ip_ipsec_pxy.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright (C) 2001-2003 by Darren Reed
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* $Id: ip_ipsec_pxy.c,v 2.16 2003/06/25 12:08:21 darrenr Exp $
*
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT
* code.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#define IPF_IPSEC_PROXY
int ippr_ipsec_init __P((void));
void ippr_ipsec_fini __P((void));
static ipftq_t *ipsecnattqe;
static ipftq_t *ipsecstatetqe;
static char ipsec_buffer[1500];
int ipsec_proxy_init = 0;
/*
* IPSec application proxy initialization.
*/
int ippr_ipsec_init()
{
ipsec_proxy_init = 1;
if (ipsecnattqe == NULL)
return -1;
if (ipsecstatetqe == NULL) {
ipsecnattqe = NULL;
return -1;
}
return 0;
}
void ippr_ipsec_fini()
{
if (ipsecnattqe != NULL)
ipsecnattqe = NULL;
if (ipsecstatetqe != NULL)
if (ipsec_proxy_init == 1) {
ipsec_proxy_init = 0;
}
}
/*
* Setup for a new IPSEC proxy.
*/
{
char *ptr;
mb_t *m;
if (dlen < 16)
return -1;
return -1;
return -1;
/*
* created. This is required because the current NAT rule does not
* describe ESP but UDP instead.
*/
sizeof(ipn->in_ifnames[0]));
ptr = ipsec_buffer;
ptr += sizeof(ipsec_cookie_t);
/*
* The responder cookie should only be non-zero if the initiator
* cookie is non-zero. Therefore, it is safe to assume(!) that the
* cookies are both set after copying if the responder is non-zero.
*/
SI_WILDP);
}
return 0;
}
/*
* For outgoing IKE packets. refresh timeouts for NAT & state entries, if
* we can. If they have disappeared, recreate them.
*/
{
int p;
/*
*/
else {
}
}
/*
*/
} else {
&ipsec->ipsc_state,
SI_WILDP);
}
}
return 0;
}
/*
* This extends the NAT matching to be based on the cookies associated with
* a session and found at the front of IKE packets. The cookies are always
* in the same order (not reversed depending on packet flow direction as with
*/
{
mb_t *m;
int off;
return -1;
return -1;
if (ipsec->ipsc_rckset == 0) {
return 0;
}
return 0;
}
return -1;
return 0;
}
/*
* clean up after ourselves.
*/
void ippr_ipsec_del(aps)
{
/*
* Don't delete it from here, just schedule it to be
* deleted ASAP.
*/
}
}
}
}