基於openswan klips的IPsec VPN實現分析(五)應用層和核心通訊(2)
基於openswan klips的IPsec VPN實現分析(五)應用層和核心通訊——核心操作
轉載請註明出處:http://blog.csdn.net/rosetta
在資料傳送一節講過,載入模組時會執行pfkey_init()初始化與使用者層通訊的PF_KEY套接字,在這個函式裡會把支援的協議和演算法加到pfkey_supported_list[]全域性陣列中,並在sock_register ()函式裡註冊PF_KEY套接字操作函式sock->ops = &pfkey_ops ,pfkey_ops內容如下。
struct proto_ops SOCKOPS_WRAPPED(pfkey_ops)= {
family: PF_KEY,
owner: THIS_MODULE,
release: pfkey_release,
bind: sock_no_bind,
connect: sock_no_connect,
socketpair: sock_no_socketpair,
accept: sock_no_accept,
getname: sock_no_getname,
poll: datagram_poll,
ioctl: sock_no_ioctl,
listen: sock_no_listen,
shutdown: pfkey_shutdown,
setsockopt: sock_no_setsockopt,
getsockopt: sock_no_getsockopt,
sendmsg: pfkey_sendmsg,
mmap: sock_no_mmap,
}
pfkey_recvmsg()用於接收從應用層通過PF_EKY套接字傳送過來的訊息,pfkey_sendmsg()用於傳送訊息給監聽PF_KEY套接字的應用層程式,。
pfkey_sendmsg ()會根據接收到的訊息sadb_msg_satype和sadb_msg_type
sadb_msg_satype有如下值:
#define SADB_SATYPE_UNSPEC 0
#define SADB_SATYPE_AH 2
#define SADB_SATYPE_ESP 3
#define SADB_SATYPE_RSVP 5
#define SADB_SATYPE_OSPFV2 6
#define SADB_SATYPE_RIPV2 7
#define SADB_SATYPE_MIP 8
#define SADB_X_SATYPE_IPIP 9
#ifdef KERNEL26_HAS_KAME_DUPLICATES
#define SADB_X_SATYPE_IPCOMP 9 /* ICK! */
#endif
#define SADB_X_SATYPE_COMP 10
#define SADB_X_SATYPE_INT 11
#define SADB_SATYPE_MAX 11
sadb_msg_type有如下值:
#define SADB_RESERVED 0
#define SADB_GETSPI 1
#define SADB_UPDATE 2
#define SADB_ADD 3
#define SADB_DELETE 4
#define SADB_GET 5
#define SADB_ACQUIRE 6
#define SADB_REGISTER 7
#define SADB_EXPIRE 8
#define SADB_FLUSH 9
#define SADB_DUMP 10
#define SADB_X_PROMISC 11
#define SADB_X_PCHANGE 12
#define SADB_X_GRPSA 13
#define SADB_X_ADDFLOW 14
#define SADB_X_DELFLOW 15
#define SADB_X_DEBUG 16
#define SADB_X_NAT_T_NEW_MAPPING 17
#define SADB_MAX 17
msg_parsers[]指標陣列內容如下(Linux自帶的pfkey相關陣列為pfkey_funcs[]):
DEBUG_NO_STATIC int (*msg_parsers[SADB_MAX +1])(struct sock*sk, struct sadb_ext *extensions[], stru
=
{
NULL, /* RESERVED */
pfkey_getspi_parse, //獲取SPI
pfkey_update_parse,//更新SA
pfkey_add_parse, //增加SA
pfkey_delete_parse,//5 //刪除SA
pfkey_get_parse, //獲取SA
pfkey_acquire_parse, //請求操作
pfkey_register_parse, //註冊
pfkey_expire_parse, //到期
pfkey_flush_parse,//10 //清空SA
pfkey_dump_parse, //傾斜SA
pfkey_x_promisc_parse, //混雜模式
pfkey_x_pchange_parse, //
pfkey_x_grpsa_parse, //歸組SA
pfkey_x_addflow_parse,//15
pfkey_x_delflow_parse,
pfkey_x_msg_debug_parse
#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
,pfkey_x_nat_t_new_mapping_parse
#endif
};