struct {
enum ipsec_xmit_value (*action)(struct ipsec_xmit_state *ixs);
int next_state;
} xmit_state_table[] = {
[IPSEC_XSM_INIT1] = {ipsec_xmit_init1, IPSEC_XSM_INIT2 },
[IPSEC_XSM_ENCAP_INIT] = {ipsec_xmit_encap_init, IPSEC_XSM_ENCAP_SELECT },
[IPSEC_XSM_ENCAP_SELECT] = {ipsec_xmit_encap_select, IPSEC_XSM_DONE },
[IPSEC_XSM_ESP] = {ipsec_xmit_esp, IPSEC_XSM_ESP_AH },
[IPSEC_XSM_ESP_AH] = {ipsec_xmit_esp_ah, IPSEC_XSM_CONT },
[IPSEC_XSM_AH] = {ipsec_xmit_ah, IPSEC_XSM_CONT },
[IPSEC_XSM_IPIP] = {ipsec_xmit_ipip, IPSEC_XSM_CONT },
[IPSEC_XSM_IPCOMP] = {ipsec_xmit_ipcomp, IPSEC_XSM_CONT },
[IPSEC_XSM_CONT] = {ipsec_xmit_cont, IPSEC_XSM_DONE },
[IPSEC_XSM_DONE] = {NULL, IPSEC_XSM_DONE},
};
ipsec_tunnel_start_xmit: IPSEC策略匹配流程
v
根据报文五元组匹配eroute, 根据eroute找到对应得到outgoing_id
v
根据outgoing_id找到对应的ipsec sa
v
ipsecsa便是封装测试,遍历ipsecsa链,统计封装需要的headroom和tailroom。
v
加密状态机
2020年11月30日
23:21
评论0
最新资源