/*
* This function assumes it is being called from dev_queue_xmit()
* and that skb is filled properly by that function.
*/
int
ipsec_mast_start_xmit(struct sk_buff *skb
, struct net_device *dev
, IPsecSAref_t SAref)
{
struct ipsec_xmit_state ixs_mem;
struct ipsec_xmit_state *ixs = &ixs_mem;
enum ipsec_xmit_value stat = IPSEC_XMIT_OK;
/* dev could be a mast device, but should be optional, I think... */
/* SAref is also optional, but one of the two must be present. */
/* I wonder if it could accept no device or saref and guess? */
/* ipsec_xmit_sanity_check_dev(ixs); */
ipsec_xmit_sanity_check_skb(ixs);
ipsec_xmit_adjust_hard_header(ixs);
stat = ipsec_xmit_encap_bundle(ixs);
if(stat != IPSEC_XMIT_OK) {
/* SA processing failed */
}
ipsec_xmit_hard_header_restore();
}
int main(char *argv[], int argc)
{
int error;
struct sockaddr_in saddr,daddr;
struct sockaddr_in saddr2,daddr2;
void *main_talloc = NULL;
struct ipsec_sa *sa, *sa1;
char auth1[]={0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65};
char enc[] ={0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58};
debug_xform = 1;
init_kmalloc();
debug_tunnel=0xffffffff;
debug_xmit=0xffffffff;
sysctl_ipsec_debug_verbose = 1;
prng_init(&ipsec_prng, seed, sizeof(seed));
ipsec_sadb_init();
ipsec_alg_init();
{
sa1 = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa1);
sa1->ips_seq = 1;
sa1->ips_pid = 10;
sa1->ips_said.spi = htonl(0x12345678);
sa1->ips_said.proto = IPPROTO_IPIP;
sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa1->ips_state = SADB_SASTATE_MATURE;
daddr2.sin_addr.s_addr = htonl(0xc001022D);
saddr2.sin_addr.s_addr = htonl(0xc0010217);
sa1->ips_addr_s = (struct sockaddr *)&saddr2;
sa1->ips_addr_d = (struct sockaddr *)&daddr2;
}
{
sa = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa);
sa->ips_said.spi = htonl(0x12345678);
sa->ips_said.proto = IPPROTO_ESP;
sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa->ips_said.dst.u.v4.sin_family = AF_INET;
sa->ips_seq = 1;
sa->ips_pid = 10;
sa->ips_inext = sa1;
{
/* make a copy so that ipsec_sa_init() can zero it out */
char *auth = talloc_size(main_talloc, AHMD596_KLEN);
memcpy(auth, auth1, AHMD596_KLEN);
sa->ips_authalg = AH_MD5;
sa->ips_key_bits_a = AHMD596_KLEN * 8;
sa->ips_key_a = auth;
}
sa->ips_encalg = ESP_3DES;
sa->ips_key_bits_e = 192;
sa->ips_iv_bits = 128;
sa->ips_key_e_size = 0;
sa->ips_key_e = talloc_memdup(main_talloc, enc, sa->ips_key_bits_e);
sa->ips_state = SADB_SASTATE_MATURE;
daddr.sin_addr.s_addr = htonl(0xc001022D);
saddr.sin_addr.s_addr = htonl(0xc0010217);
sa->ips_addr_s = (struct sockaddr *)&saddr;
sa->ips_addr_d = (struct sockaddr *)&daddr;
ipsec_sa_add(sa);
assert(ipsec_sa_init(sa) == 0);
ipsec_sa_put(sa);
}
{
struct ipsec_xmit_state ixs_mem;
struct ipsec_xmit_state *ixs = &ixs_mem;
enum ipsec_xmit_value stat;
struct net_device_stats stats;
int iphlen;
struct sk_buff *skb = skbFromArray(packet2, packet2_len);
skb->nh.raw = skb_pull(skb, skb->mac_len);
iphlen = (skb->nh.iph->ihl<<2);
/* do not use skb_pull, since data should stay at IP header */
skb->h.raw = skb->nh.raw + iphlen;
memset((caddr_t)ixs, 0, sizeof(*ixs));
memset(&stats, 0, sizeof(stats));
ixs->stats = &stats;
ixs->oskb = NULL;
ixs->saved_header = NULL; /* saved copy of the hard header */
ixs->route = NULL;
memset((caddr_t)&(ixs->ips), 0, sizeof(ixs->ips));
ixs->dev = NULL;
ixs->skb = skb;
ixs->physmtu = 1500;
ixs->cur_mtu = 1500;
ixs->outgoing_said.spi = htonl(0x12345678);
ixs->outgoing_said.proto = IPPROTO_ESP;
ixs->outgoing_said.dst.u.v4.sin_family = AF_INET;
ixs->outgoing_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
stat = ipsec_xmit_sanity_check_skb(ixs);
assert(stat == IPSEC_XMIT_OK);
#if 0
stat = ipsec_tunnel_strip_hard_header(ixs);
assert(stat == IPSEC_XMIT_OK);
stat = ipsec_tunnel_SAlookup(ixs);
assert(stat == IPSEC_XMIT_OK);
#endif
stat = ipsec_xmit_encap_bundle(ixs);
assert(stat == IPSEC_XMIT_OK);
#if 0
stat = ipsec_tunnel_restore_hard_header(ixs);
#endif
ipsec_print_ip(ixs->iph);
}
return 0;
}