NDIS_IPSEC_PACKET_INFO
typedef struct _NDIS_IPSEC_PACKET_INFO
{
union
{
struct
{
NDIS_HANDLE OffloadHandle;
NDIS_HANDLE NextOffloadHandle;
} Transmit;
struct
{
ULONG SA_DELETE_REQ:1;
ULONG CRYPTO_DONE:1;
ULONG NEXT_CRYPTO_DONE:1;
ULONG CryptoStatus;
} Receive;
};
} NDIS_IPSEC_PACKET_INFO, *PNDIS_IPSEC_PACKET_INFO;
|
NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼´Â ¹Ì´ÏÆ÷Æ®·Î TCP/IP Àü¼Û °èÃþÀ¸·ÎºÎÅÍ offloading IP º¸¾È ŽºÆ®µé¿¡ »ç¿ëµÈ Á¤º¸¸¦ ÁöÁ¤ÇÑ´Ù. NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼´Â ÆÐŶ µð½ºÅ©¸³ÅÍ¿Í °ü·ÃµÈ ÆÐŶ´ç Á¤º¸(È®Àå ´ë¿ª¿Ü µ¥ÀÌÅÍ)ÀÇ ºÎºÐÀÌ´Ù.
¸â¹ö
- OffloadHandle
- ±×·¯ÇÑ payload°¡ Àü¼Û(end-to-end) ¿¬°á ȤÀº ÅͳΠ¿¬°áÀ» À§ÇØ ÀÖ´ÂÁö¿¡ °ü°è¾øÀÌ ÇϳªÀÇ IP Security payload¸¦ °¡Áö´Â ÆÐŶÀ» À§ÇÑ ³ª°¡´Â(outbound) security association(SA)¿¡ ´ëÇÑ ÇÚµéÀ» ÁöÁ¤ÇÑ´Ù.
- NextOffloadHandle
- Àü¼Û IP Security payload¿Í ÅͳΠIP Security payload¸¦ °¡Áö´Â ÆÐŶÀ» À§ÇØ, NextOffloadHandleÀº ÅͳΠ¿¬°áÀ» À§ÇØ ³ª°¡´Â security association (SA)¿¡ ´ëÇÑ ÇÚµéÀ» ÁöÁ¤ÇÑ´Ù. NextOffloadHandleÀº ¸¸¾à ÆÐŶÀÌ Åͳΰú Àü¼Û °èÃþ IP Security payloadµéÀ» °¡Áø´Ù¸é ÁöÁ¤µÈ´Ù.; ±×·¸Áö ¾Ê´Ù¸é, NextOffloadHandleÀº 0À¸·Î ¼³Á¤µÈ´Ù.
- SA_DELETE_REQ
- ¼³Á¤µÉ ¶§, TCP/IP Àü¼Û °èÃþÀº ÆÐŶÀÌ ¼ö½ÅµÇ¾ú´ø inbound security association(SA)¸¦ Áö¿ì±â À§ÇØ ´Ù½Ã Çѹø Áö¿öÁø inbound SA¿¡ ´ëÀÀÇÏ´Â outbound SA¸¦ Áö¿ì±â À§ÇØ OID_TCP_TASK_IPSEC_DELETE_SA¸¦ Çѹø ¹ß»ýÇÑ´Ù´Â °ÍÀ» °¡¸®Å²´Ù. ¹Ì´ÏÆ÷Æ®ÀÇ NICÀº ÀÀ´äÇÏ´Â OID_TCP_TASK_DELETE_SA ¿ä±¸¸¦ ¼ö½ÅÇϱâ Àü¿¡ ÀÌ·¯ÇÑ SAµéÀ» Áö¿ï ÇÊ¿ä°¡ ¾ø´Ù.
- CRYPTO_DONE
- ¼³Á¤µÉ ¶§, NICÀº ¼ö½Å ÆÐŶ¿¡¼ Àû¾îµµ ÇϳªÀÇ IP security payload¿¡ IP Security üŷÀ» ÇàÇÑ´Ù´Â °ÍÀ» °¡¸®Å²´Ù. Ŭ¸®¾îµÇ¾úÀ» ¶§, NICÀÌ ÆÐŶ¿¡ ´ëÇØ IP Security üŷÀ» ÇàÇÏÁö ¾Ê´Â´Ù´Â °ÍÀ» °¡¸®Å²´Ù.
- NEXT_CRYPTO_DONE
- ¼³Á¤µÉ ¶§, NICÀº ¼ö½Å ÆÐŶÀÇ Åͳΰú Àü¼Û °èÃþ ºÎºÐµé¿¡¼ IP º¸¾È üŷÀ» ÇàÇÑ´Ù. CRYPTO_DONEÀº ¶ÇÇÑ ÀÌ·¯ÇÑ °æ¿ì¿¡ ¼³Á¤µÇ¾ß ÇÑ´Ù. NEXT_CRYPTO_DONEÀº ´ÜÁö ¸¸¾à ÆÐŶÀº Åͳΰú Àü¼Û °èÃþ IP º¸¾È payloadµéÀ» °¡Áø´Ù¸é, ¼³Á¤µÈ´Ù. ; ±×·¸Áö ¾ÊÀ¸¸é, NEXT_CRYPTO_DONEÀº À¸·Î ¼³Á¤µÈ´Ù.
- CryptoStatus
- ´ÙÀ½ °ªµéÀÇ Çϳª·Î¼ ¼ö½Å ÆÐÅ°½Ã¿¡¼ NIC¿¡ ÀÇÇØ ÇàÇØÁø IP º¸¾È üŷÀÇ °á°ú¸¦ ÁöÁ¤ÇÑ´Ù.
- CRYPTO_SUCCESS
- ÆÐŶÀº ¸¸¾à ÇÊ¿äÇÏ´Ù¸é, Çص¶µÇ°í, ÆÐŶ ³»¿¡ AH checksum°ú ESP üũ¼¶Àº À¯È¿ÈµÈ´Ù.
- CRYPTO_GENERIC_ERROR
- ÆÐŶÀº ÁöÁ¤µÇÁö ¾Ê´Â ÀÌÀ¯·Î IP º¸¾È üũ¸¦ ½ÇÆÐÇÑ´Ù.
- CRYPTO_TRANSPORT_AH_AUTH_FAILED
- ÆÐŶÀÇ Àü¼Û °èÃþ ºÎºÐÀ» À§ÇÑ AH üũ¼¶Àº À¯È¿ÇÏÁö ¾Ê´Ù.
- CRYPTO_TRANSPORT_ESP_AUTH_FAILED
- ÆÐŶÀÇ Àü¼Û °èÃþ ºÎºÐÀ» À§ÇØ ESP üũ¼¶Àº À¯È¿ÇÏÁö ¾Ê´Ù.
- CRYPTO_TUNNEL_AH_AUTH_FAILED
- ÆÐŶÀÇ ÅͳΠºÎºÐÀ» À§ÇÑ AH üũ¼¶Àº À¯È¿ÇÏÁö ¾Ê´Ù.
- CRYPTO_TUNNEL_ESP_AUTH_FAILED
- ÆÐŶÀÇ ÅͳΠºÎºÐÀ» À§ÇÑ ESP üũ¼¶ÀÌ À¯È¿ÇÏÁö ¾Ê´Ù.
- CRYPTO_INVALID_PACKET_LENGTH
- ¼ö½Å ÆÐŶÀÇ ±æÀÌ°¡ À¯È¿ÇÏÁö ¾Ê´Ù.
- CRYPTO_INVALID_PROTOCOL
- ÆÐŶÀÌ ¼ö½ÅµÈ security association(SA)¿¡ ÁöÁ¤µÈ IP º¸¾È ÇÁ·ÎÅäÄÝÀº ÆÐŶ³»¿¡¼ ¹ß°ßµÈ IP º¸¾È ÇÁ·ÎÅäÄݵé°ú ÀÏÄ¡ÇÏÁö ¾Ê´Â´Ù. ¿¹¸¦ µé¾î, ÀÌ·¯ÇÑ ¿¡·¯´Â ¸¸¾à ÆÐŶÀÌ ¼ö½ÅµÈ SA°¡ AH ÇÁ·ÎÅäÄÝÀ» ÁöÁ¤ÇÏÁö¸¸ ÆÐŶÀÌ ESP Çì´õ¿¡ Æ÷ÇÔµÈ´Ù¸é ¹ß»ýÇÑ´Ù.
ÁÖ¼®
TCP/IP Àü¼Û °èÃþÀÌ ¹Ì´ÏÆ÷Æ®ÀÇ NICÀÌ IP º¸¾È ŽºÅ©µéÀ» ÇàÇÒ º¸³»±â ÆÐŶÀ» ¹Ì´ÏÆ÷Æ®¿¡ Àü´ÞÇϱâ Àü¿¡, ÆÐŶ µð½ºÅ©¸³ÅÍ¿Í °ü·ÃµÈ NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼³» IP º¸¾È Á¤º¸¸¦ ¾÷µ¥ÀÌÆ®ÇÑ´Ù. Ưº°ÇÏ°Ô, TCP/IP Àü¼Û °èÃþÀº NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼³» OffloadHandleÀ» Á¦°øÇÑ´Ù. OffloadHandleÀº payload°¡ Àü¼Û °èÃþ(end-to-end) security association ȤÀº ÅͳΠsecurity associationÀ» À§ÇØ ÀÖ´ÂÁö¿¡ »ó°ü¾øÀÌ ´ÜÁö ÇϳªÀÇ IP Security payload¸¦ °¡Áö´Â ÆÐŶÀ» À§ÇØ ³ª°¡´Â security association(SA)¿¡ ´ëÇÑ ÇÚµéÀ» ÁöÁ¤ÇÑ´Ù.
NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼³»¿¡ Á¦°øµÈ OffloadHandleÀº NIC¿¡ outbound SA¸¦ Ãß°¡Çϱâ À§ÇØ ¹Ì´ÏÆ÷Æ®¸¦ ¿ä±¸Çϱâ À§ÇØ OID_TCP_TASK_IPSEC_ADD_SA¸¦ ¼³Á¤ÇÒ ¶§ TCP/IP Àü¼Û °èÃþ¿¡ ÀÇÇØ Á¦°øµÈ OffloadHandleÀÎ °°Àº °ªÀ» °¡Áø´Ù.
¸¸¾à Àü¼Û IP Security payload ¿Í ÅͳΠIP Security payload¸¦ °¡Áö´Â ÆÐŶÀÌ ÀÖ´Ù¸é, NextOffloadHandleÀº ÅͳΠ¿¬°áÀ» À§ÇØ ³ª°¡´Â SA¿¡°Ô ÇÚµéÀ» ÁöÁ¤ÇÑ´Ù. NextOffloadHandleÀº ¸¸¾à ÆÐŶÀÌ Åͳΰú Àü¼Û °èÃþ IP Security payloadsµéÀ» °¡Áø´Ù¸é ÁöÁ¤µÈ´Ù. ±×·¸Áö ¾ÊÀ¸¸é, NextOffloadHandleÀº 0À¸·Î ¼³Á¤µÈ´Ù.
Çϳª ȤÀº ±× ÀÌ»óÀÇ IP Security payloads¸¦ °¡Áö´Â ¼ö½Å ÆÐŶÀ» ÀεðÄÉÀÌÆ®Çϱâ Àü¿¡, ¹Ì´ÏÆ÷Æ®´Â ÆÐŶ µð½ºÅ©¸³ÅÍ¿Í °ü·ÃµÈ NDIS_IPSEC_PACKET_INFO¸¦ ¾÷µ¥ÀÌÆ®ÇÑ´Ù:
- ¸¸¾à IP Security¸¦ ÇàÇÏ´Â ¹Ì´ÏÆ÷Æ®ÀÇ NICÀÌ Àû¾îµµ ÆÐŶ¿¡¼ ÇϳªÀÇ IP security payloadÀÀ üũÇÑ´Ù¸é, ¹Ì´ÏÆ÷Æ®´Â CRYPTO_DONE Ç÷¡±×¸¦ ¼³Á¤ÇÏ°í Àû´çÇÑ CryptoStatus °ªÀ» ÁöÁ¤ÇÔÀ¸·Î½á üũ¼¶ À¯È¿È Å×½ºÆ®µéÀÇ °á°ú¸¦ ÀεðÄÉÀÌÆ®ÇÑ´Ù.
- ¸¸¾à ¹Ì´ÏÆ÷Æ®ÀÇ NICÀÌ ¼ö½Å ÆÐŶÀÇ Åͳΰú Àü¼Û °èÃþ ºÎºÐµé¿¡¼ IP security üŷÀ» ÇàÇϸé, ¹Ì´ÏÆ÷Æ®´Â NEXT_CRYPTO_DONE Ç÷¡±×¸¦ ¼³Á¤ÇÑ´Ù. NEXT_CRYPTO_DONE Ç÷¡±×´Â ¸¸¾à ÆÐŶÀÌ ÅͳΠ±×¸®°í Àü¼Û °èÃþ IP security payloadµéÀ» °¡Áø´Ù¸é, ¼³Á¤µÈ´Ù. ±×·¸Áö ¾ÊÀ¸¸é, NEXT_CRYPTO_DONEÀº 0À¸·Î ¼³Á¤µÈ´Ù.
- ¸¸¾à ¹Ì´ÏÆ÷Æ®ÀÇ NICÀÌ ÆÐŶ¿¡¼ IP Security üũµéÀ» ÇàÇÏÁö ¾ÊÀ¸¸é, ¹Ì´ÏÆ÷Æ®´Â CRYPTO_DONE Ç÷¡±× ȤÀº NEXT_CRYPTO_DONE Ç÷¡±×¸¦ ¼³Á¤ÇÏÁö ¾Ê°í CryptoStatus °ªÀ» Á¦°øÇÏÁö ¾Ê´Â´Ù.
NIC¿¡¼ ¶ÇÇϳªÀÇ SA¸¦ À§ÇÑ °ø°£À» °¡Áö±â À§ÇØ, ¹Ì´ÏÆ÷Æ®´Â ¼ö½Å ÆÐŶÀ» À§ÇØ NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼³»¿¡ SA_DELETE_REQ¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. TCP/IP Àü¼Û °èÃþÀº °è¼ÓÇؼ ÆÐŶÀÌ ¼ö½ÅµÈ µé¾î¿À´Â security association(SA)¸¦ Áö¿ì±â À§ÇØ ±×¸®°í ´Ù½Ã Çѹø Áö¿öÁø µé¾î¿À´Â SA¿¡ ÀÀ´äÇÏ´Â ³ª°¡´Â SA¸¦ Áö¿ì±â À§ÇØ Çѹø OID_TCP_IPSEC_DELETE_SA¸¦ ¹ß»ýÇÑ´Ù. ¹Ì´ÏÆ÷Æ®ÀÇ NICÀº ÀÀ´äÇÏ´Â OID_TCP_TASK_IPSEC_DELETE_SA ¿ä±¸¸¦ ¼ö½ÅÇϱâ Àü¿¡ ÀÌ·¯ÇÑ SAµéÀÇ ¾î¶² °ÍÀ» Á¦°ÅÇÒ ÇÊ¿ä°¡ ¾ø´Ù. ¹Ì´ÏÆ÷Æ®´Â µ¶¸³ÀûÀ¸·Î CRYPTO_DONEÀÇ SA_DELETE_REQ¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.
NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼¿¡ ´ëÇÑ Æ÷ÀÎÅ͸¦ ¾ò±â À§ÇØ, µå¶óÀ̹öµéÀº IpSecNdisTaskÀÇ InfoType·Î NDIS_PER_PACKET_INFO_FROM_PACKET ¸ÅÅ©·Î¸¦ È£ÃâÇÑ´Ù. ´ë¾ÈÀ¸·Î, µå¶óÀ̹öµéÀº ÁÖ¾îÁø ÆÐŶ µð½ºÅ©¸³ÅÍ¿Í °ü·ÃµÈ NDIS_PACKET_EXTENSION ±¸Á¶Ã¼¿¡ ´ëÇÑ Æ÷ÀÎÅ͸¦ ¾ò±â À§ÇØ NDIS_PACKET_EXTENSION_FROM_PACKET ¸ÅÅ©·Î¸¦ È£ÃâÇÒ ¼ö ÀÖ´Ù. µå¶óÀ̹ö´Â ±×¸®°í³ª¼ NDIS_IPSEC_PACKET_INFO ±¸Á¶Ã¼¸¦ °¡¸®Å°´Â Æ÷ÀÎÅ͸¦ ¾ò±â À§ÇØ IpSecNdisTask¹è¿ À妽º¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.
|