net/ipv4/ipvs/ip_vs_proto_ah.c at v2.6.16-rc1

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / ipv4 / ipvs / ip_vs_proto_ah.c
at v2.6.16-rc1 179 lines 3.9 kB view raw
wrap content
  1/*
  2 * ip_vs_proto_ah.c:	AH IPSec load balancing support for IPVS
  3 *
  4 * Version:     $Id: ip_vs_proto_ah.c,v 1.1 2003/07/04 15:04:37 wensong Exp $
  5 *
  6 * Authors:	Julian Anastasov <ja@ssi.bg>, February 2002
  7 *		Wensong Zhang <wensong@linuxvirtualserver.org>
  8 *
  9 *		This program is free software; you can redistribute it and/or
 10 *		modify it under the terms of the GNU General Public License
 11 *		version 2 as published by the Free Software Foundation;
 12 *
 13 */
 14
 15#include <linux/in.h>
 16#include <linux/ip.h>
 17#include <linux/module.h>
 18#include <linux/kernel.h>
 19#include <linux/netfilter.h>
 20#include <linux/netfilter_ipv4.h>
 21
 22#include <net/ip_vs.h>
 23
 24
 25/* TODO:
 26
 27struct isakmp_hdr {
 28	__u8		icookie[8];
 29	__u8		rcookie[8];
 30	__u8		np;
 31	__u8		version;
 32	__u8		xchgtype;
 33	__u8		flags;
 34	__u32		msgid;
 35	__u32		length;
 36};
 37
 38*/
 39
 40#define PORT_ISAKMP	500
 41
 42
 43static struct ip_vs_conn *
 44ah_conn_in_get(const struct sk_buff *skb,
 45	       struct ip_vs_protocol *pp,
 46	       const struct iphdr *iph,
 47	       unsigned int proto_off,
 48	       int inverse)
 49{
 50	struct ip_vs_conn *cp;
 51
 52	if (likely(!inverse)) {
 53		cp = ip_vs_conn_in_get(IPPROTO_UDP,
 54				       iph->saddr,
 55				       __constant_htons(PORT_ISAKMP),
 56				       iph->daddr,
 57				       __constant_htons(PORT_ISAKMP));
 58	} else {
 59		cp = ip_vs_conn_in_get(IPPROTO_UDP,
 60				       iph->daddr,
 61				       __constant_htons(PORT_ISAKMP),
 62				       iph->saddr,
 63				       __constant_htons(PORT_ISAKMP));
 64	}
 65
 66	if (!cp) {
 67		/*
 68		 * We are not sure if the packet is from our
 69		 * service, so our conn_schedule hook should return NF_ACCEPT
 70		 */
 71		IP_VS_DBG(12, "Unknown ISAKMP entry for outin packet "
 72			  "%s%s %u.%u.%u.%u->%u.%u.%u.%u\n",
 73			  inverse ? "ICMP+" : "",
 74			  pp->name,
 75			  NIPQUAD(iph->saddr),
 76			  NIPQUAD(iph->daddr));
 77	}
 78
 79	return cp;
 80}
 81
 82
 83static struct ip_vs_conn *
 84ah_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp,
 85		const struct iphdr *iph, unsigned int proto_off, int inverse)
 86{
 87	struct ip_vs_conn *cp;
 88
 89	if (likely(!inverse)) {
 90		cp = ip_vs_conn_out_get(IPPROTO_UDP,
 91					iph->saddr,
 92					__constant_htons(PORT_ISAKMP),
 93					iph->daddr,
 94					__constant_htons(PORT_ISAKMP));
 95	} else {
 96		cp = ip_vs_conn_out_get(IPPROTO_UDP,
 97					iph->daddr,
 98					__constant_htons(PORT_ISAKMP),
 99					iph->saddr,
100					__constant_htons(PORT_ISAKMP));
101	}
102
103	if (!cp) {
104		IP_VS_DBG(12, "Unknown ISAKMP entry for inout packet "
105			  "%s%s %u.%u.%u.%u->%u.%u.%u.%u\n",
106			  inverse ? "ICMP+" : "",
107			  pp->name,
108			  NIPQUAD(iph->saddr),
109			  NIPQUAD(iph->daddr));
110	}
111
112	return cp;
113}
114
115
116static int
117ah_conn_schedule(struct sk_buff *skb,
118		 struct ip_vs_protocol *pp,
119		 int *verdict, struct ip_vs_conn **cpp)
120{
121	/*
122	 * AH is only related traffic. Pass the packet to IP stack.
123	 */
124	*verdict = NF_ACCEPT;
125	return 0;
126}
127
128
129static void
130ah_debug_packet(struct ip_vs_protocol *pp, const struct sk_buff *skb,
131		int offset, const char *msg)
132{
133	char buf[256];
134	struct iphdr _iph, *ih;
135
136	ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
137	if (ih == NULL)
138		sprintf(buf, "%s TRUNCATED", pp->name);
139	else
140		sprintf(buf, "%s %u.%u.%u.%u->%u.%u.%u.%u",
141			pp->name, NIPQUAD(ih->saddr),
142			NIPQUAD(ih->daddr));
143
144	printk(KERN_DEBUG "IPVS: %s: %s\n", msg, buf);
145}
146
147
148static void ah_init(struct ip_vs_protocol *pp)
149{
150	/* nothing to do now */
151}
152
153
154static void ah_exit(struct ip_vs_protocol *pp)
155{
156	/* nothing to do now */
157}
158
159
160struct ip_vs_protocol ip_vs_protocol_ah = {
161	.name =			"AH",
162	.protocol =		IPPROTO_AH,
163	.dont_defrag =		1,
164	.init =			ah_init,
165	.exit =			ah_exit,
166	.conn_schedule =	ah_conn_schedule,
167	.conn_in_get =		ah_conn_in_get,
168	.conn_out_get =		ah_conn_out_get,
169	.snat_handler =		NULL,
170	.dnat_handler =		NULL,
171	.csum_check =		NULL,
172	.state_transition =	NULL,
173	.register_app =		NULL,
174	.unregister_app =	NULL,
175	.app_conn_bind =	NULL,
176	.debug_packet =		ah_debug_packet,
177	.timeout_change =	NULL,		/* ISAKMP */
178	.set_state_timeout =	NULL,
179};
Configure Feed

Configure Feed
