基於openswan klips的IPsec實現分析(五)應用層和內核通信——內核操作
轉載請註明出處:http://blog.csdn.net/rosetta
在數據發送一節講過,加載模塊時會執行pfkey_init()初始化與用戶層通信的PF_KEY套接字,在這個函數裏會把支持的協議和算法加到pfkey_supported_list[]全局數組中,並在sock_register ()函數裏註冊PF_KEY套接字操作函數sock->ops = &pfkey_ops ,pfkey_ops內容如下。
struct proto_ops SOCKOPS_WRAPPED(pfkey_ops)= {
family: PF_KEY,
owner: THIS_MODULE,
release: pfkey_release,
bind: sock_no_bind,
connect: sock_no_connect,
socketpair: sock_no_socketpair,
accept: sock_no_accept,
getname: sock_no_getname,
poll: datagram_poll,
ioctl: sock_no_ioctl,
listen: sock_no_listen,
shutdown: pfkey_shutdown,
setsockopt: sock_no_setsockopt,
getsockopt: sock_no_getsockopt,
sendmsg: pfkey_sendmsg,
recvmsg: pfkey_recvmsg,
mmap: sock_no_mmap,
}
pfkey_recvmsg()用於接收從應用層通過PF_EKY套接字傳送過來的消息,pfkey_sendmsg()用於發送消息給監聽PF_KEY套接字的應用層程序,。
pfkey_sendmsg ()會根據接收到的消息sadb_msg_satype和sadb_msg_type類型做不同的處理,用sadb_msg_type做爲msg_parsers[]數組下標從該指針數組選擇對應的處理函數指針。
sadb_msg_satype有如下值:
#define SADB_SATYPE_UNSPEC 0
#define SADB_SATYPE_AH 2
#define SADB_SATYPE_ESP 3
#define SADB_SATYPE_RSVP 5
#define SADB_SATYPE_OSPFV2 6
#define SADB_SATYPE_RIPV2 7
#define SADB_SATYPE_MIP 8
#define SADB_X_SATYPE_IPIP 9
#ifdef KERNEL26_HAS_KAME_DUPLICATES
#define SADB_X_SATYPE_IPCOMP 9 /* ICK! */
#endif
#define SADB_X_SATYPE_COMP 10
#define SADB_X_SATYPE_INT 11
#define SADB_SATYPE_MAX 11
sadb_msg_type有如下值:
#define SADB_RESERVED 0
#define SADB_GETSPI 1
#define SADB_UPDATE 2
#define SADB_ADD 3
#define SADB_DELETE 4
#define SADB_GET 5
#define SADB_ACQUIRE 6
#define SADB_REGISTER 7
#define SADB_EXPIRE 8
#define SADB_FLUSH 9
#define SADB_DUMP 10
#define SADB_X_PROMISC 11
#define SADB_X_PCHANGE 12
#define SADB_X_GRPSA 13
#define SADB_X_ADDFLOW 14
#define SADB_X_DELFLOW 15
#define SADB_X_DEBUG 16
#define SADB_X_NAT_T_NEW_MAPPING 17
#define SADB_MAX 17
msg_parsers[]指針數組內容如下(Linux自帶的pfkey相關數組爲pfkey_funcs[]):
DEBUG_NO_STATIC int (*msg_parsers[SADB_MAX +1])(struct sock*sk, struct sadb_ext *extensions[], stru
=
{
NULL, /* RESERVED */
pfkey_getspi_parse, //獲取SPI
pfkey_update_parse,//更新SA
pfkey_add_parse, //增加SA
pfkey_delete_parse,//5 //刪除SA
pfkey_get_parse, //獲取SA
pfkey_acquire_parse, //請求操作
pfkey_register_parse, //註冊
pfkey_expire_parse, //到期
pfkey_flush_parse,//10 //清空SA
pfkey_dump_parse, //傾斜SA
pfkey_x_promisc_parse, //混雜模式
pfkey_x_pchange_parse, //
pfkey_x_grpsa_parse, //歸組SA
pfkey_x_addflow_parse,//15
pfkey_x_delflow_parse,
pfkey_x_msg_debug_parse
#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
,pfkey_x_nat_t_new_mapping_parse
#endif
};