summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c814a83)
raw | patch | inline | side by side (parent: c814a83)
| author | David Lide <a0216552@gtudci01.(none)> | |
| Mon, 19 Mar 2012 13:47:33 +0000 (09:47 -0400) | ||
| committer | David Lide <a0216552@gtudci01.(none)> | |
| Mon, 19 Mar 2012 13:47:33 +0000 (09:47 -0400) |
index 375b097a9b1038573d5409c97bf739d736e1cdc5..91eb045c06c6e6a6068007d9472f23d7f9fa0ade 100755 (executable)
{\r
nwalRxPktInfo_t * rx_meta;\r
nwalTxPktInfo_t * tx_meta;\r
- nwalDmTxPayloadInfo_t * rx_sb_meta;\r
+ nwalDmRxPayloadInfo_t * rx_sb_meta;\r
nwalDmTxPayloadInfo_t * tx_sb_meta;\r
} u;\r
void * sa_handle; //valid for PKTIO_META_TX with IPSEC inflow or PKTIO_PKTIO_META_SB_TX . \r
index 4e841694bb6a443d50e5b6ebe316b32922657878..4f0082b84a226215b5b78701bd8c3a65ae7d8a4a 100755 (executable)
void *netcp_cfgp_get_sa_handles( NETAPI_NWAL_GLOBAL_CONTEXT_T *p,\r
int sa_slot, void ** p_sideband);\r
void* netcp_cfgp_get_mac_handle(NETAPI_NWAL_GLOBAL_CONTEXT_T *p,int iface_no);\r
-\r
+NetapiNwalTransInfo_t * netapip_GetFreeTransInfo(NETAPI_GLOBAL_T *p_global, nwal_TransID_t *pTransId);\r
+void *netcp_cfgp_get_policy( NETAPI_NWAL_GLOBAL_CONTEXT_T *p,\r
+ int policy_slot);\r
\r
#endif\r
index d8f85fa60d86241debeb9bb9b6b5a947e885221a..9ec00c088ebbb9cc50eb4df4909c174e26a6edaa 100644 (file)
-
/**************************************************************
* FILE PURPOSE : NETAPI SECURITY CONFIGURATION-
* user space access to security transport resources on SOC
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*****************************************************************************/
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
#include "netapi.h"
#include "netapi_loc.h"
unsigned int appId = NETAPI_NETCP_MATCH_IPSEC | iface_no;
int tunnelId;
nwalSaIpSecId_t saInfo;
+int have_to_wait=1;
nwalCreateSAParams_t createParam =
{
/* mac handle */
pTransInfo->state == NETAPI_NWAL_HANDLE_STATE_OPEN_PENDING;
retValue = nwal_setSecAssoc (((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
trans_id,
- appId,
+ (nwal_AppId) appId,
&saInfo,
&createParam,
&pTransInfo->handle);
- if(retValue != nwal_OK)
+ if(retValue == nwal_TRANS_COMPLETE)
+ {
+ have_to_wait=0;
+ }
+ else if(retValue != nwal_OK)
{
*perr = NETAPI_ERR_NWAL_ERR0;
printf (">netapi_sec - ERROR: nwal_setSecAssoc returned Error Code %d\n",
//wait here until its done since scheduler isn't running yet most likely..
// todo: make this handled by scheduler poll later ??
- if(trans_id != NWAL_TRANSID_SPIN_WAIT)
+ if((trans_id != NWAL_TRANSID_SPIN_WAIT)&&(have_to_wait))
{
n->nwal_local.numPendingCfg++;
while ((volatile) n->nwal_local.numPendingCfg)
int tunnelId = (sa_app_id >>8) &0xffff;
void * handle_inflow;
void * handle_sideband;
+int have_to_wait = 1;
handle_inflow = netcp_cfgp_get_sa_handles(&netapi_get_global()->nwal_context,
tunnelId, &handle_sideband);
((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
trans_id,
handle_inflow);
+ if(retValue == nwal_TRANS_COMPLETE)
+ {
+ have_to_wait=0;
+ }
+ else
if(retValue != nwal_OK)
{
*perr = NETAPI_ERR_NWAL_ERR0;
}
//wait here until its done since scheduler isn't running yet most likely..
// todo: make this handled by scheduler poll later ??
- if(trans_id != NWAL_TRANSID_SPIN_WAIT)
+ if((trans_id != NWAL_TRANSID_SPIN_WAIT)&&(have_to_wait))
{
n->nwal_local.numPendingCfg++;
while ((volatile) n->nwal_local.numPendingCfg)
retValue = nwal_setSecPolicy (((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
trans_id,
- appId,
+ (nwal_AppId) appId,
&createParam,
&pTransInfo->handle);
if(retValue != nwal_OK)
index c6bee3250834cfafd86d38fe8ce9511926d94fb1..4c038e204472485a4ae1af86ddc4a119132dc0b4 100755 (executable)
n= (p->max_n< PKTIO_MAX_RECV) ? p->max_n : PKTIO_MAX_RECV;\r
for(r=0;r<n;r++)\r
{\r
- temp=(Cppi_HostDesc*)QMSS_DESC_PTR(Qmss_queuePop(p->q));\r
+ temp=(Ti_Pkt*)(Cppi_HostDesc*)QMSS_DESC_PTR(Qmss_queuePop(p->q));\r
if(!temp) break;\r
/* process meta data */\r
pkt_list[r]= temp;\r
index fd5315aaed8de1dd17d240658f83fbbdf8c729bf..cbade343e2ff9e043d617db7dad2da3857660ab7 100644 (file)
#include "pktio.h"\r
#include <sys/resource.h>\r
\r
-//IPSEC MODE\r
-//#define IPSEC_MODE_INFLOW\r
-#define IPSEC_MODE_SIDEBAND\r
+//IPSEC MODE(only choose one rx and one tx)\r
+//#define IPSEC_MODE_RX_INFLOW\r
+//#define IPSEC_MODE_TX_INFLOW\r
+#define IPSEC_MODE_RX_SIDEBAND\r
+#define IPSEC_MODE_TX_SIDEBAND\r
\r
/*************debug********************/\r
void dump_descr(unsigned long *p, int n)\r
long sb_tx;\r
long sb_rx;\r
long secp_rx;\r
+ long n_auth_ok;\r
} STATS_T;\r
\r
typedef struct head_t\r
return b; \r
}\r
\r
+\r
+/*--------------------------------------------------------------\r
+ *----------utility to flip a packet and send \r
+ *--------------------back to source----------------------------\r
+ * flag=1 => ipsec\r
+ *--------------------------------------------------------------*/\r
+void flip_and_send_pkt(Ti_Pkt *tip, unsigned char * p_pkt, int len, int flag)\r
+{\r
+unsigned char mac_temp[6];\r
+unsigned char ip_temp[4];\r
+unsigned char new_dest_port[2]={0x75,0x30}; // 30000\r
+uint16_t blah; \r
+//mac\r
+memcpy(&mac_temp,&p_pkt[0],6);\r
+memcpy(&p_pkt[0],&p_pkt[6],6);\r
+memcpy(&p_pkt[6],&mac_temp,6);\r
+//memcpy(&p_pkt[0],real_mac_header,6); //for testing to wireshark pc\r
+\r
+//ip (outer in case of ipsec)\r
+memcpy(&ip_temp, &p_pkt[14+12],4);\r
+memcpy(&p_pkt[14+12],&p_pkt[14+12+4],4);\r
+memcpy(&p_pkt[14+12+4],&ip_temp,4);\r
+\r
+//outer checksum to 0\r
+if (!flag) memset(&p_pkt[14+10],0,2);\r
+\r
+//inner ip &udp for ipsec\r
+if (flag) \r
+{\r
+\r
+//spi\r
+//memset(&p_pkt[14+20],0x88,4); \r
+//inner ip\r
+memcpy(&ip_temp, &p_pkt[14+20+8+16+12],4);\r
+memcpy(&p_pkt[14+20+8+16+12],&p_pkt[14+20+8+16+12+4],4);\r
+memcpy(&p_pkt[14+20+8+16+12+4],&ip_temp,4);\r
+\r
+//udp\r
+memcpy(&p_pkt[14+20+8+16+20+2],&new_dest_port[0],2);\r
+memset(&p_pkt[14+20+8+16+20+6],0,2); //checksum\r
+\r
+#ifdef IPSEC_MODE_TX_SIDEBAND\r
+\r
+//inner ip checksum : leave alone\r
+#if 0\r
+blah=test_utilOnesCompChkSum (&p_pkt[14+20+8+16], 10);\r
+p_pkt[14+20+8+16+10]= (blah&0xff00)>>8;\r
+p_pkt[14+20+8+16+11]= blah&0xff;\r
+#endif\r
+\r
+//tbd udp checksum (leave at 0)\r
+\r
+//outer ip, set to 0 (we will compute on way out\r
+memset(&p_pkt[14+10],0,2);\r
+\r
+#else //inflow, don't touch outer , clear inner \r
+memset(&p_pkt[14+20+8+16+10],0,2); //inner checksum, we will compute on way out\r
+//outer ip checksum : leave alone\r
+#if 0\r
+blah = test_utilOnesCompChkSum (&p_pkt[14], 10);\r
+p_pkt[14+10]= (blah&0xff00)>>8;\r
+p_pkt[14+11]= blah&0xff;\r
+#endif\r
+#endif\r
+}\r
+else\r
+{\r
+memset(&p_pkt[14+20+6],0,2);//0 udp checksum (we will compute on way out\r
+memcpy(&p_pkt[14+20+2],&new_dest_port[0],2);\r
+}\r
+\r
+//IPSEC case, \r
+if (flag)\r
+{\r
+#ifdef IPSEC_MODE_TX_SIDEBAND\r
+ //send to crypto for encryption\r
+//12 byte auth tag\r
+ {\r
+ PKTIO_METADATA_T meta = {PKTIO_META_SB_TX,{0},0};\r
+ int err;\r
+ nwalDmTxPayloadInfo_t meta_tx={0};\r
+ meta.sa_handle=tx_data_mode_handle; //use TX SA context\r
+ meta_tx.ploadLen = len;\r
+ meta_tx.encOffset = 14+20+8+16 ;\r
+ meta_tx.authOffset =14+20 ;\r
+ meta_tx.encSize=len - 14- 20-8-16-12;\r
+ meta_tx.authSize= len -14-20-12;\r
+ meta_tx.encIvSize=16;\r
+ meta_tx.pEncIV= &p_pkt[14+20+8]; //just use same IV..\r
+ meta_tx.authIvSize=0;\r
+ meta_tx.pAuthIV=NULL;\r
+ meta_tx.aadSize=0;\r
+ meta_tx.pAad=NULL;\r
+ /* post it to netcp sb tx channel*/\r
+ meta.u.tx_sb_meta=&meta_tx;\r
+ pktio_send(netcp_sb_tx_chan,tip,&meta,&err);\r
+ }\r
+\r
+#else\r
+ {\r
+ //inflow tx\r
+ //send pkt directly, asking for IP and UDP checksum offloads AND IPSEC to be applied\r
+ PKTIO_METADATA_T meta = {PKTIO_META_TX,{0},0};\r
+ int err;\r
+ nwalTxPktInfo_t meta_tx={0};\r
+ meta.sa_handle=tx_inflow_mode_handle; //this tells netapi that inflow crypto needs to be applied\r
+ meta_tx.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM|NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_DO_IPSEC_CRYPTO| NWAL_TX_FLAG1_META_DATA_VALID );\r
+ meta_tx.saOffBytes=14+20; \r
+ meta_tx.saPayloadLen=len-14-20; //don't include tag, mac and outer header\r
+ meta_tx.startOffset = 0;\r
+ meta_tx.ipOffBytes = 14+20+8+16; //to inner header\r
+ meta_tx.l4OffBytes = 14+20+8+16+20; //to L4 \r
+ meta_tx.l4HdrLen = 8;\r
+ meta_tx.ploadLen = (unsigned) ((p_pkt[14+20+8+16+20+4]<<8)|p_pkt[14+20+8+16+20+4+1]) -8 ;\r
+ meta_tx.pseudoHdrChecksum =\r
+ test_utilGetIpv4PsudoChkSum(&p_pkt[14+20+8+16],8+ meta_tx.ploadLen);\r
+\r
+ /* post it to netcp tx channel*/\r
+ meta.u.tx_meta=&meta_tx;\r
+ pktio_send(netcp_tx_chan,tip,&meta,&err);\r
+ stats.tx +=1;\r
+ stats.sec_tx +=1;\r
+ }\r
+#endif\r
+\r
+\r
+}\r
+else //non ipsec send pkt directly, asking for IP and UDP checksum ofload\r
+{\r
+ PKTIO_METADATA_T meta2 = {PKTIO_META_TX,{0},0};\r
+ int err;\r
+ nwalTxPktInfo_t meta_tx2={0};\r
+ meta2.sa_handle=nwal_HANDLE_INVALID;\r
+ meta_tx2.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM|NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID );\r
+ meta_tx2.startOffset = 0;\r
+ meta_tx2.ipOffBytes = 14;\r
+ meta_tx2.l4OffBytes = 14+20;\r
+ meta_tx2.l4HdrLen = 8;\r
+ meta_tx2.ploadLen = (unsigned) ((p_pkt[14+20+4]<<8)|p_pkt[14+20+4+1]) -8 ;\r
+ meta_tx2.pseudoHdrChecksum =\r
+ test_utilGetIpv4PsudoChkSum(&p_pkt[14],8+ meta_tx2.ploadLen);\r
+\r
+ /* post it to netcp tx channel*/\r
+ meta2.u.tx_meta=&meta_tx2;\r
+ pktio_send(netcp_tx_chan,tip,&meta2,&err);\r
+ stats.tx +=1;\r
+}\r
+}\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
/****************************************************************************************/\r
/******************SB Accelerator Callback PKT RECEIVE HANDLER *************************/\r
+/****************** Handles Decrypt and Encrypt operation callbacks ******************/\r
/******************************************************************************************/\r
void recv_sb_cb(struct PKTIO_HANDLE_Tag * channel, Ti_Pkt* p_recv[],\r
PKTIO_METADATA_T meta[], int n_pkts,\r
char * p_pkt;\r
HEAD_T * p_head;\r
HEAD_T temp_head;\r
+int tag_cmp=0;\r
+unsigned int hash[3];\r
\r
/* loop over received pkts */\r
for(i=0;i<n_pkts;i++)\r
tip = p_recv[i];\r
Pktlib_getDataBuffer(tip,(uint8_t**)&p_pkt,&templen);//ignore templen\r
len = Pktlib_getPacketLen(tip);//real length\r
- stats.sb_rx+=1;\r
- if(stats.sb_rx<=16)\r
+\r
+ //is this a decrypt (rx_tunnel) complete\r
+ if (meta[i].u.rx_sb_meta->appId == rx_tunnel)\r
{\r
- dump_header((long*)p_pkt, stats.rx, meta[i].u.rx_meta->appId,0);\r
+ stats.sb_rx+=1;\r
+ //copy hash out of meta data (for some reason it needs endian conversion)\r
+ hash[0]= htonl( meta[i].u.rx_sb_meta->pAuthTag[0]);\r
+ hash[1]= htonl( meta[i].u.rx_sb_meta->pAuthTag[1]);\r
+ hash[2]= htonl( meta[i].u.rx_sb_meta->pAuthTag[2]);\r
+\r
+ if(stats.sb_rx<=16)\r
+ {\r
+ char *tp = (char *) &hash[0];\r
+ dump_header((long*)p_pkt, stats.sb_rx, meta[i].u.rx_sb_meta->appId,0);\r
+ printf("tag in pkt=%x %x %x %x %x %x %x %x %x %x %x %x\n",\r
+ p_pkt[len-12],p_pkt[len-11],p_pkt[len-10],p_pkt[len-9], p_pkt[len-8],\r
+ p_pkt[len-7],p_pkt[len-6],\r
+ p_pkt[len-5],p_pkt[len-4],p_pkt[len-3],p_pkt[len-2],p_pkt[len-1]);\r
+ printf("tag from SA=%x %x %x %x %x %x %x %x %x %x %x %x\n",\r
+ tp[0],tp[1],tp[2],tp[3],tp[4],tp[5],\r
+ tp[6],tp[7],tp[8],tp[9],tp[10],tp[11]);\r
+ }\r
+ //check tag \r
+ tag_cmp = memcmp(&p_pkt[len-12],(char*) &hash[0],12); //todo, really use meta->authTagLen\r
+ stats.n_auth_ok += !(tag_cmp);\r
+ flip_and_send_pkt(tip, p_pkt, len,1); //flip packet to echo back and send\r
}\r
- send_pkt(tip,len);\r
- stats.tx+=1;\r
+ //this is an encrypt (tx tunnel) complete\r
+ else if(meta[i].u.rx_sb_meta->appId== tx_tunnel )\r
+ {\r
+ hash[0]= htonl( meta[i].u.rx_sb_meta->pAuthTag[0]);\r
+ hash[1]= htonl( meta[i].u.rx_sb_meta->pAuthTag[1]);\r
+ hash[2]= htonl( meta[i].u.rx_sb_meta->pAuthTag[2]);\r
+ stats.sb_tx+=1;\r
+ if(stats.sb_tx<=16)\r
+ {\r
+ char *tp1 = (char *) &hash[0];\r
+ dump_header((long*)p_pkt, stats.sb_tx, meta[i].u.rx_sb_meta->appId,0);\r
+ printf("tag in original rx pkt=%x %x %x %x %x %x %x %x %x %x %x %x\n",\r
+ p_pkt[len-12],p_pkt[len-11],p_pkt[len-10],p_pkt[len-9], p_pkt[len-8],\r
+ p_pkt[len-7],p_pkt[len-6],\r
+ p_pkt[len-5],p_pkt[len-4],p_pkt[len-3],p_pkt[len-2],p_pkt[len-1]);\r
+\r
+ printf("tag from SA=%x %x %x %x %x %x %x %x %x %x %x %x\n",\r
+ tp1[0],tp1[1],tp1[2],tp1[3],tp1[4],tp1[5],\r
+ tp1[6],tp1[7],tp1[8],tp1[9],tp1[10],tp1[11]);\r
+ }\r
+ //put the computed tag in the packet\r
+ memcpy(&p_pkt[len-12],(char*)&hash[0],12); //todo, really use meta->authTagLen\r
+ {\r
+ PKTIO_METADATA_T meta2 = {PKTIO_META_TX,{0},0};\r
+ nwalTxPktInfo_t meta_tx={0};\r
+ // now send directly \r
+ meta2.sa_handle=nwal_HANDLE_INVALID;\r
+ meta_tx.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID);//only outer IP header checksum. no udp checksum possible since pkt is already encrypted\r
+ meta_tx.startOffset = 0;\r
+ meta_tx.ipOffBytes = 14;\r
+ //not used\r
+ meta_tx.l4OffBytes = 0;\r
+ meta_tx.l4HdrLen = 0;\r
+ meta_tx.ploadLen = 0;\r
+\r
+ /* post it to netcp tx channel*/\r
+ meta2.u.tx_meta=&meta_tx;\r
+ pktio_send(netcp_tx_chan,tip,&meta2,&err);\r
+ stats.tx +=1;\r
+ }\r
+ }\r
+ else printf("netapi recv_sb_cb: unknown appiD %x \n",meta[i].u.rx_sb_meta->appId );\r
}\r
}\r
\r
{\r
tip = p_recv[i];\r
Pktlib_getDataBuffer(tip,(uint8_t**)&p_pkt,&templen);//ignore templen\r
- len = Pktlib_getPacketLen(tip);//real length\r
+ len = Pktlib_getPacketLen(tip)-4;//real length, subtract mac trailer\r
\r
//debug: validate descriptor */\r
if(Pktlib_getNextPacket(tip) != 0) {printf(" rcv_cb, nexpkt != NULL");}\r
/* check header */\r
memcpy(p_head,&p_pkt[14],sizeof(HEAD_T));\r
\r
- //process IP SEC PACKET\r
-#ifdef IPSEC_MODE_SIDEBAND\r
if ((p_head->ip[2]&0x0000ff00)==0x00003200)\r
{\r
- //20 byte auth tag\r
- PKTIO_METADATA_T meta = {PKTIO_META_SB_TX,{0},0};\r
- nwalDmTxPayloadInfo_t meta_tx;\r
- meta.sa_handle=rx_data_mode_handle;\r
+ if (!check_header(p_head,&meta[i])) {\r
+ stats.n_bad+=1;Pktlib_freePacket(tip); continue;\r
+ }\r
+ \r
+ //process IP SEC PACKET\r
+#ifdef IPSEC_MODE_RX_SIDEBAND\r
+ {\r
+ //ship to crypto for decrypt!!\r
+ //12 byte auth tag\r
+ PKTIO_METADATA_T meta2 = {PKTIO_META_SB_TX,{0},0};\r
+ nwalDmTxPayloadInfo_t meta_tx={0};\r
+ meta2.sa_handle=rx_data_mode_handle;\r
meta_tx.ploadLen = len;\r
- meta_tx.encOffset = &p_pkt[14+20+8+16] ;\r
- meta_tx.authOffset = &p_pkt[14+20] ;\r
- meta_tx.encSize=len - 12 - 14- 20-8-16;\r
- meta_tx.authSize= len -14-20;\r
+ meta_tx.encOffset = 14+20+8+16 ;\r
+ meta_tx.authOffset =14+20 ;\r
+ meta_tx.encSize=len - 14- 20-8-16-12;\r
+ meta_tx.authSize= len -14-20-12;\r
meta_tx.encIvSize=16;\r
meta_tx.pEncIV= &p_pkt[14+20+8];\r
meta_tx.authIvSize=0;\r
meta_tx.aadSize=0;\r
meta_tx.pAad=NULL;\r
/* post it to netcp sb tx channel*/\r
- meta.u.tx_sb_meta=&meta_tx;\r
- pktio_send(netcp_sb_tx_chan,tip,&meta,&err);\r
+ meta2.u.tx_sb_meta=&meta_tx;\r
+ pktio_send(netcp_sb_tx_chan,tip,&meta2,&err);\r
continue;\r
}\r
+#else \r
+ //inflow mode. flip and send\r
+ flip_and_send_pkt(tip,p_pkt,len,1);\r
#endif\r
+ }\r
+ else //non ipsec\r
+ {\r
if (!check_header(p_head,&meta[i])) { \r
stats.n_bad+=1;Pktlib_freePacket(tip); continue;\r
}\r
\r
+#if 0\r
/* lookup flow */\r
key.src_ip = p_head->ip[3];\r
key.dst_ip = p_head->ip[4];\r
\r
/* 'simulate' send pkt */\r
send_pkt(tip,len);\r
- stats.tx+=1;\r
+#endif\r
+ //just flip and send\r
+ flip_and_send_pkt(tip,p_pkt,len,0);\r
}\r
+ }\r
//printf("recv done\n");\r
}\r
\r
\r
printf(">*****stats @ %lld\n", netapi_getTimestamp());\r
//printf("netcp_tx_handle check %x\n", netcp_tx_chan->back);\r
-printf(">itx=%d rx=%d tx=%d bad=%d slow=%d \n>rx_class0=%d rx_class1=%d rx_class2=%d secRx=%d secPRX=%d sb_tx=%d sb_rx=%d\n n_t1=%d n_t2=%d n_t3=%d\n",stats.itx, stats.rx, stats.tx, stats.n_bad, stats.n_new, \r
+printf(">itx=%d rx=%d tx=%d bad=%d slow=%d \n>rx_class0=%d rx_class1=%d rx_class2=%d secRx=%d secPRX=%d sb_rx=%d sb_tx=%d auth_ok=%d\n n_t1=%d n_t2=%d n_t3=%d\n",stats.itx, stats.rx, stats.tx, stats.n_bad, stats.n_new, \r
stats.n_class0_rx, stats.n_class1_rx, \r
- stats.n_class2_rx, stats.sec_rx, stats.secp_rx, stats.sb_rx, stats.sb_tx, stats.n_t1, stats.n_t2,stats.n_t3);\r
+ stats.n_class2_rx, stats.sec_rx, stats.secp_rx, stats.sb_rx, stats.sb_tx, stats.n_auth_ok,\r
+ stats.n_t1, stats.n_t2,stats.n_t3);\r
\r
if(pPaStats)\r
{\r
\r
/* set up meta data */\r
meta.sa_handle=nwal_HANDLE_INVALID;\r
- meta_tx.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM | NWAL_TX_FLAG1_DO_UDP_CHKSUM);\r
+ meta_tx.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM | NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID);\r
meta_tx.startOffset = 0;\r
//GONE in V2 meta_tx.pktLen = len;\r
meta_tx.ipOffBytes = TEST_PKT_IP_OFFSET_BYTES;\r
0, //iface #0 \r
&rx_sa,\r
&ourRXKeyParams,\r
-#ifdef IPSEC_MODE_SIDEBAND\r
+#ifdef IPSEC_MODE_RX_SIDEBAND\r
NETAPI_SEC_SA_SIDEBAND,\r
#else\r
NETAPI_SEC_SA_INFLOW, //USE inflow mode\r
&err);\r
if (err) {printf("addRxSa failed %d\n",err); exit(1);}\r
\r
-#ifdef IPSEC_MODE_INFLOW\r
+#ifdef IPSEC_MODE_RX_INFLOW\r
//assume inner and outer ip is the same\r
rx_policy= netapi_secAddRxPolicy( netapi_handle,\r
rx_tunnel, //link to tunnel above\r
#endif\r
#endif\r
\r
-//todo tx SA\r
+//tx SA\r
+//security stuff \r
+ourTXKeyParams.pEncKey = &ourEncrKey[0];\r
+ourTXKeyParams.pAuthKey = &ourAuthKey[0];\r
+memcpy(&tx_sa.src, &OurIp4IPSEC,4);\r
+memcpy(&tx_sa.dst, &TheirIp4IPSEC,4);\r
+tx_tunnel = netapi_secAddSA( netapi_handle,\r
+ 0, //iface #0 \r
+ &tx_sa,\r
+ &ourTXKeyParams,\r
+#ifdef IPSEC_MODE_TX_SIDEBAND\r
+ NETAPI_SEC_SA_SIDEBAND,\r
+#else\r
+ NETAPI_SEC_SA_INFLOW, //USE inflow mode\r
+#endif\r
+ NULL, //use default route \r
+ &tx_data_mode_handle,\r
+ &tx_inflow_mode_handle,\r
+ &err);\r
+if (err) {printf("addTxSa failed %d\n",err); exit(1);}\r
+\r
+\r
\r
//timers\r
ourTimerBlock = netapi_TimerGroupCreate(\r
\r
//delete tunnels\r
netapi_secDelSA(netapi_handle, 0, rx_tunnel, &err);\r
+netapi_secDelSA(netapi_handle, 0, tx_tunnel, &err);\r
#endif\r
\r
//delete IPs and MAC Interfacess\r
index 481e66b670dd88dfa85a90626d8b53a2fc3fc26a..9db33e52ce0a74c6e8bd1a22feb4faa4486bda86 100755 (executable)
POSSIBILITY OF SUCH DAMAGE.\r
\r
*ALSO: TI modifications made to support binary data keys\r
-\r
+*\r
* Copyright (c) Texas Instruments Incorporated 2010-2011\r
- * \r
- * Redistribution and use in source and binary forms, with or without \r
- * modification, are permitted provided that the following conditions \r
- * are met:\r
- *\r
- * Redistributions of source code must retain the above copyright \r
- * notice, this list of conditions and the following disclaimer.\r
- *\r
- * Redistributions in binary form must reproduce the above copyright\r
- * notice, this list of conditions and the following disclaimer in the \r
- * documentation and/or other materials provided with the \r
- * distribution.\r
- *\r
- * Neither the name of Texas Instruments Incorporated nor the names of\r
- * its contributors may be used to endorse or promote products derived\r
- * from this software without specific prior written permission.\r
- *\r
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \r
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \r
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\r
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \r
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \r
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \r
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\r
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\r
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \r
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \r
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
-* \r
-\r
*/\r
\r
/* Trie: fast mapping of strings to values */\r
index 67ca46277542ad4b7f1e419dfd131a60e571d5e3..fda1870424ae19ef9399b9bcf2f3fd71ce601771 100755 (executable)
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE \r
POSSIBILITY OF SUCH DAMAGE.\r
\r
+ * Copyright (c) Texas Instruments Incorporated 2010-2011\r
* ALSO: TI mods to support binary keys\r
* REVISION HISTORY: rev 0.0.1 \r
*\r
- * Copyright (c) Texas Instruments Incorporated 2010-2011\r
- * \r
- * Redistribution and use in source and binary forms, with or without \r
- * modification, are permitted provided that the following conditions \r
- * are met:\r
- *\r
- * Redistributions of source code must retain the above copyright \r
- * notice, this list of conditions and the following disclaimer.\r
- *\r
- * Redistributions in binary form must reproduce the above copyright\r
- * notice, this list of conditions and the following disclaimer in the \r
- * documentation and/or other materials provided with the \r
- * distribution.\r
- *\r
- * Neither the name of Texas Instruments Incorporated nor the names of\r
- * its contributors may be used to endorse or promote products derived\r
- * from this software without specific prior written permission.\r
- *\r
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \r
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \r
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\r
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \r
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \r
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \r
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\r
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\r
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \r
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \r
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
-\r
-\r
-\r
*/\r
\r
/**\r