Second night's commit.
We're a bit closer to something sane, now. We can wrap, but not unwrap, packets. Asymmetric encryption is *big*. encrypted text with a 4096-bit RSA public key is 512 bytes. We can't fragment yet. Fortunately, this isn't an infinite regress once we *can* fragment. Performance is still a big question mark, of course. There may still be endianness issues hanging around. The eid<->rloc map is almost certainly far, far too slow to be of any use in the real world.
This commit is contained in:
Nick Thomas
65
pass-1/rlocs.h
Normal file
65
pass-1/rlocs.h
Normal file
@@ -0,0 +1,65 @@
|
||||
#ifndef _RLOCS_H_
|
||||
#define _RLOCS_H_
|
||||
|
||||
#include <json/json_object.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
// For now. We can dynamically allocate later.
|
||||
#define MAX_RLOCS 64
|
||||
#define MAX_EID_MAPPINGS 256
|
||||
|
||||
struct rloc {
|
||||
short family;
|
||||
union {
|
||||
struct in_addr ip4;
|
||||
struct in6_addr ip6;
|
||||
} addr;
|
||||
|
||||
RSA* key;
|
||||
};
|
||||
|
||||
|
||||
struct ip4_eid_map_entry {
|
||||
struct in_addr network;
|
||||
struct in_addr broadcast;
|
||||
unsigned int mask;
|
||||
struct rloc *rloc;
|
||||
};
|
||||
|
||||
struct ip6_eid_map_entry {
|
||||
struct in6_addr network;
|
||||
struct in6_addr broadcast;
|
||||
unsigned int mask;
|
||||
struct rloc *rloc;
|
||||
};
|
||||
|
||||
struct rlocs {
|
||||
json_object* config;
|
||||
|
||||
size_t num_entries;
|
||||
struct rloc entries[MAX_RLOCS];
|
||||
|
||||
size_t num_ip4_map_entries;
|
||||
struct ip4_eid_map_entry ip4_mappings[MAX_EID_MAPPINGS];
|
||||
|
||||
size_t num_ip6_map_entries;
|
||||
struct ip6_eid_map_entry ip6_mappings[MAX_EID_MAPPINGS];
|
||||
};
|
||||
|
||||
|
||||
void rlocs_init(void);
|
||||
|
||||
struct rlocs *rlocs_new( char *filename );
|
||||
|
||||
struct rloc *rloc_find_for_ipv4( struct rlocs *reg, struct in_addr *eid );
|
||||
struct rloc *rloc_find_for_ipv6( struct rlocs *reg, struct in6_addr *eid );
|
||||
struct rloc *rloc_find_by_address( struct rlocs *reg, struct in_addr *ipv4, struct in6_addr *ipv6 );
|
||||
|
||||
/* Returns -1 on error, or number of bytes written */
|
||||
ssize_t rloc_encrypt( struct rloc *rloc, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );
|
||||
|
||||
void rlocs_free( struct rlocs *registry );
|
||||
|
||||
#endif
|
||||
Reference in New Issue
Block a user