[Openswan dev] Yet another update to 26sec build
Nate Carlson
natecars at natecarlson.com
Thu Jul 1 15:23:18 CEST 2004
OK, I took Ferdinand's Makefile updates, and updated them a bit more
myself. This Makefile will read out of defconfig to figure out what files
to build, and apply the proper defines automatically. I've also fixed the
ipcomp problem - had to move zconf.h to the includes directory.
Files:
------
Makefile: updated makefile.
defconfig: replacement defconfig file.
move-files-zlib: move zconf.h to the new location.
openswan-head-26klips-new.patch: patches to build under 2.6.
openswan-26klips-fix-zconf.patch: patch to move zconf.h to includes.
See previous messages for build instructions.
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
-------------- next part --------------
mv lib/zlib/zconf.h include/zlib/
-------------- next part --------------
diff -Naur openswan-2/linux/include/zlib/zlib.h openswan-2.nate/linux/include/zlib/zlib.h
--- openswan-2/linux/include/zlib/zlib.h 2002-04-24 02:36:48.000000000 -0500
+++ openswan-2.nate/linux/include/zlib/zlib.h 2004-07-01 13:53:57.000000000 -0500
@@ -31,7 +31,7 @@
#ifndef _ZLIB_H
#define _ZLIB_H
-#include "zconf.h"
+#include <zlib/zconf.h>
#ifdef __cplusplus
extern "C" {
diff -Naur openswan-2/linux/lib/zlib/adler32.c openswan-2.nate/linux/lib/zlib/adler32.c
--- openswan-2/linux/lib/zlib/adler32.c 2002-04-24 02:55:32.000000000 -0500
+++ openswan-2.nate/linux/lib/zlib/adler32.c 2004-07-01 13:53:50.000000000 -0500
@@ -6,7 +6,7 @@
/* @(#) $Id: adler32.c,v 1.4 2002/04/24 07:55:32 mcr Exp $ */
#include <zlib/zlib.h>
-#include "zconf.h"
+#include <zlib/zconf.h>
#define BASE 65521L /* largest prime smaller than 65536 */
#define NMAX 5552
-------------- next part --------------
diff -Naur openswan-2/linux/include/openswan/ipsec_kern24.h openswan-2.nate/linux/include/openswan/ipsec_kern24.h
--- openswan-2/linux/include/openswan/ipsec_kern24.h 1969-12-31 18:00:00.000000000 -0600
+++ openswan-2.nate/linux/include/openswan/ipsec_kern24.h 2004-07-01 14:01:33.000000000 -0500
@@ -0,0 +1,43 @@
+/*
+ * @(#) routines to makes kernel 2.4 compatible with 2.6 usage.
+
+ * Copyright (C) 2004 Michael Richardson <mcr at sandelman.ottawa.on.ca>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: ipsec_kern24.h,v 1.1 2004/02/22 06:49:15 mcr Exp $
+ */
+
+#ifndef _IPSEC_KERN24_H
+
+#ifndef NET_26
+#define sk_receive_queue receive_queue
+#define sk_destruct destruct
+#define sk_reuse reuse
+#define sk_zapped zapped
+#define sk_family family
+#define sk_protocol protocol
+#define sk_protinfo protinfo
+#define sk_sleep sleep
+#define sk_state_change state_change
+#define sk_shutdown shutdown
+#define sk_err err
+#define sk_stamp stamp
+#define sk_socket socket
+#define sk_sndbuf sndbuf
+#define sock_flag(sk, flag) sk->dead
+#define sk_for_each(sk, node, plist) for(sk=*plist; sk!=NULL; sk = sk->next)
+#endif
+
+#define _IPSEC_KERN24_H 1
+
+#endif /* _IPSEC_KERN24_H */
+
diff -Naur openswan-2/linux/include/openswan/ipsec_kversion.h openswan-2.nate/linux/include/openswan/ipsec_kversion.h
--- openswan-2/linux/include/openswan/ipsec_kversion.h 2004-07-01 13:59:00.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_kversion.h 2004-07-01 14:01:33.000000000 -0500
@@ -108,6 +108,7 @@
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
#define HAVE_NETDEV_PRINTK 1
+#define NET_26
#endif
#ifdef NET_21
@@ -129,7 +130,11 @@
#endif /* NET_21 */
#ifdef NETDEV_23
-# define device net_device
+#if 0
+#ifndef NETDEV_25
+#define device net_device
+#endif
+#endif
# define ipsec_dev_get dev_get_by_name
# define __ipsec_dev_get __dev_get_by_name
# define ipsec_dev_put(x) dev_put(x)
diff -Naur openswan-2/linux/include/openswan/ipsec_rcv.h openswan-2.nate/linux/include/openswan/ipsec_rcv.h
--- openswan-2/linux/include/openswan/ipsec_rcv.h 2004-07-01 13:59:00.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_rcv.h 2004-07-01 14:01:33.000000000 -0500
@@ -123,7 +123,7 @@
#ifdef NET_21
unsigned short xlen);
#else /* NET_21 */
- struct device *dev,
+ struct net_device *dev,
struct options *opt,
__u32 daddr,
unsigned short len,
diff -Naur openswan-2/linux/include/openswan/ipsec_tunnel.h openswan-2.nate/linux/include/openswan/ipsec_tunnel.h
--- openswan-2/linux/include/openswan/ipsec_tunnel.h 2004-07-01 13:59:00.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_tunnel.h 2004-07-01 14:01:33.000000000 -0500
@@ -70,13 +70,13 @@
struct ipsecpriv
{
struct sk_buff_head sendq;
- struct device *dev;
+ struct net_device *dev;
struct wait_queue *wait_queue;
char locked;
int (*hard_start_xmit) (struct sk_buff *skb,
- struct device *dev);
+ struct net_device *dev);
int (*hard_header) (struct sk_buff *skb,
- struct device *dev,
+ struct net_device *dev,
unsigned short type,
void *daddr,
void *saddr,
@@ -84,23 +84,27 @@
#ifdef NET_21
int (*rebuild_header)(struct sk_buff *skb);
#else /* NET_21 */
- int (*rebuild_header)(void *buff, struct device *dev,
+ int (*rebuild_header)(void *buff, struct net_device *dev,
unsigned long raddr, struct sk_buff *skb);
#endif /* NET_21 */
- int (*set_mac_address)(struct device *dev, void *addr);
+ int (*set_mac_address)(struct net_device *dev, void *addr);
#ifndef NET_21
- void (*header_cache_bind)(struct hh_cache **hhp, struct device *dev,
- unsigned short htype, __u32 daddr);
+ void (*header_cache_bind)(struct hh_cache **hhp
+ , struct net_device *dev
+ , unsigned short htype
+ , __u32 daddr);
#endif /* !NET_21 */
- void (*header_cache_update)(struct hh_cache *hh, struct device *dev, unsigned char * haddr);
- struct net_device_stats *(*get_stats)(struct device *dev);
+ void (*header_cache_update)(struct hh_cache *hh
+ , struct net_device *dev
+ , unsigned char * haddr);
+ struct net_device_stats *(*get_stats)(struct net_device *dev);
struct net_device_stats mystats;
int mtu; /* What is the desired MTU? */
};
extern char ipsec_tunnel_c_version[];
-extern struct device *ipsecdevices[IPSEC_NUM_IF];
+extern struct net_device *ipsecdevices[IPSEC_NUM_IF];
int ipsec_tunnel_init_devices(void);
@@ -108,7 +112,8 @@
extern /* void */ int ipsec_init(void);
-extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev);
+extern int ipsec_tunnel_start_xmit(struct sk_buff *skb
+ , struct net_device *dev);
#ifdef CONFIG_IPSEC_DEBUG
extern int debug_tunnel;
diff -Naur openswan-2/linux/include/openswan/ipsec_xmit.h openswan-2.nate/linux/include/openswan/ipsec_xmit.h
--- openswan-2/linux/include/openswan/ipsec_xmit.h 2004-07-01 13:59:00.000000000 -0500
+++ openswan-2.nate/linux/include/openswan/ipsec_xmit.h 2004-07-01 14:01:33.000000000 -0500
@@ -56,7 +56,7 @@
struct ipsec_xmit_state
{
struct sk_buff *skb; /* working skb pointer */
- struct device *dev; /* working dev pointer */
+ struct net_device *dev; /* working dev pointer */
struct ipsecpriv *prv; /* Our device' private space */
struct sk_buff *oskb; /* Original skb pointer */
struct net_device_stats *stats; /* This device's statistics */
@@ -87,8 +87,8 @@
size_t sa_len;
int hard_header_stripped; /* has the hard header been removed yet? */
int hard_header_len;
- struct device *physdev;
-/* struct device *virtdev; */
+ struct net_device *physdev;
+/* struct net_device *virtdev; */
short physmtu;
short mtudiff;
#ifdef NET_21
diff -Naur openswan-2/linux/include/openswan.h openswan-2.nate/linux/include/openswan.h
--- openswan-2/linux/include/openswan.h 2004-07-01 13:58:59.000000000 -0500
+++ openswan-2.nate/linux/include/openswan.h 2004-07-01 14:01:33.000000000 -0500
@@ -151,6 +151,7 @@
# define SPI_HOLD 259
# define SPI_TRAP 260
# define SPI_TRAPSUBNET 261
+# define SPI_PASSTRAP 262
int proto; /* C. protocol */
# define SA_ESP 50 /* IPPROTO_ESP */
# define SA_AH 51 /* IPPROTO_AH */
diff -Naur openswan-2/linux/include/pfkey.h openswan-2.nate/linux/include/pfkey.h
--- openswan-2/linux/include/pfkey.h 2004-07-01 13:58:59.000000000 -0500
+++ openswan-2.nate/linux/include/pfkey.h 2004-07-01 14:01:33.000000000 -0500
@@ -25,7 +25,6 @@
extern /* void */ int pfkey_init(void);
extern /* void */ int pfkey_cleanup(void);
-extern struct sock *pfkey_sock_list;
struct socket_list
{
struct socket *socketp;
@@ -142,7 +141,7 @@
struct sock *sk;
};
-#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid
+#define key_pid(sk) ((struct key_opt*)&((sk)->sk_protinfo))->key_pid
/* XXX-mcr this is not an alignment, this is because the count is in 64-bit
* words.
diff -Naur openswan-2/linux/net/ipsec/ipsec_ah.c openswan-2.nate/linux/net/ipsec/ipsec_ah.c
--- openswan-2/linux/net/ipsec/ipsec_ah.c 2004-07-01 13:59:02.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_ah.c 2004-07-01 14:01:34.000000000 -0500
@@ -36,6 +36,7 @@
#include <linux/etherdevice.h> /* eth_type_trans */
#include <linux/ip.h> /* struct iphdr */
#include <linux/skbuff.h>
+#include <net/protocol.h>
#include <openswan.h>
#ifdef SPINLOCK
# ifdef SPINLOCK_23
@@ -336,6 +337,12 @@
},
};
+#ifdef NET_26
+struct inet_protocol ah_protocol = {
+ .handler = ipsec_rcv,
+ .no_policy = 1,
+};
+#else
struct inet_protocol ah_protocol =
{
ipsec_rcv, /* AH handler */
@@ -350,6 +357,7 @@
"AH" /* name */
#endif
};
+#endif
#endif /* CONFIG_IPSEC_AH */
diff -Naur openswan-2/linux/net/ipsec/ipsec_alg.c openswan-2.nate/linux/net/ipsec/ipsec_alg.c
--- openswan-2/linux/net/ipsec/ipsec_alg.c 2004-07-01 13:59:02.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_alg.c 2004-07-01 14:01:34.000000000 -0500
@@ -89,13 +89,13 @@
*/
static void __ipsec_alg_usage_inc(struct ipsec_alg *ixt) {
if (ixt->ixt_module)
- __MOD_INC_USE_COUNT(ixt->ixt_module);
+ MOD_INC_USE_COUNT;
atomic_inc(&ixt->ixt_refcnt);
}
static void __ipsec_alg_usage_dec(struct ipsec_alg *ixt) {
atomic_dec(&ixt->ixt_refcnt);
if (ixt->ixt_module)
- __MOD_DEC_USE_COUNT(ixt->ixt_module);
+ MOD_DEC_USE_COUNT;
}
/*
* simple hash function, optimized for 0-hash (1 list) special
diff -Naur openswan-2/linux/net/ipsec/ipsec_esp.c openswan-2.nate/linux/net/ipsec/ipsec_esp.c
--- openswan-2/linux/net/ipsec/ipsec_esp.c 2004-07-01 13:59:03.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_esp.c 2004-07-01 14:01:34.000000000 -0500
@@ -51,6 +51,7 @@
#endif /* NET21 */
#include <asm/checksum.h>
#include <net/ip.h>
+#include <net/protocol.h>
#include "openswan/radij.h"
#include "openswan/ipsec_encap.h"
@@ -528,6 +529,12 @@
},
};
+#ifdef NET_26
+struct inet_protocol esp_protocol = {
+ .handler = ipsec_rcv,
+ .no_policy = 1,
+};
+#else
struct inet_protocol esp_protocol =
{
ipsec_rcv, /* ESP handler */
@@ -543,7 +550,7 @@
#endif
};
-
+#endif /* !NET_26 */
#endif /* !CONFIG_IPSEC_ESP */
diff -Naur openswan-2/linux/net/ipsec/ipsec_init.c openswan-2.nate/linux/net/ipsec/ipsec_init.c
--- openswan-2/linux/net/ipsec/ipsec_init.c 2004-07-01 13:59:03.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_init.c 2004-07-01 14:01:34.000000000 -0500
@@ -24,6 +24,8 @@
#include <linux/version.h>
#include <linux/module.h>
#include <linux/kernel.h> /* printk() */
+#include <linux/skbuff.h>
+#include <net/protocol.h>
#include "openswan/ipsec_param.h"
@@ -40,7 +42,6 @@
#include <linux/etherdevice.h> /* eth_type_trans */
#include <linux/ip.h> /* struct iphdr */
#include <linux/in.h> /* struct sockaddr_in */
-#include <linux/skbuff.h>
#include <linux/random.h> /* get_random_bytes() */
#include <openswan.h>
@@ -158,8 +159,13 @@
int
ipsec_init(void)
{
+ static int inited=0;
int error = 0;
unsigned char seed[256];
+
+ if(inited) return 0;
+ inited++;
+
#ifdef CONFIG_IPSEC_ENC_3DES
extern int des_check_key;
@@ -286,9 +292,8 @@
return error;
}
-#ifdef MODULE
-int
-init_module(void)
+static int
+init_ipsec(void)
{
int error = 0;
@@ -297,8 +302,8 @@
return error;
}
-int
-cleanup_module(void)
+static void
+exit_ipsec(void)
{
int error = 0;
@@ -310,10 +315,10 @@
KLIPS_PRINT(1, "klips_info:cleanup_module: "
"ipsec module unloaded.\n");
-
- return error;
}
-#endif /* MODULE */
+
+module_init(init_ipsec)
+module_exit(exit_ipsec)
/*
* $Log: ipsec_init.c,v $
diff -Naur openswan-2/linux/net/ipsec/ipsec_mast.c openswan-2.nate/linux/net/ipsec/ipsec_mast.c
--- openswan-2/linux/net/ipsec/ipsec_mast.c 2004-07-01 13:59:03.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_mast.c 2004-07-01 14:01:34.000000000 -0500
@@ -74,7 +74,7 @@
int ipsec_maxdevice_count = -1;
DEBUG_NO_STATIC int
-ipsec_mast_open(struct device *dev)
+ipsec_mast_open(struct net_device *dev)
{
struct ipsecpriv *prv = dev->priv;
@@ -95,7 +95,7 @@
}
DEBUG_NO_STATIC int
-ipsec_mast_close(struct device *dev)
+ipsec_mast_close(struct net_device *dev)
{
MOD_DEC_USE_COUNT;
return 0;
@@ -215,7 +215,9 @@
* and that skb is filled properly by that function.
*/
int
-ipsec_mast_start_xmit(struct sk_buff *skb, struct device *dev, IPsecSAref_t SAref)
+ipsec_mast_start_xmit(struct sk_buff *skb
+ , struct net_device *dev
+ , IPsecSAref_t SAref)
{
struct ipsec_xmit_state ixs_mem;
struct ipsec_xmit_state *ixs = &ixs_mem;
@@ -241,7 +243,7 @@
#endif
DEBUG_NO_STATIC struct net_device_stats *
-ipsec_mast_get_stats(struct device *dev)
+ipsec_mast_get_stats(struct net_device *dev)
{
return &(((struct ipsecpriv *)(dev->priv))->mystats);
}
@@ -252,11 +254,15 @@
*/
DEBUG_NO_STATIC int
-ipsec_mast_hard_header(struct sk_buff *skb, struct device *dev,
- unsigned short type, void *daddr, void *saddr, unsigned len)
+ipsec_mast_hard_header(struct sk_buff *skb
+ , struct net_device *dev,
+ , unsigned short type
+ , void *daddr
+ , void *saddr
+ , unsigned len)
{
struct ipsecpriv *prv = dev->priv;
- struct device *tmp;
+ struct net_device *tmp;
int ret;
struct net_device_stats *stats; /* This device's statistics */
@@ -329,7 +335,7 @@
return -ENODEV;
}
-#define da ((struct device *)(prv->dev))->dev_addr
+#define da ((struct net_device *)(prv->dev))->dev_addr
KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
"klips_debug:ipsec_mast_hard_header: "
"Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ",
@@ -360,7 +366,7 @@
ipsec_mast_rebuild_header(struct sk_buff *skb)
{
struct ipsecpriv *prv = skb->dev->priv;
- struct device *tmp;
+ struct net_device *tmp;
int ret;
struct net_device_stats *stats; /* This device's statistics */
@@ -420,7 +426,7 @@
}
DEBUG_NO_STATIC int
-ipsec_mast_set_mac_address(struct device *dev, void *addr)
+ipsec_mast_set_mac_address(struct net_device *dev, void *addr)
{
struct ipsecpriv *prv = dev->priv;
@@ -469,7 +475,9 @@
}
DEBUG_NO_STATIC void
-ipsec_mast_cache_update(struct hh_cache *hh, struct device *dev, unsigned char * haddr)
+ipsec_mast_cache_update(struct hh_cache *hh
+ , struct net_device *dev
+ , unsigned char * haddr)
{
struct ipsecpriv *prv = dev->priv;
@@ -530,7 +538,8 @@
}
DEBUG_NO_STATIC int
-ipsec_mast_neigh_setup_dev(struct device *dev, struct neigh_parms *p)
+ipsec_mast_neigh_setup_dev(struct net_device *dev
+ , struct neigh_parms *p)
{
KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
"klips_debug:ipsec_mast_neigh_setup_dev: "
@@ -550,7 +559,8 @@
*/
DEBUG_NO_STATIC int
-ipsec_mast_attach(struct device *dev, struct device *physdev)
+ipsec_mast_attach(struct net_device *dev
+ , struct net_device *physdev)
{
int i;
struct ipsecpriv *prv = dev->priv;
@@ -633,7 +643,7 @@
*/
DEBUG_NO_STATIC int
-ipsec_mast_detach(struct device *dev)
+ipsec_mast_detach(struct net_device *dev)
{
int i;
struct ipsecpriv *prv = dev->priv;
@@ -710,7 +720,7 @@
ipsec_mast_clear(void)
{
int i;
- struct device *ipsecdev = NULL, *prvdev;
+ struct net_device *ipsecdev = NULL, *prvdev;
struct ipsecpriv *prv;
char name[9];
int ret;
@@ -722,7 +732,7 @@
sprintf(name, IPSEC_DEV_FORMAT, i);
if((ipsecdev = ipsec_dev_get(name)) != NULL) {
if((prv = (struct ipsecpriv *)(ipsecdev->priv))) {
- prvdev = (struct device *)(prv->dev);
+ prvdev = (struct net_device *)(prv->dev);
if(prvdev) {
KLIPS_PRINT(debug_mast & DB_MAST_INIT,
"klips_debug:ipsec_mast_clear: "
@@ -743,11 +753,12 @@
}
DEBUG_NO_STATIC int
-ipsec_mast_ioctl(struct device *dev, struct ifreq *ifr, int cmd)
+ipsec_mast_ioctl(struct net_device *dev
+ , struct ifreq *ifr, int cmd)
{
struct ipsecmastconf *cf = (struct ipsecmastconf *)&ifr->ifr_data;
struct ipsecpriv *prv = dev->priv;
- struct device *them; /* physical device */
+ struct net_device *them; /* physical device */
#ifdef CONFIG_IP_ALIAS
char *colon;
char realphysname[IFNAMSIZ];
@@ -839,8 +850,8 @@
int
ipsec_mast_device_event(struct notifier_block *unused, unsigned long event, void *ptr)
{
- struct device *dev = ptr;
- struct device *ipsec_dev;
+ struct net_device *dev = ptr;
+ struct net_device *ipsec_dev;
struct ipsecpriv *priv;
char name[9];
int i;
@@ -893,7 +904,7 @@
priv = (struct ipsecpriv *)(ipsec_dev->priv);
if(priv) {
;
- if(((struct device *)(priv->dev)) == dev) {
+ if(((struct net_device *)(priv->dev)) == dev) {
/* dev_close(ipsec_dev); */
/* return */ ipsec_mast_detach(ipsec_dev);
KLIPS_PRINT(debug_mast & DB_MAST_INIT,
@@ -978,7 +989,7 @@
*/
int
-ipsec_mast_init(struct device *dev)
+ipsec_mast_init(struct net_device *dev)
{
int i;
@@ -1030,7 +1041,7 @@
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
int
-ipsec_mast_probe(struct device *dev)
+ipsec_mast_probe(struct net_device *dev)
{
ipsec_mast_init(dev);
return 0;
@@ -1049,7 +1060,7 @@
int error = 0;
int i;
char name[10];
- struct device *dev_mast;
+ struct net_device *dev_mast;
for(i = 0; i < ipsec_mastdevice_count; i++) {
sprintf(name, MAST_DEV_FORMAT, i);
diff -Naur openswan-2/linux/net/ipsec/ipsec_proc.c openswan-2.nate/linux/net/ipsec/ipsec_proc.c
--- openswan-2/linux/net/ipsec/ipsec_proc.c 2004-07-01 13:59:03.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_proc.c 2004-07-01 14:01:34.000000000 -0500
@@ -531,7 +531,7 @@
off_t begin = 0;
int i;
char name[9];
- struct device *dev, *privdev;
+ struct net_device *dev, *privdev;
struct ipsecpriv *priv;
KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
@@ -550,7 +550,7 @@
len += ipsec_snprintf(buffer+len, length-len, "%s",
dev->name);
if(priv) {
- privdev = (struct device *)(priv->dev);
+ privdev = (struct net_device *)(priv->dev);
len += ipsec_snprintf(buffer+len, length-len, " -> %s",
privdev ? privdev->name : "NULL");
len += ipsec_snprintf(buffer+len, length-len, " mtu=%d(%d) -> %d",
diff -Naur openswan-2/linux/net/ipsec/ipsec_rcv.c openswan-2.nate/linux/net/ipsec/ipsec_rcv.c
--- openswan-2/linux/net/ipsec/ipsec_rcv.c 2004-07-01 13:59:03.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_rcv.c 2004-07-01 14:01:34.000000000 -0500
@@ -89,7 +89,8 @@
int sysctl_ipsec_inbound_policy_check = 1;
#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
-#include <linux/udp.h>
+#include <net/udp.h>
+#include <net/tcp.h>
#endif
#ifdef CONFIG_IPSEC_DEBUG
@@ -748,22 +749,24 @@
#ifdef NET_21
ipsec_rcv(struct sk_buff *skb, unsigned short xlen)
#else /* NET_21 */
-ipsec_rcv(struct sk_buff *skb, struct device *dev, struct options *opt,
- __u32 daddr_unused, unsigned short xlen, __u32 saddr,
+ipsec_rcv(struct sk_buff *skb
+ , struct net_device *dev
+ , struct options *opt
+ , __u32 daddr_unused, unsigned short xlen, __u32 saddr,
int redo, struct inet_protocol *protocol)
#endif /* NET_21 */
#endif /* PROTO_HANDLER_SINGLE_PARM */
{
#ifdef NET_21
#ifdef CONFIG_IPSEC_DEBUG
- struct device *dev = skb->dev;
+ struct net_device *dev = skb->dev;
#endif /* CONFIG_IPSEC_DEBUG */
#endif /* NET_21 */
unsigned char protoc;
struct iphdr *ipp;
struct ipsec_sa *ipsp = NULL;
struct net_device_stats *stats = NULL; /* This device's statistics */
- struct device *ipsecdev = NULL, *prvdev;
+ struct net_device *ipsecdev = NULL, *prvdev;
struct ipsecpriv *prv;
char name[9];
int i;
@@ -1037,7 +1040,7 @@
name);
}
prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL;
- prvdev = prv ? (struct device *)(prv->dev) : NULL;
+ prvdev = prv ? (struct net_device *)(prv->dev) : NULL;
#if 0
KLIPS_PRINT(debug_rcv && prvdev,
diff -Naur openswan-2/linux/net/ipsec/ipsec_tunnel.c openswan-2.nate/linux/net/ipsec/ipsec_tunnel.c
--- openswan-2/linux/net/ipsec/ipsec_tunnel.c 2004-07-01 13:59:04.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/ipsec_tunnel.c 2004-07-01 14:01:34.000000000 -0500
@@ -32,12 +32,12 @@
#include <linux/errno.h> /* error codes */
#include <linux/types.h> /* size_t */
#include <linux/interrupt.h> /* mark_bh */
+#include <net/tcp.h>
+#include <net/udp.h>
#include <linux/netdevice.h> /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */
#include <linux/etherdevice.h> /* eth_type_trans */
#include <linux/ip.h> /* struct iphdr */
-#include <linux/tcp.h> /* struct tcphdr */
-#include <linux/udp.h> /* struct udphdr */
#include <linux/skbuff.h>
#include <openswan.h>
#ifdef NET_21
@@ -80,6 +80,11 @@
#include <linux/udp.h>
#endif
+#ifndef TRUE
+#define TRUE 1
+#define FALSE 0
+#endif
+
static __u32 zeroes[64];
#ifdef CONFIG_IPSEC_DEBUG
@@ -87,7 +92,7 @@
#endif /* CONFIG_IPSEC_DEBUG */
DEBUG_NO_STATIC int
-ipsec_tunnel_open(struct device *dev)
+ipsec_tunnel_open(struct net_device *dev)
{
struct ipsecpriv *prv = dev->priv;
@@ -98,7 +103,8 @@
KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
"klips_debug:ipsec_tunnel_open: "
"dev = %s, prv->dev = %s\n",
- dev->name, prv->dev?prv->dev->name:"NONE");
+ dev->name,
+ prv->dev?prv->dev->name:"NONE");
if (prv->dev == NULL)
return -ENODEV;
@@ -108,7 +114,7 @@
}
DEBUG_NO_STATIC int
-ipsec_tunnel_close(struct device *dev)
+ipsec_tunnel_close(struct net_device *dev)
{
MOD_DEC_USE_COUNT;
return 0;
@@ -179,6 +185,10 @@
enum ipsec_xmit_value
ipsec_tunnel_SAlookup(struct ipsec_xmit_state *ixs)
{
+ unsigned int bypass;
+
+ bypass = FALSE;
+
/*
* First things first -- look us up in the erouting tables.
*/
@@ -198,27 +208,102 @@
ixs->eroute = ipsec_findroute(&ixs->matcher);
- if(ixs->iph->protocol == IPPROTO_UDP) {
+ /* extract information for later */
+ if(ixs->iph->protocol == IPPROTO_UDP) {
+ struct udphdr *t = NULL;
+
+ KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ "klips_debug:udp port check: "
+ "fragoff: %d len: %d>%d \n",
+ ntohs(ixs->iph->frag_off) & IP_OFFSET,
+ (ixs->skb->len - ixs->hard_header_len),
+ (ixs->iph->ihl << 2) + sizeof(struct udphdr));
+
+ if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 &&
+ ((ixs->skb->len - ixs->hard_header_len) >=
+ ((ixs->iph->ihl << 2) + sizeof(struct udphdr))))
+ {
+ t =((struct udphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2)));
+ KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ "klips_debug:udp port in packet: "
+ "port %d -> %d\n",
+ ntohs(t->source), ntohs(t->dest));
+ }
+
+ ixs->sport=0; ixs->dport=0;
+
if(ixs->skb->sk) {
- ixs->sport=ntohs(ixs->skb->sk->sport);
- ixs->dport=ntohs(ixs->skb->sk->dport);
- } else if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 &&
- ((ixs->skb->len - ixs->hard_header_len) >=
- ((ixs->iph->ihl << 2) + sizeof(struct udphdr)))) {
- ixs->sport=ntohs(((struct udphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2)))->source);
- ixs->dport=ntohs(((struct udphdr*)((caddr_t)ixs->iph + (ixs->iph->ihl<<2)))->dest);
- } else {
- ixs->sport=0; ixs->dport=0;
+#ifdef NET_26
+ struct udp_sock *us;
+
+ us = (struct udp_sock *)ixs->skb->sk;
+
+ ixs->sport = ntohs(us->inet.sport);
+ ixs->dport = ntohs(us->inet.dport);
+#else
+ ixs->sport = ntohs(ixs->skb->sk->sport);
+ ixs->dport = ntohs(ixs->skb->sk->dport);
+#endif
+
+ }
+
+ if(t != NULL) {
+ if(ixs->sport == 0) {
+ ixs->sport = ntohs(t->source);
+ }
+ if(ixs->dport == 0) {
+ ixs->dport = ntohs(t->dest);
+ }
}
}
+
+ /*
+ * practically identical to above, but let's be careful about
+ * tcp vs udp headers
+ */
+ if(ixs->iph->protocol == IPPROTO_TCP) {
+ struct tcphdr *t = NULL;
+ if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 &&
+ ((ixs->skb->len - ixs->hard_header_len) >=
+ ((ixs->iph->ihl << 2) + sizeof(struct tcphdr)))) {
+ t =((struct tcphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2)));
+ }
+
+ ixs->sport=0; ixs->dport=0;
+
+ if(ixs->skb->sk) {
+#ifdef NET_26
+ struct tcp_tw_bucket *tw;
+
+ tw = (struct tcp_tw_bucket *)ixs->skb->sk;
+
+ ixs->sport = ntohs(tw->tw_sport);
+ ixs->dport = ntohs(tw->tw_dport);
+#else
+ ixs->sport = ntohs(ixs->skb->sk->sport);
+ ixs->dport = ntohs(ixs->skb->sk->dport);
+#endif
+ }
+
+ if(t != NULL) {
+ if(ixs->sport == 0) {
+ ixs->sport = ntohs(t->source);
+ }
+ if(ixs->dport == 0) {
+ ixs->dport = ntohs(t->dest);
+ }
+ }
+ }
+
/* default to a %drop eroute */
ixs->outgoing_said.proto = IPPROTO_INT;
ixs->outgoing_said.spi = htonl(SPI_DROP);
ixs->outgoing_said.dst.u.v4.sin_addr.s_addr = INADDR_ANY;
+
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
"klips_debug:ipsec_xmit_SAlookup: "
- "checking for local udp/500 IKE packet "
+ "checking for local udp/500 IKE packet or local DNS "
"saddr=%x, er=0p%p, daddr=%x, er_dst=%x, proto=%d sport=%d dport=%d\n",
ntohl((unsigned int)ixs->iph->saddr),
ixs->eroute,
@@ -229,33 +314,90 @@
ixs->dport);
/*
- * Quick cheat for now...are we udp/500? If so, let it through
+ * cheat for now...are we udp/500? If so, let it through
* without interference since it is most likely an IKE packet.
*/
if (ip_chk_addr((unsigned long)ixs->iph->saddr) == IS_MYADDR
- && (!ixs->eroute
+ && (ixs->eroute==NULL
|| ixs->iph->daddr == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr
|| INADDR_ANY == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr)
- && ((ixs->sport == 500) || (ixs->sport == 4500))) {
+ && ((ixs->iph->protocol == IPPROTO_UDP) && ((ixs->sport == 500) || (ixs->sport == 4500)))) {
/* Whatever the eroute, this is an IKE message
* from us (i.e. not being forwarded).
* Furthermore, if there is a tunnel eroute,
* the destination is the peer for this eroute.
* So %pass the packet: modify the default %drop.
*/
+
ixs->outgoing_said.spi = htonl(SPI_PASS);
if(!(ixs->skb->sk) && ((ntohs(ixs->iph->frag_off) & IP_MF) != 0)) {
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
"klips_debug:ipsec_xmit_SAlookup: "
"local UDP/500 (probably IKE) passthrough: base fragment, rest of fragments will probably get filtered.\n");
}
- } else if (ixs->eroute) {
+ bypass = TRUE;
+ }
+
+ /*
+ *
+ * if we are udp/53 or tcp/53, also let it through a %trap or %hold,
+ * since it is DNS, but *also* follow the %trap.
+ *
+ * we do not do this for tunnels, only %trap's and %hold's.
+ *
+ */
+
+ if (ip_chk_addr((unsigned long)ixs->iph->saddr) == IS_MYADDR
+ && (ixs->eroute==NULL
+ || ixs->iph->daddr == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr
+ || INADDR_ANY == ixs->eroute->er_said.dst.u.v4.sin_addr.s_addr)
+ && ((ixs->iph->protocol == IPPROTO_UDP
+ || ixs->iph->protocol == IPPROTO_TCP)
+ && ixs->dport == 53)) {
+
+ KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ "klips_debug:ipsec_xmit_SAlookup: "
+ "possible DNS packet\n");
+
+ if(ixs->eroute)
+ {
+ if(ixs->eroute->er_said.spi == htonl(SPI_TRAP)
+ || ixs->eroute->er_said.spi == htonl(SPI_HOLD))
+ {
+ ixs->outgoing_said.spi = htonl(SPI_PASSTRAP);
+ bypass = TRUE;
+ }
+ }
+ else
+ {
+ ixs->outgoing_said.spi = htonl(SPI_PASSTRAP);
+ bypass = TRUE;
+ }
+
+ KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ "klips_debug:ipsec_xmit_SAlookup: "
+ "bypass = %d\n", bypass);
+
+ if(bypass
+ && !(ixs->skb->sk)
+ && ((ntohs(ixs->iph->frag_off) & IP_MF) != 0))
+ {
+ KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
+ "klips_debug:ipsec_xmit_SAlookup: "
+ "local port 53 (probably DNS) passthrough:"
+ "base fragment, rest of fragments will "
+ "probably get filtered.\n");
+ }
+ }
+
+ if (bypass==FALSE && ixs->eroute) {
ixs->eroute->er_count++;
ixs->eroute->er_lasttime = jiffies/HZ;
if(ixs->eroute->er_said.proto==IPPROTO_INT
- && ixs->eroute->er_said.spi==htonl(SPI_HOLD)) {
+ && ixs->eroute->er_said.spi==htonl(SPI_HOLD))
+ {
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
"klips_debug:ipsec_xmit_SAlookup: "
"shunt SA of HOLD: skb stored in HOLD.\n");
@@ -270,6 +412,7 @@
}
ixs->outgoing_said = ixs->eroute->er_said;
ixs->eroute_pid = ixs->eroute->er_pid;
+
/* Copy of the ident for the TRAP/TRAPSUBNET eroutes */
if(ixs->outgoing_said.proto==IPPROTO_INT
&& (ixs->outgoing_said.spi==htonl(SPI_TRAP)
@@ -279,7 +422,8 @@
ixs->ips.ips_ident_s.type = ixs->eroute->er_ident_s.type;
ixs->ips.ips_ident_s.id = ixs->eroute->er_ident_s.id;
ixs->ips.ips_ident_s.len = ixs->eroute->er_ident_s.len;
- if (ixs->ips.ips_ident_s.len) {
+ if (ixs->ips.ips_ident_s.len)
+ {
len = ixs->ips.ips_ident_s.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
"klips_debug:ipsec_xmit_SAlookup: "
@@ -298,7 +442,8 @@
ixs->ips.ips_ident_d.type = ixs->eroute->er_ident_d.type;
ixs->ips.ips_ident_d.id = ixs->eroute->er_ident_d.id;
ixs->ips.ips_ident_d.len = ixs->eroute->er_ident_d.len;
- if (ixs->ips.ips_ident_d.len) {
+ if (ixs->ips.ips_ident_d.len)
+ {
len = ixs->ips.ips_ident_d.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
"klips_debug:ipsec_xmit_SAlookup: "
@@ -542,7 +687,8 @@
* and that skb is filled properly by that function.
*/
int
-ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev)
+ipsec_tunnel_start_xmit(struct sk_buff *skb
+ , struct net_device *dev)
{
struct ipsec_xmit_state ixs_mem;
struct ipsec_xmit_state *ixs = &ixs_mem;
@@ -642,7 +788,7 @@
}
DEBUG_NO_STATIC struct net_device_stats *
-ipsec_tunnel_get_stats(struct device *dev)
+ipsec_tunnel_get_stats(struct net_device *dev)
{
return &(((struct ipsecpriv *)(dev->priv))->mystats);
}
@@ -653,11 +799,11 @@
*/
DEBUG_NO_STATIC int
-ipsec_tunnel_hard_header(struct sk_buff *skb, struct device *dev,
+ipsec_tunnel_hard_header(struct sk_buff *skb, struct net_device *dev,
unsigned short type, void *daddr, void *saddr, unsigned len)
{
struct ipsecpriv *prv = dev->priv;
- struct device *tmp;
+ struct net_device *tmp;
int ret;
struct net_device_stats *stats; /* This device's statistics */
@@ -737,7 +883,7 @@
return -ENODEV;
}
-#define da ((struct device *)(prv->dev))->dev_addr
+#define da ((struct net_device *)(prv->dev))->dev_addr
KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
"klips_debug:ipsec_tunnel_hard_header: "
"Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ",
@@ -775,12 +921,12 @@
#ifdef NET_21
ipsec_tunnel_rebuild_header(struct sk_buff *skb)
#else /* NET_21 */
-ipsec_tunnel_rebuild_header(void *buff, struct device *dev,
+ipsec_tunnel_rebuild_header(void *buff, struct net_device *dev,
unsigned long raddr, struct sk_buff *skb)
#endif /* NET_21 */
{
struct ipsecpriv *prv = skb->dev->priv;
- struct device *tmp;
+ struct net_device *tmp;
int ret;
struct net_device_stats *stats; /* This device's statistics */
@@ -858,7 +1004,7 @@
}
DEBUG_NO_STATIC int
-ipsec_tunnel_set_mac_address(struct device *dev, void *addr)
+ipsec_tunnel_set_mac_address(struct net_device *dev, void *addr)
{
struct ipsecpriv *prv = dev->priv;
@@ -908,7 +1054,7 @@
#ifndef NET_21
DEBUG_NO_STATIC void
-ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct device *dev,
+ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct net_device *dev,
unsigned short htype, __u32 daddr)
{
struct ipsecpriv *prv = dev->priv;
@@ -960,7 +1106,7 @@
DEBUG_NO_STATIC void
-ipsec_tunnel_cache_update(struct hh_cache *hh, struct device *dev, unsigned char * haddr)
+ipsec_tunnel_cache_update(struct hh_cache *hh, struct net_device *dev, unsigned char * haddr)
{
struct ipsecpriv *prv = dev->priv;
@@ -1022,7 +1168,7 @@
}
DEBUG_NO_STATIC int
-ipsec_tunnel_neigh_setup_dev(struct device *dev, struct neigh_parms *p)
+ipsec_tunnel_neigh_setup_dev(struct net_device *dev, struct neigh_parms *p)
{
KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
"klips_debug:ipsec_tunnel_neigh_setup_dev: "
@@ -1043,7 +1189,7 @@
*/
DEBUG_NO_STATIC int
-ipsec_tunnel_attach(struct device *dev, struct device *physdev)
+ipsec_tunnel_attach(struct net_device *dev, struct net_device *physdev)
{
int i;
struct ipsecpriv *prv = dev->priv;
@@ -1136,7 +1282,7 @@
*/
DEBUG_NO_STATIC int
-ipsec_tunnel_detach(struct device *dev)
+ipsec_tunnel_detach(struct net_device *dev)
{
int i;
struct ipsecpriv *prv = dev->priv;
@@ -1162,7 +1308,6 @@
prv->dev ? prv->dev->name : "NULL",
dev->name);
- ipsec_dev_put(prv->dev);
prv->dev = NULL;
prv->hard_start_xmit = NULL;
prv->get_stats = NULL;
@@ -1223,7 +1368,7 @@
ipsec_tunnel_clear(void)
{
int i;
- struct device *ipsecdev = NULL, *prvdev;
+ struct net_device *ipsecdev = NULL, *prvdev;
struct ipsecpriv *prv;
char name[9];
int ret;
@@ -1232,10 +1377,10 @@
"klips_debug:ipsec_tunnel_clear: .\n");
for(i = 0; i < IPSEC_NUM_IF; i++) {
- ipsecdev = ipsecdevices[i];
- if(ipsecdev != NULL) {
+ sprintf(name, IPSEC_DEV_FORMAT, i);
+ if((ipsecdev = ipsec_dev_get(name)) != NULL) {
if((prv = (struct ipsecpriv *)(ipsecdev->priv))) {
- prvdev = (struct device *)(prv->dev);
+ prvdev = (struct net_device *)(prv->dev);
if(prvdev) {
KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
"klips_debug:ipsec_tunnel_clear: "
@@ -1256,11 +1401,11 @@
}
DEBUG_NO_STATIC int
-ipsec_tunnel_ioctl(struct device *dev, struct ifreq *ifr, int cmd)
+ipsec_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
{
struct ipsectunnelconf *cf = (struct ipsectunnelconf *)&ifr->ifr_data;
struct ipsecpriv *prv = dev->priv;
- struct device *them; /* physical device */
+ struct net_device *them; /* physical device */
#ifdef CONFIG_IP_ALIAS
char *colon;
char realphysname[IFNAMSIZ];
@@ -1300,7 +1445,6 @@
"klips_debug:ipsec_tunnel_ioctl: "
"physical device %s requested is null\n",
cf->cf_name);
- ipsec_dev_put(them);
return -ENXIO;
}
@@ -1310,7 +1454,6 @@
"klips_debug:ipsec_tunnel_ioctl: "
"physical device %s requested is not up.\n",
cf->cf_name);
- ipsec_dev_put(them);
return -ENXIO;
}
#endif
@@ -1320,7 +1463,6 @@
"klips_debug:ipsec_tunnel_ioctl: "
"virtual device is already connected to %s.\n",
prv->dev->name ? prv->dev->name : "NULL");
- ipsec_dev_put(them);
return -EBUSY;
}
return ipsec_tunnel_attach(dev, them);
@@ -1355,8 +1497,8 @@
int
ipsec_device_event(struct notifier_block *unused, unsigned long event, void *ptr)
{
- struct device *dev = ptr;
- struct device *ipsec_dev;
+ struct net_device *dev = ptr;
+ struct net_device *ipsec_dev;
struct ipsecpriv *priv;
int i;
@@ -1411,7 +1553,7 @@
priv = (struct ipsecpriv *)(ipsec_dev->priv);
if(priv) {
;
- if(((struct device *)(priv->dev)) == dev) {
+ if(((struct net_device *)(priv->dev)) == dev) {
/* dev_close(ipsec_dev); */
/* return */ ipsec_tunnel_detach(ipsec_dev);
KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
@@ -1498,7 +1640,7 @@
*/
int
-ipsec_tunnel_init(struct device *dev)
+ipsec_tunnel_init(struct net_device *dev)
{
int i;
@@ -1552,15 +1694,6 @@
/* New-style flags. */
dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */;
-#ifdef NET_21
- dev_init_buffers(dev);
-#else /* NET_21 */
- dev->family = AF_INET;
- dev->pa_addr = 0;
- dev->pa_brdaddr = 0;
- dev->pa_mask = 0;
- dev->pa_alen = 4;
-#endif /* NET_21 */
/* We're done. Have I forgotten anything? */
return 0;
@@ -1571,31 +1704,33 @@
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
int
-ipsec_tunnel_probe(struct device *dev)
+ipsec_tunnel_probe(struct net_device *dev)
{
ipsec_tunnel_init(dev);
return 0;
}
-struct device *ipsecdevices[IPSEC_NUM_IF];
+struct net_device *ipsecdevices[IPSEC_NUM_IF];
int
ipsec_tunnel_init_devices(void)
{
int i;
char name[IFNAMSIZ];
- struct device *dev_ipsec;
+ struct net_device *dev_ipsec;
KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
"klips_debug:ipsec_tunnel_init_devices: "
"creating and registering IPSEC_NUM_IF=%u devices, allocating %lu per device, IFNAMSIZ=%u.\n",
IPSEC_NUM_IF,
- (unsigned long) (sizeof(struct device) + IFNAMSIZ),
+ (unsigned long) (sizeof(struct net_device) + IFNAMSIZ),
IFNAMSIZ);
for(i = 0; i < IPSEC_NUM_IF; i++) {
sprintf(name, IPSEC_DEV_FORMAT, i);
- dev_ipsec = (struct device*)kmalloc(sizeof(struct device), GFP_KERNEL);
+
+ dev_ipsec = (struct net_device*)kmalloc(sizeof(struct net_device), GFP_KERNEL);
+
if (dev_ipsec == NULL) {
KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
"klips_debug:ipsec_tunnel_init_devices: "
@@ -1603,7 +1738,7 @@
name);
return -ENOMEM;
}
- memset((caddr_t)dev_ipsec, 0, sizeof(struct device));
+ memset((caddr_t)dev_ipsec, 0, sizeof(struct net_device));
#ifdef NETDEV_23
strncpy(dev_ipsec->name, name, sizeof(dev_ipsec->name));
#else /* NETDEV_23 */
@@ -1618,6 +1753,9 @@
memset((caddr_t)dev_ipsec->name, 0, IFNAMSIZ);
strncpy(dev_ipsec->name, name, IFNAMSIZ);
#endif /* NETDEV_23 */
+
+ SET_MODULE_OWNER(dev_ipsec);
+
dev_ipsec->next = NULL;
dev_ipsec->init = &ipsec_tunnel_probe;
KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
@@ -1652,7 +1790,7 @@
int error = 0;
int i;
char name[32];
- struct device *dev_ipsec;
+ struct net_device *dev_ipsec;
for(i = 0; i < IPSEC_NUM_IF; i++) {
dev_ipsec = ipsecdevices[i];
diff -Naur openswan-2/linux/net/ipsec/pfkey_v2.c openswan-2.nate/linux/net/ipsec/pfkey_v2.c
--- openswan-2/linux/net/ipsec/pfkey_v2.c 2004-07-01 13:59:04.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/pfkey_v2.c 2004-07-01 14:01:34.000000000 -0500
@@ -87,7 +87,19 @@
#endif /* SOCKOPS_WRAPPED */
extern struct proto_ops pfkey_ops;
+
+#ifdef NET_26
+HLIST_HEAD(pfkey_sock_list);
+static DECLARE_WAIT_QUEUE_HEAD(pfkey_sock_wait);
+static rwlock_t pfkey_sock_lock = RW_LOCK_UNLOCKED;
+static atomic_t pfkey_sock_users = ATOMIC_INIT(0);
+#else
+extern struct proto_ops pfkey_ops;
struct sock *pfkey_sock_list = NULL;
+#endif
+
+#include "openswan/ipsec_kern24.h"
+
struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
struct socket_list *pfkey_open_sockets = NULL;
@@ -95,6 +107,51 @@
int pfkey_msg_interp(struct sock *, struct sadb_msg *, struct sadb_msg **);
+#ifdef NET_26
+static void pfkey_sock_list_grab(void)
+{
+ write_lock_bh(&pfkey_sock_lock);
+
+ if (atomic_read(&pfkey_sock_users)) {
+ DECLARE_WAITQUEUE(wait, current);
+
+ add_wait_queue_exclusive(&pfkey_sock_wait, &wait);
+ for(;;) {
+ set_current_state(TASK_UNINTERRUPTIBLE);
+ if (atomic_read(&pfkey_sock_users) == 0)
+ break;
+ write_unlock_bh(&pfkey_sock_lock);
+ schedule();
+ write_lock_bh(&pfkey_sock_lock);
+ }
+
+ __set_current_state(TASK_RUNNING);
+ remove_wait_queue(&pfkey_sock_wait, &wait);
+ }
+}
+
+static __inline__ void pfkey_sock_list_ungrab(void)
+{
+ write_unlock_bh(&pfkey_sock_lock);
+ wake_up(&pfkey_sock_wait);
+}
+
+static __inline__ void pfkey_lock_sock_list(void)
+{
+ /* read_lock() synchronizes us to pfkey_table_grab */
+
+ read_lock(&pfkey_sock_lock);
+ atomic_inc(&pfkey_sock_users);
+ read_unlock(&pfkey_sock_lock);
+}
+
+static __inline__ void pfkey_unlock_sock_list(void)
+{
+ if (atomic_dec_and_test(&pfkey_sock_users))
+ wake_up(&pfkey_sock_wait);
+}
+#endif
+
int
pfkey_list_remove_socket(struct socket *socketp, struct socket_list **sockets)
{
@@ -315,10 +372,16 @@
"klips_debug:pfkey_insert_socket: "
"sk=0p%p\n",
sk);
+#ifdef NET_26
+ pfkey_sock_list_grab();
+ sk_add_node(sk, &pfkey_sock_list);
+ pfkey_sock_list_ungrab();
+#else
cli();
sk->next=pfkey_sock_list;
pfkey_sock_list=sk;
sti();
+#endif
}
DEBUG_NO_STATIC void
@@ -328,6 +391,11 @@
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_remove_socket: .\n");
+#ifdef NET_26
+ pfkey_sock_list_grab();
+ sk_del_node_init(sk);
+ pfkey_sock_list_ungrab();
+#else
cli();
s=&pfkey_sock_list;
@@ -344,6 +412,8 @@
s=&((*s)->next);
}
sti();
+#endif
+
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_remove_socket: "
"not found.\n");
@@ -366,10 +436,11 @@
"klips_debug:pfkey_destroy_socket: "
"sk(0p%p)->(&0p%p)receive_queue.{next=0p%p,prev=0p%p}.\n",
sk,
- &(sk->receive_queue),
- sk->receive_queue.next,
- sk->receive_queue.prev);
- while(sk && ((skb=skb_dequeue(&(sk->receive_queue)))!=NULL)) {
+ &(sk->sk_receive_queue),
+ sk->sk_receive_queue.next,
+ sk->sk_receive_queue.prev);
+
+ while(sk && ((skb=skb_dequeue(&(sk->sk_receive_queue)))!=NULL)) {
#ifdef NET_21
#ifdef CONFIG_IPSEC_DEBUG
if(debug_pfkey && sysctl_ipsec_debug_verbose) {
@@ -441,7 +512,11 @@
ipsec_kfree_skb(skb);
}
+#ifdef NET_26
+ sock_set_flag(sk, SOCK_DEAD);
+#else
sk->dead = 1;
+#endif
sk_free(sk);
KLIPS_PRINT(debug_pfkey,
@@ -571,12 +646,20 @@
#ifdef NET_21
sock->state = SS_UNCONNECTED;
#endif /* NET_21 */
+
MOD_INC_USE_COUNT;
+
#ifdef NET_21
- if((sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1)) == NULL)
+#ifdef NET_26
+ sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1, NULL);
+#else
+ sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1);
+#endif
#else /* NET_21 */
- if((sk=(struct sock *)sk_alloc(GFP_KERNEL)) == NULL)
+ sk=(struct sock *)sk_alloc(GFP_KERNEL);
#endif /* NET_21 */
+
+ if(sk == NULL)
{
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_create: "
@@ -592,39 +675,42 @@
#ifdef NET_21
sock_init_data(sock, sk);
- sk->destruct = NULL;
- sk->reuse = 1;
+ sk->sk_destruct = NULL;
+ sk->sk_reuse = 1;
sock->ops = &pfkey_ops;
- sk->zapped=0;
- sk->family = PF_KEY;
+ sk->sk_zapped=0;
+ sk->sk_family = PF_KEY;
/* sk->num = protocol; */
- sk->protocol = protocol;
+ sk->sk_protocol = protocol;
key_pid(sk) = current->pid;
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_create: "
"sock->fasync_list=0p%p sk->sleep=0p%p.\n",
sock->fasync_list,
- sk->sleep);
+ sk->sk_sleep);
#else /* NET_21 */
sk->type=sock->type;
init_timer(&sk->timer);
- skb_queue_head_init(&sk->write_queue);
- skb_queue_head_init(&sk->receive_queue);
+ skb_queue_head_init(&sk->sk_write_queue);
+ skb_queue_head_init(&sk->sk_receive_queue);
skb_queue_head_init(&sk->back_log);
- sk->rcvbuf=SK_RMEM_MAX;
- sk->sndbuf=SK_WMEM_MAX;
- sk->allocation=GFP_KERNEL;
- sk->state=TCP_CLOSE;
- sk->priority=SOPRI_NORMAL;
- sk->state_change=pfkey_state_change;
- sk->data_ready=pfkey_data_ready;
- sk->write_space=pfkey_write_space;
- sk->error_report=pfkey_state_change;
+ sk->sk_rcvbuf=SK_RMEM_MAX;
+ sk->sk_sndbuf=SK_WMEM_MAX;
+ sk->sk_allocation=GFP_KERNEL;
+ sk->sk_state=TCP_CLOSE;
+ sk->sk_priority=SOPRI_NORMAL;
+ sk->sk_state_change=pfkey_state_change;
+ sk->sk_data_ready=pfkey_data_ready;
+ sk->sk_write_space=pfkey_write_space;
+ sk->sk_error_report=pfkey_state_change;
+#ifndef NET_26
sk->mtu=4096;
sk->socket=sock;
+#endif
+
sock->data=(void *)sk;
- sk->sleep=sock->wait;
+ sk->sk_sleep=sock->wait;
#endif /* NET_21 */
pfkey_insert_socket(sk);
@@ -713,10 +799,10 @@
"sock=0p%p sk=0p%p\n", sock, sk);
#ifdef NET_21
- if(!sk->dead)
+ if(sock_flag(sk, SOCK_DEAD))
#endif /* NET_21 */
- if(sk->state_change) {
- sk->state_change(sk);
+ if(sk->sk_state_change) {
+ sk->sk_state_change(sk);
}
#ifdef NET_21
@@ -859,13 +945,13 @@
mode++;
if(mode&SEND_SHUTDOWN) {
- sk->shutdown|=SEND_SHUTDOWN;
- sk->state_change(sk);
+ sk->sk_shutdown|=SEND_SHUTDOWN;
+ sk->sk_state_change(sk);
}
if(mode&RCV_SHUTDOWN) {
- sk->shutdown|=RCV_SHUTDOWN;
- sk->state_change(sk);
+ sk->sk_shutdown|=RCV_SHUTDOWN;
+ sk->sk_state_change(sk);
}
return 0;
}
@@ -957,7 +1043,11 @@
DEBUG_NO_STATIC int
#ifdef NET_21
+#ifdef NET_26
+pfkey_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, int len)
+#else
pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
+#endif
#else /* NET_21 */
pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, int nonblock, int flags)
#endif /* NET_21 */
@@ -995,7 +1085,7 @@
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sendmsg: .\n");
- if(sk->err) {
+ if(sk->sk_err) {
error = sock_error(sk);
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sendmsg: "
@@ -1023,7 +1113,7 @@
SENDERR(EINVAL);
}
- if(sk->shutdown & SEND_SHUTDOWN) {
+ if(sk->sk_shutdown & SEND_SHUTDOWN) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sendmsg: "
"shutdown.\n");
@@ -1165,7 +1255,18 @@
DEBUG_NO_STATIC int
#ifdef NET_21
-pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags, struct scm_cookie *scm)
+#ifdef NET_26
+pfkey_recvmsg(struct kiocb *kiocb
+ , struct socket *sock
+ , struct msghdr *msg
+ , size_t size
+ , int flags)
+#else
+pfkey_recvmsg(struct socket *sock
+ , struct msghdr *msg
+ , int size, int flags
+ , struct scm_cookie *scm)
+#endif
#else /* NET_21 */
pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int noblock, int flags, int *addr_len)
#endif /* NET_21 */
@@ -1224,10 +1325,10 @@
}
#endif /* NET_21 */
- if(sk->err) {
+ if(sk->sk_err) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_sendmsg: "
- "sk->err=%d.\n", sk->err);
+ "sk->sk_err=%d.\n", sk->sk_err);
return sock_error(sk);
}
@@ -1245,7 +1346,7 @@
#endif /* NET_21 */
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
- sk->stamp=skb->stamp;
+ sk->sk_stamp=skb->stamp;
skb_free_datagram(sk, skb);
return size;
@@ -1336,9 +1437,12 @@
)
{
const int max_content = length > 0? length-1 : 0;
+#ifdef NET_26
+ struct hlist_node *node;
+#endif
off_t begin=0;
int len=0;
- struct sock *sk=pfkey_sock_list;
+ struct sock *sk;
#ifdef CONFIG_IPSEC_DEBUG
if(!sysctl_ipsec_debug_verbose) {
@@ -1352,46 +1456,41 @@
}
#endif /* CONFIG_IPSEC_DEBUG */
- while(sk!=NULL) {
+ sk_for_each(sk, node, &pfkey_sock_list) {
+
#ifdef CONFIG_IPSEC_DEBUG
if(!sysctl_ipsec_debug_verbose) {
#endif /* CONFIG_IPSEC_DEBUG */
len += ipsec_snprintf(buffer+len, length-len,
- "%8p %5d %8p %8p %8p %d %d %d %5d %08lX %8X %2X\n",
+ "%8p %5d %8p %d %d %5d %08lX %8X %2X\n",
sk,
key_pid(sk),
- sk->socket,
- sk->next,
- sk->prev,
- sk->err,
- sk->num,
- sk->protocol,
- sk->sndbuf,
- sk->socket->flags,
- sk->socket->type,
- sk->socket->state);
+ sk->sk_socket,
+ sk->sk_err,
+ sk->sk_protocol,
+ sk->sk_sndbuf,
+ sk->sk_socket->flags,
+ sk->sk_socket->type,
+ sk->sk_socket->state);
#ifdef CONFIG_IPSEC_DEBUG
} else {
len += ipsec_snprintf(buffer+len, length-len,
- "%8p %5d %d %8p %8p %8p %8p %d %d %d %d %d %5d %d.%06d %08lX %8X %2X\n",
+ "%8p %5d %d %8p %8p %d %d %d %d %5d %d.%06d %08lX %8X %2X\n",
sk,
key_pid(sk),
- sk->dead,
- sk->sleep,
- sk->socket,
- sk->next,
- sk->prev,
- sk->err,
- sk->reuse,
- sk->zapped,
- sk->num,
- sk->protocol,
- sk->sndbuf,
- (unsigned int)sk->stamp.tv_sec,
- (unsigned int)sk->stamp.tv_usec,
- sk->socket->flags,
- sk->socket->type,
- sk->socket->state);
+ sock_flag(sk, SOCK_DEAD),
+ sk->sk_sleep,
+ sk->sk_socket,
+ sk->sk_err,
+ sk->sk_reuse,
+ sk->sk_zapped,
+ sk->sk_protocol,
+ sk->sk_sndbuf,
+ (unsigned int)sk->sk_stamp.tv_sec,
+ (unsigned int)sk->sk_stamp.tv_usec,
+ sk->sk_socket->flags,
+ sk->sk_socket->type,
+ sk->sk_socket->state);
}
#endif /* CONFIG_IPSEC_DEBUG */
@@ -1411,7 +1510,7 @@
begin = pos;
}
}
- sk=sk->next;
+ //sk=sk->next;
}
diff -Naur openswan-2/linux/net/ipsec/pfkey_v2_parser.c openswan-2.nate/linux/net/ipsec/pfkey_v2_parser.c
--- openswan-2/linux/net/ipsec/pfkey_v2_parser.c 2004-07-01 13:59:04.000000000 -0500
+++ openswan-2.nate/linux/net/ipsec/pfkey_v2_parser.c 2004-07-01 14:01:34.000000000 -0500
@@ -85,7 +85,7 @@
#include "openswan/ipsec_proto.h"
#include "openswan/ipsec_alg.h"
-
+#include "openswan/ipsec_kern24.h"
#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
@@ -1710,7 +1710,7 @@
SENDERR(-error);
}
- if((error = pfkey_upmsg(sk->socket, pfkey_reply))) {
+ if((error = pfkey_upmsg(sk->sk_socket, pfkey_reply))) {
KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: "
"failed to send the get reply message\n");
SENDERR(-error);
@@ -1798,7 +1798,7 @@
SENDERR(EINVAL);
}
- if(!pfkey_list_insert_socket(sk->socket,
+ if(!pfkey_list_insert_socket(sk->sk_socket,
&(pfkey_registered_sockets[satype]))) {
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_register_parse: "
-------------- next part --------------
# Makefile for KLIPS kernel code as a module for 2.6 kernels
#
# Makefile for KLIPS kernel code as a module
# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs.
# Copyright (C) 2002-2004 Michael Richardson <mcr at freeswan.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: Makefile.fs2_6,v 1.3 2004/02/24 17:17:04 mcr Exp $
#
# Note! Dependencies are done automagically by 'make dep', which also
# removes any old dependencies. DON'T put your own dependencies here
# unless it's something special (ie not a .c file).
#
FREESWANSRCDIR=.
KLIPS_TOP=.
-include ${FREESWANSRCDIR}/Makefile.ver
include $(SUBDIRS)/defconfig
ifndef TOPDIR
TOPDIR:=/lib/modules/`uname -r`/build
endif
export TOPDIR
LIBFREESWANDIR=../../../linux/lib/libfreeswan
LIBDESDIR=../../crypto/ciphers/des
LIBZLIBDIR=../../lib/zlib
# Might need this too someday
# LIBOPENSWANDIR=../../../lib/libopenswan
LIBAESDIR=../../crypto/ciphers/aes
KERNEL_INCLUDES= $(TOPDIR)/include
INCLUDES = -I$(KERNEL_INCLUDES) -I$(SUBDIRS)/../../include
VERSION = $(shell grep UTS_RELEASE $(KERNEL_INCLUDES)/linux/version.h | cut -d '"' -f2)
MDIR = /lib/modules/$(VERSION)/kernel/net/ipv4/
# brought in from defconfig now.
# always force it on
#CONFIG_IPSEC:=m
#CONFIG_IPSEC_ESP:=y
#CONFIG_IPSEC_AH:=y
#CONFIG_IPSEC_IPIP:=y
#CONFIG_IPSEC_ALG:=y
#CONFIG_IPSEC_ENC_CRYPTOAPI:=y
#CONFIG_IPSEC_ENC_3DES:=y
obj-$(CONFIG_IPSEC) := ipsec.o
ipsec-objs-y :=
ipsec-objs-m :=
ipsec-objs-$(CONFIG_IPSEC) += ipsec_init.o ipsec_sa.o ipsec_radij.o radij.o
ipsec-objs-$(CONFIG_IPSEC) += ipsec_life.o ipsec_proc.o
ipsec-objs-$(CONFIG_IPSEC) += ipsec_tunnel.o ipsec_xmit.o ipsec_rcv.o ipsec_ipip.o
ipsec-objs-$(CONFIG_IPSEC) += sysctl_net_ipsec.o
ipsec-objs-$(CONFIG_IPSEC) += pfkey_v2.o pfkey_v2_parser.o pfkey_v2_ext_process.o
ipsec-objs-$(CONFIG_IPSEC) += version.o
ipsec-objs-$(CONFIG_IPSEC_AH) += ipsec_ah.o
ipsec-objs-$(CONFIG_IPSEC_ESP) += ipsec_esp.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += ipsec_ipcomp.o
ipsec-objs-$(CONFIG_IPSEC_ALG) += ipsec_alg.o
ipsec-objs-$(CONFIG_IPSEC_ENC_AES) += ipsec_alg_aes.o
ipsec-objs-$(CONFIG_IPSEC_ENC_CRYPTOAPI) += ipsec_alg_cryptoapi.o
ipsec-objs-$(CONFIG_IPSEC_AUTH_HMAC_MD5) += ipsec_md5c.o
ipsec-objs-$(CONFIG_IPSEC_AUTH_HMAC_SHA1) += ipsec_sha1.o
ipsec-objs-$(CONFIG_IPSEC_ENC_3DES) += $(LIBDESDIR)/cbc_enc.o
ipsec-objs-$(CONFIG_IPSEC_ENC_3DES) += $(LIBDESDIR)/ecb_enc.o
ipsec-objs-$(CONFIG_IPSEC_ENC_3DES) += $(LIBDESDIR)/set_key.o
ifeq (${SUBARCH},i386)
ipsec-objs-$(CONFIG_IPSEC_ENC_3DES) += $(LIBDESDIR)/dx86unix.o
else
ipsec-objs-$(CONFIG_IPSEC_ENC_3DES) += $(LIBDESDIR)/des_enc.o
endif
ipsec-objs-$(CONFIG_IPSEC) += $(LIBFREESWANDIR)/satot.o $(LIBFREESWANDIR)/addrtot.o $(LIBFREESWANDIR)/ultot.o $(LIBFREESWANDIR)/addrtypeof.o $(LIBFREESWANDIR)/anyaddr.o
ipsec-objs-$(CONFIG_IPSEC) += $(LIBFREESWANDIR)/initaddr.o $(LIBFREESWANDIR)/ultoa.o $(LIBFREESWANDIR)/addrtoa.o $(LIBFREESWANDIR)/subnettoa.o $(LIBFREESWANDIR)/subnetof.o
ipsec-objs-$(CONFIG_IPSEC) += $(LIBFREESWANDIR)/goodmask.o $(LIBFREESWANDIR)/datatot.o $(LIBFREESWANDIR)/rangetoa.o $(LIBFREESWANDIR)/prng.o $(LIBFREESWANDIR)/pfkey_v2_parse.o
ipsec-objs-$(CONFIG_IPSEC) += $(LIBFREESWANDIR)/pfkey_v2_build.o $(LIBFREESWANDIR)/pfkey_v2_debug.o $(LIBFREESWANDIR)/pfkey_v2_ext_bits.o
# IPcomp stuff
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += ipcomp.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/adler32.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/deflate.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/infblock.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/infcodes.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/inffast.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/inflate.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/inftrees.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/infutil.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/trees.o
ipsec-objs-$(CONFIG_IPSEC_IPCOMP) += $(LIBZLIBDIR)/zutil.o
ipsec-objs := $(ipsec-objs-y) $(ipsec-objs-m)
macros-y :=
macros-m :=
macros-$(CONFIG_IPSEC) += -DCONFIG_IPSEC
macros-$(CONFIG_IPSEC_ESP) += -DCONFIG_IPSEC_ESP
macros-$(CONFIG_IPSEC_AH) += -DCONFIG_IPSEC_AH
macros-$(CONFIG_IPSEC_ALG) += -DCONFIG_IPSEC_ALG
macros-$(CONFIG_IPSEC_DEBUG) += -DCONFIG_IPSEC_DEBUG
macros-$(CONFIG_IPSEC_IPIP) += -DCONFIG_IPSEC_IPIP
macros-$(CONFIG_IPSEC_AUTH_HMAC_MD5) += -DCONFIG_IPSEC_AUTH_HMAC_MD5
macros-$(CONFIG_IPSEC_AUTH_HMAC_SHA1) += -DCONFIG_IPSEC_AUTH_HMAC_SHA1
macros-$(CONFIG_IPSEC_ENC_3DES) += -DCONFIG_IPSEC_ENC_3DES
macros-$(CONFIG_IPSEC_ENC_CRYPTOAPI) += -DCONFIG_IPSEC_ENC_CRYPTOAPI
macros-$(CONFIG_IPSEC_ENC_3DES) += -DCONFIG_IPSEC_ENC_3DES
macros-$(CONFIG_IPSEC_IPCOMP) += -DCONFIG_IPSEC_IPCOMP -DIPCOMP_PREFIX
macros-$(CONFIG_IPSEC_NAT_TRAVERSAL) += -DCONFIG_IPSEC_NAT_TRAVERSAL
EXTRA_CFLAGS += $(INCLUDES) \
$(macros-y) $(macros-m)
#
# $Log: Makefile.fs2_6,v $
# Revision 1.3 2004/02/24 17:17:04 mcr
# s/CONFIG_IPSEC/CONFIG_IPSEC/ as 26sec uses "CONFIG_IPSEC" to
# turn it on/off as well.
#
# Revision 1.2 2004/02/22 06:50:42 mcr
# kernel 2.6 port - merged with 2.4 code.
#
# Revision 1.1.2.1 2004/02/20 02:07:53 mcr
# module configuration for KLIPS 2.6
#
#
# Local Variables:
# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
# End Variables:
#
-------------- next part --------------
#
# RCSID $Id: defconfig,v 1.24 2004/04/06 02:49:25 mcr Exp $
#
#
# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
#
#
# First, lets override stuff already set or not in the kernel config.
#
# We can't even think about leaving this off...
CONFIG_INET=y
#
# This must be on for subnet protection.
CONFIG_IP_FORWARD=y
# Shut off IPSEC masquerading if it has been enabled, since it will
# break the compile. IPPROTO_ESP and IPPROTO_AH were included in
# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
CONFIG_IP_MASQUERADE_IPSEC=n
#
# Next, lets set the recommended FreeS/WAN configuration.
#
# To config as static (preferred), 'y'. To config as module, 'm'.
CONFIG_IPSEC=m
# To do tunnel mode IPSec, this must be enabled.
CONFIG_IPSEC_IPIP=y
# To enable authentication, say 'y'. (Highly recommended)
CONFIG_IPSEC_AH=y
# Authentication algorithm(s):
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y
# To enable encryption, say 'y'. (Highly recommended)
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_AH=y
# Encryption algorithm(s):
CONFIG_IPSEC_ENC_3DES=y
CONFIG_IPSEC_ENC_CRYPTOAPI=y
#CONFIG_IPSEC_ENC_AES=y
# modular algo extensions (and new ALGOs)
CONFIG_IPSEC_ALG=y
CONFIG_IPSEC_ALG_3DES=m
CONFIG_IPSEC_ENC_3DES=y
CONFIG_IPSEC_ALG_AES=m
#CONFIG_IPSEC_ENC_AES=y
CONFIG_IPSEC_ALG_TWOFISH=m
CONFIG_IPSEC_ALG_BLOWFISH=m
CONFIG_IPSEC_ALG_SERPENT=m
CONFIG_IPSEC_ALG_MD5=m
CONFIG_IPSEC_ALG_SHA1=m
CONFIG_IPSEC_ALG_SHA2=m
#CONFIG_IPSEC_ALG_CAST=n
#CONFIG_IPSEC_ALG_NULL=n
# Use CryptoAPI for ALG?
CONFIG_IPSEC_ALG_CRYPTOAPI=m
# IP Compression: new, probably still has minor bugs.
CONFIG_IPSEC_IPCOMP=y
# To enable userspace-switchable KLIPS debugging, say 'y'.
CONFIG_IPSEC_DEBUG=y
# NAT Traversal
CONFIG_IPSEC_NAT_TRAVERSAL=n
#
#
# $Log: defconfig,v $
# Revision 1.24 2004/04/06 02:49:25 mcr
# pullup of algo code from alg-branch.
#
# Revision 1.23.2.2 2004/04/05 04:30:46 mcr
# patches for alg-branch to compile/work with 2.x openswan
#
# Revision 1.23.2.1 2003/12/22 15:25:52 jjo
# . Merged algo-0.8.1-rc11-test1 into alg-branch
#
# Revision 1.23 2003/12/10 01:14:27 mcr
# NAT-traversal patches to KLIPS.
#
# Revision 1.22 2003/02/24 19:37:27 mcr
# changed default compilation mode to static.
#
# Revision 1.21 2002/04/24 07:36:27 mcr
# Moved from ./klips/net/ipsec/defconfig,v
#
# Revision 1.20 2002/04/02 04:07:40 mcr
# default build is now 'm'odule for KLIPS
#
# Revision 1.19 2002/03/08 18:57:17 rgb
# Added a blank line at the beginning of the file to make it easier for
# other projects to patch ./arch/i386/defconfig, for example
# LIDS+grSecurity requested by Jason Pattie.
#
# Revision 1.18 2000/11/30 17:26:56 rgb
# Cleaned out unused options and enabled ipcomp by default.
#
# Revision 1.17 2000/09/15 11:37:01 rgb
# Merge in heavily modified Svenning Soerensen's <svenning at post5.tele.dk>
# IPCOMP zlib deflate code.
#
# Revision 1.16 2000/09/08 19:12:55 rgb
# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
#
# Revision 1.15 2000/05/24 19:37:13 rgb
# *** empty log message ***
#
# Revision 1.14 2000/05/11 21:14:57 henry
# just commenting the FOOBAR=y lines out is not enough
#
# Revision 1.13 2000/05/10 20:17:58 rgb
# Comment out netlink defaults, which are no longer needed.
#
# Revision 1.12 2000/05/10 19:13:38 rgb
# Added configure option to shut off no eroute passthrough.
#
# Revision 1.11 2000/03/16 07:09:46 rgb
# Hardcode PF_KEYv2 support.
# Disable IPSEC_ICMP by default.
# Remove DES config option from defaults file.
#
# Revision 1.10 2000/01/11 03:09:42 rgb
# Added a default of 'y' to PF_KEYv2 keying I/F.
#
# Revision 1.9 1999/05/08 21:23:12 rgb
# Added support for 2.2.x kernels.
#
# Revision 1.8 1999/04/06 04:54:25 rgb
# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
# patch shell fixes.
#
#
More information about the Dev
mailing list