版權聲明:如有需要,可供轉載,但請註明出處:https://blog.csdn.net/City_of_skey/article/details/86563402
目錄
1、xfrm_type
ah、esp、ipcomp協議的通過struct xfrm_type結構體描述,包括協議字符串、協議值、標誌、初始化函數、析構函數、數據包輸入處理函數、數據包輸出處理函數等,定義如下:
struct xfrm_type {
char *description; /*描述字符串*/
struct module *owner; /*協議末班*/
u8 proto; /*協議值*/
u8 flags; /*標誌*/
#define XFRM_TYPE_NON_FRAGMENT 1
#define XFRM_TYPE_REPLAY_PROT 2
#define XFRM_TYPE_LOCAL_COADDR 4
#define XFRM_TYPE_REMOTE_COADDR 8
int (*init_state)(struct xfrm_state *x); /*初始化函數*/
void (*destructor)(struct xfrm_state *); /*析構函數*/
int (*input)(struct xfrm_state *, struct sk_buff *skb);/*數據包輸入函數*/
int (*output)(struct xfrm_state *, struct sk_buff *pskb);/*數據包輸出函數*/
int (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *);/*拒絕函數*/
int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);/*頭部偏移函數*/
/* Estimate maximal size of result of transformation of a dgram */
u32 (*get_mtu)(struct xfrm_state *, int size); /*最大數據包長度函數*/
};
ah協議實例定義在/net/ipv4/ah4.c文件中
static const struct xfrm_type ah_type =
{
.description = "AH4",
.owner = THIS_MODULE,
.proto = IPPROTO_AH,
.flags = XFRM_TYPE_REPLAY_PROT,
.init_state = ah_init_state,
.destructor = ah_destroy,
.input = ah_input,
.output = ah_output
};
esp協議實例定義在/net/ipv4/esp4.c文件中
static const struct xfrm_type esp_type =
{
.description = "ESP4",
.owner = THIS_MODULE,
.proto = IPPROTO_ESP,
.flags = XFRM_TYPE_REPLAY_PROT,
.init_state = esp_init_state,
.destructor = esp_destroy,
.get_mtu = esp4_get_mtu,
.input = esp_input,
.output = esp_output
};
ipcomp協議實例定義在/net/ipv4/ipcomp.c文件中
static const struct xfrm_type ipcomp_type = {
.description = "IPCOMP4",
.owner = THIS_MODULE,
.proto = IPPROTO_COMP,
.init_state = ipcomp4_init_state,
.destructor = ipcomp_destroy,
.input = ipcomp_input,
.output = ipcomp_output
};
2、xfrm_mode
struct xfrm_mode是Ipsec連接描述結構體,主要有傳輸模式、隧道模式兩種
struct xfrm_mode {
int (*input2)(struct xfrm_state *x, struct sk_buff *skb);
int (*input)(struct xfrm_state *x, struct sk_buff *skb); /*數據輸入函數*/
int (*output2)(struct xfrm_state *x,struct sk_buff *skb);
int (*output)(struct xfrm_state *x, struct sk_buff *skb); /*輸出函數*/
struct xfrm_state_afinfo *afinfo;
struct module *owner;
unsigned int encap;
int flags;
};
隧道模式結構體實例:
static struct xfrm_mode xfrm4_tunnel_mode = {
.input2 = xfrm4_mode_tunnel_input,
.input = xfrm_prepare_input,
.output2 = xfrm4_mode_tunnel_output,
.output = xfrm4_prepare_output,
.owner = THIS_MODULE,
.encap = XFRM_MODE_TUNNEL,
.flags = XFRM_MODE_FLAG_TUNNEL,
};
傳輸模式結構體實例:
static struct xfrm_mode xfrm4_transport_mode = {
.input = xfrm4_transport_input,
.output = xfrm4_transport_output,
.owner = THIS_MODULE,
.encap = XFRM_MODE_TRANSPORT,
};
beet模式結構體實例:
static struct xfrm_mode xfrm4_beet_mode = {
.input2 = xfrm4_beet_input,
.input = xfrm_prepare_input,
.output2 = xfrm4_beet_output,
.output = xfrm4_prepare_output,
.owner = THIS_MODULE,
.encap = XFRM_MODE_BEET,
.flags = XFRM_MODE_FLAG_TUNNEL,
};
3、xfrm_policy_afinfo
struct xfrm_policy_afinfo結構體是策略數據結構
struct xfrm_policy_afinfo {
/*協議族*/
unsigned short family;
/*目的操作結構*/
struct dst_ops *dst_ops;
void (*garbage_collect)(struct net *net);
/*路由選項*/
struct dst_entry *(*dst_lookup)(struct net *net, int tos,
xfrm_address_t *saddr,
xfrm_address_t *daddr);
/*獲取源地址*/
int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
/*解碼會話*/
void (*decode_session)(struct sk_buff *skb,
struct flowi *fl,
int reverse);
int (*get_tos)(struct flowi *fl);
int (*init_path)(struct xfrm_dst *path,
struct dst_entry *dst,
int nfheader_len);
/*查找路由選項*/
int (*fill_dst)(struct xfrm_dst *xdst,
struct net_device *dev,
struct flowi *fl);
};
struct xfrm_policy_afinfo結構體實例
static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
.family = AF_INET,
.dst_ops = &xfrm4_dst_ops,
.dst_lookup = xfrm4_dst_lookup,
.get_saddr = xfrm4_get_saddr,
.decode_session = _decode_session4,
.get_tos = xfrm4_get_tos,
.init_path = xfrm4_init_path,
.fill_dst = xfrm4_fill_dst,
};
4、xfrm_state_afinfo
狀態的相關協議結構體
struct xfrm_state_afinfo {
/*協議族*/
unsigned int family;
unsigned int proto;
__be16 eth_proto;
struct module *owner;
/*協議類型*/
const struct xfrm_type *type_map[IPPROTO_MAX];
/*模式*/
struct xfrm_mode *mode_map[XFRM_MODE_MAX];
int (*init_flags)(struct xfrm_state *x);
void (*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
struct xfrm_tmpl *tmpl,
xfrm_address_t *daddr, xfrm_address_t *saddr);
/*模板排序*/
int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
/*狀態排序*/
int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
int (*output)(struct sk_buff *skb);
int (*extract_input)(struct xfrm_state *x,
struct sk_buff *skb);
int (*extract_output)(struct xfrm_state *x,
struct sk_buff *skb);
int (*transport_finish)(struct sk_buff *skb,
int async);
};
狀態協議結構體實例:
static struct xfrm_state_afinfo xfrm4_state_afinfo = {
.family = AF_INET,
.proto = IPPROTO_IPIP,
.eth_proto = htons(ETH_P_IP),
.owner = THIS_MODULE,
.init_flags = xfrm4_init_flags,
.init_tempsel = __xfrm4_init_tempsel,
.output = xfrm4_output,
.extract_input = xfrm4_extract_input,
.extract_output = xfrm4_extract_output,
.transport_finish = xfrm4_transport_finish,
};
5、xfrm_mgr
回調通知結構體
struct xfrm_mgr {
struct list_head list;
char *id;
/*狀態通知*/
int (*notify)(struct xfrm_state *x, struct km_event *c);
/*狀態獲取*/
int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
/*編譯策略*/
struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
/*映射*/
int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
/*策略通知*/
int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
/*報告*/
int (*report)(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
int (*migrate)(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles, struct xfrm_kmaddress *k);
};
回調通知結構體實例
static struct xfrm_mgr pfkeyv2_mgr =
{
.id = "pfkeyv2",
.notify = pfkey_send_notify,
.acquire = pfkey_send_acquire,
.compile_policy = pfkey_compile_policy,
.new_mapping = pfkey_send_new_mapping,
.notify_policy = pfkey_send_policy_notify,
.migrate = pfkey_send_migrate,
};