3.2.4.3.5 int deltdb(struct tdb *tdbp) Ä¿µÄ£º ɾ³ýij¸öÖ¸¶¨µÄtdb¿é¡£ ²ÎÊý£º
tdbp ¨D¨D Ҫɾ³ýµÄtdb¿é
·µ»ØÖµ£º 0 ¨D¨D ³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü Ëã·¨ÃèÊö£º
ÅжÏtdbpµÄÓÐЧÐÔ£¬ÈôÎÞЧ£¬Ôò·µ»Øʧ°ÜÐÅÏ¢£» ¼ÆËãhashvalÖµ£»
¸ù¾ÝhashvalÕÒµ½tdbp£¬²¢É¾³ýËü£¬Èôʧ°Ü£¬·µ»Ø´íÎó¡£ 3.2.4.3.6 int deltdbchain(struct tdb *tdbp) Ä¿µÄ£º ɾ³ýÕû¸ötdbpÁ´¡£ ²ÎÊý£º
tdbp ¨D¨D Ҫɾ³ýµÄtdbÁ´
·µ»ØÖµ£º 0 ¨D¨D ³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü Ëã·¨ÃèÊö£º
ÅжÏtdbpÊÇ·ñÓÐЧ£¬ÈôÎÞЧ£¬·µ»Ø´íÎóÐÅÏ¢£» ½«tdbpÒÆÖÁ×îºóµÄtdbp->tdb_onext£» ɾ³ýËùÓеÄtdb¿é¡£
3.2.4.3.7 int ipsec_tdbwipe(struct tdb *tdbp) Ä¿µÄ£º ½«Ö¸¶¨tdb¿éÖеÄËùÓÐÖµÇå¿Õ¡£ ²ÎÊý£º
tdbp ¨D¨D ÒªÇå¿ÕµÄtdb¿é
·µ»ØÖµ£º 0 ¨D¨D³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü Ëã·¨ÃèÊö£º ½«ËùÓÐÖµÖÃΪNULL¡£
3.2.5°²È«²ßÂÔÊý¾Ý¿âµÄ¹ÜÀíÄ£¿é
3.2.5.1¸ÅҪ˵Ã÷ 3.2.5.1.1¹¦ÄÜ
ʵÏÖÁ˶ÔSPDÊý¾Ý¿âµÄ³õʼ»¯£¬Ìí¼Ó¡¢É¾³ýeroute¡£ 3.2.5.1.2×é³ÉÎļþ
radij.c, ipsec_radij.c
3.2.5.2±äÁ¿ËµÃ÷ 3.2.5.2.1 eroute struct eroute {
struct rjtentry er_rjt; struct sa_id er_said;
struct sockaddr_encap er_eaddr; struct sockaddr_encap er_emask; };
3.2.5.3º¯Êý˵Ã÷
3.2.5.3.1 int ipsec_radijinit(void) Ä¿µÄ£º ³õʼ»¯radijÊ÷ ²ÎÊý£º
ÎÞ
·µ»ØÖµ£º 0 ¨D¨D ³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü Ëã·¨ÃèÊö£ºµ÷ÓÃrj_init()º¯Êý³õʼ»¯¡£ 3.2.5.3.2 int
ipsec_makeroute(struct
sockaddr_encap
*eaddr,
struct
sockaddr_encap *emask, struct sa_id said) Ä¿µÄ£º ¸ù¾ÝsaidÖµ£¬Éú³ÉеÄerouteÏî¡£ ²ÎÊý£º
eaddr ¨D¨D ·â×°µÄÓÐЧĿµÄµØÖ·£¬ emask ¨D¨D ·â×°µÄÄ¿µÄµØÖ·ÑÚÂ룬 said ¨D¨D ´«ÈëµÄsaidÖµ
·µ»ØÖµ£º 0 ¨D¨D³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü Ëã·¨ÃèÊö£º
·ÖÅäeroute¿Õ¼ä¨D¨Dretrt£¬²¢ÏÈÇå0£»
¸øretrt¸³Öµ£ºretrt->er_eaddr = *eaddr; retrt->er_emask = *emask; retrt->er_said = said;
¸øeroute±í¼ÓËø£»
µ÷Óú¯Êýrj_addroute(&(retrt->er_eaddr), &(retrt->er_emask), rnh,
retrt->er_rjt.rd_nodes)£¬Ïòeroute±íÖмÓÈëÐÂÉú³ÉµÄ¸ÃÏ
½âËø£¬·µ»Ø¡£
3.2.5.3.3 int ipsec_breakroute(struct sockaddr_encap *eaddr, struct
sockaddr_encap *emask) Ä¿µÄ£º ɾ³ýÖ¸¶¨µÄroute¡£ ²ÎÊý£º
eaddr ¨D¨D ÓÐЧĿµÄµØÖ·£¬emask £ Ä¿µÄµØÖ·µÄÑÚÂë
·µ»ØÖµ£º 0 ¨D¨D ³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü Ëã·¨ÃèÊö£º
Ëøסeroute±í£»
µ÷Óú¯Êýrj_delete(eaddr, emask, rnh, &rn)ɾ³ýÕâ¸öÖ¸¶¨route£» ½âËø£¬½«¸ÃrouteÏîÇå0£¬µ÷ÓÃϵͳµ÷ÓÃkfreeÊͷŸÿռ䡣
3.2.5.3.4 struct eroute *ipsec_findroute(struct sockaddr_encap *eaddr) Ä¿µÄ£º ½ÓÊÕ²¢´¦ÀíipsecÊý¾Ý°ü¡£ ²ÎÊý£º
eaddr ¨D¨D Òª²éÕÒµÄrouteËù¾ßÓеÄeaddrÖµ
·µ»ØÖµ£º struct eroute ¨D¨D ÕÒµ½µÄerouteÖµ£¬NULL ¨D¨D δÕÒµ½ Ëã·¨ÃèÊö£º
µ÷Óú¯Êýrj_match((caddr_t)eaddr, rnh)£¬¸ù¾Ýeaddr²éÕÒÏàÓ¦µÄerouteÏ
·µ»ØÕÒµ½µÄerouteÏî¡£
3.2.5.3.5 int ipsec_cleareroutes(void) Ä¿µÄ£º Çå¿Õeroute±í¡£ ²ÎÊý£º
ÎÞ
·µ»ØÖµ£º 0 ¨D¨D ³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü
Ëã·¨ÃèÊö£ºÊ×ÏÈ£¬Ëøסeroute±í£»µ÷Óú¯Êýradijcleartree()º¯Êý£»½âËø£¬·µ»Ø¡£ 3.2.5.3.6 int ipsec_radijcleanup(void) Ä¿µÄ£º ²ÎÊý£º
ÎÞ
·µ»ØÖµ£º 0 ¨D¨D ³É¹¦£¬·Ç0Öµ¨D¨D ʧ°Ü
Ëã·¨ÃèÊö£ºÊ×ÏÈ£¬Ëøסeroute±í£»µ÷Óú¯Êýradijcleanup()º¯Êý£»½âËø£¬·µ»Ø¡£
3.3ÃÜÔ¿ÐÉ̼°¹ÜÀíÄ£¿é
3.3.1 ¸ÅҪ˵Ã÷
3.3.1.1 ¹¦ÄÜ
Ç°ÃæËùÃèÊöµÄKLIPSÄ£¿é£¬»ù±¾Íê³ÉÁ˶ÔÊäÈë¡¢Êä³öÊý¾Ý°üµÄ¼ÓÃÜ¡¢ÈÏÖ¤¹¤×÷£¬µ«ÆäÇ°ÌáÊÇ´¦ÀíÊý¾Ý°üµÄSAÒѾÐÉÌÍê±Ï£¬¶øÕâ¸öSAµÄÐÉ̹¤×÷ÕýÊÇÓÉIKEËù¸ºÔðµÄ¡£ÔÚ±¾³ÌÐòÖУ¬PlutoÄ£¿éÊÇIKEµÄÒ»¸öʵÏÖ£¬Ëü¿ÉÒÔ×Ô¶¯Íê³ÉÁ½¸öÖ÷»ú»òÍø¹Ø¼äµÄ°²È«ÁªÃ˵ÄÐÉ̹¤×÷¡£