Linux Network subsystem Security module detailed analysis of the file xfrm_state.c function introduction

Source: Internet
Author: User

2.4.4.4 external functions


1. Tasklet_hrtimer_start ()

Function Prototypes:

static inline int Tasklet_hrtimer_start (struct Tasklet_hrtimer *ttimer, ktime_t time, const enum Hrtimer_mode mode)

Function parameters: TTimer is a small task that contains a timer, time represents the temporal structure, and mode indicates whether the time pattern is relative or absolute time.

function function: Set a small task with a timer.

Return value: The timer returns 1 if it is in the queue, otherwise 0 is returned.


2.4.4.5 intrinsic functions

1. Xfrm_state_init ()

Function Prototypes:

int __net_init xfrm_state_init (struct net *net)

The function parameter: NET represents the network namespace, which contains some network equipment information, as well as protocol information.

function function: For the security association SA initialization, the main creation of the global SA linked list, as well as the establishment of the destination address, source address and SPI three set of hash table, each set of hash table contains 8 linked lists, the function also initializes the garbage collection list and waiting queue.

Return value: Successfully returned 0, failure returns no memory error.

2. Xfrm_state_alloc ()

Function Prototypes:

struct Xfrm_state *xfrm_state_alloc (struct net *net)

The function parameter: NET represents the network namespace, which contains some network equipment information, as well as protocol information.

function function: Allocates the SA structure and initializes the linked list, as well as the lifetime members.

Return value: Returns the SA structure.

3. Xfrm_state_insert ()

Function Prototypes:

void Xfrm_state_insert (struct xfrm_state *x)

Function parameter: parameter x is the SA structure that represents the SA to be inserted into the system list.

function function: Insert the current SA into the list of the system, as well as the destination address, the source address, the SPI hash table, and the timer-related settings.

return value: None.

4. Xfrm_state_find ()

Function Prototypes:

struct Xfrm_state *

Xfrm_state_find (const xfrm_address_t *daddr, const xfrm_address_t *SADDR,

const struct FLOWI *fl, struct Xfrm_tmpl *tmpl,

struct Xfrm_policy *pol, int *err,

unsigned short family)

Function parameters: DADDR is the destination address to find, HTTP://WWW.51969.COM/SADDR is the source address to find, FL represents the current data stream, Tmpl is the SA module, matches with SA, Pol is the current policy, err is the called function return error code, Family represents a protocol cluster.

function function: Find SA, find out if a package complies with security policy when the kernel finds a corresponding SA, or return if any, otherwise notify user space of IKE tool to negotiate, generate new SA.

Return value: Returns the SA.

5. Xfrm_find_acq ()

Function Prototypes:

struct Xfrm_state *

Xfrm_find_acq (struct net *net, struct Xfrm_mark *mark, U8 mode, u32 reqid, U8 Proto,

Const xfrm_address_t *DADDR, const xfrm_address_t *SADDR,

int create, unsigned short family)

Function parameters: NET for the network namespace, mark for the SA tag, mode for the operating mode, reqid for the serial number, proto for the protocol, DADDR and SADDR respectively for the purpose and source address, create for the creation of the judgment variable, family for the protocol cluster.

function function: Find acquire type SA, this type of SA is not a true SA, when the kernel discovers that the data needs to be processed by IPSec, it will find out if there is a corresponding SA, if not to send the acquire request to the user space Ike, and generate a acquire type of SA, the kernel will replace the SA for this acquire if the user space negotiation succeeds in generating the appropriate SA pass-through kernel.

Return value: The SA that was found.

6. Xfrm_state_update ()

Function Prototypes:

int xfrm_state_update (struct xfrm_state *x)

Function Parameters: Security association SA

function function: Use SA to update the system's sad, if the SA type is ACQ, insert it into the sad.

Return value: Returns 0 successfully, otherwise returns an error code.

7. Xfrm_state_gc_task ()

Function Prototypes:

static void Xfrm_state_gc_task (struct work_struct *work)

Function parameters: Work is a Task Force column.

function function: Releases the SA in the spam list and wakes up the wait queue.

return value: None.

8. km_state_expired ()

Function Prototypes:

void km_state_expired (struct xfrm_state *x, int hard, u32 pid)

Function parameters: Parameter x is the SA structure, hard is the forced notification variable, PID is the PID of the process.

function function: Call the Notity function in Xfrm_mgr to make a callback notification of SA expiration and wake up waiting queue.

return value: None.

Linux Network subsystem Security module detailed analysis of the file xfrm_state.c function introduction

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.