Add new header & tail

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Add new header & tail

dhosa

Hi, I'm trying to add & delete custom header ESP header 8 bytes before IP header, I used pbuf_header(p,8) in ip_output_if_opt before if (pbuf_header(p, IP_HLEN))

 *                              |room for new header
 *     ________________________\/________________________________________________
 *    |          ¦       ¦      ¦                             ¦ padd       ¦ ev. |
 *    | Ethernet ¦  IP   ¦ ESP  ¦          Payload(TCP,UDP    ¦ next-proto ¦ ICV |
 *    |__________¦_______¦______¦_____________________________¦____________¦_____|
 *    ¦                         ¦                             ¦                  ¦ 
 *                                                            ¦<-   room tail  ->¦ 
   

struct esp_hdr {
PACK_STRUCT_FIELD(u32_t spi);
PACK_STRUCT_FIELD(u32_t sequence_number);
}
pbuf_header(p,8);
esphdr = (struct esp_hdr *) q->payload;
esphdr->spi = spi;
esphdr->sequence_number = sequence_number;

 

is that correct? How can I delete esp header for an incoming packet only and keep IP header?
in ip_input :

// remove ip and esp header ... 20 for ip + 8 byte for esp
pbuf_header(p,-(IP_HLEN));


esphdr = (struct esp_hdr *)p->payload;

pbuf_header(p,-(8));


// generate IP header
pbuf_header(p, IP_HLEN);


again is that correct?



Sent from the lwip-users mailing list archive at Nabble.com.

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

Sergio R. Caprile
Perhaps if you could think your actions in terms of OSI layers it would
be easier to understand.
You say "before IP" but you draw "after IP" (well, sort of...), so I
don't really get what you need.

What is it that you are trying to accomplish, do you want to encapsulate
TCP/IP into an "ESP" (whatever it is) datagram/frame or do you want to
run that "ESP" protocol over IP ?
In any way, you just call your protocol function from the correct layer
function and it should take care of header and footer stuff.

If "ESP" runs over Ethernet, you handle this at the netif level, outside
lwIP. Instead of lwIP calling and being called by the netif, you add a
netif layer that is
outbound: called by lwIP and calls the netif output function. Basically
you replace netif->output by your output function, which after adding
header and footer calls what was in there.
inbound: called by the netif and calls the lwIP input function, which
depends on whether you are actually using an OS or not (baremetal).
Basically, conversely, you replace netif->input by your function, which
after removing header and footer calls what was in there.

Running "ESP" over IP requires you use the "raw IP" access functions.
Having other TCP/IP stack protocols over this is a bit trickier, since
you need to sit "in the middle" inside lwIP. I personally don't know how
to do this.

Again, please clarify your scenario.

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

goldsimon@gmx.de
On 12.09.2018 16:17, Sergio R. Caprile wrote:
> [..]
> "ESP" (whatever it is)

I guess ESP is Espressif, the vendor of ESP32? But I'm lost on the rest.

> Again, please clarify your scenario.

Right, I can't help with the information provided, either.


Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

dhosa
In reply to this post by Sergio R. Caprile
@Sergio R. Caprile Thank you for time ,


Sergio R. Caprile wrote
> Perhaps if you could think your actions in terms of OSI layers it would
> be easier to understand.
> You say "before IP" but you draw "after IP" (well, sort of...), so I
> don't really get what you need.

Layer 3 in OSI layers, The new header will be between IP header and (TCP |
UDP) header and tail at the end.


Sergio R. Caprile wrote
> What is it that you are trying to accomplish, do you want to encapsulate
> TCP/IP into an "ESP" (whatever it is) datagram/frame ?

Exactly, below figure shows IP packet before and after (ignore encryption &
auth)

<http://lwip.100.n7.nabble.com/file/t2118/ESPheader.png>


Sergio R. Caprile wrote
> or do you want to run that "ESP" protocol over IP ?

phase 2


Sergio R. Caprile wrote

> If "ESP" runs over Ethernet, you handle this at the netif level, outside
> lwIP. Instead of lwIP calling and being called by the netif, you add a
> netif layer that is
> outbound: called by lwIP and calls the netif output function. Basically
> you replace netif->output by your output function, which after adding
> header and footer calls what was in there.
> inbound: called by the netif and calls the lwIP input function, which
> depends on whether you are actually using an OS or not (baremetal).
> Basically, conversely, you replace netif->input by your function, which
> after removing header and footer calls what was in there.
>
> Running "ESP" over IP requires you use the "raw IP" access functions.
> Having other TCP/IP stack protocols over this is a bit trickier, since
> you need to sit "in the middle" inside lwIP. I personally don't know how
> to do this.

Interesting  .

Note:
I am using FreeRTOS With LwIP (1.4.1) .



--
Sent from: http://lwip.100.n7.nabble.com/lwip-users-f3.html

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

dhosa
In reply to this post by goldsimon@gmx.de
@[hidden email] ,


[hidden email] wrote
>  I guess ESP is Espressif, the vendor of ESP32? But I'm lost on the rest.

Encapsulating Security Payload protocol


[hidden email] wrote
> Right, I can't help with the information provided, either.

 
I explained the scenario in the last reply




--
Sent from: http://lwip.100.n7.nabble.com/lwip-users-f3.html

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

Sergio R. Caprile
In reply to this post by Sergio R. Caprile
IPSec's ESP !
The graphic you point to seems to depict the transport mode.
I guess there are hooks to do what this requires but I can't help you,
wait for Simon or someone with more internal knowledge of the stack.
I'll stay lurking in listen-mode as I'm curious on how to do this.

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

goldsimon@gmx.de
In reply to this post by dhosa
On 11.09.2018 12:29, dhosa wrote:

Hi, I'm trying to add & delete custom header ESP header 8 bytes before IP header, I used pbuf_header(p,8) in ip_output_if_opt before if (pbuf_header(p, IP_HLEN))

 *                              |room for new header
 *     ________________________\/________________________________________________
 *    |          ¦       ¦      ¦                             ¦ padd       ¦ ev. |
 *    | Ethernet ¦  IP   ¦ ESP  ¦          Payload(TCP,UDP    ¦ next-proto ¦ ICV |
 *    |__________¦_______¦______¦_____________________________¦____________¦_____|
 *    ¦                         ¦                             ¦                  ¦ 
 *                                                            ¦<-   room tail  ->¦ 
   

struct esp_hdr {
PACK_STRUCT_FIELD(u32_t spi);
PACK_STRUCT_FIELD(u32_t sequence_number);
}
pbuf_header(p,8);
esphdr = (struct esp_hdr *) q->payload;
esphdr->spi = spi;
esphdr->sequence_number = sequence_number;


That doesn't seem completely correct. Per your later image, it seems you need the IP header to contain proto = ESP, not proto = TCP...

is that correct? How can I delete esp header for an incoming packet only and keep IP header?
in ip_input :


But you must also check it, not only remove it, don't you?

// remove ip and esp header ... 20 for ip + 8 byte for esp
pbuf_header(p,-(IP_HLEN));


esphdr = (struct esp_hdr *)p->payload;

pbuf_header(p,-(8));


// generate IP header
pbuf_header(p, IP_HLEN);


again is that correct?


No, that doesn't seem correct. pbuf_header only moves the payload pointer, the data is still where it was before. You'll need to fiddle around with the data or create new pbufs to achieve what you want.

If you wanted to implement this without changing the stack, you'd need some kind of new hook (as Sergio mentioned) to add the header and change the IP protocol.

For RX, it might be enough to implement a raw pcb that detects the IP proto = ESP, checks and hides the header and sends the remaining pbuf up to tcp_input().

Simon
_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

dhosa
In reply to this post by Sergio R. Caprile
Yup, It's transport mode.

> I'll stay lurking in listen-mode as I'm curious on how to do this.  

Thanks



--
Sent from: http://lwip.100.n7.nabble.com/lwip-users-f3.html

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Add new header & tail

dhosa
In reply to this post by goldsimon@gmx.de
That doesn't seem completely correct. Per your later image, it seems you need the IP header to contain proto = ESP, not proto = TCP...

Yes , i did change proto to 50,  IPH_PROTO_SET(iphdr, proto);

But you must also check it, not only remove it, don't you?

Sure, Currently I'm Just trying to add/remove header .

No, that doesn't seem correct. pbuf_header only moves the payload pointer, the data is still where it was before. You'll need to fiddle around with the data or create new pbufs to achieve what you want. If you wanted to implement this without changing the stack, you'd need some kind of new hook (as Sergio mentioned) to add the header and change the IP protocol. For RX, it might be enough to implement a raw pcb that detects the IP proto = ESP, checks and hides the header and sends the remaining pbuf up to tcp_input().
I got it.

Thanks

Sent from the lwip-users mailing list archive at Nabble.com.

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users