Helper routines for IPsec. More...
Go to the source code of this file.
Functions | |
| IpsecSpdEntry * | ipsecFindSpdEntry (IpsecContext *context, IpsecPolicyAction policyAction, const IpsecSelector *selector) |
| Search the SPD database for a matching entry. More... | |
| int_t | ipsecAllocateSadEntry (IpsecContext *context) |
| Allocate a new entry in the SAD database. More... | |
| IpsecSadEntry * | ipsecFindInboundSadEntry (IpsecContext *context, IpsecProtocol protocol, uint32_t spi) |
| Search the SAD database for a matching inbound entry. More... | |
| IpsecSadEntry * | ipsecFindOutboundSadEntry (IpsecContext *context, const IpsecSelector *selector) |
| Search the SAD database for a matching outbound entry. More... | |
| IpsecPadEntry * | ipsecFindPadEntry (IpsecContext *context, uint8_t idType, const uint8_t *id, size_t idLen) |
| Find PAD entry that matches the specified identification data. More... | |
| bool_t | ipsecIsSubsetSelector (const IpsecSelector *selector1, const IpsecSelector *selector2) |
| Test if a selector is a subset of another selector. More... | |
| bool_t | ipsecIntersectSelectors (const IpsecSelector *selector1, const IpsecSelector *selector2, IpsecSelector *result) |
| Calculate the intersection of two selectors. More... | |
| error_t | ipsecDeriveSelector (const IpsecSpdEntry *spdEntry, const IpsecPacketInfo *packet, IpsecSelector *selector) |
| Derive SAD selector from SPD entry and triggering packet. More... | |
Variables | |
| const uint8_t | IPSEC_INVALID_SPI [4] = {0} |
Detailed Description
Helper routines for IPsec.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneIPSEC Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file ipsec_misc.c.
Function Documentation
◆ ipsecAllocateSadEntry()
| int_t ipsecAllocateSadEntry | ( | IpsecContext * | context | ) |
Allocate a new entry in the SAD database.
- Parameters
-
[in] context Pointer to the IPsec context
- Returns
- Index of the newly allocated entry
Definition at line 96 of file ipsec_misc.c.
◆ ipsecDeriveSelector()
| error_t ipsecDeriveSelector | ( | const IpsecSpdEntry * | spdEntry, |
| const IpsecPacketInfo * | packet, | ||
| IpsecSelector * | selector | ||
| ) |
Derive SAD selector from SPD entry and triggering packet.
- Parameters
-
[in] spdEntry Pointer to the SPD entry [in] packet Triggering packet [out] selector SAD selector
- Returns
- Error code
Definition at line 802 of file ipsec_misc.c.
◆ ipsecFindInboundSadEntry()
| IpsecSadEntry* ipsecFindInboundSadEntry | ( | IpsecContext * | context, |
| IpsecProtocol | protocol, | ||
| uint32_t | spi | ||
| ) |
Search the SAD database for a matching inbound entry.
- Parameters
-
[in] context Pointer to the IPsec context [in] protocol Security protocol (AH or ESP) [in] spi Security parameter index
- Returns
- Pointer to the matching SAD entry, if any
Definition at line 134 of file ipsec_misc.c.
◆ ipsecFindOutboundSadEntry()
| IpsecSadEntry* ipsecFindOutboundSadEntry | ( | IpsecContext * | context, |
| const IpsecSelector * | selector | ||
| ) |
Search the SAD database for a matching outbound entry.
- Parameters
-
[in] context Pointer to the IPsec context [in] selector Pointer to the IPsec selector
- Returns
- Pointer to the SAD entry, if any
Definition at line 174 of file ipsec_misc.c.
◆ ipsecFindPadEntry()
| IpsecPadEntry* ipsecFindPadEntry | ( | IpsecContext * | context, |
| uint8_t | idType, | ||
| const uint8_t * | id, | ||
| size_t | idLen | ||
| ) |
Find PAD entry that matches the specified identification data.
- Parameters
-
[in] context Pointer to the IPsec context [in] idType ID type [in] id Pointer to the identification data [in] idLen Length of the identification data, in bytes
- Returns
- Pointer to the matching PAD entry, if any
Definition at line 243 of file ipsec_misc.c.
◆ ipsecFindSpdEntry()
| IpsecSpdEntry* ipsecFindSpdEntry | ( | IpsecContext * | context, |
| IpsecPolicyAction | policyAction, | ||
| const IpsecSelector * | selector | ||
| ) |
Search the SPD database for a matching entry.
- Parameters
-
[in] context Pointer to the IPsec context [in] policyAction Policy action [in] selector Pointer to the IPsec selector
- Returns
- Pointer to the matching SPD entry, if any
Definition at line 51 of file ipsec_misc.c.
◆ ipsecIntersectSelectors()
| bool_t ipsecIntersectSelectors | ( | const IpsecSelector * | selector1, |
| const IpsecSelector * | selector2, | ||
| IpsecSelector * | result | ||
| ) |
Calculate the intersection of two selectors.
- Parameters
-
[in] selector1 Pointer to the first IPsec selector [in] selector2 Pointer to the second IPsec selector [out] result Resulting IPsec selector
- Returns
- TRUE if there is a non-null intersection, else FALSE
Definition at line 545 of file ipsec_misc.c.
◆ ipsecIsSubsetSelector()
| bool_t ipsecIsSubsetSelector | ( | const IpsecSelector * | selector1, |
| const IpsecSelector * | selector2 | ||
| ) |
Test if a selector is a subset of another selector.
- Parameters
-
[in] selector1 Pointer to the first IPsec selector [in] selector2 Pointer to the second IPsec selector
- Returns
- TRUE is the first selector is a subset of the second selector, else FALSE
Definition at line 362 of file ipsec_misc.c.
Variable Documentation
◆ IPSEC_INVALID_SPI
| const uint8_t IPSEC_INVALID_SPI[4] = {0} |
Definition at line 40 of file ipsec_misc.c.