if STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) _ipsecInputIPv6 = NULL; _ipsecOutputIPv6 = NULL; _ipsecForwardIPv6 = NULL; #endif /* STACK_NAME == STACK_NAME_V4_V6 && defined (INET6) */ #else _func_ipsecInput = NULL; _func_ipsecOutput = NULL; #endif /* STACK_NAME == STACK_NAME_V4_V6_*/ _ipsecSizing = NULL; cleanup_network_interface_container (ipsec_global_class.ipsec_network_interface_list); wrSecListDestroy (ipsec_global_class.ipsec_network_interface_list); #if defined(__IPSEC_QUEUING__) if ((task_id = taskNameToId ("tIPsec")) != ERROR) { /* Delete the 'tIPsec' task */ taskDelete(task_id); } else { printf ("IPsec: cound not find tIPsec Task\n"); } /* empty msgQ and wrSecFree all mbufs */ while (msgQReceive (ipsec_global_class.ipsecMsgQ, (char *)&ipsec_queue_msg, sizeof (IPSEC_QUEUE_MSG), NO_WAIT) != ERROR) { if (ipsec_queue_msg.p_memory_buffer != NULL) { WRN_M_FREEM (ipsec_queue_msg.p_memory_buffer); } } msgQDelete (ipsec_global_class.ipsecMsgQ); #endif /* __IPSEC_QUEUING__ */ memset (&ipsec_global_class, 0x00, sizeof (IPSEC_GLOBAL_CLASS)); return (OK); }?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -