summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 92d5a8b)
raw | patch | inline | side by side (parent: 92d5a8b)
author | Mike Scherban <m-scherban@ti.com> | |
Tue, 28 Jul 2015 13:32:16 +0000 (08:32 -0500) | ||
committer | Tinku Mannan <tmannan@ti.com> | |
Mon, 3 Aug 2015 18:14:01 +0000 (14:14 -0400) |
Adds new API for creating a security association from an IP rule:
netapi_secAddSAIP().
Signed-off-by: Mike Scherban <m-scherban@ti.com>
netapi_secAddSAIP().
Signed-off-by: Mike Scherban <m-scherban@ti.com>
index d447c6d694b34c966a3ca9dea4d2aa45cb831475..c4e8addfd653ba5614dc90389413c5c89a611f01 100755 (executable)
* @ingroup security_constants
*/
#define NETAPI_SEC_SA_SIDEBAND 0x1
-
/**
* @ingroup cfg_security_functions
* @brief netapi_secAddSA API to add an IPSEC SA.
void** inflow_mode_handle,
void* user_data,
int* perr);
+
+/**
+ * @ingroup cfg_security_functions
+ * @brief netapi_secAddSAIP API to add an IPSEC SA with IP handle.
+ *
+ * @details API to add an IPSec SA. SAs are IPSec security contexts and define a uni-directional
+ * secure path (tunnel or transport). SAs are attached to MAC interfaces that have already
+ * been created. API allows SA to be configured as either inflow or sideband mode. This API is used for both receive and transmit SAs.
+ * @param[in] h The NETAPI handle, @ref NETAPI_T
+ * @param[in] iface_no Interface to attach SA to.
+ * @param[in] sa_info Information on the SA being added, @ref NETAPI_SEC_SA_INFO_T
+ * @param[in] key_params Security key information for the SA.
+ * @param[in] mode SA implementation mode @ref NETAPI_SEC_SA_SIDEBAND or @ref NETAPI_SEC_SA_INFLOW
+ * @param[in] route Optional: @ref NETCP_CFG_ROUTE_HANDLE_T
+ * @param[in] data_mode_handle Returned data mode handle for PKTIO (in the case of sideband SAs)
+ * @param[in] inflow_mode_handle Returned inflow mode handle for PKTIO (in the case of TX inflow SAs)
+ * @param[in] user_data Optional: pointer to user provided data associated with SA, optional
+ * @param[in] ip_rule IP rule @ref NETCP_CFG_IP_T
+ * @param[out] perr Pointer to error code.
+ * @retval Application id associated with created SA @ref NETCP_CFG_SA_T.
+ * This ID is used when referencing this SA in subsequent APIs (eg. to delete it).
+ * Also in the case of Receive Inflow, packets will be tagged with this ID so that s/w will know
+ * that the packet has already been decrypted, authenticated and window-replay checked.
+ * (note: if a RX policy is matched also then the ID associated with the policy will be tagged instead).
+ * @pre @ref netapi_init
+ */
+NETCP_CFG_SA_T netapi_secAddSAIP(NETAPI_T h,
+ int iface_no,
+ NETAPI_SEC_SA_INFO_T *sa_info,
+ nwalSecKeyParams_t * key_params,
+ int inflow_mode,
+ NETCP_CFG_ROUTE_HANDLE_T route,
+ void **p_data_mode_handle,
+ void **p_inflow_mode_handle,
+ void * p_user_data,
+ NETCP_CFG_IP_T ip_rule,
+ int * perr);
+
/**
* @ingroup cfg_security_functions
* @brief netapi_secDelSA: API to delete an IPSEC SA.
index 81a07b7bfaee3a47885f3e6d0ab60387be30135f..3b047cf8ce196f93d89f81f32e4eb967506cf300 100755 (executable)
void *netapip_netcpCfgGetSaHandles( NETAPI_NWAL_GLOBAL_CONTEXT_T *p,
int sa_slot, void ** p_sideband);
void* netapip_netcpCfgGetMacHandle(NETAPI_NWAL_GLOBAL_CONTEXT_T *p,int iface_no);
+void *netapip_netcpCfgGetIpHandle(NETAPI_NWAL_GLOBAL_CONTEXT_T *p,int iface_no,int ip_slot);
NetapiNwalTransInfo_t * netapip_getFreeTransInfo(NETAPI_HANDLE_T *p_handle,
NETAPI_PROC_GLOBAL_T *p_global,
nwal_TransID_t *pTransId);
index 9c6c6a2d00fc627fdbc55b3cde1e09041f48a66b..2ebe700ecb74a10321b26359529828a5b74c44de 100755 (executable)
********************************************************************
* DESCRIPTION: API to add an IPSEC SA
********************************************************************/
-NETCP_CFG_SA_T netapi_secAddSA(NETAPI_T h,
- int iface_no,
- NETAPI_SEC_SA_INFO_T *sa_info,
- nwalSecKeyParams_t * key_params,
- int inflow_mode,
- NETCP_CFG_ROUTE_HANDLE_T route,
- void **p_data_mode_handle,
- void **p_inflow_mode_handle,
- void * p_user_data,
- int * perr)
+NETCP_CFG_SA_T netapi_secAddSAInternal(NETAPI_T h,
+ int iface_no,
+ NETAPI_SEC_SA_INFO_T *sa_info,
+ nwalSecKeyParams_t * key_params,
+ int inflow_mode,
+ NETCP_CFG_ROUTE_HANDLE_T route,
+ void **p_data_mode_handle,
+ void **p_inflow_mode_handle,
+ void * p_user_data,
+ NETCP_CFG_IP_T ip_rule,
+ int * perr)
{
NETAPI_HANDLE_T * n = (NETAPI_HANDLE_T *) h;
nwal_RetValue retValue;
uint32_t swInfo1 = 0;
int sa_db_slot;
int free_sa_db_slot = 0;
+ int ip_slot = 0;
+ void * handle;
nwalCreateSAParams_t createParam =
{
/* mac handle */
{0}
};
+ /* Get IP slot for IP rule. */
+ if (ip_rule)
+ {
+ ip_slot = netapi_cfgGetMatchId(ip_rule);
+ handle = netapip_netcpCfgGetIpHandle(&netapi_get_global()->nwal_context,iface_no,ip_slot);
+ }
+ else
+ {
+ handle = netapip_netcpCfgGetMacHandle(&netapi_get_global()->nwal_context,iface_no);
+ }
- void * mac_handle = netapip_netcpCfgGetMacHandle(&netapi_get_global()->nwal_context,iface_no);
*perr =NETAPI_ERR_OK;
if ((!n) || (!sa_info) || (!p_data_mode_handle))
{
memcpy(&saInfo.dst, &sa_info->dst, sizeof( nwalIpAddr_t));
memcpy(&saInfo.src, &sa_info->src, sizeof( nwalIpAddr_t));
saInfo.proto = sa_info->proto;
- createParam.macHandle = mac_handle;
+ createParam.handle = handle;
createParam.ipType = sa_info->ipType;
createParam.saIpSecParam.dir = sa_info->dir;
createParam.saIpSecParam.saMode = sa_info->saMode;
return (appId);
}
+/********************************************************************
+ * FUNCTION PURPOSE: API to add an IPSEC SA
+ ********************************************************************
+ * DESCRIPTION: API to add an IPSEC SA
+ ********************************************************************/
+NETCP_CFG_SA_T netapi_secAddSA(NETAPI_T h,
+ int iface_no,
+ NETAPI_SEC_SA_INFO_T *sa_info,
+ nwalSecKeyParams_t * key_params,
+ int inflow_mode,
+ NETCP_CFG_ROUTE_HANDLE_T route,
+ void **p_data_mode_handle,
+ void **p_inflow_mode_handle,
+ void * p_user_data,
+ int * perr)
+{
+ *perr = 0;
+ return netapi_secAddSAInternal(h,
+ iface_no,
+ sa_info,
+ key_params,
+ inflow_mode,
+ route,
+ p_data_mode_handle,
+ p_inflow_mode_handle,
+ p_user_data,
+ 0,
+ perr);
+}
+
+/********************************************************************
+ * FUNCTION PURPOSE: API IP handle to add an IPSEC SA
+ ********************************************************************
+ * DESCRIPTION: API to add an IPSEC SA.
+ * Piggy back off perr for IP handle flag and IP slot.
+ ********************************************************************/
+NETCP_CFG_SA_T netapi_secAddSAIP(NETAPI_T h,
+ int iface_no,
+ NETAPI_SEC_SA_INFO_T *sa_info,
+ nwalSecKeyParams_t * key_params,
+ int inflow_mode,
+ NETCP_CFG_ROUTE_HANDLE_T route,
+ void **p_data_mode_handle,
+ void **p_inflow_mode_handle,
+ void * p_user_data,
+ NETCP_CFG_IP_T ip_rule,
+ int * perr)
+{
+ *perr = 0;
+ return netapi_secAddSAInternal(h,
+ iface_no,
+ sa_info,
+ key_params,
+ inflow_mode,
+ route,
+ p_data_mode_handle,
+ p_inflow_mode_handle,
+ p_user_data,
+ ip_rule,
+ perr);
+}
+
/********************************************************************
* FUNCTION PURPOSE: Internal function to dynamically switch between inflow
* and sideband mode
index e836174e9a44e2c1e4cfba6874b55c37bc943e54..3f04d1abf4d46cecdb645c41d742257cca632a25 100755 (executable)
***************************************************************************
* DESCRIPTION: Netapi internal function to get IP handle associated with IP address
***************************************************************************/
-static void *netapip_netcpCfgGetIpHandle(NETAPI_NWAL_GLOBAL_CONTEXT_T *p,
+void *netapip_netcpCfgGetIpHandle(NETAPI_NWAL_GLOBAL_CONTEXT_T *p,
int iface_no,
int ip_slot)
{