[Openswan dev] New/final steps to build KLIPS on 2.6

Nate Carlson natecars at natecarlson.com
Mon Jun 28 16:31:24 CEST 2004


OK, one more revision - with the below, you'll be able to run 'make 
programs' successfully, too. Not sure if the best way is really to move 
all the source into the Linux directory, or just to call it from it's 
current locations - that's up to people who know enough to make that 
decision, though.  :)

Steps to build under 2.6:

- Grab a fresh CVS HEAD checkout
- Go to the openswan-2 directory, and run the move-files-combined script
- Apply the 'openswan-head-26klips.patch' patch
- Apply the 'openswan-head-26klips-fix-build.patch' patch
- Copy the attached Makefile over the Makefile in linux/net/ipsec
- Copy version.in.c to version.c; change 'xxx' to something useful.
- Change to linux/net/ipsec/
- Run:

make V=1 -C /path/to/kernel-source-2.6.6 SUBDIRS=`pwd` MODULE_DEF_INCLUDE=`pwd`/config-all.h modules

- Copy the ipsec.ko file to /lib/modules/<whatever>
- Load it, run it, have fun.

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------
-------------- next part --------------
diff -Naur openswan-2/lib/libdes/Makefile openswan-2.nate/lib/libdes/Makefile
--- openswan-2/lib/libdes/Makefile	2004-04-03 13:44:41.000000000 -0600
+++ openswan-2.nate/lib/libdes/Makefile	2004-06-28 15:10:40.000000000 -0500
@@ -5,7 +5,7 @@
 include ${OPENSWANSRCDIR}/Makefile.inc
 
 KLIPSD=${OPENSWANSRCDIR}/linux
-SRCDIR=${KLIPSD}/crypto/ciphers/des
+SRCDIR=${KLIPSD}/net/ipsec
 
 VPATH =${SRCDIR}
 
diff -Naur openswan-2/lib/libopenswan/Makefile openswan-2.nate/lib/libopenswan/Makefile
--- openswan-2/lib/libopenswan/Makefile	2004-06-08 21:08:00.000000000 -0500
+++ openswan-2.nate/lib/libopenswan/Makefile	2004-06-28 15:10:34.000000000 -0500
@@ -41,7 +41,7 @@
 OBJS=${SRCS:.c=.o} version.o
 
 KLIPSD=${OPENSWANSRCDIR}/linux/include
-SRCDIR=${OPENSWANSRCDIR}/linux/lib/libfreeswan
+SRCDIR=${OPENSWANSRCDIR}/linux/net/ipsec
 MANSRCDIR=${OPENSWANSRCDIR}/lib/libopenswan
 
 VPATH = ${SRCDIR}
-------------- next part --------------
# Makefile for KLIPS kernel code as a module    for 2.6 kernels
#
# Makefile for KLIPS kernel code as a module
# Copyright (C) 1998, 1999, 2000,2001  Richard Guy Briggs.
# Copyright (C) 2002-2004	Michael Richardson <mcr at freeswan.org>
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: Makefile.fs2_6,v 1.3 2004/02/24 17:17:04 mcr Exp $
#
# Note! Dependencies are done automagically by 'make dep', which also
# removes any old dependencies. DON'T put your own dependencies here
# unless it's something special (ie not a .c file).
#

FREESWANSRCDIR=.
KLIPS_TOP=.
-include ${FREESWANSRCDIR}/Makefile.ver

ifndef TOPDIR
TOPDIR:=/lib/modules/`uname -r`/build
endif
export TOPDIR

KERNEL_INCLUDES= $(TOPDIR)/include
INCLUDES = -I$(KERNEL_INCLUDES) -I$(SUBDIRS)/../../include 
VERSION = $(shell grep UTS_RELEASE $(KERNEL_INCLUDES)/linux/version.h | cut -d '"' -f2)
MDIR = /lib/modules/$(VERSION)/kernel/net/ipv4/

# always force it on
CONFIG_IPSEC:=m
CONFIG_IPSEC_ESP:=y
CONFIG_IPSEC_AH:=y
CONFIG_IPSEC_IPIP:=y
CONFIG_IPSEC_ALG:=y
CONFIG_IPSEC_ENC_CRYPTOAPI:=y
CONFIG_IPSEC_ENC_3DES:=y

obj-m := ipsec.o

ipsec-objs := ipsec_init.o ipsec_sa.o ipsec_radij.o radij.o
ipsec-objs += ipsec_life.o ipsec_proc.o
ipsec-objs += ipsec_tunnel.o ipsec_xmit.o ipsec_rcv.o ipsec_ipip.o
ipsec-objs += sysctl_net_ipsec.o 
ipsec-objs += pfkey_v2.o pfkey_v2_parser.o pfkey_v2_ext_process.o 
ipsec-objs += version.o
ipsec-objs += ipsec_ah.o
ipsec-objs += ipsec_esp.o

ipsec-objs += ipsec_ipcomp.o

ipsec-objs += ipsec_alg.o
#ipsec-obj += ipsec_alg_aes.o
ipsec-objs += ipsec_alg_cryptoapi.o

ipsec-objs += cbc_enc.o
ipsec-objs += ecb_enc.o
ipsec-objs += set_key.o

ipsec-objs += cbc_enc.o
ipsec-objs += ecb_enc.o
ipsec-objs += set_key.o

ipsec-objs += ipsec_md5c.o
ipsec-objs += ipsec_sha1.o

ifeq (${SUBARCH},i386)
ipsec-objs += dx86unix.o
else
ipsec-objs += des_enc.o
endif

ipsec-objs += satot.o
ipsec-objs += addrtot.o
ipsec-objs += ultot.o 
ipsec-objs += addrtypeof.o
ipsec-objs += anyaddr.o
ipsec-objs += initaddr.o
ipsec-objs += ultoa.o 
ipsec-objs += addrtoa.o 
ipsec-objs += subnettoa.o 
ipsec-objs += subnetof.o 
ipsec-objs += goodmask.o 
ipsec-objs += datatot.o 
ipsec-objs += rangetoa.o 
ipsec-objs += prng.o 
ipsec-objs += pfkey_v2_parse.o 
ipsec-objs += pfkey_v2_build.o 
ipsec-objs += pfkey_v2_debug.o 
ipsec-objs += pfkey_v2_ext_bits.o 
ipsec-objs += version.o

# IPcomp stuff
ipsec-objs += ipcomp.o 

ipsec-objs += adler32.o
ipsec-objs += deflate.o
ipsec-objs += infblock.o
ipsec-objs += infcodes.o
ipsec-objs += inffast.o
ipsec-objs += inflate.o
ipsec-objs += inftrees.o
ipsec-objs += infutil.o
ipsec-objs += trees.o
ipsec-objs += zutil.o

EXTRA_CFLAGS += $(INCLUDES) \
		-DCONFIG_IPSEC_ESP \
		-DCONFIG_IPSEC_ALG \
		-DCONFIG_IPSEC_DEBUG \
		-DCONFIG_IPSEC \
		-DCONFIG_IPSEC_IPIP \
		-DCONFIG_IPSEC_AUTH_HMAC_MD5 \
		-DCONFIG_IPSEC_AUTH_HMAC_SHA1 \
		-DCONFIG_IPSEC_ESP \
		-DCONFIG_IPSEC_ENC_3DES \
		-DCONFIG_IPSEC_ENC_CRYPTOAPI \
		-DCONFIG_IPSEC_ENC_3DES \
		-DCONFIG_IPSEC_DEBUG \
		-DCONFIG_IPSEC_AH \
		-DCONFIG_IPSEC_IPCOMP \
		-DIPCOMP_PREFIX \
		#-DCONFIG_IPSEC_NAT_TRAVERSAL \
		#

#
# $Log: Makefile.fs2_6,v $
# Revision 1.3  2004/02/24 17:17:04  mcr
# 	s/CONFIG_IPSEC/CONFIG_IPSEC/ as 26sec uses "CONFIG_IPSEC" to
# 	turn it on/off as well.
#
# Revision 1.2  2004/02/22 06:50:42  mcr
# 	kernel 2.6 port - merged with 2.4 code.
#
# Revision 1.1.2.1  2004/02/20 02:07:53  mcr
# 	module configuration for KLIPS 2.6
#
#
# Local Variables:
# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
# End Variables:
#

-------------- next part --------------
diff -Naur openswan-2.cvs/linux/include/openswan/ipsec_kern24.h openswan-2.nate/linux/include/openswan/ipsec_kern24.h
--- openswan-2.cvs/linux/include/openswan/ipsec_kern24.h	1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.nate/linux/include/openswan/ipsec_kern24.h	2004-06-28 10:55:20.000000000 -0500
@@ -0,0 +1,43 @@
+/*
+ * @(#) routines to makes kernel 2.4 compatible with 2.6 usage.
+
+ * Copyright (C) 2004 Michael Richardson <mcr at sandelman.ottawa.on.ca>
+ * 
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: ipsec_kern24.h,v 1.1 2004/02/22 06:49:15 mcr Exp $
+ */
+
+#ifndef _IPSEC_KERN24_H
+
+#ifndef NET_26
+#define sk_receive_queue  receive_queue
+#define sk_destruct       destruct
+#define sk_reuse          reuse
+#define sk_zapped         zapped
+#define sk_family         family
+#define sk_protocol       protocol
+#define sk_protinfo       protinfo
+#define sk_sleep          sleep
+#define sk_state_change   state_change
+#define sk_shutdown       shutdown
+#define sk_err            err
+#define sk_stamp          stamp
+#define sk_socket         socket
+#define sk_sndbuf         sndbuf
+#define sock_flag(sk, flag)  sk->dead
+#define sk_for_each(sk, node, plist) for(sk=*plist; sk!=NULL; sk = sk->next)
+#endif
+
+#define _IPSEC_KERN24_H 1
+
+#endif /* _IPSEC_KERN24_H */
+
diff -Naur openswan-2.cvs/linux/include/openswan/ipsec_kversion.h openswan-2.nate/linux/include/openswan/ipsec_kversion.h
--- openswan-2.cvs/linux/include/openswan/ipsec_kversion.h	2004-04-05 14:55:05.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_kversion.h	2004-06-28 10:55:20.000000000 -0500
@@ -108,6 +108,7 @@
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
 #define HAVE_NETDEV_PRINTK 1
+#define NET_26
 #endif
 
 #ifdef NET_21
@@ -129,7 +130,11 @@
 #endif /* NET_21 */
 
 #ifdef NETDEV_23
-# define device net_device
+#if 0
+#ifndef NETDEV_25
+#define device net_device
+#endif
+#endif
 # define ipsec_dev_get dev_get_by_name
 # define __ipsec_dev_get __dev_get_by_name
 # define ipsec_dev_put(x) dev_put(x)
diff -Naur openswan-2.cvs/linux/include/openswan/ipsec_rcv.h openswan-2.nate/linux/include/openswan/ipsec_rcv.h
--- openswan-2.cvs/linux/include/openswan/ipsec_rcv.h	2004-04-05 21:49:08.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_rcv.h	2004-06-28 10:55:20.000000000 -0500
@@ -123,7 +123,7 @@
 #ifdef NET_21
 	  unsigned short xlen);
 #else /* NET_21 */
-	  struct device *dev,
+	  struct net_device *dev,
 	  struct options *opt, 
 	  __u32 daddr,
 	  unsigned short len,
diff -Naur openswan-2.cvs/linux/include/openswan/ipsec_tunnel.h openswan-2.nate/linux/include/openswan/ipsec_tunnel.h
--- openswan-2.cvs/linux/include/openswan/ipsec_tunnel.h	2004-04-05 14:55:07.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_tunnel.h	2004-06-28 10:55:20.000000000 -0500
@@ -70,13 +70,13 @@
 struct ipsecpriv
 {
 	struct sk_buff_head sendq;
-	struct device *dev;
+	struct net_device *dev;
 	struct wait_queue *wait_queue;
 	char locked;
 	int  (*hard_start_xmit) (struct sk_buff *skb,
-		struct device *dev);
+		struct net_device *dev);
 	int  (*hard_header) (struct sk_buff *skb,
-		struct device *dev,
+		struct net_device *dev,
 		unsigned short type,
 		void *daddr,
 		void *saddr,
@@ -84,23 +84,27 @@
 #ifdef NET_21
 	int  (*rebuild_header)(struct sk_buff *skb);
 #else /* NET_21 */
-	int  (*rebuild_header)(void *buff, struct device *dev,
+	int  (*rebuild_header)(void *buff, struct net_device *dev,
 			unsigned long raddr, struct sk_buff *skb);
 #endif /* NET_21 */
-	int  (*set_mac_address)(struct device *dev, void *addr);
+	int  (*set_mac_address)(struct net_device *dev, void *addr);
 #ifndef NET_21
-	void (*header_cache_bind)(struct hh_cache **hhp, struct device *dev,
-				 unsigned short htype, __u32 daddr);
+	void (*header_cache_bind)(struct hh_cache **hhp
+				 , struct net_device *dev
+				 , unsigned short htype
+				 , __u32 daddr);
 #endif /* !NET_21 */
-	void (*header_cache_update)(struct hh_cache *hh, struct device *dev, unsigned char *  haddr);
-	struct net_device_stats *(*get_stats)(struct device *dev);
+	void (*header_cache_update)(struct hh_cache *hh
+				   , struct net_device *dev
+				   , unsigned char *  haddr);
+	struct net_device_stats *(*get_stats)(struct net_device *dev);
 	struct net_device_stats mystats;
 	int mtu;	/* What is the desired MTU? */
 };
 
 extern char ipsec_tunnel_c_version[];
 
-extern struct device *ipsecdevices[IPSEC_NUM_IF];
+extern struct net_device *ipsecdevices[IPSEC_NUM_IF];
 
 int ipsec_tunnel_init_devices(void);
 
@@ -108,7 +112,8 @@
 
 extern /* void */ int ipsec_init(void);
 
-extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev);
+extern int ipsec_tunnel_start_xmit(struct sk_buff *skb
+				  , struct net_device *dev);
 
 #ifdef CONFIG_IPSEC_DEBUG
 extern int debug_tunnel;
diff -Naur openswan-2.cvs/linux/include/openswan/ipsec_xmit.h openswan-2.nate/linux/include/openswan/ipsec_xmit.h
--- openswan-2.cvs/linux/include/openswan/ipsec_xmit.h	2004-04-05 21:49:08.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_xmit.h	2004-06-28 10:55:20.000000000 -0500
@@ -56,7 +56,7 @@
 struct ipsec_xmit_state
 {
 	struct sk_buff *skb;		/* working skb pointer */
-	struct device *dev;		/* working dev pointer */
+	struct net_device *dev;		/* working dev pointer */
 	struct ipsecpriv *prv;		/* Our device' private space */
 	struct sk_buff *oskb;		/* Original skb pointer */
 	struct net_device_stats *stats;	/* This device's statistics */
@@ -87,8 +87,8 @@
 	size_t sa_len;
 	int hard_header_stripped;	/* has the hard header been removed yet? */
 	int hard_header_len;
-	struct device *physdev;
-/*	struct device *virtdev; */
+	struct net_device *physdev;
+/*	struct net_device *virtdev; */
 	short physmtu;
 	short mtudiff;
 #ifdef NET_21
diff -Naur openswan-2.cvs/linux/include/openswan.h openswan-2.nate/linux/include/openswan.h
--- openswan-2.cvs/linux/include/openswan.h	2004-06-07 19:53:13.000000000 -0500
+++ openswan-2.nate/linux/include/openswan.h	2004-06-28 10:55:20.000000000 -0500
@@ -151,6 +151,7 @@
 #		define	SPI_HOLD	259
 #		define	SPI_TRAP	260
 #		define  SPI_TRAPSUBNET  261
+#		define  SPI_PASSTRAP	262
 	int proto;		/* C. protocol */
 #		define	SA_ESP	50	/* IPPROTO_ESP */
 #		define	SA_AH	51	/* IPPROTO_AH */
diff -Naur openswan-2.cvs/linux/include/pfkey.h openswan-2.nate/linux/include/pfkey.h
--- openswan-2.cvs/linux/include/pfkey.h	2004-04-05 21:49:00.000000000 -0500
+++ openswan-2.nate/linux/include/pfkey.h	2004-06-28 10:55:20.000000000 -0500
@@ -25,7 +25,6 @@
 extern /* void */ int pfkey_init(void);
 extern /* void */ int pfkey_cleanup(void);
 
-extern struct sock *pfkey_sock_list;
 struct socket_list
 {
 	struct socket *socketp;
@@ -142,7 +141,7 @@
 	struct sock	*sk;
 };
 
-#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid
+#define key_pid(sk) ((struct key_opt*)&((sk)->sk_protinfo))->key_pid
 
 /* XXX-mcr this is not an alignment, this is because the count is in 64-bit
  * words.
diff -Naur openswan-2.cvs/linux/net/ipsec/adler32.c openswan-2.nate/linux/net/ipsec/adler32.c
--- openswan-2.cvs/linux/net/ipsec/adler32.c	2002-04-24 02:55:32.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/adler32.c	2004-06-28 15:11:52.000000000 -0500
@@ -6,7 +6,7 @@
 /* @(#) $Id: adler32.c,v 1.4 2002/04/24 07:55:32 mcr Exp $ */
 
 #include <zlib/zlib.h>
-#include "zconf.h"
+#include <zlib/zconf.h>
 
 #define BASE 65521L /* largest prime smaller than 65536 */
 #define NMAX 5552
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_ah.c openswan-2.nate/linux/net/ipsec/ipsec_ah.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_ah.c	2004-04-05 21:49:25.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_ah.c	2004-06-28 10:55:20.000000000 -0500
@@ -36,6 +36,7 @@
 #include <linux/etherdevice.h>	/* eth_type_trans */
 #include <linux/ip.h>		/* struct iphdr */
 #include <linux/skbuff.h>
+#include <net/protocol.h>
 #include <openswan.h>
 #ifdef SPINLOCK
 # ifdef SPINLOCK_23
@@ -336,6 +337,12 @@
 	},
 };
 
+#ifdef NET_26
+struct inet_protocol ah_protocol = {
+	.handler = ipsec_rcv,
+	.no_policy = 1,
+};
+#else
 struct inet_protocol ah_protocol =
 {
 	ipsec_rcv,				/* AH handler */
@@ -350,6 +357,7 @@
 	"AH"				/* name */
 #endif
 };
+#endif
 
 #endif /* CONFIG_IPSEC_AH */
 
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_alg.c openswan-2.nate/linux/net/ipsec/ipsec_alg.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_alg.c	2004-06-22 09:59:49.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_alg.c	2004-06-28 10:55:20.000000000 -0500
@@ -89,13 +89,13 @@
  */
 static void __ipsec_alg_usage_inc(struct ipsec_alg *ixt) {
 	if (ixt->ixt_module)
-		__MOD_INC_USE_COUNT(ixt->ixt_module);
+		MOD_INC_USE_COUNT;
 	atomic_inc(&ixt->ixt_refcnt);
 }
 static void __ipsec_alg_usage_dec(struct ipsec_alg *ixt) {
 	atomic_dec(&ixt->ixt_refcnt);
 	if (ixt->ixt_module)
-		__MOD_DEC_USE_COUNT(ixt->ixt_module);
+		MOD_DEC_USE_COUNT;
 }
 /*
  * 	simple hash function, optimized for 0-hash (1 list) special
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_esp.c openswan-2.nate/linux/net/ipsec/ipsec_esp.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_esp.c	2004-04-05 21:49:25.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_esp.c	2004-06-28 10:55:20.000000000 -0500
@@ -51,6 +51,7 @@
 #endif /* NET21 */
 #include <asm/checksum.h>
 #include <net/ip.h>
+#include <net/protocol.h>
 
 #include "openswan/radij.h"
 #include "openswan/ipsec_encap.h"
@@ -528,6 +529,12 @@
 	},
 };
 
+#ifdef NET_26
+struct inet_protocol esp_protocol = {
+  .handler = ipsec_rcv,
+  .no_policy = 1,
+};
+#else
 struct inet_protocol esp_protocol =
 {
 	ipsec_rcv,			/* ESP handler		*/
@@ -543,7 +550,7 @@
 #endif
 };
 
-
+#endif /* !NET_26 */
 
 #endif /* !CONFIG_IPSEC_ESP */
 
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_init.c openswan-2.nate/linux/net/ipsec/ipsec_init.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_init.c	2004-04-05 21:49:26.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_init.c	2004-06-28 10:55:20.000000000 -0500
@@ -24,6 +24,8 @@
 #include <linux/version.h>
 #include <linux/module.h>
 #include <linux/kernel.h> /* printk() */
+#include <linux/skbuff.h>
+#include <net/protocol.h>
 
 #include "openswan/ipsec_param.h"
 
@@ -40,7 +42,6 @@
 #include <linux/etherdevice.h> /* eth_type_trans */
 #include <linux/ip.h>          /* struct iphdr */
 #include <linux/in.h>          /* struct sockaddr_in */
-#include <linux/skbuff.h>
 #include <linux/random.h>       /* get_random_bytes() */
 #include <openswan.h>
 
@@ -158,8 +159,13 @@
 int
 ipsec_init(void)
 {
+	static int inited=0;
 	int error = 0;
 	unsigned char seed[256];
+
+	if(inited) return 0;
+	inited++;
+
 #ifdef CONFIG_IPSEC_ENC_3DES
 	extern int des_check_key;
 
@@ -286,9 +292,8 @@
 	return error;
 }
 
-#ifdef MODULE
-int
-init_module(void)
+static int
+init_ipsec(void)
 {
 	int error = 0;
 
@@ -297,8 +302,8 @@
 	return error;
 }
 
-int
-cleanup_module(void)
+static void
+exit_ipsec(void)
 {
 	int error = 0;
 
@@ -310,10 +315,10 @@
 
 	KLIPS_PRINT(1, "klips_info:cleanup_module: "
 		    "ipsec module unloaded.\n");
-
-	return error;
 }
-#endif /* MODULE */
+
+module_init(init_ipsec)
+module_exit(exit_ipsec)
 
 /*
  * $Log: ipsec_init.c,v $
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_mast.c openswan-2.nate/linux/net/ipsec/ipsec_mast.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_mast.c	2003-10-30 20:27:55.000000000 -0600
+++ openswan-2.nate/linux/net/ipsec/ipsec_mast.c	2004-06-28 10:55:20.000000000 -0500
@@ -74,7 +74,7 @@
 int ipsec_maxdevice_count = -1;
 
 DEBUG_NO_STATIC int
-ipsec_mast_open(struct device *dev)
+ipsec_mast_open(struct net_device *dev)
 {
 	struct ipsecpriv *prv = dev->priv;
 	
@@ -95,7 +95,7 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_mast_close(struct device *dev)
+ipsec_mast_close(struct net_device *dev)
 {
 	MOD_DEC_USE_COUNT;
 	return 0;
@@ -215,7 +215,9 @@
  *	and that skb is filled properly by that function.
  */
 int
-ipsec_mast_start_xmit(struct sk_buff *skb, struct device *dev, IPsecSAref_t SAref)
+ipsec_mast_start_xmit(struct sk_buff *skb
+		     , struct net_device *dev
+		     , IPsecSAref_t SAref)
 {
 	struct ipsec_xmit_state ixs_mem;
 	struct ipsec_xmit_state *ixs = &ixs_mem;
@@ -241,7 +243,7 @@
 #endif
 
 DEBUG_NO_STATIC struct net_device_stats *
-ipsec_mast_get_stats(struct device *dev)
+ipsec_mast_get_stats(struct net_device *dev)
 {
 	return &(((struct ipsecpriv *)(dev->priv))->mystats);
 }
@@ -252,11 +254,15 @@
  */
 
 DEBUG_NO_STATIC int
-ipsec_mast_hard_header(struct sk_buff *skb, struct device *dev,
-	unsigned short type, void *daddr, void *saddr, unsigned len)
+ipsec_mast_hard_header(struct sk_buff *skb
+		      , struct net_device *dev,
+		      , unsigned short type
+		      , void *daddr
+		      , void *saddr
+		      , unsigned len)
 {
 	struct ipsecpriv *prv = dev->priv;
-	struct device *tmp;
+	struct net_device *tmp;
 	int ret;
 	struct net_device_stats *stats;	/* This device's statistics */
 	
@@ -329,7 +335,7 @@
 			return -ENODEV;
 		}
 		
-#define da ((struct device *)(prv->dev))->dev_addr
+#define da ((struct net_device *)(prv->dev))->dev_addr
 		KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
 			    "klips_debug:ipsec_mast_hard_header: "
 			    "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ",
@@ -360,7 +366,7 @@
 ipsec_mast_rebuild_header(struct sk_buff *skb)
 {
 	struct ipsecpriv *prv = skb->dev->priv;
-	struct device *tmp;
+	struct net_device *tmp;
 	int ret;
 	struct net_device_stats *stats;	/* This device's statistics */
 	
@@ -420,7 +426,7 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_mast_set_mac_address(struct device *dev, void *addr)
+ipsec_mast_set_mac_address(struct net_device *dev, void *addr)
 {
 	struct ipsecpriv *prv = dev->priv;
 	
@@ -469,7 +475,9 @@
 }
 
 DEBUG_NO_STATIC void
-ipsec_mast_cache_update(struct hh_cache *hh, struct device *dev, unsigned char *  haddr)
+ipsec_mast_cache_update(struct hh_cache *hh
+		       , struct net_device *dev
+		       , unsigned char *  haddr)
 {
 	struct ipsecpriv *prv = dev->priv;
 	
@@ -530,7 +538,8 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_mast_neigh_setup_dev(struct device *dev, struct neigh_parms *p)
+ipsec_mast_neigh_setup_dev(struct net_device *dev
+		          , struct neigh_parms *p)
 {
 	KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
 		    "klips_debug:ipsec_mast_neigh_setup_dev: "
@@ -550,7 +559,8 @@
  */
 
 DEBUG_NO_STATIC int
-ipsec_mast_attach(struct device *dev, struct device *physdev)
+ipsec_mast_attach(struct net_device *dev
+		 , struct net_device *physdev)
 {
         int i;
 	struct ipsecpriv *prv = dev->priv;
@@ -633,7 +643,7 @@
  */
 
 DEBUG_NO_STATIC int
-ipsec_mast_detach(struct device *dev)
+ipsec_mast_detach(struct net_device *dev)
 {
         int i;
 	struct ipsecpriv *prv = dev->priv;
@@ -710,7 +720,7 @@
 ipsec_mast_clear(void)
 {
 	int i;
-	struct device *ipsecdev = NULL, *prvdev;
+	struct net_device *ipsecdev = NULL, *prvdev;
 	struct ipsecpriv *prv;
 	char name[9];
 	int ret;
@@ -722,7 +732,7 @@
 		sprintf(name, IPSEC_DEV_FORMAT, i);
 		if((ipsecdev = ipsec_dev_get(name)) != NULL) {
 			if((prv = (struct ipsecpriv *)(ipsecdev->priv))) {
-				prvdev = (struct device *)(prv->dev);
+				prvdev = (struct net_device *)(prv->dev);
 				if(prvdev) {
 					KLIPS_PRINT(debug_mast & DB_MAST_INIT,
 						    "klips_debug:ipsec_mast_clear: "
@@ -743,11 +753,12 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_mast_ioctl(struct device *dev, struct ifreq *ifr, int cmd)
+ipsec_mast_ioctl(struct net_device *dev
+		, struct ifreq *ifr, int cmd)
 {
 	struct ipsecmastconf *cf = (struct ipsecmastconf *)&ifr->ifr_data;
 	struct ipsecpriv *prv = dev->priv;
-	struct device *them; /* physical device */
+	struct net_device *them; /* physical device */
 #ifdef CONFIG_IP_ALIAS
 	char *colon;
 	char realphysname[IFNAMSIZ];
@@ -839,8 +850,8 @@
 int
 ipsec_mast_device_event(struct notifier_block *unused, unsigned long event, void *ptr)
 {
-	struct device *dev = ptr;
-	struct device *ipsec_dev;
+	struct net_device *dev = ptr;
+	struct net_device *ipsec_dev;
 	struct ipsecpriv *priv;
 	char name[9];
 	int i;
@@ -893,7 +904,7 @@
 				priv = (struct ipsecpriv *)(ipsec_dev->priv);
 				if(priv) {
 					;
-					if(((struct device *)(priv->dev)) == dev) {
+					if(((struct net_device *)(priv->dev)) == dev) {
 						/* dev_close(ipsec_dev); */
 						/* return */ ipsec_mast_detach(ipsec_dev);
 						KLIPS_PRINT(debug_mast & DB_MAST_INIT,
@@ -978,7 +989,7 @@
  */
  
 int
-ipsec_mast_init(struct device *dev)
+ipsec_mast_init(struct net_device *dev)
 {
 	int i;
 
@@ -1030,7 +1041,7 @@
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
 int
-ipsec_mast_probe(struct device *dev)
+ipsec_mast_probe(struct net_device *dev)
 {
 	ipsec_mast_init(dev); 
 	return 0;
@@ -1049,7 +1060,7 @@
 	int error = 0;
 	int i;
 	char name[10];
-	struct device *dev_mast;
+	struct net_device *dev_mast;
 	
 	for(i = 0; i < ipsec_mastdevice_count; i++) {
 		sprintf(name, MAST_DEV_FORMAT, i);
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_proc.c openswan-2.nate/linux/net/ipsec/ipsec_proc.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_proc.c	2004-04-25 16:23:11.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_proc.c	2004-06-28 10:55:20.000000000 -0500
@@ -531,7 +531,7 @@
 	off_t begin = 0;
 	int i;
 	char name[9];
-	struct device *dev, *privdev;
+	struct net_device *dev, *privdev;
 	struct ipsecpriv *priv;
 
 	KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
@@ -550,7 +550,7 @@
 			len += ipsec_snprintf(buffer+len, length-len, "%s",
 				       dev->name);
 			if(priv) {
-				privdev = (struct device *)(priv->dev);
+				privdev = (struct net_device *)(priv->dev);
 				len += ipsec_snprintf(buffer+len, length-len, " -> %s",
 					       privdev ? privdev->name : "NULL");
 				len += ipsec_snprintf(buffer+len, length-len, " mtu=%d(%d) -> %d",
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_rcv.c openswan-2.nate/linux/net/ipsec/ipsec_rcv.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_rcv.c	2004-05-10 17:27:00.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_rcv.c	2004-06-28 10:55:20.000000000 -0500
@@ -89,7 +89,8 @@
 int sysctl_ipsec_inbound_policy_check = 1;
 
 #ifdef CONFIG_IPSEC_NAT_TRAVERSAL
-#include <linux/udp.h>
+#include <net/udp.h>
+#include <net/tcp.h>
 #endif
 
 #ifdef CONFIG_IPSEC_DEBUG
@@ -748,22 +749,24 @@
 #ifdef NET_21
 ipsec_rcv(struct sk_buff *skb, unsigned short xlen)
 #else /* NET_21 */
-ipsec_rcv(struct sk_buff *skb, struct device *dev, struct options *opt,
-		__u32 daddr_unused, unsigned short xlen, __u32 saddr,
+ipsec_rcv(struct sk_buff *skb
+	 , struct net_device *dev
+	 , struct options *opt
+	 , __u32 daddr_unused, unsigned short xlen, __u32 saddr,
 				   int redo, struct inet_protocol *protocol)
 #endif /* NET_21 */
 #endif /* PROTO_HANDLER_SINGLE_PARM */
 {
 #ifdef NET_21
 #ifdef CONFIG_IPSEC_DEBUG
-	struct device *dev = skb->dev;
+	struct net_device *dev = skb->dev;
 #endif /* CONFIG_IPSEC_DEBUG */
 #endif /* NET_21 */
 	unsigned char protoc;
 	struct iphdr *ipp;
 	struct ipsec_sa *ipsp = NULL;
 	struct net_device_stats *stats = NULL;		/* This device's statistics */
-	struct device *ipsecdev = NULL, *prvdev;
+	struct net_device *ipsecdev = NULL, *prvdev;
 	struct ipsecpriv *prv;
 	char name[9];
 	int i;
@@ -1037,7 +1040,7 @@
 					    name);
 			}
 			prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL;
-			prvdev = prv ? (struct device *)(prv->dev) : NULL;
+			prvdev = prv ? (struct net_device *)(prv->dev) : NULL;
 
 #if 0
 			KLIPS_PRINT(debug_rcv && prvdev,
diff -Naur openswan-2.cvs/linux/net/ipsec/ipsec_tunnel.c openswan-2.nate/linux/net/ipsec/ipsec_tunnel.c
--- openswan-2.cvs/linux/net/ipsec/ipsec_tunnel.c	2004-04-05 21:49:26.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_tunnel.c	2004-06-28 10:55:20.000000000 -0500
@@ -32,12 +32,12 @@
 #include <linux/errno.h>  /* error codes */
 #include <linux/types.h>  /* size_t */
 #include <linux/interrupt.h> /* mark_bh */
+#include <net/tcp.h>
+#include <net/udp.h>
 
 #include <linux/netdevice.h>   /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */
 #include <linux/etherdevice.h> /* eth_type_trans */
 #include <linux/ip.h>          /* struct iphdr */
-#include <linux/tcp.h>         /* struct tcphdr */
-#include <linux/udp.h>         /* struct udphdr */
 #include <linux/skbuff.h>
 #include <openswan.h>
 #ifdef NET_21
@@ -80,6 +80,11 @@
 #include <linux/udp.h>
 #endif
 
+#ifndef TRUE
+#define TRUE 1
+#define FALSE 0
+#endif
+
 static __u32 zeroes[64];
 
 #ifdef CONFIG_IPSEC_DEBUG
@@ -87,7 +92,7 @@
 #endif /* CONFIG_IPSEC_DEBUG */
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_open(struct device *dev)
+ipsec_tunnel_open(struct net_device *dev)
 {
 	struct ipsecpriv *prv = dev->priv;
 	
@@ -98,7 +103,8 @@
 	KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
 		    "klips_debug:ipsec_tunnel_open: "
 		    "dev = %s, prv->dev = %s\n",
-		    dev->name, prv->dev?prv->dev->name:"NONE");
+		    dev->name,
+		    prv->dev?prv->dev->name:"NONE");
 
 	if (prv->dev == NULL)
 		return -ENODEV;
@@ -108,7 +114,7 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_close(struct device *dev)
+ipsec_tunnel_close(struct net_device *dev)
 {
 	MOD_DEC_USE_COUNT;
 	return 0;
@@ -179,6 +185,10 @@
 enum ipsec_xmit_value
 ipsec_tunnel_SAlookup(struct ipsec_xmit_state *ixs)
 {
+	unsigned int bypass;
+
+	bypass = FALSE;
+
 	/*
 	 * First things first -- look us up in the erouting tables.
 	 */
@@ -198,27 +208,102 @@
 	
 	ixs->eroute = ipsec_findroute(&ixs->matcher);
 
-	if(ixs->iph->protocol == IPPROTO_UDP) {
+ 	/* extract information for later */
+ 	if(ixs->iph->protocol == IPPROTO_UDP) {
+		struct udphdr *t = NULL;
+
+		KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+			    "klips_debug:udp port check: "
+			    "fragoff: %d len: %d>%d \n",
+			    ntohs(ixs->iph->frag_off) & IP_OFFSET,
+			    (ixs->skb->len - ixs->hard_header_len),
+			    (ixs->iph->ihl << 2) + sizeof(struct udphdr));
+		
+		if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 &&
+		   ((ixs->skb->len - ixs->hard_header_len) >=
+		    ((ixs->iph->ihl << 2) + sizeof(struct udphdr))))
+		{
+			t =((struct udphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2)));
+			KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+				    "klips_debug:udp port in packet: "
+				    "port %d -> %d\n",
+				    ntohs(t->source), ntohs(t->dest));
+		}
+
+		ixs->sport=0; ixs->dport=0;
+
 		if(ixs->skb->sk) {
-			ixs->sport=ntohs(ixs->skb->sk->sport);
-			ixs->dport=ntohs(ixs->skb->sk->dport);
-		} else if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 &&
-			  ((ixs->skb->len - ixs->hard_header_len) >=
-			   ((ixs->iph->ihl << 2) + sizeof(struct udphdr)))) {
-			ixs->sport=ntohs(((struct udphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2)))->source);
-			ixs->dport=ntohs(((struct udphdr*)((caddr_t)ixs->iph + (ixs->iph->ihl<<2)))->dest);
-		} else {
-			ixs->sport=0; ixs->dport=0;
+#ifdef NET_26
+			struct udp_sock *us;
+			
+			us = (struct udp_sock *)ixs->skb->sk;
+
+			ixs->sport = ntohs(us->inet.sport);
+			ixs->dport = ntohs(us->inet.dport);
+#else
+			ixs->sport = ntohs(ixs->skb->sk->sport);
+			ixs->dport = ntohs(ixs->skb->sk->dport);
+#endif
+
+		} 
+
+		if(t != NULL) {
+			if(ixs->sport == 0) {
+				ixs->sport = ntohs(t->source);
+			}
+			if(ixs->dport == 0) {
+				ixs->dport = ntohs(t->dest);
+			}
 		}
 	}
+	
+	/*
+	 * practically identical to above, but let's be careful about
+	 * tcp vs udp headers
+	 */
+	if(ixs->iph->protocol == IPPROTO_TCP) {
+		struct tcphdr *t = NULL;
 
+		if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 &&
+		   ((ixs->skb->len - ixs->hard_header_len) >=
+		    ((ixs->iph->ihl << 2) + sizeof(struct tcphdr)))) {
+			t =((struct tcphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2)));
+		}
+
+		ixs->sport=0; ixs->dport=0;
+
+		if(ixs->skb->sk) {
+#ifdef NET_26
+			struct tcp_tw_bucket *tw;
+			
+			tw = (struct tcp_tw_bucket *)ixs->skb->sk;
+
+			ixs->sport = ntohs(tw->tw_sport);
+			ixs->dport = ntohs(tw->tw_dport);
+#else
+			ixs->sport = ntohs(ixs->skb->sk->sport);
+			ixs->dport = ntohs(ixs->skb->sk->dport);
+#endif
+		} 
+
+		if(t != NULL) {
+			if(ixs->sport == 0) {
+				ixs->sport = ntohs(t->source);
+			}
+			if(ixs->dport == 0) {
+				ixs->dport = ntohs(t->dest);
+			}
+		}
+	}
+	
 	/* default to a %drop eroute */
 	ixs->outgoing_said.proto = IPPROTO_INT;
 	ixs->outgoing_said.spi = htonl(SPI_DROP);
 	ixs->outgoing_said.dst.u.v4.sin_addr.s_addr = INADDR_ANY;
+
 	KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
 		    "klips_debug:ipsec_xmit_SAlookup: "
-		    "checking for local udp/500 IKE packet "
+		    "checking for local udp/500 IKE packet or local DNS "
 		    "saddr=%x, er=0p%p, daddr=%x, er_dst=%x, proto=%d sport=%d dport=%d\n",
 		    ntohl((unsigned int)ixs->iph->saddr),
 		    ixs->eroute,
@@ -229,33 +314,90 @@
 		    ixs->dport); 
 
 	/*
-	 * Quick cheat for now...are we udp/500? If so, let it through
+	 * cheat for now...are we udp/500? If so, let it through
 	 * without interference since it is most likely an IKE packet.
 	 */
 
 	if (ip_chk_addr((unsigned long)ixs->iph->saddr) == IS_MYADDR
-	    && (!ixs->eroute
+	    && (ixs->eroute==NULL
 		|| ixs->iph->daddr == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr
 		|| INADDR_ANY == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr)
 
-	    && ((ixs->sport == 500) || (ixs->sport == 4500))) {
+	    && ((ixs->iph->protocol == IPPROTO_UDP) && ((ixs->sport == 500) || (ixs->sport == 4500)))) {
 		/* Whatever the eroute, this is an IKE message
 		 * from us (i.e. not being forwarded).
 		 * Furthermore, if there is a tunnel eroute,
 		 * the destination is the peer for this eroute.
 		 * So %pass the packet: modify the default %drop.
 		 */
+
 		ixs->outgoing_said.spi = htonl(SPI_PASS);
 		if(!(ixs->skb->sk) && ((ntohs(ixs->iph->frag_off) & IP_MF) != 0)) {
 			KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
 				    "klips_debug:ipsec_xmit_SAlookup: "
 				    "local UDP/500 (probably IKE) passthrough: base fragment, rest of fragments will probably get filtered.\n");
 		}
-	} else if (ixs->eroute) {
+ 		bypass = TRUE;
+ 	}
+ 
+ 	/*
+ 	 *
+ 	 * if we are udp/53 or tcp/53, also let it through a %trap or %hold,
+ 	 * since it is DNS, but *also* follow the %trap.
+ 	 * 
+ 	 * we do not do this for tunnels, only %trap's and %hold's.
+ 	 *
+ 	 */
+ 
+ 	if (ip_chk_addr((unsigned long)ixs->iph->saddr) == IS_MYADDR
+ 	    && (ixs->eroute==NULL
+ 		|| ixs->iph->daddr == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr
+ 		|| INADDR_ANY == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr)
+ 	    && ((ixs->iph->protocol == IPPROTO_UDP
+ 		 || ixs->iph->protocol == IPPROTO_TCP)
+ 		&& ixs->dport == 53)) {
+ 		
+ 		KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ 			    "klips_debug:ipsec_xmit_SAlookup: "
+ 			    "possible DNS packet\n");
+ 
+ 		if(ixs->eroute)
+ 		{
+ 			if(ixs->eroute->er_said.spi == htonl(SPI_TRAP)
+ 			   || ixs->eroute->er_said.spi == htonl(SPI_HOLD))
+ 			{
+ 				ixs->outgoing_said.spi = htonl(SPI_PASSTRAP);
+ 				bypass = TRUE;
+ 			}
+ 		}
+ 		else
+ 		{
+ 			ixs->outgoing_said.spi = htonl(SPI_PASSTRAP);
+ 			bypass = TRUE;
+ 		}
+ 				
+ 		KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ 			    "klips_debug:ipsec_xmit_SAlookup: "
+ 			    "bypass = %d\n", bypass);
+ 
+ 		if(bypass
+ 		   && !(ixs->skb->sk)
+ 		   && ((ntohs(ixs->iph->frag_off) & IP_MF) != 0))
+ 		{
+ 			KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ 				    "klips_debug:ipsec_xmit_SAlookup: "
+ 				    "local port 53 (probably DNS) passthrough:"
+ 				    "base fragment, rest of fragments will "
+ 				    "probably get filtered.\n");
+ 		}
+ 	}
+ 
+ 	if (bypass==FALSE && ixs->eroute) {
 		ixs->eroute->er_count++;
 		ixs->eroute->er_lasttime = jiffies/HZ;
 		if(ixs->eroute->er_said.proto==IPPROTO_INT
-		   && ixs->eroute->er_said.spi==htonl(SPI_HOLD)) {
+		   && ixs->eroute->er_said.spi==htonl(SPI_HOLD))
+		{
 			KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
 				    "klips_debug:ipsec_xmit_SAlookup: "
 				    "shunt SA of HOLD: skb stored in HOLD.\n");
@@ -270,6 +412,7 @@
 		}
 		ixs->outgoing_said = ixs->eroute->er_said;
 		ixs->eroute_pid = ixs->eroute->er_pid;
+
 		/* Copy of the ident for the TRAP/TRAPSUBNET eroutes */
 		if(ixs->outgoing_said.proto==IPPROTO_INT
 		   && (ixs->outgoing_said.spi==htonl(SPI_TRAP)
@@ -279,7 +422,8 @@
 			ixs->ips.ips_ident_s.type = ixs->eroute->er_ident_s.type;
 			ixs->ips.ips_ident_s.id = ixs->eroute->er_ident_s.id;
 			ixs->ips.ips_ident_s.len = ixs->eroute->er_ident_s.len;
-			if (ixs->ips.ips_ident_s.len) {
+			if (ixs->ips.ips_ident_s.len)
+			{
 				len = ixs->ips.ips_ident_s.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
 				KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
 					    "klips_debug:ipsec_xmit_SAlookup: "
@@ -298,7 +442,8 @@
 			ixs->ips.ips_ident_d.type = ixs->eroute->er_ident_d.type;
 			ixs->ips.ips_ident_d.id = ixs->eroute->er_ident_d.id;
 			ixs->ips.ips_ident_d.len = ixs->eroute->er_ident_d.len;
-			if (ixs->ips.ips_ident_d.len) {
+			if (ixs->ips.ips_ident_d.len)
+			{
 				len = ixs->ips.ips_ident_d.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
 				KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
 					    "klips_debug:ipsec_xmit_SAlookup: "
@@ -542,7 +687,8 @@
  *	and that skb is filled properly by that function.
  */
 int
-ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev)
+ipsec_tunnel_start_xmit(struct sk_buff *skb
+		       , struct net_device *dev)
 {
 	struct ipsec_xmit_state ixs_mem;
 	struct ipsec_xmit_state *ixs = &ixs_mem;
@@ -642,7 +788,7 @@
 }
 
 DEBUG_NO_STATIC struct net_device_stats *
-ipsec_tunnel_get_stats(struct device *dev)
+ipsec_tunnel_get_stats(struct net_device *dev)
 {
 	return &(((struct ipsecpriv *)(dev->priv))->mystats);
 }
@@ -653,11 +799,11 @@
  */
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_hard_header(struct sk_buff *skb, struct device *dev,
+ipsec_tunnel_hard_header(struct sk_buff *skb, struct net_device *dev,
 	unsigned short type, void *daddr, void *saddr, unsigned len)
 {
 	struct ipsecpriv *prv = dev->priv;
-	struct device *tmp;
+	struct net_device *tmp;
 	int ret;
 	struct net_device_stats *stats;	/* This device's statistics */
 	
@@ -737,7 +883,7 @@
 			return -ENODEV;
 		}
 		
-#define da ((struct device *)(prv->dev))->dev_addr
+#define da ((struct net_device *)(prv->dev))->dev_addr
 		KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
 			    "klips_debug:ipsec_tunnel_hard_header: "
 			    "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ",
@@ -775,12 +921,12 @@
 #ifdef NET_21
 ipsec_tunnel_rebuild_header(struct sk_buff *skb)
 #else /* NET_21 */
-ipsec_tunnel_rebuild_header(void *buff, struct device *dev,
+ipsec_tunnel_rebuild_header(void *buff, struct net_device *dev,
 			unsigned long raddr, struct sk_buff *skb)
 #endif /* NET_21 */
 {
 	struct ipsecpriv *prv = skb->dev->priv;
-	struct device *tmp;
+	struct net_device *tmp;
 	int ret;
 	struct net_device_stats *stats;	/* This device's statistics */
 	
@@ -858,7 +1004,7 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_set_mac_address(struct device *dev, void *addr)
+ipsec_tunnel_set_mac_address(struct net_device *dev, void *addr)
 {
 	struct ipsecpriv *prv = dev->priv;
 	
@@ -908,7 +1054,7 @@
 
 #ifndef NET_21
 DEBUG_NO_STATIC void
-ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct device *dev,
+ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct net_device *dev,
 				 unsigned short htype, __u32 daddr)
 {
 	struct ipsecpriv *prv = dev->priv;
@@ -960,7 +1106,7 @@
 
 
 DEBUG_NO_STATIC void
-ipsec_tunnel_cache_update(struct hh_cache *hh, struct device *dev, unsigned char *  haddr)
+ipsec_tunnel_cache_update(struct hh_cache *hh, struct net_device *dev, unsigned char *  haddr)
 {
 	struct ipsecpriv *prv = dev->priv;
 	
@@ -1022,7 +1168,7 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_neigh_setup_dev(struct device *dev, struct neigh_parms *p)
+ipsec_tunnel_neigh_setup_dev(struct net_device *dev, struct neigh_parms *p)
 {
 	KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
 		    "klips_debug:ipsec_tunnel_neigh_setup_dev: "
@@ -1043,7 +1189,7 @@
  */
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_attach(struct device *dev, struct device *physdev)
+ipsec_tunnel_attach(struct net_device *dev, struct net_device *physdev)
 {
         int i;
 	struct ipsecpriv *prv = dev->priv;
@@ -1136,7 +1282,7 @@
  */
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_detach(struct device *dev)
+ipsec_tunnel_detach(struct net_device *dev)
 {
         int i;
 	struct ipsecpriv *prv = dev->priv;
@@ -1162,7 +1308,6 @@
 		    prv->dev ? prv->dev->name : "NULL",
 		    dev->name);
 
-	ipsec_dev_put(prv->dev);
 	prv->dev = NULL;
 	prv->hard_start_xmit = NULL;
 	prv->get_stats = NULL;
@@ -1223,7 +1368,7 @@
 ipsec_tunnel_clear(void)
 {
 	int i;
-	struct device *ipsecdev = NULL, *prvdev;
+	struct net_device *ipsecdev = NULL, *prvdev;
 	struct ipsecpriv *prv;
 	char name[9];
 	int ret;
@@ -1232,10 +1377,10 @@
 		    "klips_debug:ipsec_tunnel_clear: .\n");
 
 	for(i = 0; i < IPSEC_NUM_IF; i++) {
-   	        ipsecdev = ipsecdevices[i];
-		if(ipsecdev != NULL) {
+		sprintf(name, IPSEC_DEV_FORMAT, i);
+		if((ipsecdev = ipsec_dev_get(name)) != NULL) {
 			if((prv = (struct ipsecpriv *)(ipsecdev->priv))) {
-				prvdev = (struct device *)(prv->dev);
+				prvdev = (struct net_device *)(prv->dev);
 				if(prvdev) {
 					KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
 						    "klips_debug:ipsec_tunnel_clear: "
@@ -1256,11 +1401,11 @@
 }
 
 DEBUG_NO_STATIC int
-ipsec_tunnel_ioctl(struct device *dev, struct ifreq *ifr, int cmd)
+ipsec_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 {
 	struct ipsectunnelconf *cf = (struct ipsectunnelconf *)&ifr->ifr_data;
 	struct ipsecpriv *prv = dev->priv;
-	struct device *them; /* physical device */
+	struct net_device *them; /* physical device */
 #ifdef CONFIG_IP_ALIAS
 	char *colon;
 	char realphysname[IFNAMSIZ];
@@ -1300,7 +1445,6 @@
 				    "klips_debug:ipsec_tunnel_ioctl: "
 				    "physical device %s requested is null\n",
 				    cf->cf_name);
-			ipsec_dev_put(them);
 			return -ENXIO;
 		}
 		
@@ -1310,7 +1454,6 @@
 				    "klips_debug:ipsec_tunnel_ioctl: "
 				    "physical device %s requested is not up.\n",
 				    cf->cf_name);
-			ipsec_dev_put(them);
 			return -ENXIO;
 		}
 #endif
@@ -1320,7 +1463,6 @@
 				    "klips_debug:ipsec_tunnel_ioctl: "
 				    "virtual device is already connected to %s.\n",
 				    prv->dev->name ? prv->dev->name : "NULL");
-			ipsec_dev_put(them);
 			return -EBUSY;
 		}
 		return ipsec_tunnel_attach(dev, them);
@@ -1355,8 +1497,8 @@
 int
 ipsec_device_event(struct notifier_block *unused, unsigned long event, void *ptr)
 {
-	struct device *dev = ptr;
-	struct device *ipsec_dev;
+	struct net_device *dev = ptr;
+	struct net_device *ipsec_dev;
 	struct ipsecpriv *priv;
 	int i;
 
@@ -1411,7 +1553,7 @@
 				priv = (struct ipsecpriv *)(ipsec_dev->priv);
 				if(priv) {
 					;
-					if(((struct device *)(priv->dev)) == dev) {
+					if(((struct net_device *)(priv->dev)) == dev) {
 						/* dev_close(ipsec_dev); */
 						/* return */ ipsec_tunnel_detach(ipsec_dev);
 						KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
@@ -1498,7 +1640,7 @@
  */
  
 int
-ipsec_tunnel_init(struct device *dev)
+ipsec_tunnel_init(struct net_device *dev)
 {
 	int i;
 
@@ -1552,15 +1694,6 @@
 
 	/* New-style flags. */
 	dev->flags		= IFF_NOARP /* 0 */ /* Petr Novak */;
-#ifdef NET_21
-	dev_init_buffers(dev);
-#else /* NET_21 */
-	dev->family		= AF_INET;
-	dev->pa_addr		= 0;
-	dev->pa_brdaddr 	= 0;
-	dev->pa_mask		= 0;
-	dev->pa_alen		= 4;
-#endif /* NET_21 */
 
 	/* We're done.  Have I forgotten anything? */
 	return 0;
@@ -1571,31 +1704,33 @@
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 
 int
-ipsec_tunnel_probe(struct device *dev)
+ipsec_tunnel_probe(struct net_device *dev)
 {
 	ipsec_tunnel_init(dev); 
 	return 0;
 }
 
-struct device *ipsecdevices[IPSEC_NUM_IF];
+struct net_device *ipsecdevices[IPSEC_NUM_IF];
 
 int 
 ipsec_tunnel_init_devices(void)
 {
 	int i;
 	char name[IFNAMSIZ];
-	struct device *dev_ipsec;
+	struct net_device *dev_ipsec;
 	
 	KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
 		    "klips_debug:ipsec_tunnel_init_devices: "
 		    "creating and registering IPSEC_NUM_IF=%u devices, allocating %lu per device, IFNAMSIZ=%u.\n",
 		    IPSEC_NUM_IF,
-		    (unsigned long) (sizeof(struct device) + IFNAMSIZ),
+		    (unsigned long) (sizeof(struct net_device) + IFNAMSIZ),
 		    IFNAMSIZ);
 
 	for(i = 0; i < IPSEC_NUM_IF; i++) {
 		sprintf(name, IPSEC_DEV_FORMAT, i);
-		dev_ipsec = (struct device*)kmalloc(sizeof(struct device), GFP_KERNEL);
+		
+		dev_ipsec = (struct net_device*)kmalloc(sizeof(struct net_device), GFP_KERNEL);
+
 		if (dev_ipsec == NULL) {
 			KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
 				    "klips_debug:ipsec_tunnel_init_devices: "
@@ -1603,7 +1738,7 @@
 				    name);
 			return -ENOMEM;
 		}
-		memset((caddr_t)dev_ipsec, 0, sizeof(struct device));
+		memset((caddr_t)dev_ipsec, 0, sizeof(struct net_device));
 #ifdef NETDEV_23
 		strncpy(dev_ipsec->name, name, sizeof(dev_ipsec->name));
 #else /* NETDEV_23 */
@@ -1618,6 +1753,9 @@
 		memset((caddr_t)dev_ipsec->name, 0, IFNAMSIZ);
 		strncpy(dev_ipsec->name, name, IFNAMSIZ);
 #endif /* NETDEV_23 */
+
+		SET_MODULE_OWNER(dev_ipsec);
+		
 		dev_ipsec->next = NULL;
 		dev_ipsec->init = &ipsec_tunnel_probe;
 		KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
@@ -1652,7 +1790,7 @@
 	int error = 0;
 	int i;
 	char name[32];
-	struct device *dev_ipsec;
+	struct net_device *dev_ipsec;
 	
 	for(i = 0; i < IPSEC_NUM_IF; i++) {
    	        dev_ipsec = ipsecdevices[i];
diff -Naur openswan-2.cvs/linux/net/ipsec/pfkey_v2.c openswan-2.nate/linux/net/ipsec/pfkey_v2.c
--- openswan-2.cvs/linux/net/ipsec/pfkey_v2.c	2004-04-25 16:23:11.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/pfkey_v2.c	2004-06-28 10:55:20.000000000 -0500
@@ -87,7 +87,19 @@
 #endif /* SOCKOPS_WRAPPED */
 
 extern struct proto_ops pfkey_ops;
+
+#ifdef NET_26
+HLIST_HEAD(pfkey_sock_list);
+static DECLARE_WAIT_QUEUE_HEAD(pfkey_sock_wait);
+static rwlock_t pfkey_sock_lock = RW_LOCK_UNLOCKED;
+static atomic_t pfkey_sock_users = ATOMIC_INIT(0);
+#else
+extern struct proto_ops pfkey_ops;
 struct sock *pfkey_sock_list = NULL;
+#endif
+
+#include "openswan/ipsec_kern24.h"
+
 struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
 
 struct socket_list *pfkey_open_sockets = NULL;
@@ -95,6 +107,51 @@
 
 int pfkey_msg_interp(struct sock *, struct sadb_msg *, struct sadb_msg **);
 
+#ifdef NET_26
+static void pfkey_sock_list_grab(void)
+{
+	write_lock_bh(&pfkey_sock_lock);
+
+	if (atomic_read(&pfkey_sock_users)) {
+		DECLARE_WAITQUEUE(wait, current);
+
+		add_wait_queue_exclusive(&pfkey_sock_wait, &wait);
+		for(;;) {
+			set_current_state(TASK_UNINTERRUPTIBLE);
+			if (atomic_read(&pfkey_sock_users) == 0)
+				break;
+			write_unlock_bh(&pfkey_sock_lock);
+			schedule();
+			write_lock_bh(&pfkey_sock_lock);
+		}
+
+		__set_current_state(TASK_RUNNING);
+		remove_wait_queue(&pfkey_sock_wait, &wait);
+	}
+}
+
+static __inline__ void pfkey_sock_list_ungrab(void)
+{
+	write_unlock_bh(&pfkey_sock_lock);
+	wake_up(&pfkey_sock_wait);
+}
+
+static __inline__ void pfkey_lock_sock_list(void)
+{
+	/* read_lock() synchronizes us to pfkey_table_grab */
+
+	read_lock(&pfkey_sock_lock);
+	atomic_inc(&pfkey_sock_users);
+	read_unlock(&pfkey_sock_lock);
+}
+
+static __inline__ void pfkey_unlock_sock_list(void)
+{
+	if (atomic_dec_and_test(&pfkey_sock_users))
+		wake_up(&pfkey_sock_wait);
+}
+#endif
+
 int
 pfkey_list_remove_socket(struct socket *socketp, struct socket_list **sockets)
 {
@@ -315,10 +372,16 @@
 		    "klips_debug:pfkey_insert_socket: "
 		    "sk=0p%p\n",
 		    sk);
+#ifdef NET_26
+	pfkey_sock_list_grab();
+	sk_add_node(sk, &pfkey_sock_list);
+	pfkey_sock_list_ungrab();
+#else
 	cli();
 	sk->next=pfkey_sock_list;
 	pfkey_sock_list=sk;
 	sti();
+#endif
 }
 
 DEBUG_NO_STATIC void
@@ -328,6 +391,11 @@
 	
 	KLIPS_PRINT(debug_pfkey,
 		    "klips_debug:pfkey_remove_socket: .\n");
+#ifdef NET_26
+	pfkey_sock_list_grab();
+	sk_del_node_init(sk);
+	pfkey_sock_list_ungrab();
+#else
 	cli();
 	s=&pfkey_sock_list;
 
@@ -344,6 +412,8 @@
 		s=&((*s)->next);
 	}
 	sti();
+#endif
+
 	KLIPS_PRINT(debug_pfkey,
 		    "klips_debug:pfkey_remove_socket: "
 		    "not found.\n");
@@ -366,10 +436,11 @@
 		    "klips_debug:pfkey_destroy_socket: "
 		    "sk(0p%p)->(&0p%p)receive_queue.{next=0p%p,prev=0p%p}.\n",
 		    sk,
-		    &(sk->receive_queue),
-		    sk->receive_queue.next,
-		    sk->receive_queue.prev);
-	while(sk && ((skb=skb_dequeue(&(sk->receive_queue)))!=NULL)) {
+		    &(sk->sk_receive_queue),
+		    sk->sk_receive_queue.next,
+		    sk->sk_receive_queue.prev);
+
+	while(sk && ((skb=skb_dequeue(&(sk->sk_receive_queue)))!=NULL)) {
 #ifdef NET_21
 #ifdef CONFIG_IPSEC_DEBUG
 		if(debug_pfkey && sysctl_ipsec_debug_verbose) {
@@ -441,7 +512,11 @@
 		ipsec_kfree_skb(skb);
 	}
 
+#ifdef NET_26
+	sock_set_flag(sk, SOCK_DEAD);
+#else
 	sk->dead = 1;
+#endif
 	sk_free(sk);
 
 	KLIPS_PRINT(debug_pfkey,
@@ -571,12 +646,20 @@
 #ifdef NET_21
 	sock->state = SS_UNCONNECTED;
 #endif /* NET_21 */
+
 	MOD_INC_USE_COUNT;
+
 #ifdef NET_21
-	if((sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1)) == NULL)
+#ifdef NET_26
+	sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1, NULL);
+#else
+	sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1);
+#endif
 #else /* NET_21 */
-	if((sk=(struct sock *)sk_alloc(GFP_KERNEL)) == NULL)
+	sk=(struct sock *)sk_alloc(GFP_KERNEL);
 #endif /* NET_21 */
+
+	if(sk == NULL)
 	{
 		KLIPS_PRINT(debug_pfkey,
 			    "klips_debug:pfkey_create: "
@@ -592,39 +675,42 @@
 #ifdef NET_21
 	sock_init_data(sock, sk);
 
-	sk->destruct = NULL;
-	sk->reuse = 1;
+	sk->sk_destruct = NULL;
+	sk->sk_reuse = 1;
 	sock->ops = &pfkey_ops;
 
-	sk->zapped=0;
-	sk->family = PF_KEY;
+	sk->sk_zapped=0;
+	sk->sk_family = PF_KEY;
 /*	sk->num = protocol; */
-	sk->protocol = protocol;
+	sk->sk_protocol = protocol;
 	key_pid(sk) = current->pid;
 	KLIPS_PRINT(debug_pfkey,
 		    "klips_debug:pfkey_create: "
 		    "sock->fasync_list=0p%p sk->sleep=0p%p.\n",
 		    sock->fasync_list,
-		    sk->sleep);
+		    sk->sk_sleep);
 #else /* NET_21 */
 	sk->type=sock->type;
 	init_timer(&sk->timer);
-	skb_queue_head_init(&sk->write_queue);
-	skb_queue_head_init(&sk->receive_queue);
+	skb_queue_head_init(&sk->sk_write_queue);
+	skb_queue_head_init(&sk->sk_receive_queue);
 	skb_queue_head_init(&sk->back_log);
-	sk->rcvbuf=SK_RMEM_MAX;
-	sk->sndbuf=SK_WMEM_MAX;
-	sk->allocation=GFP_KERNEL;
-	sk->state=TCP_CLOSE;
-	sk->priority=SOPRI_NORMAL;
-	sk->state_change=pfkey_state_change;
-	sk->data_ready=pfkey_data_ready;
-	sk->write_space=pfkey_write_space;
-	sk->error_report=pfkey_state_change;
+	sk->sk_rcvbuf=SK_RMEM_MAX;
+	sk->sk_sndbuf=SK_WMEM_MAX;
+	sk->sk_allocation=GFP_KERNEL;
+	sk->sk_state=TCP_CLOSE;
+	sk->sk_priority=SOPRI_NORMAL;
+	sk->sk_state_change=pfkey_state_change;
+	sk->sk_data_ready=pfkey_data_ready;
+	sk->sk_write_space=pfkey_write_space;
+	sk->sk_error_report=pfkey_state_change;
+#ifndef NET_26
 	sk->mtu=4096;
 	sk->socket=sock;
+#endif
+
 	sock->data=(void *)sk;
-	sk->sleep=sock->wait;
+	sk->sk_sleep=sock->wait;
 #endif /* NET_21 */
 
 	pfkey_insert_socket(sk);
@@ -713,10 +799,10 @@
 		    "sock=0p%p sk=0p%p\n", sock, sk);
 
 #ifdef NET_21
-	if(!sk->dead)
+	if(sock_flag(sk, SOCK_DEAD))
 #endif /* NET_21 */
-		if(sk->state_change) {
-			sk->state_change(sk);
+		if(sk->sk_state_change) {
+			sk->sk_state_change(sk);
 		}
 
 #ifdef NET_21
@@ -859,13 +945,13 @@
 	mode++;
 	
 	if(mode&SEND_SHUTDOWN) {
-		sk->shutdown|=SEND_SHUTDOWN;
-		sk->state_change(sk);
+		sk->sk_shutdown|=SEND_SHUTDOWN;
+		sk->sk_state_change(sk);
 	}
 
 	if(mode&RCV_SHUTDOWN) {
-		sk->shutdown|=RCV_SHUTDOWN;
-		sk->state_change(sk);
+		sk->sk_shutdown|=RCV_SHUTDOWN;
+		sk->sk_state_change(sk);
 	}
 	return 0;
 }
@@ -957,7 +1043,11 @@
 		
 DEBUG_NO_STATIC int
 #ifdef NET_21
+#ifdef NET_26
+pfkey_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, int len)
+#else
 pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
+#endif
 #else /* NET_21 */
 pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, int nonblock, int flags)
 #endif /* NET_21 */
@@ -995,7 +1085,7 @@
 
 	KLIPS_PRINT(debug_pfkey,
 		    "klips_debug:pfkey_sendmsg: .\n");
-	if(sk->err) {
+	if(sk->sk_err) {
 		error = sock_error(sk);
 		KLIPS_PRINT(debug_pfkey,
 			    "klips_debug:pfkey_sendmsg: "
@@ -1023,7 +1113,7 @@
 		SENDERR(EINVAL);
 	}
 		
-	if(sk->shutdown & SEND_SHUTDOWN) {
+	if(sk->sk_shutdown & SEND_SHUTDOWN) {
 		KLIPS_PRINT(debug_pfkey,
 			    "klips_debug:pfkey_sendmsg: "
 			    "shutdown.\n");
@@ -1165,7 +1255,18 @@
 		
 DEBUG_NO_STATIC int
 #ifdef NET_21
-pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags, struct scm_cookie *scm)
+#ifdef NET_26
+pfkey_recvmsg(struct kiocb *kiocb
+	      , struct socket *sock
+	      , struct msghdr *msg
+	      , size_t size
+	      , int flags)
+#else
+pfkey_recvmsg(struct socket *sock
+	      , struct msghdr *msg
+	      , int size, int flags
+	      , struct scm_cookie *scm)
+#endif
 #else /* NET_21 */
 pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int noblock, int flags, int *addr_len)
 #endif /* NET_21 */
@@ -1224,10 +1325,10 @@
 	}
 #endif /* NET_21 */
 		
-	if(sk->err) {
+	if(sk->sk_err) {
 		KLIPS_PRINT(debug_pfkey,
 			    "klips_debug:pfkey_sendmsg: "
-			    "sk->err=%d.\n", sk->err);
+			    "sk->sk_err=%d.\n", sk->sk_err);
 		return sock_error(sk);
 	}
 
@@ -1245,7 +1346,7 @@
 #endif /* NET_21 */
 
 	skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
-        sk->stamp=skb->stamp;
+        sk->sk_stamp=skb->stamp;
 
 	skb_free_datagram(sk, skb);
 	return size;
@@ -1336,9 +1437,12 @@
 )
 {
 	const int max_content = length > 0? length-1 : 0;
+#ifdef NET_26
+	struct hlist_node *node;
+#endif
 	off_t begin=0;
 	int len=0;
-	struct sock *sk=pfkey_sock_list;
+	struct sock *sk;
 	
 #ifdef CONFIG_IPSEC_DEBUG
 	if(!sysctl_ipsec_debug_verbose) {
@@ -1352,46 +1456,41 @@
 	}
 #endif /* CONFIG_IPSEC_DEBUG */
 	
-	while(sk!=NULL) {
+	sk_for_each(sk, node, &pfkey_sock_list) {
+
 #ifdef CONFIG_IPSEC_DEBUG
 		if(!sysctl_ipsec_debug_verbose) {
 #endif /* CONFIG_IPSEC_DEBUG */
 		len += ipsec_snprintf(buffer+len, length-len,
-			     "%8p %5d %8p %8p %8p %d %d %d %5d %08lX %8X %2X\n",
+			     "%8p %5d %8p %d %d %5d %08lX %8X %2X\n",
 			     sk,
 			     key_pid(sk),
-			     sk->socket,
-			     sk->next,
-			     sk->prev,
-			     sk->err,
-			     sk->num,
-			     sk->protocol,
-			     sk->sndbuf,
-			     sk->socket->flags,
-			     sk->socket->type,
-			     sk->socket->state);
+			     sk->sk_socket,
+			     sk->sk_err,
+			     sk->sk_protocol,
+			     sk->sk_sndbuf,
+			     sk->sk_socket->flags,
+			     sk->sk_socket->type,
+			     sk->sk_socket->state);
 #ifdef CONFIG_IPSEC_DEBUG
 		} else {
 			len += ipsec_snprintf(buffer+len, length-len,
-			     "%8p %5d %d %8p %8p %8p %8p %d %d %d %d %d %5d %d.%06d %08lX %8X %2X\n",
+			     "%8p %5d %d %8p %8p %d %d %d %d %5d %d.%06d %08lX %8X %2X\n",
 			     sk,
 			     key_pid(sk),
-			     sk->dead,
-			     sk->sleep,
-			     sk->socket,
-			     sk->next,
-			     sk->prev,
-			     sk->err,
-			     sk->reuse,
-			     sk->zapped,
-			     sk->num,
-			     sk->protocol,
-			     sk->sndbuf,
-			     (unsigned int)sk->stamp.tv_sec,
-			     (unsigned int)sk->stamp.tv_usec,
-			     sk->socket->flags,
-			     sk->socket->type,
-			     sk->socket->state);
+			     sock_flag(sk, SOCK_DEAD),
+			     sk->sk_sleep,
+			     sk->sk_socket,
+			     sk->sk_err,
+			     sk->sk_reuse,
+			     sk->sk_zapped,
+			     sk->sk_protocol,
+			     sk->sk_sndbuf,
+			     (unsigned int)sk->sk_stamp.tv_sec,
+			     (unsigned int)sk->sk_stamp.tv_usec,
+			     sk->sk_socket->flags,
+			     sk->sk_socket->type,
+			     sk->sk_socket->state);
 		}
 #endif /* CONFIG_IPSEC_DEBUG */
 		
@@ -1411,7 +1510,7 @@
                                begin = pos;
                        }
                 } 
-		sk=sk->next;
+		//sk=sk->next;
 
         }
 
diff -Naur openswan-2.cvs/linux/net/ipsec/pfkey_v2_parser.c openswan-2.nate/linux/net/ipsec/pfkey_v2_parser.c
--- openswan-2.cvs/linux/net/ipsec/pfkey_v2_parser.c	2004-04-05 21:49:26.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/pfkey_v2_parser.c	2004-06-28 10:55:20.000000000 -0500
@@ -85,7 +85,7 @@
 
 #include "openswan/ipsec_proto.h"
 #include "openswan/ipsec_alg.h"
-
+#include "openswan/ipsec_kern24.h"
 
 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
 
@@ -1710,7 +1710,7 @@
 		SENDERR(-error);
 	}
 	
-	if((error = pfkey_upmsg(sk->socket, pfkey_reply))) {
+	if((error = pfkey_upmsg(sk->sk_socket, pfkey_reply))) {
 		KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: "
 			    "failed to send the get reply message\n");
 		SENDERR(-error);
@@ -1798,7 +1798,7 @@
 		SENDERR(EINVAL);
 	}
 
-	if(!pfkey_list_insert_socket(sk->socket,
+	if(!pfkey_list_insert_socket(sk->sk_socket,
 				 &(pfkey_registered_sockets[satype]))) {
 		KLIPS_PRINT(debug_pfkey,
 			    "klips_debug:pfkey_register_parse: "
-------------- next part --------------
mv ./linux/lib/libfreeswan/addrtoa.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/addrtot.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/addrtypeof.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/anyaddr.c linux/net/ipsec/
mv ./linux/crypto/ciphers/des/cbc_enc.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/datatot.c linux/net/ipsec/
mv ./linux/crypto/ciphers/des/des_enc.c linux/net/ipsec/
mv ./linux/crypto/ciphers/des/des_locl.h linux/net/ipsec/
mv ./linux/crypto/ciphers/des/ecb_enc.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/goodmask.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/initaddr.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/pfkey_v2_build.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/pfkey_v2_debug.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/pfkey_v2_ext_bits.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/pfkey_v2_parse.c linux/net/ipsec/
mv ./linux/crypto/ciphers/des/podd.h linux/net/ipsec/
mv ./linux/lib/libfreeswan/prng.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/rangetoa.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/satot.c linux/net/ipsec/
mv ./linux/crypto/ciphers/des/set_key.c linux/net/ipsec/
mv ./linux/crypto/ciphers/des/sk.h linux/net/ipsec/
mv ./linux/crypto/ciphers/des/spr.h linux/net/ipsec/
mv ./linux/lib/libfreeswan/subnetof.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/subnettoa.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/ultoa.c linux/net/ipsec/
mv ./linux/lib/libfreeswan/ultot.c linux/net/ipsec/
mv ./linux/lib/zlib/adler32.c linux/net/ipsec/
mv ./linux/lib/zlib/deflate.c linux/net/ipsec/
mv ./linux/lib/zlib/infblock.c linux/net/ipsec/
mv ./linux/lib/zlib/infcodes.c linux/net/ipsec/
mv ./linux/lib/zlib/inffast.c linux/net/ipsec/
mv ./linux/lib/zlib/inflate.c linux/net/ipsec/
mv ./linux/lib/zlib/inftrees.c linux/net/ipsec/
mv ./linux/lib/zlib/infutil.c linux/net/ipsec/
mv ./linux/lib/zlib/trees.c linux/net/ipsec/
mv ./linux/lib/zlib/zutil.c linux/net/ipsec/
mv ./linux/lib/zlib/zconf.h linux/include/zlib/
mv ./linux/lib/zlib/deflate.h linux/net/ipsec/
mv ./linux/lib/zlib/infblock.h linux/net/ipsec/
mv ./linux/lib/zlib/inftrees.h linux/net/ipsec/
mv ./linux/lib/zlib/infcodes.h linux/net/ipsec/
mv ./linux/lib/zlib/infutil.h linux/net/ipsec/
mv ./linux/lib/zlib/inffast.h linux/net/ipsec/
mv ./linux/lib/zlib/inffixed.h linux/net/ipsec/
mv ./linux/lib/zlib/trees.h linux/net/ipsec/
mv ./linux/crypto/ciphers/des/fcrypt.c linux/net/ipsec/
mv ./linux/crypto/ciphers/des/fcrypt_b.c linux/net/ipsec/


More information about the Dev mailing list