1 diff -druN linux-noipsec/Documentation/Configure.help linux/Documentation/Configure.help
2 --- linux-noipsec/Documentation/Configure.help Fri Dec 15 15:17:02 2000
3 +++ linux/Documentation/Configure.help Fri Dec 15 15:18:21 2000
5 This is a backward compatibility option, choose Y for now.
6 This option will be removed soon.
8 +IP Security Protocol (IPSEC) (EXPERIMENTAL)
10 + This unit is experimental code.
11 + Pick 'y' for static linking, 'm' for module support or 'n' for none.
12 + This option adds support for network layer packet encryption and/or
13 + authentication with participating hosts. The standards start with:
14 + RFCs 2411, 2407 and 2401. Others are mentioned where they refer to
15 + specific features below. There are more pending which can be found
16 + at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-*.
17 + A description of each document can also be found at:
18 + http://ietf.org/ids.by.wg/ipsec.html.
19 + Their charter can be found at:
20 + http://www.ietf.org/html.charters/ipsec-charter.html
21 + Snapshots and releases of the current work can be found at:
22 + http://www.freeswan.org/
24 +IPSEC: IP-in-IP encapsulation
26 + This option provides support for tunnel mode IPSEC. It is recommended
29 +IPSEC: Authentication Header
31 + This option provides support for the IPSEC Authentication Header
32 + (IP protocol 51) which provides packet layer sender and content
33 + authentication. It is recommended to enable this. RFC2402
36 +CONFIG_IPSEC_AUTH_HMAC_MD5
37 + Provides support for authentication using the HMAC MD5
38 + algorithm with 96 bits of hash used as the authenticator. RFC2403
41 +CONFIG_IPSEC_AUTH_HMAC_SHA1
42 + Provides support for Authentication Header using the HMAC SHA1
43 + algorithm with 96 bits of hash used as the authenticator. RFC2404
45 +IPSEC: Encapsulating Security Payload
47 + This option provides support for the IPSEC Encapsulation Security
48 + Payload (IP protocol 50) which provides packet layer content
49 + hiding. It is recommended to enable this. RFC2406
52 +CONFIG_IPSEC_ENC_3DES
53 + Provides support for Encapsulation Security Payload protocol, using
54 + the triple DES encryption algorithm. RFC2451
56 +IPSEC Debugging Option
58 + Enables IPSEC kernel debugging. It is further controlled by the
59 + user space utility 'klipsdebug'.
63 If you want to use a SCSI hard disk, SCSI tape drive, SCSI CDROM or
64 diff -druN linux-noipsec/arch/i386/defconfig linux/arch/i386/defconfig
65 --- linux-noipsec/arch/i386/defconfig Fri Dec 15 15:16:54 2000
66 +++ linux/arch/i386/defconfig Fri Dec 15 15:18:22 2000
70 # CONFIG_MAGIC_SYSRQ is not set
76 +# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
80 +# First, lets override stuff already set or not in the kernel config.
82 +# We can't even think about leaving this off...
86 +# This must be on for subnet protection.
89 +# Shut off IPSEC masquerading if it has been enabled, since it will
90 +# break the compile. IPPROTO_ESP and IPPROTO_AH were included in
91 +# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
92 +CONFIG_IP_MASQUERADE_IPSEC=n
95 +# Next, lets set the recommended FreeS/WAN configuration.
98 +# To config as static (preferred), 'y'. To config as module, 'm'.
101 +# To do tunnel mode IPSec, this must be enabled.
104 +# To enable authentication, say 'y'. (Highly recommended)
107 +# Authentication algorithm(s):
108 +CONFIG_IPSEC_AUTH_HMAC_MD5=y
109 +CONFIG_IPSEC_AUTH_HMAC_SHA1=y
111 +# To enable encryption, say 'y'. (Highly recommended)
114 +# Encryption algorithm(s):
115 +CONFIG_IPSEC_ENC_3DES=y
117 +# IP Compression: new, probably still has minor bugs.
118 +CONFIG_IPSEC_IPCOMP=y
120 +# To enable userspace-switchable KLIPS debugging, say 'y'.
121 +CONFIG_IPSEC_DEBUG=y
126 +# Revision 1.18 2000/11/30 17:26:56 rgb
127 +# Cleaned out unused options and enabled ipcomp by default.
129 +# Revision 1.17 2000/09/15 11:37:01 rgb
130 +# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
131 +# IPCOMP zlib deflate code.
133 +# Revision 1.16 2000/09/08 19:12:55 rgb
134 +# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
136 +# Revision 1.15 2000/05/24 19:37:13 rgb
137 +# *** empty log message ***
139 +# Revision 1.14 2000/05/11 21:14:57 henry
140 +# just commenting the FOOBAR=y lines out is not enough
142 +# Revision 1.13 2000/05/10 20:17:58 rgb
143 +# Comment out netlink defaults, which are no longer needed.
145 +# Revision 1.12 2000/05/10 19:13:38 rgb
146 +# Added configure option to shut off no eroute passthrough.
148 +# Revision 1.11 2000/03/16 07:09:46 rgb
149 +# Hardcode PF_KEYv2 support.
150 +# Disable IPSEC_ICMP by default.
151 +# Remove DES config option from defaults file.
153 +# Revision 1.10 2000/01/11 03:09:42 rgb
154 +# Added a default of 'y' to PF_KEYv2 keying I/F.
156 +# Revision 1.9 1999/05/08 21:23:12 rgb
157 +# Added support for 2.2.x kernels.
159 +# Revision 1.8 1999/04/06 04:54:25 rgb
160 +# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
161 +# patch shell fixes.
164 --- linux-noipsec/net/Config.in Fri Dec 15 15:15:48 2000
165 +++ linux/net/Config.in Fri Dec 15 15:18:21 2000
170 +tristate 'IP Security Protocol (FreeS/WAN IPSEC)' CONFIG_IPSEC
171 +if [ "$CONFIG_IPSEC" != "n" ]; then
172 + source net/ipsec/Config.in
175 diff -druN linux-noipsec/net/Makefile linux/net/Makefile
176 --- linux-noipsec/net/Makefile Fri Dec 15 15:15:46 2000
177 +++ linux/net/Makefile Fri Dec 15 15:18:21 2000
182 +ifeq ($(CONFIG_IPSEC),y)
183 +ALL_SUB_DIRS += ipsec
186 + ifeq ($(CONFIG_IPSEC),m)
187 + ALL_SUB_DIRS += ipsec
188 + MOD_SUB_DIRS += ipsec
192 # We must attach netsyms.o to socket.o, as otherwise there is nothing
193 # to pull the object file from the archive.
195 diff -druN linux-noipsec/net/ipsec/Config.in linux/net/ipsec/Config.in
196 --- linux-noipsec/net/ipsec/Config.in Thu Jan 1 01:00:00 1970
197 +++ linux/net/ipsec/Config.in Fri Sep 15 13:37:00 2000
200 +# IPSEC configuration
201 +# Copyright (C) 1998, 1999 Richard Guy Briggs.
203 +# This program is free software; you can redistribute it and/or modify it
204 +# under the terms of the GNU General Public License as published by the
205 +# Free Software Foundation; either version 2 of the License, or (at your
206 +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
208 +# This program is distributed in the hope that it will be useful, but
209 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
210 +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
215 +comment 'IPSec options (FreeS/WAN)'
217 +bool ' IPSEC: IP-in-IP encapsulation (tunnel mode)' CONFIG_IPSEC_IPIP
219 +bool ' IPSEC: Authentication Header' CONFIG_IPSEC_AH
220 +if [ "$CONFIG_IPSEC_AH" = "y" -o "$CONFIG_IPSEC_ESP" = "y" ]; then
221 + bool ' HMAC-MD5 authentication algorithm' CONFIG_IPSEC_AUTH_HMAC_MD5
222 + bool ' HMAC-SHA1 authentication algorithm' CONFIG_IPSEC_AUTH_HMAC_SHA1
225 +bool ' IPSEC: Encapsulating Security Payload' CONFIG_IPSEC_ESP
226 +if [ "$CONFIG_IPSEC_ESP" = "y" ]; then
227 + bool ' 3DES encryption algorithm' CONFIG_IPSEC_ENC_3DES
230 +bool ' IPSEC: IP Compression' CONFIG_IPSEC_IPCOMP
232 +bool ' IPSEC Debugging Option' CONFIG_IPSEC_DEBUG
233 diff -druN linux-noipsec/net/ipsec/Makefile linux/net/ipsec/Makefile
234 --- linux-noipsec/net/ipsec/Makefile Thu Jan 1 01:00:00 1970
235 +++ linux/net/ipsec/Makefile Fri Sep 29 21:51:57 2000
237 +# Makefile for KLIPS kernel code
238 +# Copyright (C) 1998, 1999 Richard Guy Briggs.
240 +# This program is free software; you can redistribute it and/or modify it
241 +# under the terms of the GNU General Public License as published by the
242 +# Free Software Foundation; either version 2 of the License, or (at your
243 +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
245 +# This program is distributed in the hope that it will be useful, but
246 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
247 +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
252 +# Note! Dependencies are done automagically by 'make dep', which also
253 +# removes any old dependencies. DON'T put your own dependencies here
254 +# unless it's something special (ie not a .c file).
256 +# Note 2! The CFLAGS definition is now in the main makefile...
259 +TOPDIR := /usr/src/linux
263 +ALL_SUB_DIRS := libfreeswan zlib
267 +O_OBJS := ipsec_init.o ipsec_xform.o ipsec_netlink.o ipsec_radij.o ipsec_tunnel.o ipsec_rcv.o sysctl_net_ipsec.o pfkey_v2.o pfkey_v2_parser.o
270 +M_OBJS := $(O_TARGET)
272 +override CFLAGS += -Ilibfreeswan
274 +ifeq ($(CONFIG_IPSEC_DEBUG),y)
275 +override CFLAGS += -g
278 +override CFLAGS += -Wall
279 +#override CFLAGS += -Wconversion
280 +#override CFLAGS += -Wmissing-prototypes
281 +override CFLAGS += -Wpointer-arith
282 +#override CFLAGS += -Wcast-qual
283 +#override CFLAGS += -Wmissing-declarations
284 +override CFLAGS += -Wstrict-prototypes
285 +#override CFLAGS += -pedantic
286 +#override CFLAGS += -O3
287 +#override CFLAGS += -W
288 +#override CFLAGS += -Wwrite-strings
289 +override CFLAGS += -Wbad-function-cast
292 +ifeq ($(CONFIG_IPSEC_ENC_DES),y)
296 +ifeq ($(CONFIG_IPSEC_ENC_3DES),y)
300 +ifeq ($(CONFIG_IPSEC_AUTH_HMAC_MD5),y)
301 +O_OBJS += ipsec_md5c.o
304 +ifeq ($(CONFIG_IPSEC_AUTH_HMAC_SHA1),y)
305 +O_OBJS += ipsec_sha1.o
308 +ifeq ($(CONFIG_IPSEC_IPCOMP),y)
309 + O_OBJS += ipcomp.o zlib/zlib.a
311 + MOD_SUB_DIRS += zlib
314 +ifeq ($(INCLUDE_DES),y)
315 +O_OBJS += libdes/libdes.a
318 +O_OBJS += libfreeswan/libkernel.a
320 +ifeq ($(CONFIG_IPSEC),y)
321 +SUB_DIRS += libfreeswan
323 + ifeq ($(CONFIG_IPSEC),m)
324 + override MOD_SUB_DIRS += libfreeswan
328 +include $(TOPDIR)/Rules.make
330 +$(O_OBJS) $(OX_OBJS): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h
334 + if test " `arch | sed 's/^i[3456]/x/'`" = " x86" ; \
335 + then $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' TESTING='' x86-elf ; \
336 + else $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' libdes.a ; \
339 +libfreeswan/libkernel.a:
340 + $(MAKE) -C libfreeswan
348 +tags TAGS: *.c *.h libfreeswan/*.c libfreeswan/*.h
349 + find . -name '*.[ch]' |xargs etags
350 + find . -name '*.[ch]' |xargs ctags
357 +# Revision 1.30 2000/09/29 19:51:57 rgb
358 +# Moved klips/net/ipsec/ipcomp_* to zlib/* (Svenning).
360 +# Revision 1.29 2000/09/15 11:37:01 rgb
361 +# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
362 +# IPCOMP zlib deflate code.
364 +# Revision 1.28 2000/09/15 04:55:25 rgb
365 +# Clean up pfkey object inclusion into the default object.
367 +# Revision 1.27 2000/09/12 03:20:47 rgb
368 +# Cleared out now unused pfkeyv2 switch.
371 +# Revision 1.26 2000/09/08 19:12:55 rgb
372 +# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
374 +# Revision 1.25 2000/06/16 03:09:16 rgb
375 +# Shut up cast lost warning due to changes in 2.4.0-test1.
377 +# Revision 1.24 2000/03/16 06:40:48 rgb
378 +# Hardcode PF_KEYv2 support.
380 +# Revision 1.23 2000/02/14 21:10:38 rgb
381 +# Added gcc debug flag when KLIPS_DEBUG is swtiched on.
383 +# Revision 1.22 2000/01/21 09:44:29 rgb
384 +# Added compiler switches to be a lot more fussy.
386 +# Revision 1.21 1999/11/25 23:35:20 rgb
387 +# Removed quotes to fix Alpha compile issues.
389 +# Revision 1.20 1999/11/17 15:49:34 rgb
390 +# Changed all occurrences of ../../../lib in pathnames to libfreeswan,
391 +# which refers to the /usr/src/linux/net/ipsec/lib directory setup by the
392 +# klink target in the top-level Makefile; and libdeslite.o to
394 +# Added SUB_DIRS := lib definition for the kernel libraries.
396 +# Revision 1.19 1999/04/27 19:06:47 rgb
397 +# dd libs and dependancies to tags generation.
399 +# Revision 1.18 1999/04/16 16:28:12 rgb
400 +# Minor bugfix to avoid including DES if only AH is used.
402 +# Revision 1.17 1999/04/15 15:37:23 rgb
403 +# Forward check changes from POST1_00 branch.
405 +# Revision 1.14.2.1 1999/03/30 17:29:17 rgb
406 +# Add support for pfkey.
408 +# Revision 1.16 1999/04/11 00:28:56 henry
411 +# Revision 1.15 1999/04/06 04:54:25 rgb
412 +# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
413 +# patch shell fixes.
415 +# Revision 1.14 1999/02/18 16:50:45 henry
416 +# update for new DES library
418 +# Revision 1.13 1999/02/12 21:11:45 rgb
419 +# Prepare for newer LIBDES (patch from P.Onion).
421 +# Revision 1.12 1999/01/26 02:05:08 rgb
422 +# Remove references to INET_GET_PROTOCOL.
423 +# Removed CONFIG_IPSEC_ALGO_SWITCH macro.
424 +# Change from transform switch to algorithm switch.
426 +# Revision 1.11 1999/01/22 06:16:09 rgb
427 +# Added algorithm switch code config option.
429 +# Revision 1.10 1998/11/08 05:31:21 henry
430 +# be a little fussier
432 +# Revision 1.9 1998/11/08 05:29:41 henry
433 +# revisions for new libdes handling
435 +# Revision 1.8 1998/08/12 00:05:48 rgb
436 +# Added new xforms to Makefile (moved des-cbc to des-old).
438 +# Revision 1.7 1998/07/27 21:48:47 rgb
441 +# Revision 1.6 1998/07/14 15:50:47 rgb
442 +# Add dependancies on linux config files.
444 +# Revision 1.5 1998/07/09 17:44:06 rgb
445 +# Added 'clean' and 'tags' targets.
446 +# Added TOPDIR macro.
447 +# Change module back from symbol exporting to not.
449 +# Revision 1.3 1998/06/25 19:25:04 rgb
450 +# Rearrange to support static linking and objects with exported symbol
453 +# Revision 1.1 1998/06/18 21:27:42 henry
454 +# move sources from klips/src to klips/net/ipsec, to keep stupid
455 +# kernel-build scripts happier in the presence of symlinks
457 +# Revision 1.3 1998/04/15 23:18:43 rgb
458 +# Unfixed the ../../libdes fix to avoid messing up Henry's script.
460 +# Revision 1.2 1998/04/14 17:50:47 rgb
461 +# Fixed to find the new location of libdes.
463 +# Revision 1.1 1998/04/09 03:05:22 henry
464 +# sources moved up from linux/net/ipsec
465 +# modifications to centralize libdes code
467 +# Revision 1.1.1.1 1998/04/08 05:35:02 henry
468 +# RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
470 +# Revision 0.5 1997/06/03 04:24:48 ji
471 +# Added ESP-3DES-MD5-96
473 +# Revision 0.4 1997/01/15 01:32:59 ji
474 +# Added new transforms.
476 +# Revision 0.3 1996/11/20 14:22:53 ji
477 +# *** empty log message ***
479 diff -druN linux-noipsec/net/ipsec/defconfig linux/net/ipsec/defconfig
480 --- linux-noipsec/net/ipsec/defconfig Thu Jan 1 01:00:00 1970
481 +++ linux/net/ipsec/defconfig Thu Nov 30 18:26:56 2000
488 +# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
492 +# First, lets override stuff already set or not in the kernel config.
494 +# We can't even think about leaving this off...
498 +# This must be on for subnet protection.
501 +# Shut off IPSEC masquerading if it has been enabled, since it will
502 +# break the compile. IPPROTO_ESP and IPPROTO_AH were included in
503 +# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
504 +CONFIG_IP_MASQUERADE_IPSEC=n
507 +# Next, lets set the recommended FreeS/WAN configuration.
510 +# To config as static (preferred), 'y'. To config as module, 'm'.
513 +# To do tunnel mode IPSec, this must be enabled.
516 +# To enable authentication, say 'y'. (Highly recommended)
519 +# Authentication algorithm(s):
520 +CONFIG_IPSEC_AUTH_HMAC_MD5=y
521 +CONFIG_IPSEC_AUTH_HMAC_SHA1=y
523 +# To enable encryption, say 'y'. (Highly recommended)
526 +# Encryption algorithm(s):
527 +CONFIG_IPSEC_ENC_3DES=y
529 +# IP Compression: new, probably still has minor bugs.
530 +CONFIG_IPSEC_IPCOMP=y
532 +# To enable userspace-switchable KLIPS debugging, say 'y'.
533 +CONFIG_IPSEC_DEBUG=y
538 +# Revision 1.18 2000/11/30 17:26:56 rgb
539 +# Cleaned out unused options and enabled ipcomp by default.
541 +# Revision 1.17 2000/09/15 11:37:01 rgb
542 +# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
543 +# IPCOMP zlib deflate code.
545 +# Revision 1.16 2000/09/08 19:12:55 rgb
546 +# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
548 +# Revision 1.15 2000/05/24 19:37:13 rgb
549 +# *** empty log message ***
551 +# Revision 1.14 2000/05/11 21:14:57 henry
552 +# just commenting the FOOBAR=y lines out is not enough
554 +# Revision 1.13 2000/05/10 20:17:58 rgb
555 +# Comment out netlink defaults, which are no longer needed.
557 +# Revision 1.12 2000/05/10 19:13:38 rgb
558 +# Added configure option to shut off no eroute passthrough.
560 +# Revision 1.11 2000/03/16 07:09:46 rgb
561 +# Hardcode PF_KEYv2 support.
562 +# Disable IPSEC_ICMP by default.
563 +# Remove DES config option from defaults file.
565 +# Revision 1.10 2000/01/11 03:09:42 rgb
566 +# Added a default of 'y' to PF_KEYv2 keying I/F.
568 +# Revision 1.9 1999/05/08 21:23:12 rgb
569 +# Added support for 2.2.x kernels.
571 +# Revision 1.8 1999/04/06 04:54:25 rgb
572 +# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
573 +# patch shell fixes.
576 diff -druN linux-noipsec/net/ipsec/ipcomp.c linux/net/ipsec/ipcomp.c
577 --- linux-noipsec/net/ipsec/ipcomp.c Thu Jan 1 01:00:00 1970
578 +++ linux/net/ipsec/ipcomp.c Sat Nov 25 04:48:49 2000
581 + * IPCOMP zlib interface code.
582 + * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk>
583 + * Copyright (C) 2000 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
585 + * This program is free software; you can redistribute it and/or modify it
586 + * under the terms of the GNU General Public License as published by the
587 + * Free Software Foundation; either version 2 of the License, or (at your
588 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
590 + * This program is distributed in the hope that it will be useful, but
591 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
592 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
593 + * for more details.
596 +char ipcomp_c_version[] = "RCSID $Id$";
600 +#include <linux/config.h>
601 +#include <linux/version.h>
603 +#define __NO_VERSION__
604 +#include <linux/module.h>
606 +#include <linux/kernel.h> /* printk() */
607 +#include <linux/malloc.h>
608 +#include <linux/errno.h> /* error codes */
609 +#include <linux/types.h>
610 +#include <linux/netdevice.h>
611 +#include <linux/ip.h>
612 +#include <linux/skbuff.h>
614 +#include <linux/netdevice.h> /* struct device, and other headers */
615 +#include <linux/etherdevice.h> /* eth_type_trans */
616 +#include <linux/ip.h> /* struct iphdr */
617 +#include <linux/skbuff.h>
619 +#include <freeswan.h>
621 +#include <net/dst.h>
622 +#include <asm/uaccess.h>
623 +#include <linux/in6.h>
624 +#define proto_priv cb
626 +#include <asm/checksum.h>
630 +#include "ipsec_encap.h"
631 +#include "ipsec_netlink.h"
632 +#include "ipsec_xform.h"
633 +#include "ipsec_tunnel.h"
634 +#include "ipsec_rcv.h" /* sysctl_ipsec_inbound_policy_check */
636 +#include "zlib/zlib.h"
637 +#include "zlib/zutil.h"
639 +#include <pfkeyv2.h> /* SADB_X_CALG_DEFLATE */
641 +#ifdef CONFIG_IPSEC_DEBUG
642 +int sysctl_ipsec_debug_ipcomp = 0;
643 +#endif /* CONFIG_IPSEC_DEBUG */
646 +struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask);
649 +voidpf my_zcalloc(voidpf opaque, uInt items, uInt size)
651 + return (voidpf) kmalloc(items*size, GFP_ATOMIC);
655 +void my_zfree(voidpf opaque, voidpf address)
660 +struct sk_buff *skb_compress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags)
663 + unsigned int iphlen, pyldsz, cpyldsz;
664 + unsigned char *buffer;
668 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
669 + "klips_debug:skb_compress: .\n");
672 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
673 + "klips_debug:skb_compress: "
674 + "passed in NULL skb, returning ERROR.\n");
675 + if (flags) *flags |= IPCOMP_PARMERROR;
680 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
681 + "klips_debug:skb_compress: "
682 + "passed in NULL tdb needed for cpi, returning ERROR.\n");
683 + if (flags) *flags |= IPCOMP_PARMERROR;
688 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
689 + "klips_debug:skb_compress: "
690 + "passed in NULL flags, returning ERROR.\n");
694 + dev_kfree_skb(skb, FREE_WRITE);
705 + switch (iph->protocol) {
709 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
710 + "klips_debug:skb_compress: "
711 + "skipping compression of packet with ip protocol %d.\n",
713 + *flags |= IPCOMP_UNCOMPRESSABLE;
717 + /* Don't compress packets already fragmented */
718 + if (ntohs(iph->frag_off) & ~0x4000) {
719 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
720 + "klips_debug:skb_compress: "
721 + "skipping compression of fragmented packet.\n");
722 + *flags |= IPCOMP_UNCOMPRESSABLE;
726 + iphlen = iph->ihl << 2;
727 + pyldsz = ntohs(iph->tot_len) - iphlen;
729 + /* Don't compress less than 90 bytes (rfc 2394) */
731 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
732 + "klips_debug:skb_compress: "
733 + "skipping compression of tiny packet, len=%d.\n",
735 + *flags |= IPCOMP_UNCOMPRESSABLE;
739 + /* Adaptive decision */
740 + if (tdb->tdb_comp_adapt_skip) {
741 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
742 + "klips_debug:skb_compress: "
743 + "skipping compression: tdb_comp_adapt_skip=%d.\n",
744 + tdb->tdb_comp_adapt_skip);
745 + tdb->tdb_comp_adapt_skip--;
746 + *flags |= IPCOMP_UNCOMPRESSABLE;
750 + zs.zalloc = my_zcalloc;
751 + zs.zfree = my_zfree;
754 + /* We want to use deflateInit2 because we don't want the adler
756 + zresult = deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -11,
757 + DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY);
758 + if (zresult != Z_OK) {
759 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
760 + "klips_error:skb_compress: "
761 + "deflateInit2() returned error %d (%s), "
762 + "skipping compression.\n",
764 + zs.msg ? zs.msg : zError(zresult));
765 + *flags |= IPCOMP_COMPRESSIONERROR;
770 + /* Max output size. Result should be max this size.
771 + * Implementation specific tweak:
772 + * If it's not at least 32 bytes and 6.25% smaller than
773 + * the original packet, it's probably not worth wasting
774 + * the receiver's CPU cycles decompressing it.
775 + * Your mileage may vary.
777 + cpyldsz = pyldsz - sizeof(struct ipcomphdr) - (pyldsz <= 512 ? 32 : pyldsz >> 4);
779 + buffer = kmalloc(cpyldsz, GFP_ATOMIC);
781 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
782 + "klips_error:skb_compress: "
783 + "unable to kmalloc(%d, GFP_ATOMIC), "
784 + "skipping compression.\n",
786 + *flags |= IPCOMP_COMPRESSIONERROR;
791 +#ifdef CONFIG_IPSEC_DEBUG
792 + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) {
796 + c = (__u8*)iph + iphlen;
797 + for(i = 0; i < pyldsz; i++, c++) {
799 + printk(KERN_INFO "skb_compress: before:");
801 + printk("%02x ", *c);
802 + if(!((i + 1) % 16)) {
810 +#endif /* CONFIG_IPSEC_DEBUG */
812 + zs.next_in = (char *) iph + iphlen; /* start of payload */
813 + zs.avail_in = pyldsz;
814 + zs.next_out = buffer; /* start of compressed payload */
815 + zs.avail_out = cpyldsz;
817 + /* Finish compression in one step */
818 + zresult = deflate(&zs, Z_FINISH);
820 + /* Free all dynamically allocated buffers */
822 + if (zresult != Z_STREAM_END) {
823 + *flags |= IPCOMP_UNCOMPRESSABLE;
826 + /* Adjust adaptive counters */
827 + if (++(tdb->tdb_comp_adapt_tries) == IPCOMP_ADAPT_INITIAL_TRIES) {
828 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
829 + "klips_debug:skb_compress: "
830 + "first %d packets didn't compress, "
831 + "skipping next %d\n",
832 + IPCOMP_ADAPT_INITIAL_TRIES,
833 + IPCOMP_ADAPT_INITIAL_SKIP);
834 + tdb->tdb_comp_adapt_skip = IPCOMP_ADAPT_INITIAL_SKIP;
836 + else if (tdb->tdb_comp_adapt_tries == IPCOMP_ADAPT_INITIAL_TRIES + IPCOMP_ADAPT_SUBSEQ_TRIES) {
837 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
838 + "klips_debug:skb_compress: "
839 + "next %d packets didn't compress, "
840 + "skipping next %d\n",
841 + IPCOMP_ADAPT_SUBSEQ_TRIES,
842 + IPCOMP_ADAPT_SUBSEQ_SKIP);
843 + tdb->tdb_comp_adapt_skip = IPCOMP_ADAPT_SUBSEQ_SKIP;
844 + tdb->tdb_comp_adapt_tries = IPCOMP_ADAPT_INITIAL_TRIES;
850 + /* resulting compressed size */
851 + cpyldsz -= zs.avail_out;
853 + /* Insert IPCOMP header */
854 + ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_nh = iph->protocol;
855 + ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_flags = 0;
856 + /* use the bottom 16 bits of the spi for the cpi. The top 16 bits are
857 + for internal reference only. */
858 + ((struct ipcomphdr*) (((char*)iph) + iphlen))->ipcomp_cpi = htons((__u16)(ntohl(tdb->tdb_said.spi) & 0x0000ffff));
859 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
860 + "klips_debug:skb_compress: "
861 + "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: raw=%d, comp=%d.\n",
862 + ntohl(tdb->tdb_said.spi),
863 + ntohl(tdb->tdb_said.spi) & 0x0000ffff,
864 + ntohs(((struct ipcomphdr*)(((char*)iph)+iphlen))->ipcomp_cpi),
868 + /* Update IP header */
869 + iph->protocol = IPPROTO_COMP;
870 + iph->tot_len = htons(iphlen + sizeof(struct ipcomphdr) + cpyldsz);
871 +#if 1 /* XXX checksum is done by ipsec_tunnel ? */
873 + iph->check = ip_fast_csum((char *) iph, iph->ihl);
876 + /* Copy compressed payload */
877 + memcpy((char *) iph + iphlen + sizeof(struct ipcomphdr),
882 + /* Update skb length/tail by "unputting" the shrinkage */
884 + cpyldsz + sizeof(struct ipcomphdr) - pyldsz);
886 +#ifdef CONFIG_IPSEC_DEBUG
887 + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) {
891 + c = (__u8*)iph + iphlen + sizeof(struct ipcomphdr);
892 + for(i = 0; i < cpyldsz; i++, c++) {
894 + printk(KERN_INFO "skb_compress: result:");
896 + printk("%02x ", *c);
897 + if(!((i + 1) % 16)) {
905 +#endif /* CONFIG_IPSEC_DEBUG */
907 + tdb->tdb_comp_adapt_skip = 0;
908 + tdb->tdb_comp_adapt_tries = 0;
913 +struct sk_buff *skb_decompress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags)
915 + struct sk_buff *nskb = NULL;
917 + /* original ip header */
918 + struct iphdr *oiph, *iph;
919 + unsigned int iphlen, pyldsz, cpyldsz;
923 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
924 + "klips_debug:skb_decompress: .\n");
927 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
928 + "klips_error:skb_decompress: "
929 + "passed in NULL skb, returning ERROR.\n");
930 + if (flags) *flags |= IPCOMP_PARMERROR;
934 + if(!tdb && sysctl_ipsec_inbound_policy_check) {
935 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
936 + "klips_error:skb_decompress: "
937 + "passed in NULL tdb needed for comp alg, returning ERROR.\n");
938 + if (flags) *flags |= IPCOMP_PARMERROR;
943 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
944 + "klips_error:skb_decompress: "
945 + "passed in NULL flags, returning ERROR.\n");
949 + dev_kfree_skb(skb, FREE_WRITE);
955 + oiph = skb->nh.iph;
957 + oiph = skb->ip_hdr;
960 + iphlen = oiph->ihl << 2;
962 + if (oiph->protocol != IPPROTO_COMP) {
963 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
964 + "klips_error:skb_decompress: "
965 + "called with non-IPCOMP packet (protocol=%d),"
966 + "skipping decompression.\n",
968 + *flags |= IPCOMP_PARMERROR;
972 + if ( (((struct ipcomphdr*)((char*) oiph + iphlen))->ipcomp_flags != 0)
973 + || ((((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi
974 + != htons(SADB_X_CALG_DEFLATE))
975 + && sysctl_ipsec_inbound_policy_check
976 + && (!tdb || (tdb && (tdb->tdb_encalg != SADB_X_CALG_DEFLATE)))) ) {
977 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
978 + "klips_error:skb_decompress: "
979 + "called with incompatible IPCOMP packet (flags=%d, "
980 + "cpi=%d), tdb-compalg=%d, skipping decompression.\n",
981 + ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_flags),
982 + ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi),
983 + tdb ? tdb->tdb_encalg : 0);
984 + *flags |= IPCOMP_PARMERROR;
989 + if (ntohs(oiph->frag_off) & ~0x4000) {
990 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
991 + "klips_error:skb_decompress: "
992 + "called with fragmented IPCOMP packet, "
993 + "skipping decompression.\n");
994 + *flags |= IPCOMP_PARMERROR;
998 + /* original compressed payload size */
999 + cpyldsz = ntohs(oiph->tot_len) - iphlen - sizeof(struct ipcomphdr);
1001 + zs.zalloc = my_zcalloc;
1002 + zs.zfree = my_zfree;
1005 + zs.next_in = (char *) oiph + iphlen + sizeof(struct ipcomphdr);
1006 + zs.avail_in = cpyldsz;
1008 + /* Maybe we should be a bit conservative about memory
1009 + requirements and use inflateInit2 */
1010 + /* Beware, that this might make us unable to decompress packets
1011 + from other implementations - HINT: check PGPnet source code */
1012 + /* We want to use inflateInit2 because we don't want the adler
1014 + zresult = inflateInit2(&zs, -15);
1015 + if (zresult != Z_OK) {
1016 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1017 + "klips_error:skb_decompress: "
1018 + "inflateInit2() returned error %d (%s), "
1019 + "skipping decompression.\n",
1021 + zs.msg ? zs.msg : zError(zresult));
1022 + *flags |= IPCOMP_DECOMPRESSIONERROR;
1027 + /* We have no way of knowing the exact length of the resulting
1028 + decompressed output before we have actually done the decompression.
1029 + For now, we guess that the packet will not be bigger than the
1030 + attached ipsec device's mtu or 16260, whichever is biggest.
1031 + This may be wrong, since the sender's mtu may be bigger yet.
1032 + XXX This must be dealt with later XXX
1035 + /* max payload size */
1036 + pyldsz = skb->dev ? (skb->dev->mtu < 16260 ? 16260 : skb->dev->mtu)
1037 + : (65520 - iphlen);
1038 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1039 + "klips_debug:skb_decompress: "
1040 + "max payload size: %d\n", pyldsz);
1042 + while (pyldsz > (cpyldsz + sizeof(struct ipcomphdr)) &&
1043 + (nskb = skb_copy_ipcomp(skb,
1044 + pyldsz - cpyldsz - sizeof(struct ipcomphdr),
1045 + GFP_ATOMIC)) == NULL) {
1046 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1047 + "klips_error:skb_decompress: "
1048 + "unable to skb_copy_ipcomp(skb, %d, GFP_ATOMIC), "
1049 + "trying with less payload size.\n",
1050 + pyldsz - cpyldsz - sizeof(struct ipcomphdr));
1055 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1056 + "klips_error:skb_decompress: "
1057 + "unable to allocate memory, dropping packet.\n");
1058 + *flags |= IPCOMP_DECOMPRESSIONERROR;
1064 +#ifdef CONFIG_IPSEC_DEBUG
1065 + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) {
1069 + c = (__u8*)oiph + iphlen + sizeof(struct ipcomphdr);
1070 + for(i = 0; i < cpyldsz; i++, c++) {
1072 + printk(KERN_INFO "skb_decompress: before:");
1074 + printk("%02x ", *c);
1075 + if(!((i + 1) % 16)) {
1083 +#endif /* CONFIG_IPSEC_DEBUG */
1086 + iph = nskb->nh.iph;
1088 + iph = nskb->ip_hdr;
1089 +#endif /* NET_21 */
1090 + zs.next_out = (char *)iph + iphlen;
1091 + zs.avail_out = pyldsz;
1093 + zresult = inflate(&zs, Z_SYNC_FLUSH);
1095 + /* work around a bug in zlib, which sometimes wants to taste an extra
1096 + * byte when being used in the (undocumented) raw deflate mode.
1098 + if (zresult == Z_OK && !zs.avail_in && zs.avail_out) {
1099 + __u8 zerostuff = 0;
1101 + zs.next_in = &zerostuff;
1103 + zresult = inflate(&zs, Z_FINISH);
1107 + if (zresult != Z_STREAM_END) {
1108 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1109 + "klips_error:skb_decompress: "
1110 + "inflate() returned error %d (%s), "
1111 + "skipping decompression.\n",
1113 + zs.msg ? zs.msg : zError(zresult));
1114 + *flags |= IPCOMP_DECOMPRESSIONERROR;
1118 + dev_kfree_skb(nskb, FREE_WRITE);
1119 +#endif /* NET_21 */
1124 + /* Update IP header */
1125 + /* resulting decompressed size */
1126 + pyldsz -= zs.avail_out;
1127 + iph->tot_len = htons(iphlen + pyldsz);
1128 + iph->protocol = ((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_nh;
1129 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1130 + "klips_debug:skb_decompress: "
1131 + "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: comp=%d, raw=%d, nh=%d.\n",
1132 + tdb ? ntohl(tdb->tdb_said.spi) : 0,
1133 + tdb ? ntohl(tdb->tdb_said.spi) & 0x0000ffff : 0,
1134 + ntohs(((struct ipcomphdr*)(((char*)oiph)+iphlen))->ipcomp_cpi),
1139 +#if 1 /* XXX checksum is done by ipsec_rcv ? */
1141 + iph->check = ip_fast_csum((char*) iph, iph->ihl);
1144 + /* Update skb length/tail by "unputting" the unused data area */
1145 + skb_put(nskb, -zs.avail_out);
1150 + dev_kfree_skb(skb, FREE_WRITE);
1151 +#endif /* NET_21 */
1153 + if (iph->protocol == IPPROTO_COMP)
1155 +#ifdef CONFIG_IPSEC_DEBUG
1156 + if(sysctl_ipsec_debug_ipcomp)
1157 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1158 + "klips_debug:skb_decompress: "
1159 + "Eh? inner packet is also compressed, dropping.\n");
1160 +#endif /* CONFIG_IPSEC_DEBUG */
1165 + dev_kfree_skb(nskb, FREE_WRITE);
1166 +#endif /* NET_21 */
1170 +#ifdef CONFIG_IPSEC_DEBUG
1171 + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) {
1175 + c = (__u8*)iph + iphlen;
1176 + for(i = 0; i < pyldsz; i++, c++) {
1178 + printk(KERN_INFO "skb_decompress: result:");
1180 + printk("%02x ", *c);
1181 + if(!((i + 1) % 16)) {
1189 +#endif /* CONFIG_IPSEC_DEBUG */
1195 +/* this is derived from skb_copy() in linux 2.2.14 */
1196 +/* May be incompatible with other kernel versions!! */
1198 +struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask)
1200 + struct sk_buff *n;
1201 + struct iphdr *iph;
1202 + unsigned long offset;
1203 + unsigned int iphlen;
1206 + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp,
1207 + "klips_debug:skb_copy_ipcomp: "
1208 + "passed in NULL skb, returning NULL.\n");
1213 + * Allocate the copy buffer
1217 + iph = skb->nh.iph;
1219 + iph = skb->ip_hdr;
1220 +#endif /* NET_21 */
1221 + if (!iph) return NULL;
1222 + iphlen = iph->ihl << 2;
1224 + n=alloc_skb(skb->end - skb->head + data_growth, gfp_mask);
1229 + * Shift between the two data areas in bytes
1232 + offset=n->head-skb->head;
1234 + /* Set the data pointer */
1235 + skb_reserve(n,skb->data-skb->head);
1236 + /* Set the tail pointer and length */
1237 + skb_put(n,skb->len+data_growth);
1238 + /* Copy the bytes up to and including the ip header */
1241 + ((char *)iph - (char *)skb->head) + iphlen);
1248 + n->h.raw=skb->h.raw+offset;
1251 + n->protocol=skb->protocol;
1254 + n->priority=skb->priority;
1255 + n->dst=dst_clone(skb->dst);
1256 + n->nh.raw=skb->nh.raw+offset;
1258 + atomic_set(&n->users, 1);
1259 + n->destructor = NULL;
1260 + n->security=skb->security;
1261 + memcpy(n->cb, skb->cb, sizeof(skb->cb));
1262 +#ifdef CONFIG_IP_FIREWALL
1263 + n->fwmark = skb->fwmark;
1267 + n->when=skb->when;
1268 + n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset);
1269 + n->saddr=skb->saddr;
1270 + n->daddr=skb->daddr;
1271 + n->raddr=skb->raddr;
1273 + n->end_seq=skb->end_seq;
1274 + n->ack_seq=skb->ack_seq;
1275 + n->acked=skb->acked;
1281 + memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv));
1282 +#endif /* NET_21 */
1284 + n->mac.raw=skb->mac.raw+offset;
1287 + n->used=skb->used;
1288 + n->pkt_type=skb->pkt_type;
1289 + n->pkt_bridged=skb->pkt_bridged;
1291 + n->stamp=skb->stamp;
1292 +#if defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE)
1293 + n->shapelatency=skb->shapelatency; /* Latency on frame */
1294 + n->shapeclock=skb->shapeclock; /* Time it should go out */
1295 + n->shapelen=skb->shapelen; /* Frame length in clocks */
1296 + n->shapestamp=skb->shapestamp; /* Stamp for shaper */
1297 + n->shapepend=skb->shapepend; /* Pending */
1299 +#ifdef CONFIG_HIPPI
1300 + n->private.ifield=skb->private.ifield;
1305 diff -druN linux-noipsec/net/ipsec/ipcomp.h linux/net/ipsec/ipcomp.h
1306 --- linux-noipsec/net/ipsec/ipcomp.h Thu Jan 1 01:00:00 1970
1307 +++ linux/net/ipsec/ipcomp.h Mon Nov 6 05:30:40 2000
1310 + * IPCOMP zlib interface code.
1311 + * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk>
1312 + * Copyright (C) 2000 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
1314 + * This program is free software; you can redistribute it and/or modify it
1315 + * under the terms of the GNU General Public License as published by the
1316 + * Free Software Foundation; either version 2 of the License, or (at your
1317 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
1319 + * This program is distributed in the hope that it will be useful, but
1320 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
1321 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1322 + * for more details.
1333 +/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */
1334 +#define IPCOMP_PREFIX
1336 +#ifndef IPPROTO_COMP
1337 +#define IPPROTO_COMP 108
1338 +#endif /* IPPROTO_COMP */
1340 +#ifdef CONFIG_IPSEC_DEBUG
1341 +extern int sysctl_ipsec_debug_ipcomp;
1342 +#endif /* CONFIG_IPSEC_DEBUG */
1344 +struct ipcomphdr { /* IPCOMP header */
1345 + __u8 ipcomp_nh; /* Next header (protocol) */
1346 + __u8 ipcomp_flags; /* Reserved, must be 0 */
1347 + __u16 ipcomp_cpi; /* Compression Parameter Index */
1350 +extern struct inet_protocol comp_protocol;
1351 +extern int sysctl_ipsec_debug_ipcomp;
1353 +#define IPCOMP_UNCOMPRESSABLE 0x000000001
1354 +#define IPCOMP_COMPRESSIONERROR 0x000000002
1355 +#define IPCOMP_PARMERROR 0x000000004
1356 +#define IPCOMP_DECOMPRESSIONERROR 0x000000008
1358 +#define IPCOMP_ADAPT_INITIAL_TRIES 8
1359 +#define IPCOMP_ADAPT_INITIAL_SKIP 4
1360 +#define IPCOMP_ADAPT_SUBSEQ_TRIES 2
1361 +#define IPCOMP_ADAPT_SUBSEQ_SKIP 8
1363 +/* Function prototypes */
1364 +struct sk_buff *skb_compress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags);
1365 +struct sk_buff *skb_decompress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags);
1367 +#endif /* _IPCOMP_H */
1368 diff -druN linux-noipsec/net/ipsec/ipsec_ah.h linux/net/ipsec/ipsec_ah.h
1369 --- linux-noipsec/net/ipsec/ipsec_ah.h Thu Jan 1 01:00:00 1970
1370 +++ linux/net/ipsec/ipsec_ah.h Tue Sep 12 05:21:20 2000
1373 + * Authentication Header declarations
1374 + * Copyright (C) 1996, 1997 John Ioannidis.
1375 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
1377 + * This program is free software; you can redistribute it and/or modify it
1378 + * under the terms of the GNU General Public License as published by the
1379 + * Free Software Foundation; either version 2 of the License, or (at your
1380 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
1382 + * This program is distributed in the hope that it will be useful, but
1383 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
1384 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1385 + * for more details.
1390 +#include "ipsec_md5h.h"
1391 +#include "ipsec_sha1.h"
1394 +#define IPPROTO_AH 51
1395 +#endif /* IPPROTO_AH */
1397 +#define AH_FLENGTH 12 /* size of fixed part */
1398 +#define AHMD5_KMAX 64 /* MD5 max 512 bits key */
1399 +#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */
1401 +#define AHMD596_KLEN 16 /* MD5 128 bits key */
1402 +#define AHSHA196_KLEN 20 /* SHA1 160 bits key */
1404 +#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */
1405 +#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */
1407 +#define AHMD596_BLKLEN 64 /* MD5 block length */
1408 +#define AHSHA196_BLKLEN 64 /* SHA1 block length */
1410 +#define AH_AMAX AHSHA196_ALEN /* keep up to date! */
1411 +#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */
1412 +#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */
1414 +#define DB_AH_PKTRX 0x0001
1415 +#define DB_AH_PKTRX2 0x0002
1416 +#define DB_AH_DMP 0x0004
1417 +#define DB_AH_TDB 0x0010
1418 +#define DB_AH_XF 0x0020
1419 +#define DB_AH_INAU 0x0040
1420 +#define DB_AH_REPLAY 0x0100
1422 +struct ahmd5_xdata /* transform table data */
1424 + __u16 amx_klen; /* Key material length */
1425 + __u16 amx_alen; /* authenticator length */
1426 + __u8 amx_key[AHMD5_KMAX]; /* Key material */
1429 +struct ahhmacmd5_edata /* struct for netlink interface */
1431 + __u16 ame_klen; /* Key material length */
1432 + __u16 ame_alen; /* authenticator length */
1433 + __u8 ame_replayp; /* replay protection ? */
1434 + __u8 ame_ooowin; /* out-of-order window size */
1435 + __u16 ame_x0; /* filler */
1436 + __u8 ame_key[AHMD596_KLEN]; /* Key material */
1439 +struct ahhmacsha1_edata /* struct for netlink interface */
1441 + __u16 ame_klen; /* Key material length */
1442 + __u16 ame_alen; /* authenticator length */
1443 + __u8 ame_replayp; /* replay protection ? */
1444 + __u8 ame_ooowin; /* out-of-order window size */
1445 + __u16 ame_x0; /* filler */
1446 + __u8 ame_key[AHSHA196_KLEN]; /* Key material */
1451 +/* General HMAC algorithm is described in RFC 2104 */
1453 +#define HMAC_IPAD 0x36
1454 +#define HMAC_OPAD 0x5C
1456 +struct ahhmacmd5_xdata /* struct for xform table */
1458 + __u16 amx_alen; /* length of authenticator, octets */
1459 + __u8 amx_replayp; /* 1 if replay prevention active */
1460 + __u8 amx_ooowin; /* out-of-order window size */
1461 + __u64 amx_bitmap; /* this&next should be 8 bytes each */
1462 + __u32 amx_lastseq; /* or just seq if sending!! */
1463 + MD5_CTX amx_octx; /* context after H(K XOR opad) */
1464 + MD5_CTX amx_ictx; /* context after H(K XOR ipad) */
1467 +struct ahhmacsha1_xdata /* struct for xform table */
1469 + __u16 amx_alen; /* length of authenticator, octets */
1470 + __u8 amx_replayp; /* 1 if replay prevention active */
1471 + __u8 amx_ooowin; /* out-of-order window size */
1472 + __u64 amx_bitmap; /* this&next should be 8 bytes each */
1473 + __u32 amx_lastseq; /* or just seq if sending!! */
1474 + SHA1_CTX amx_octx; /* context after H(K XOR opad) */
1475 + SHA1_CTX amx_ictx; /* context after H(K XOR ipad) */
1479 + MD5_CTX ictx; /* context after H(K XOR ipad) */
1480 + MD5_CTX octx; /* context after H(K XOR opad) */
1484 + SHA1_CTX ictx; /* context after H(K XOR ipad) */
1485 + SHA1_CTX octx; /* context after H(K XOR opad) */
1488 +extern struct inet_protocol ah_protocol;
1493 +ah_rcv(struct sk_buff *skb,
1494 + struct device *dev,
1495 + struct options *opt,
1497 + unsigned short len,
1500 + struct inet_protocol *protocol);
1502 +struct ah /* Generic AH header */
1504 + __u8 ah_nh; /* Next header (protocol) */
1505 + __u8 ah_hl; /* AH length, in 32-bit words */
1506 + __u16 ah_rv; /* reserved, must be 0 */
1507 + __u32 ah_spi; /* Security Parameters Index */
1508 + __u32 ah_rpl; /* Replay prevention */
1509 + __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */
1512 +#ifdef CONFIG_IPSEC_DEBUG
1513 +extern int debug_ah;
1514 +#endif /* CONFIG_IPSEC_DEBUG */
1515 +#endif /* __KERNEL__ */
1517 +#ifdef CONFIG_IPSEC_DEBUG
1518 +#define AHPRINTKEYS_
1519 +#endif /* CONFIG_IPSEC_DEBUG */
1523 + * Revision 1.12 2000/09/12 03:21:20 rgb
1524 + * Cleared out unused htonq.
1526 + * Revision 1.11 2000/09/08 19:12:55 rgb
1527 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
1529 + * Revision 1.10 2000/01/21 06:13:10 rgb
1530 + * Tidied up spacing.
1531 + * Added macros for HMAC padding magic numbers.(kravietz)
1533 + * Revision 1.9 1999/12/07 18:16:23 rgb
1534 + * Fixed comments at end of #endif lines.
1536 + * Revision 1.8 1999/04/11 00:28:56 henry
1539 + * Revision 1.7 1999/04/06 04:54:25 rgb
1540 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
1541 + * patch shell fixes.
1543 + * Revision 1.6 1999/01/26 02:06:01 rgb
1544 + * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
1546 + * Revision 1.5 1999/01/22 06:17:49 rgb
1547 + * Updated macro comments.
1548 + * Added context types to support algorithm switch code.
1549 + * 64-bit clean-up -- converting 'u long long' to __u64.
1551 + * Revision 1.4 1998/07/14 15:54:56 rgb
1552 + * Add #ifdef __KERNEL__ to protect kernel-only structures.
1554 + * Revision 1.3 1998/06/30 18:05:16 rgb
1555 + * Comment out references to htonq.
1557 + * Revision 1.2 1998/06/25 19:33:46 rgb
1558 + * Add prototype for protocol receive function.
1559 + * Rearrange for more logical layout.
1561 + * Revision 1.1 1998/06/18 21:27:43 henry
1562 + * move sources from klips/src to klips/net/ipsec, to keep stupid
1563 + * kernel-build scripts happier in the presence of symlinks
1565 + * Revision 1.4 1998/05/18 22:28:43 rgb
1566 + * Disable key printing facilities from /proc/net/ipsec_*.
1568 + * Revision 1.3 1998/04/21 21:29:07 rgb
1569 + * Rearrange debug switches to change on the fly debug output from user
1570 + * space. Only kernel changes checked in at this time. radij.c was also
1571 + * changed to temporarily remove buggy debugging code in rj_delete causing
1572 + * an OOPS and hence, netlink device open errors.
1574 + * Revision 1.2 1998/04/12 22:03:17 rgb
1575 + * Updated ESP-3DES-HMAC-MD5-96,
1576 + * ESP-DES-HMAC-MD5-96,
1578 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
1579 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
1581 + * Fixed eroute references in /proc/net/ipsec*.
1583 + * Started to patch module unloading memory leaks in ipsec_netlink and
1584 + * radij tree unloading.
1586 + * Revision 1.1 1998/04/09 03:05:55 henry
1587 + * sources moved up from linux/net/ipsec
1589 + * Revision 1.1.1.1 1998/04/08 05:35:02 henry
1590 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
1592 + * Revision 0.4 1997/01/15 01:28:15 ji
1593 + * Added definitions for new AH transforms.
1595 + * Revision 0.3 1996/11/20 14:35:48 ji
1597 + * Rationalized debugging code.
1599 + * Revision 0.2 1996/11/02 00:18:33 ji
1600 + * First limited release.
1604 diff -druN linux-noipsec/net/ipsec/ipsec_encap.h linux/net/ipsec/ipsec_encap.h
1605 --- linux-noipsec/net/ipsec/ipsec_encap.h Thu Jan 1 01:00:00 1970
1606 +++ linux/net/ipsec/ipsec_encap.h Fri Sep 8 21:12:56 2000
1609 + * declarations relevant to encapsulation-like operations
1610 + * Copyright (C) 1996, 1997 John Ioannidis.
1611 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
1613 + * This program is free software; you can redistribute it and/or modify it
1614 + * under the terms of the GNU General Public License as published by the
1615 + * Free Software Foundation; either version 2 of the License, or (at your
1616 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
1618 + * This program is distributed in the hope that it will be useful, but
1619 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
1620 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1621 + * for more details.
1626 +#define SENT_IP4 0x0008 /* data is two struct in_addr */
1628 +#define SEN_HDRLEN (2*sizeof(__u8)+sizeof(__u16))
1630 +#define SEN_IP4_SRCOFF (0)
1631 +#define SEN_IP4_DSTOFF (sizeof (struct in_addr))
1632 +#define SEN_IP4_OPTOFF (2 * sizeof (struct in_addr))
1634 +#define SEN_IP4_LEN (SENT_HDRLEN + SENT_IP4_OPTOFF)
1636 +#ifdef CONFIG_IPSEC_DEBUG
1637 +#define DB_ER_PROCFS 0x0001
1638 +#define DB_SP_PROCFS 0x0001
1639 +#endif /* CONFIG_IPSEC_DEBUG */
1641 +struct sockaddr_encap
1643 + __u8 sen_len; /* length */
1644 + __u8 sen_family; /* AF_ENCAP */
1645 + __u16 sen_type; /* see SENT_* */
1648 + struct /* SENT_IP4 */
1650 + struct in_addr Src;
1651 + struct in_addr Dst;
1656 +#define sen_ip_src Sen.Sip4.Src
1657 +#define sen_ip_dst Sen.Sip4.Dst
1660 +#define AF_ENCAP 26
1661 +#endif /* AF_ENCAP */
1664 + * The "type" is really part of the address as far as the routing
1665 + * system is concerned. By using only one bit in the type field
1666 + * for each type, we sort-of make sure that different types of
1667 + * encapsulation addresses won't be matched against the wrong type.
1672 + * An entry in the radix tree
1677 + struct radij_node rd_nodes[2]; /* tree glue, and other values */
1678 +#define rd_key(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_key))
1679 +#define rd_mask(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_mask))
1685 + * An encapsulation route consists of a pointer to a
1686 + * radix tree entry and a SAID (a destination_address/SPI/protocol triple).
1692 + struct rjtentry er_rjt;
1693 + struct sa_id er_said;
1694 + struct sockaddr_encap er_eaddr;
1695 + struct sockaddr_encap er_emask;
1698 +#define er_dst er_said.dst
1699 +#define er_spi er_said.spi
1700 +#define er_proto er_said.proto
1701 +#ifdef CONFIG_IPSEC_DEBUG
1702 +extern int debug_eroute;
1703 +extern int debug_spi;
1704 +#endif /* CONFIG_IPSEC_DEBUG */
1707 +#define device net_device
1708 +#define ipsec_dev_get __dev_get_by_name
1710 +#define ipsec_dev_get dev_get
1711 +#endif /* NETDEV_23 */
1712 +#endif /* __KERNEL__ */
1716 + * Revision 1.11 2000/09/08 19:12:56 rgb
1717 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
1719 + * Revision 1.10 2000/03/22 16:15:36 rgb
1720 + * Fixed renaming of dev_get (MB).
1722 + * Revision 1.9 2000/01/21 06:13:26 rgb
1723 + * Added a macro for AF_ENCAP
1725 + * Revision 1.8 1999/12/31 14:56:55 rgb
1726 + * MB fix for 2.3 dev-use-count.
1728 + * Revision 1.7 1999/11/18 04:09:18 rgb
1729 + * Replaced all kernel version macros to shorter, readable form.
1731 + * Revision 1.6 1999/09/24 00:34:13 rgb
1732 + * Add Marc Boucher's support for 2.3.xx+.
1734 + * Revision 1.5 1999/04/11 00:28:57 henry
1737 + * Revision 1.4 1999/04/06 04:54:25 rgb
1738 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
1739 + * patch shell fixes.
1741 + * Revision 1.3 1998/10/19 14:44:28 rgb
1742 + * Added inclusion of freeswan.h.
1743 + * sa_id structure implemented and used: now includes protocol.
1745 + * Revision 1.2 1998/07/14 18:19:33 rgb
1746 + * Added #ifdef __KERNEL__ directives to restrict scope of header.
1748 + * Revision 1.1 1998/06/18 21:27:44 henry
1749 + * move sources from klips/src to klips/net/ipsec, to keep stupid
1750 + * kernel-build scripts happier in the presence of symlinks
1752 + * Revision 1.2 1998/04/21 21:29:10 rgb
1753 + * Rearrange debug switches to change on the fly debug output from user
1754 + * space. Only kernel changes checked in at this time. radij.c was also
1755 + * changed to temporarily remove buggy debugging code in rj_delete causing
1756 + * an OOPS and hence, netlink device open errors.
1758 + * Revision 1.1 1998/04/09 03:05:58 henry
1759 + * sources moved up from linux/net/ipsec
1761 + * Revision 1.1.1.1 1998/04/08 05:35:02 henry
1762 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
1764 + * Revision 0.4 1997/01/15 01:28:15 ji
1765 + * Minor cosmetic changes.
1767 + * Revision 0.3 1996/11/20 14:35:48 ji
1769 + * Rationalized debugging code.
1771 + * Revision 0.2 1996/11/02 00:18:33 ji
1772 + * First limited release.
1776 diff -druN linux-noipsec/net/ipsec/ipsec_esp.h linux/net/ipsec/ipsec_esp.h
1777 --- linux-noipsec/net/ipsec/ipsec_esp.h Thu Jan 1 01:00:00 1970
1778 +++ linux/net/ipsec/ipsec_esp.h Fri Sep 8 21:12:56 2000
1781 + * Copyright (C) 1996, 1997 John Ioannidis.
1782 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
1784 + * This program is free software; you can redistribute it and/or modify it
1785 + * under the terms of the GNU General Public License as published by the
1786 + * Free Software Foundation; either version 2 of the License, or (at your
1787 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
1789 + * This program is distributed in the hope that it will be useful, but
1790 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
1791 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1792 + * for more details.
1797 +#include "ipsec_md5h.h"
1798 +#include "ipsec_sha1.h"
1800 +#ifndef IPPROTO_ESP
1801 +#define IPPROTO_ESP 50
1802 +#endif /* IPPROTO_ESP */
1804 +#define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */
1805 +#define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */
1806 +#define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */
1807 +#define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */
1808 +#define EMT_ESPDES_IV_SZ 8 /* IV size */
1809 +#define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */
1811 +#define DB_ES_PKTRX 0x0001
1812 +#define DB_ES_PKTRX2 0x0002
1813 +#define DB_ES_TDB 0x0010
1814 +#define DB_ES_XF 0x0020
1815 +#define DB_ES_IPAD 0x0040
1816 +#define DB_ES_INAU 0x0080
1817 +#define DB_ES_OINFO 0x0100
1818 +#define DB_ES_OINFO2 0x0200
1819 +#define DB_ES_OH 0x0400
1820 +#define DB_ES_REPLAY 0x0800
1822 +struct espblkrply_edata
1824 + __u16 eme_klen; /* encryption key length */
1825 + __u16 ame_klen; /* authentication key length */
1826 + __u16 eme_flags; /* see below */
1827 + __u16 eme_ooowin; /* out-of-order window size */
1829 + __u16 eme_ivlen; /* IV length */
1833 + __u8 Iv[8]; /* that's enough space */
1837 +#define eme_iv Iu.Iv
1838 +#define eme_ivl Iu.Ivl
1839 +#define eme_ivq Iu.Ivq
1841 + __u8 eme_key[EMT_ESPDES_KMAX]; /* the encryption raw key */
1842 + __u8 ame_key[AH_AMAX]; /* the authentication raw key */
1846 +struct esp3desmd5_xdata
1848 + __u8 edmx_flags; /* same as before */
1849 + __u8 edmx_ooowin; /* out-of-order window size */
1850 + __u16 edmx_ivlen; /* IV length */
1851 + __u32 edmx_bitmap; /* this&next should be 4 bytes each */
1852 + __u32 edmx_lastseq; /* in host order */
1853 + __u32 edmx_eks1[16][2]; /* the first key schedule */
1854 + __u32 edmx_eks2[16][2]; /* the second key schedule */
1855 + __u32 edmx_eks3[16][2]; /* the third key schedule */
1856 + __u32 edmx_iv[2]; /* constant IV */
1857 + MD5_CTX edmx_ictx; /* derived from HMAC_key */
1858 + MD5_CTX edmx_octx; /* ditto */
1861 +struct espnullmd5_xdata
1863 + __u8 edmx_flags; /* same as before */
1864 + __u8 edmx_ooowin; /* out-of-order window size */
1865 + __u32 edmx_bitmap; /* this&next should be 4 bytes each */
1866 + __u32 edmx_lastseq; /* in host order */
1867 + MD5_CTX edmx_ictx; /* derived from HMAC_key */
1868 + MD5_CTX edmx_octx; /* ditto */
1871 +struct esp3dessha1_xdata
1873 + __u8 edmx_flags; /* same as before */
1874 + __u8 edmx_ooowin; /* out-of-order window size */
1875 + __u16 edmx_ivlen; /* IV length */
1876 + __u32 edmx_bitmap; /* this&next should be 4 bytes each */
1877 + __u32 edmx_lastseq; /* in host order */
1878 + __u32 edmx_eks1[16][2]; /* the first key schedule */
1879 + __u32 edmx_eks2[16][2]; /* the second key schedule */
1880 + __u32 edmx_eks3[16][2]; /* the third key schedule */
1881 + __u32 edmx_iv[2]; /* constant IV */
1882 + SHA1_CTX edmx_ictx; /* derived from HMAC_key */
1883 + SHA1_CTX edmx_octx; /* ditto */
1886 +struct espnullsha1_xdata
1888 + __u8 edmx_flags; /* same as before */
1889 + __u8 edmx_ooowin; /* out-of-order window size */
1890 + __u32 edmx_bitmap; /* this&next should be 4 bytes each */
1891 + __u32 edmx_lastseq; /* in host order */
1892 + SHA1_CTX edmx_ictx; /* derived from HMAC_key */
1893 + SHA1_CTX edmx_octx; /* ditto */
1896 +struct esp3des_xdata
1898 + __u8 edmx_flags; /* same as before */
1899 + __u8 edmx_ooowin; /* out-of-order window size */
1900 + __u16 edmx_ivlen; /* IV length */
1901 + __u32 edmx_bitmap; /* this&next should be 4 bytes each */
1902 + __u32 edmx_lastseq; /* in host order */
1903 + __u32 edmx_eks1[16][2]; /* the first key schedule */
1904 + __u32 edmx_eks2[16][2]; /* the second key schedule */
1905 + __u32 edmx_eks3[16][2]; /* the third key schedule */
1906 + __u32 edmx_iv[2]; /* constant IV */
1910 + __u32 eks[16][2]; /* the key schedule */
1913 +extern struct inet_protocol esp_protocol;
1918 +esp_rcv(struct sk_buff *skb,
1919 + struct device *dev,
1920 + struct options *opt,
1922 + unsigned short len,
1925 + struct inet_protocol *protocol);
1929 + __u32 esp_spi; /* Security Parameters Index */
1930 + __u32 esp_rpl; /* Replay counter */
1931 + __u8 esp_iv[8]; /* iv */
1934 +#ifdef CONFIG_IPSEC_DEBUG
1935 +extern int debug_esp;
1936 +#endif /* CONFIG_IPSEC_DEBUG */
1937 +#endif /* __KERNEL__ */
1939 +#ifdef CONFIG_IPSEC_DEBUG
1940 +#define ESPPRINTKEYS_
1941 +#endif /* CONFIG_IPSEC_DEBUG */
1945 + * Revision 1.13 2000/09/08 19:12:56 rgb
1946 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
1948 + * Revision 1.12 2000/08/01 14:51:50 rgb
1949 + * Removed _all_ remaining traces of DES.
1951 + * Revision 1.11 2000/01/10 16:36:20 rgb
1952 + * Ditch last of EME option flags, including initiator.
1954 + * Revision 1.10 1999/12/07 18:16:22 rgb
1955 + * Fixed comments at end of #endif lines.
1957 + * Revision 1.9 1999/04/11 00:28:57 henry
1960 + * Revision 1.8 1999/04/06 04:54:25 rgb
1961 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
1962 + * patch shell fixes.
1964 + * Revision 1.7 1999/01/26 02:06:00 rgb
1965 + * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
1967 + * Revision 1.6 1999/01/22 15:22:05 rgb
1968 + * Re-enable IV in the espblkrply_edata structure to avoid breaking pluto
1969 + * until pluto can be fixed properly.
1971 + * Revision 1.5 1999/01/22 06:18:16 rgb
1972 + * Updated macro comments.
1973 + * Added key schedule types to support algorithm switch code.
1975 + * Revision 1.4 1998/08/12 00:07:32 rgb
1976 + * Added data structures for new xforms: null, {,3}dessha1.
1978 + * Revision 1.3 1998/07/14 15:57:01 rgb
1979 + * Add #ifdef __KERNEL__ to protect kernel-only structures.
1981 + * Revision 1.2 1998/06/25 19:33:46 rgb
1982 + * Add prototype for protocol receive function.
1983 + * Rearrange for more logical layout.
1985 + * Revision 1.1 1998/06/18 21:27:45 henry
1986 + * move sources from klips/src to klips/net/ipsec, to keep stupid
1987 + * kernel-build scripts happier in the presence of symlinks
1989 + * Revision 1.6 1998/06/05 02:28:08 rgb
1990 + * Minor comment fix.
1992 + * Revision 1.5 1998/05/27 22:34:00 rgb
1993 + * Changed structures to accomodate key separation.
1995 + * Revision 1.4 1998/05/18 22:28:43 rgb
1996 + * Disable key printing facilities from /proc/net/ipsec_*.
1998 + * Revision 1.3 1998/04/21 21:29:07 rgb
1999 + * Rearrange debug switches to change on the fly debug output from user
2000 + * space. Only kernel changes checked in at this time. radij.c was also
2001 + * changed to temporarily remove buggy debugging code in rj_delete causing
2002 + * an OOPS and hence, netlink device open errors.
2004 + * Revision 1.2 1998/04/12 22:03:20 rgb
2005 + * Updated ESP-3DES-HMAC-MD5-96,
2006 + * ESP-DES-HMAC-MD5-96,
2008 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
2009 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
2011 + * Fixed eroute references in /proc/net/ipsec*.
2013 + * Started to patch module unloading memory leaks in ipsec_netlink and
2014 + * radij tree unloading.
2016 + * Revision 1.1 1998/04/09 03:06:00 henry
2017 + * sources moved up from linux/net/ipsec
2019 + * Revision 1.1.1.1 1998/04/08 05:35:02 henry
2020 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
2022 + * Revision 0.5 1997/06/03 04:24:48 ji
2023 + * Added ESP-3DES-MD5-96 transform.
2025 + * Revision 0.4 1997/01/15 01:28:15 ji
2026 + * Added definitions for new ESP transforms.
2028 + * Revision 0.3 1996/11/20 14:35:48 ji
2030 + * Rationalized debugging code.
2032 + * Revision 0.2 1996/11/02 00:18:33 ji
2033 + * First limited release.
2037 diff -druN linux-noipsec/net/ipsec/ipsec_init.c linux/net/ipsec/ipsec_init.c
2038 --- linux-noipsec/net/ipsec/ipsec_init.c Thu Jan 1 01:00:00 1970
2039 +++ linux/net/ipsec/ipsec_init.c Wed Nov 29 21:14:06 2000
2042 + * Initialization code, and /proc file system interface code.
2043 + * Copyright (C) 1996, 1997 John Ioannidis.
2044 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
2046 + * This program is free software; you can redistribute it and/or modify it
2047 + * under the terms of the GNU General Public License as published by the
2048 + * Free Software Foundation; either version 2 of the License, or (at your
2049 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
2051 + * This program is distributed in the hope that it will be useful, but
2052 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
2053 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
2054 + * for more details.
2057 +char ipsec_init_c_version[] = "RCSID $Id$";
2059 +#include <linux/config.h>
2060 +#include <linux/version.h>
2062 +#include <linux/module.h>
2063 +#include <linux/kernel.h> /* printk() */
2064 +#include <linux/malloc.h> /* kmalloc() */
2065 +#include <linux/errno.h> /* error codes */
2066 +#include <linux/types.h> /* size_t */
2067 +#include <linux/interrupt.h> /* mark_bh */
2069 +#include <linux/netdevice.h> /* struct device, and other headers */
2070 +#include <linux/etherdevice.h> /* eth_type_trans */
2071 +#include <linux/ip.h> /* struct iphdr */
2072 +#include <linux/in.h> /* struct sockaddr_in */
2073 +#include <linux/skbuff.h>
2074 +#include <freeswan.h>
2077 +#include <linux/spinlock.h> /* *lock* */
2078 +#else /* SPINLOCK_23 */
2079 +#include <asm/spinlock.h> /* *lock* */
2080 +#endif /* SPINLOCK_23 */
2081 +#endif /* SPINLOCK */
2083 +#include <asm/uaccess.h>
2084 +#include <linux/in6.h>
2085 +#endif /* NET_21 */
2086 +#include <asm/checksum.h>
2087 +#include <net/ip.h>
2088 +#ifdef CONFIG_PROC_FS
2089 +#include <linux/proc_fs.h>
2090 +#endif /* CONFIG_PROC_FS */
2091 +#ifdef NETLINK_SOCK
2092 +#include <linux/netlink.h>
2094 +#include <net/netlink.h>
2098 +#include "ipsec_encap.h"
2099 +#include "ipsec_radij.h"
2100 +#include "ipsec_netlink.h"
2101 +#include "ipsec_xform.h"
2102 +#include "ipsec_tunnel.h"
2104 +#include "version.c"
2106 +#include "ipsec_rcv.h"
2107 +#include "ipsec_ah.h"
2108 +#include "ipsec_esp.h"
2110 +#ifdef CONFIG_IPSEC_IPCOMP
2111 +#include "ipcomp.h"
2112 +#endif /* CONFIG_IPSEC_IPCOMP */
2114 +#include <pfkeyv2.h>
2117 +extern char *radij_c_version;
2119 +#ifdef CONFIG_IPSEC_DEBUG
2120 +int debug_eroute = 0;
2122 +#endif /* CONFIG_IPSEC_DEBUG */
2124 +#ifdef CONFIG_PROC_FS
2125 +#ifndef PROC_FS_2325
2127 +#endif /* PROC_FS_2325 */
2129 +ipsec_eroute_get_info(char *buffer, char **start, off_t offset, int length
2130 +#ifndef PROC_NO_DUMMY
2132 +#endif /* !PROC_NO_DUMMY */
2135 + struct wsbuf w = {buffer, length, offset, 0, 0, 0, 0};
2137 +#ifdef CONFIG_IPSEC_DEBUG
2138 + if (debug_radij & DB_RJ_DUMPTREES)
2139 + rj_dumptrees(); /* XXXXXXXXX */
2140 +#endif /* CONFIG_IPSEC_DEBUG */
2142 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2143 + "klips_debug:ipsec_eroute_get_info: buffer=0x%p,"
2144 + " *start=0x%x, offset=%d, length=%d\n",
2145 + buffer, (u_int)*start, (int)offset, length);
2147 + spin_lock_bh(&eroute_lock);
2149 + rj_walktree(rnh, ipsec_rj_walker_procprint, &w);
2150 +/* rj_walktree(mask_rjhead, ipsec_rj_walker_procprint, &w); */
2152 + spin_unlock_bh(&eroute_lock);
2154 + *start = buffer + (offset - w.begin); /* Start of wanted data */
2155 + w.len -= (offset - w.begin); /* Start slop */
2156 + if (w.len > length)
2161 +#ifndef PROC_FS_2325
2163 +#endif /* PROC_FS_2325 */
2165 +ipsec_spi_get_info(char *buffer, char **start, off_t offset, int length
2166 +#ifndef PROC_NO_DUMMY
2168 +#endif /* !PROC_NO_DUMMY */
2172 + off_t pos = 0, begin = 0;
2175 + char sa[SATOA_BUF];
2176 + char buf_s[ADDRTOA_BUF];
2178 + char buf_d[ADDRTOA_BUF];
2182 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2183 + "klips_debug:ipsec_spi_get_info: buffer=0x%p,"
2184 + "*start=0x%x, offset=%d, length=%d\n",
2185 + buffer, (u_int)*start, (int)offset, length);
2187 + spin_lock_bh(&tdb_lock);
2189 + for (i = 0; i < TDB_HASHMOD; i++) {
2190 + for (tdbp = tdbh[i]; tdbp; tdbp = tdbp->tdb_hnext) {
2191 + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
2192 + len += sprintf(buffer + len, "%s ", sa);
2193 + len += sprintf(buffer + len, "%s%s%s", TDB_XFORM_NAME(tdbp));
2194 + len += sprintf(buffer + len, ": dir=%s",
2195 + (tdbp->tdb_flags & EMT_INBOUND) ?
2198 + if((tdbp->tdb_said.proto == IPPROTO_IPIP) && tdbp->tdb_addr_s && tdbp->tdb_addr_d) {
2199 + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr,
2200 + 0, buf_s, sizeof(buf_s));
2201 + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr,
2202 + 0, buf_d, sizeof(buf_d));
2203 + len += sprintf(buffer + len, " %s -> %s",
2207 + if(tdbp->tdb_addr_s) {
2208 + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr,
2209 + 0, buf_s, sizeof(buf_s));
2210 + len += sprintf(buffer + len, " src=%s",
2215 + if(tdbp->tdb_iv_bits) {
2217 + len += sprintf(buffer + len, " iv_bits=%dbits iv=0x",
2218 + tdbp->tdb_iv_bits);
2219 + for(j = 0; j < tdbp->tdb_iv_bits / 8; j++) {
2220 + len += sprintf(buffer + len, "%02x",
2221 + (__u32)((__u8*)(tdbp->tdb_iv))[j]);
2224 + if(tdbp->tdb_encalg || tdbp->tdb_authalg) {
2225 + if(tdbp->tdb_replaywin) {
2226 + len += sprintf(buffer + len, " ooowin=%d",
2227 + tdbp->tdb_replaywin);
2229 + if(tdbp->tdb_replaywin_errs) {
2230 + len += sprintf(buffer + len, " ooo_errs=%d",
2231 + tdbp->tdb_replaywin_errs);
2233 + if(tdbp->tdb_replaywin_lastseq) {
2234 + len += sprintf(buffer + len, " seq=%d",
2235 + tdbp->tdb_replaywin_lastseq);
2237 + if(tdbp->tdb_replaywin_bitmap) {
2238 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
2239 + len += sprintf(buffer + len, " bit=0x%Lx",
2240 + tdbp->tdb_replaywin_bitmap);
2242 + len += sprintf(buffer + len, " bit=0x%x%08x",
2243 + (__u32)(tdbp->tdb_replaywin_bitmap >> 32),
2244 + (__u32)tdbp->tdb_replaywin_bitmap);
2247 + if(tdbp->tdb_replaywin_maxdiff) {
2248 + len += sprintf(buffer + len, " max_seq_diff=%d",
2249 + tdbp->tdb_replaywin_maxdiff);
2252 + if(tdbp->tdb_flags & ~EMT_INBOUND) {
2253 + len += sprintf(buffer + len, " flags=0x%x",
2254 + tdbp->tdb_flags & ~EMT_INBOUND);
2255 + len += sprintf(buffer + len, "<");
2256 + /* flag printing goes here */
2257 + len += sprintf(buffer + len, ">");
2259 + if(tdbp->tdb_auth_bits) {
2260 + len += sprintf(buffer + len, " alen=%d",
2261 + tdbp->tdb_auth_bits);
2263 + if(tdbp->tdb_key_bits_a) {
2264 + len += sprintf(buffer + len, " aklen=%d",
2265 + tdbp->tdb_key_bits_a);
2267 + if(tdbp->tdb_auth_errs) {
2268 + len += sprintf(buffer + len, " auth_errs=%d",
2269 + tdbp->tdb_auth_errs);
2271 + if(tdbp->tdb_key_bits_e) {
2272 + len += sprintf(buffer + len, " eklen=%d",
2273 + tdbp->tdb_key_bits_e);
2275 + if(tdbp->tdb_encsize_errs) {
2276 + len += sprintf(buffer + len, " encr_size_errs=%d",
2277 + tdbp->tdb_encsize_errs);
2279 + if(tdbp->tdb_encpad_errs) {
2280 + len += sprintf(buffer + len, " encr_pad_errs=%d",
2281 + tdbp->tdb_encpad_errs);
2284 + len += sprintf(buffer + len, " life(c,s,h)=");
2285 + if(tdbp->tdb_lifetime_allocations_c > 1 ||
2286 + tdbp->tdb_lifetime_allocations_s ||
2287 + tdbp->tdb_lifetime_allocations_h) {
2288 + len += sprintf(buffer + len, "alloc(%d,%d,%d)",
2289 + (int)(jiffies - tdbp->tdb_lifetime_allocations_c),
2290 + tdbp->tdb_lifetime_allocations_s,
2291 + (int)tdbp->tdb_lifetime_allocations_h);
2293 + if(tdbp->tdb_lifetime_bytes_c ||
2294 + tdbp->tdb_lifetime_bytes_s ||
2295 + tdbp->tdb_lifetime_bytes_h) {
2296 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
2297 + len += sprintf(buffer + len, "bytes(%Ld,%Ld,%Ld)",
2298 + tdbp->tdb_lifetime_bytes_c,
2299 + tdbp->tdb_lifetime_bytes_s,
2300 + tdbp->tdb_lifetime_bytes_h);
2301 +#else /* XXX high 32 bits are not displayed */
2302 + len += sprintf(buffer + len, "bytes(%lu,%lu,%lu)",
2303 + (unsigned long)tdbp->tdb_lifetime_bytes_c,
2304 + (unsigned long)tdbp->tdb_lifetime_bytes_s,
2305 + (unsigned long)tdbp->tdb_lifetime_bytes_h);
2309 + if(tdbp->tdb_lifetime_addtime_c ||
2310 + tdbp->tdb_lifetime_addtime_s ||
2311 + tdbp->tdb_lifetime_addtime_h) {
2312 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
2313 + len += sprintf(buffer + len, "add(%Ld,%Ld,%Ld)",
2314 + jiffies / HZ - tdbp->tdb_lifetime_addtime_c,
2315 + tdbp->tdb_lifetime_addtime_s,
2316 + tdbp->tdb_lifetime_addtime_h);
2318 + len += sprintf(buffer + len, "add(%lu,%lu,%lu)",
2319 + jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_addtime_c,
2320 + (unsigned long)tdbp->tdb_lifetime_addtime_s,
2321 + (unsigned long)tdbp->tdb_lifetime_addtime_h);
2324 + if(tdbp->tdb_lifetime_usetime_c ||
2325 + tdbp->tdb_lifetime_usetime_s ||
2326 + tdbp->tdb_lifetime_usetime_h) {
2327 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
2328 + len += sprintf(buffer + len, "use(%Ld,%Ld,%Ld)",
2329 + tdbp->tdb_lifetime_usetime_c ?
2330 + jiffies / HZ - tdbp->tdb_lifetime_usetime_c : 0,
2331 + tdbp->tdb_lifetime_usetime_s,
2332 + tdbp->tdb_lifetime_usetime_h);
2334 + len += sprintf(buffer + len, "use(%lu,%lu,%lu)",
2335 + tdbp->tdb_lifetime_usetime_c ?
2336 + jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_usetime_c : 0,
2337 + (unsigned long)tdbp->tdb_lifetime_usetime_s,
2338 + (unsigned long)tdbp->tdb_lifetime_usetime_h);
2341 + if(tdbp->tdb_lifetime_packets_c ||
2342 + tdbp->tdb_lifetime_packets_s ||
2343 + tdbp->tdb_lifetime_packets_h) {
2344 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
2345 + len += sprintf(buffer + len, "packets(%Ld,%Ld,%Ld)",
2346 + tdbp->tdb_lifetime_packets_c,
2347 + tdbp->tdb_lifetime_packets_s,
2348 + tdbp->tdb_lifetime_packets_h);
2350 + len += sprintf(buffer + len, "packets(%lu,%lu,%lu)",
2351 + (unsigned long)tdbp->tdb_lifetime_packets_c,
2352 + (unsigned long)tdbp->tdb_lifetime_packets_s,
2353 + (unsigned long)tdbp->tdb_lifetime_packets_h);
2357 + if(tdbp->tdb_lifetime_usetime_c) {
2358 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
2359 + len += sprintf(buffer + len, " idle=%Ld",
2360 + jiffies / HZ - tdbp->tdb_lifetime_usetime_l);
2362 + len += sprintf(buffer + len, " idle=%lu",
2363 + jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_usetime_l);
2367 +#ifdef CONFIG_IPSEC_IPCOMP
2368 + if(tdbp->tdb_said.proto == IPPROTO_COMP &&
2369 + (tdbp->tdb_comp_ratio_dbytes ||
2370 + tdbp->tdb_comp_ratio_cbytes)) {
2371 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
2372 + len += sprintf(buffer + len, " ratio=%Ld:%Ld",
2373 + tdbp->tdb_comp_ratio_dbytes,
2374 + tdbp->tdb_comp_ratio_cbytes);
2376 + len += sprintf(buffer + len, " ratio=%lu:%lu",
2377 + (unsigned long)tdbp->tdb_comp_ratio_dbytes,
2378 + (unsigned long)tdbp->tdb_comp_ratio_cbytes);
2381 +#endif /* CONFIG_IPSEC_IPCOMP */
2383 + len += sprintf(buffer + len, "\n");
2385 + pos = begin + len;
2386 + if(pos < offset) {
2390 + if (pos > offset + length) {
2397 + spin_unlock_bh(&tdb_lock);
2399 + *start = buffer + (offset - begin); /* Start of wanted data */
2400 + len -= (offset - begin); /* Start slop */
2406 +#ifndef PROC_FS_2325
2408 +#endif /* PROC_FS_2325 */
2410 +ipsec_spigrp_get_info(char *buffer, char **start, off_t offset, int length
2411 +#ifndef PROC_NO_DUMMY
2413 +#endif /* !PROC_NO_DUMMY */
2417 + off_t pos = 0, begin = 0;
2419 + struct tdb *tdbp, *tdbp2;
2420 + char sa[SATOA_BUF];
2423 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2424 + "klips_debug:ipsec_spigrp_get_info: buffer=0x%p,"
2425 + " *start=0x%x, offset=%d, length=%d\n",
2426 + buffer, (u_int)*start, (int)offset, length);
2428 + spin_lock_bh(&tdb_lock);
2430 + for (i = 0; i < TDB_HASHMOD; i++) {
2431 + for (tdbp = tdbh[i]; tdbp; tdbp = tdbp->tdb_hnext)
2433 + if(!tdbp->tdb_inext)
2437 + sa_len = satoa(tdbp2->tdb_said, 0, sa, SATOA_BUF);
2438 + len += sprintf(buffer + len, "%s ",
2440 + tdbp2 = tdbp2->tdb_onext;
2442 + len += sprintf(buffer + len, "\n");
2443 + pos = begin + len;
2444 + if(pos < offset) {
2448 + if (pos > offset + length) {
2449 + goto done_spigrp_i;
2456 + spin_unlock_bh(&tdb_lock);
2458 + *start = buffer + (offset - begin); /* Start of wanted data */
2459 + len -= (offset - begin); /* Start slop */
2465 +#ifndef PROC_FS_2325
2467 +#endif /* PROC_FS_2325 */
2469 +ipsec_tncfg_get_info(char *buffer, char **start, off_t offset, int length
2470 +#ifndef PROC_NO_DUMMY
2472 +#endif /* !PROC_NO_DUMMY */
2476 + off_t pos = 0, begin = 0;
2479 + struct device *dev, *privdev;
2480 + struct ipsecpriv *priv;
2482 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2483 + "klips_debug:ipsec_tncfg_get_info: buffer=0x%p,"
2484 + "*start=0x%x, offset=%d, length=%d\n",
2485 + buffer, (u_int)*start, (int)offset, length);
2487 + for(i = 0; i < IPSEC_NUM_IF; i++) {
2488 + sprintf(name, "ipsec%d", i);
2489 + dev = ipsec_dev_get(name);
2491 + priv = (struct ipsecpriv *)(dev->priv);
2492 + len += sprintf(buffer + len, "%s",
2495 + privdev = (struct device *)(priv->dev);
2496 + len += sprintf(buffer + len, " -> %s",
2497 + privdev ? privdev->name : "NULL");
2498 + len += sprintf(buffer + len, " mtu=%d -> %d",
2499 + /* priv */ dev->mtu, privdev ? privdev->mtu : 0);
2501 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2502 + "klips_debug:ipsec_tncfg_get_info: device '%s' has no private data space!\n",
2505 + len += sprintf(buffer + len, "\n");
2507 + pos = begin + len;
2508 + if(pos < offset) {
2512 + else if (pos > offset + length) {
2517 + *start = buffer + (offset - begin); /* Start of wanted data */
2518 + len -= (offset - begin); /* Start slop */
2524 +#ifndef PROC_FS_2325
2526 +#endif /* PROC_FS_2325 */
2528 +ipsec_version_get_info(char *buffer, char **start, off_t offset, int length
2529 +#ifndef PROC_NO_DUMMY
2531 +#endif /* !PROC_NO_DUMMY */
2537 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2538 + "klips_debug:ipsec_version_get_info: "
2539 + "buffer=0x%p, *start=0x%x, offset=%d, length=%d\n",
2540 + buffer, (u_int)*start, (int)offset, length);
2542 + len += sprintf(buffer + len, "FreeS/WAN version: %s\n", freeswan_version);
2544 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2545 + "klips_debug:ipsec_version_get_info: "
2546 + "ipsec_init version: %s\n",
2547 + ipsec_init_c_version);
2548 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2549 + "klips_debug:ipsec_version_get_info: "
2550 + "ipsec_tunnel version: %s\n",
2551 + ipsec_tunnel_c_version);
2552 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2553 + "klips_debug:ipsec_version_get_info: "
2554 + "ipsec_netlink version: %s\n",
2555 + ipsec_netlink_c_version);
2556 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2557 + "klips_debug:ipsec_version_get_info: "
2558 + "radij_c_version: %s\n",
2562 + *start = buffer + (offset - begin); /* Start of wanted data */
2563 + len -= (offset - begin); /* Start slop */
2569 +#ifdef CONFIG_IPSEC_DEBUG
2570 +#ifndef PROC_FS_2325
2572 +#endif /* PROC_FS_2325 */
2574 +ipsec_klipsdebug_get_info(char *buffer, char **start, off_t offset, int length
2575 +#ifndef PROC_NO_DUMMY
2577 +#endif /* !PROC_NO_DUMMY */
2583 + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
2584 + "klips_debug:ipsec_klipsdebug_get_info: buffer=0x%p,"
2585 + "*start=0x%x, offset=%d, length=%d\n",
2586 + buffer, (u_int)*start, (int)offset, length);
2588 + len += sprintf(buffer + len, "debug_tunnel=%08x.\n", debug_tunnel);
2589 + len += sprintf(buffer + len, "debug_netlink=%08x.\n", debug_netlink);
2590 + len += sprintf(buffer + len, "debug_xform=%08x.\n", debug_xform);
2591 + len += sprintf(buffer + len, "debug_eroute=%08x.\n", debug_eroute);
2592 + len += sprintf(buffer + len, "debug_spi=%08x.\n", debug_spi);
2593 + len += sprintf(buffer + len, "debug_radij=%08x.\n", debug_radij);
2594 + len += sprintf(buffer + len, "debug_esp=%08x.\n", debug_esp);
2595 + len += sprintf(buffer + len, "debug_ah=%08x.\n", debug_ah);
2596 + len += sprintf(buffer + len, "debug_rcv=%08x.\n", debug_rcv);
2597 + len += sprintf(buffer + len, "debug_pfkey=%08x.\n", debug_pfkey);
2599 + *start = buffer + (offset - begin); /* Start of wanted data */
2600 + len -= (offset - begin); /* Start slop */
2605 +#endif /* CONFIG_IPSEC_DEBUG */
2607 +#ifndef PROC_FS_2325
2608 +struct proc_dir_entry ipsec_eroute =
2611 + 12, "ipsec_eroute",
2612 + S_IFREG | S_IRUGO, 1, 0, 0, 0,
2613 + &proc_net_inode_operations,
2614 + ipsec_eroute_get_info,
2615 + NULL, NULL, NULL, NULL, NULL
2618 +struct proc_dir_entry ipsec_spi =
2622 + S_IFREG | S_IRUGO, 1, 0, 0, 0,
2623 + &proc_net_inode_operations,
2624 + ipsec_spi_get_info,
2625 + NULL, NULL, NULL, NULL, NULL
2628 +struct proc_dir_entry ipsec_spigrp =
2631 + 12, "ipsec_spigrp",
2632 + S_IFREG | S_IRUGO, 1, 0, 0, 0,
2633 + &proc_net_inode_operations,
2634 + ipsec_spigrp_get_info,
2635 + NULL, NULL, NULL, NULL, NULL
2638 +struct proc_dir_entry ipsec_tncfg =
2641 + 11, "ipsec_tncfg",
2642 + S_IFREG | S_IRUGO, 1, 0, 0, 0,
2643 + &proc_net_inode_operations,
2644 + ipsec_tncfg_get_info,
2645 + NULL, NULL, NULL, NULL, NULL
2648 +struct proc_dir_entry ipsec_version =
2651 + 13, "ipsec_version",
2652 + S_IFREG | S_IRUGO, 1, 0, 0, 0,
2653 + &proc_net_inode_operations,
2654 + ipsec_version_get_info,
2655 + NULL, NULL, NULL, NULL, NULL
2658 +#ifdef CONFIG_IPSEC_DEBUG
2659 +struct proc_dir_entry ipsec_klipsdebug =
2662 + 16, "ipsec_klipsdebug",
2663 + S_IFREG | S_IRUGO, 1, 0, 0, 0,
2664 + &proc_net_inode_operations,
2665 + ipsec_klipsdebug_get_info,
2666 + NULL, NULL, NULL, NULL, NULL
2668 +#endif /* CONFIG_IPSEC_DEBUG */
2669 +#endif /* !PROC_FS_2325 */
2670 +#endif /* CONFIG_PROC_FS */
2672 +int ipsec_device_event(struct notifier_block *dnot, unsigned long event, void *ptr);
2674 + * the following structure is required so that we receive
2675 + * event notifications when network devices are enabled and
2676 + * disabled (ifconfig up and down).
2678 +static struct notifier_block ipsec_dev_notifier={
2679 + ipsec_device_event,
2684 +#ifdef CONFIG_SYSCTL
2685 +extern int ipsec_sysctl_register(void);
2686 +extern void ipsec_sysctl_unregister(void);
2695 +#ifdef CONFIG_PROC_FS
2696 +# ifndef PROC_FS_2325
2698 + proc_register(proc_net, &ipsec_eroute);
2699 + proc_register(proc_net, &ipsec_spi);
2700 + proc_register(proc_net, &ipsec_spigrp);
2701 + proc_register(proc_net, &ipsec_tncfg);
2702 + proc_register(proc_net, &ipsec_version);
2703 +# ifdef CONFIG_IPSEC_DEBUG
2704 + proc_register(proc_net, &ipsec_klipsdebug);
2705 +# endif /* CONFIG_IPSEC_DEBUG */
2706 +# else /* PROC_FS_21 */
2707 + proc_register_dynamic(&proc_net, &ipsec_eroute);
2708 + proc_register_dynamic(&proc_net, &ipsec_spi);
2709 + proc_register_dynamic(&proc_net, &ipsec_spigrp);
2710 + proc_register_dynamic(&proc_net, &ipsec_tncfg);
2711 + proc_register_dynamic(&proc_net, &ipsec_version);
2712 +# ifdef CONFIG_IPSEC_DEBUG
2713 + proc_register_dynamic(&proc_net, &ipsec_klipsdebug);
2714 +# endif /* CONFIG_IPSEC_DEBUG */
2715 +# endif /* PROC_FS_21 */
2716 +# else /* !PROC_FS_2325 */
2717 + proc_net_create ("ipsec_eroute", 0, ipsec_eroute_get_info);
2718 + proc_net_create ("ipsec_spi", 0, ipsec_spi_get_info);
2719 + proc_net_create ("ipsec_spigrp", 0, ipsec_spigrp_get_info);
2720 + proc_net_create ("ipsec_tncfg", 0, ipsec_tncfg_get_info);
2721 + proc_net_create ("ipsec_version", 0, ipsec_version_get_info);
2722 +# ifdef CONFIG_IPSEC_DEBUG
2723 + proc_net_create ("ipsec_klipsdebug", 0, ipsec_klipsdebug_get_info);
2724 +# endif /* CONFIG_IPSEC_DEBUG */
2725 +# endif /* !PROC_FS_2325 */
2726 +#endif /* CONFIG_PROC_FS */
2728 + printk("klips_debug:ipsec_init: ipsec module loading. freeswan version: %s\n",
2729 + freeswan_version);
2732 + tdb_lock.lock = 0;
2733 + eroute_lock.lock = 0;
2734 +#endif /* !SPINLOCK */
2736 + error |= ipsec_tdbinit();
2737 + error |= ipsec_radijinit();
2739 + error |= pfkey_init();
2741 + register_netdevice_notifier(&ipsec_dev_notifier);
2743 +#ifdef CONFIG_IPSEC_ESP
2744 + inet_add_protocol(&esp_protocol);
2745 +#endif /* CONFIG_IPSEC_ESP */
2747 +#ifdef CONFIG_IPSEC_AH
2748 + inet_add_protocol(&ah_protocol);
2749 +#endif /* CONFIG_IPSEC_AH */
2752 +#ifdef CONFIG_IPSEC_IPCOMP
2753 + inet_add_protocol(&comp_protocol);
2754 +#endif /* CONFIG_IPSEC_IPCOMP */
2757 + error |= ipsec_tunnel_init_devices();
2759 +#ifdef CONFIG_SYSCTL
2760 + error |= ipsec_sysctl_register();
2768 +ipsec_cleanup(void)
2772 +#ifdef CONFIG_SYSCTL
2773 + ipsec_sysctl_unregister();
2775 + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */
2776 + "klips_debug:ipsec_cleanup: calling ipsec_tunnel_cleanup_devices.\n");
2777 + error |= ipsec_tunnel_cleanup_devices();
2780 +#ifdef CONFIG_IPSEC_IPCOMP
2781 + if (inet_del_protocol(&comp_protocol) < 0)
2782 + printk(KERN_INFO "klips_debug:ipsec_cleanup:comp close: can't remove protocol\n");
2785 +#ifdef CONFIG_IPSEC_AH
2786 + if ( inet_del_protocol(&ah_protocol) < 0 )
2787 + printk(KERN_INFO "klips_debug:ipsec_cleanup:ah close: can't remove protocol\n");
2788 +#endif /* CONFIG_IPSEC_AH */
2789 +#ifdef CONFIG_IPSEC_ESP
2790 + if ( inet_del_protocol(&esp_protocol) < 0 )
2791 + printk(KERN_INFO "klips_debug:ipsec_cleanup:esp close: can't remove protocol\n");
2792 +#endif /* CONFIG_IPSEC_ESP */
2794 + unregister_netdevice_notifier(&ipsec_dev_notifier);
2796 + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */
2797 + "klips_debug:ipsec_cleanup: calling ipsec_tdbcleanup.\n");
2798 + error |= ipsec_tdbcleanup(0);
2799 + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */
2800 + "klips_debug:ipsec_cleanup: calling ipsec_radijcleanup.\n");
2801 + error |= ipsec_radijcleanup();
2803 + KLIPS_PRINT(debug_pfkey, /* debug_tunnel & DB_TN_INIT, */
2804 + "klips_debug:ipsec_cleanup: calling pfkey_cleanup.\n");
2805 + error |= pfkey_cleanup();
2807 +#ifdef CONFIG_PROC_FS
2808 +# ifndef PROC_FS_2325
2809 +# ifdef CONFIG_IPSEC_DEBUG
2810 + if (proc_net_unregister(ipsec_klipsdebug.low_ino) != 0)
2811 + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_klipsdebug\n");
2812 +# endif /* CONFIG_IPSEC_DEBUG */
2813 + if (proc_net_unregister(ipsec_version.low_ino) != 0)
2814 + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_version\n");
2815 + if (proc_net_unregister(ipsec_eroute.low_ino) != 0)
2816 + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_eroute\n");
2817 + if (proc_net_unregister(ipsec_spi.low_ino) != 0)
2818 + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_spi\n");
2819 + if (proc_net_unregister(ipsec_spigrp.low_ino) != 0)
2820 + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_spigrp\n");
2821 + if (proc_net_unregister(ipsec_tncfg.low_ino) != 0)
2822 + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_tncfg\n");
2823 +# else /* !PROC_FS_2325 */
2824 +# ifdef CONFIG_IPSEC_DEBUG
2825 + proc_net_remove ("ipsec_klipsdebug");
2826 +# endif /* CONFIG_IPSEC_DEBUG */
2827 + proc_net_remove ("ipsec_eroute");
2828 + proc_net_remove ("ipsec_spi");
2829 + proc_net_remove ("ipsec_spigrp");
2830 + proc_net_remove ("ipsec_tncfg");
2831 + proc_net_remove ("ipsec_version");
2832 +# endif /* !PROC_FS_2325 */
2833 +#endif /* CONFIG_PROC_FS */
2844 + error |= ipsec_init();
2850 +cleanup_module(void)
2854 + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */
2855 + "klips_debug:cleanup_module: calling ipsec_cleanup.\n");
2857 + error |= ipsec_cleanup();
2859 + KLIPS_PRINT(1, "klips_debug:cleanup_module: ipsec module unloaded.\n");
2863 +#endif /* MODULE */
2867 + * Revision 1.63 2000/11/29 20:14:06 rgb
2868 + * Add src= to the output of /proc/net/ipsec_spi and delete dst from IPIP.
2870 + * Revision 1.62 2000/11/06 04:31:24 rgb
2871 + * Ditched spin_lock_irqsave in favour of spin_lock_bh.
2872 + * Fixed longlong for pre-2.4 kernels (Svenning).
2873 + * Add Svenning's adaptive content compression.
2874 + * Disabled registration of ipcomp handler.
2876 + * Revision 1.61 2000/10/11 13:37:54 rgb
2877 + * #ifdef out debug print that causes proc/net/ipsec_version to oops.
2879 + * Revision 1.60 2000/09/20 03:59:01 rgb
2880 + * Change static info functions to DEBUG_NO_STATIC to reveal function names
2883 + * Revision 1.59 2000/09/16 01:06:26 rgb
2884 + * Added cast of var to silence compiler warning about long fed to int
2887 + * Revision 1.58 2000/09/15 11:37:01 rgb
2888 + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
2889 + * IPCOMP zlib deflate code.
2891 + * Revision 1.57 2000/09/12 03:21:50 rgb
2892 + * Moved radij_c_version printing to ipsec_version_get_info().
2893 + * Reformatted ipsec_version_get_info().
2894 + * Added sysctl_{,un}register() calls.
2896 + * Revision 1.56 2000/09/08 19:16:50 rgb
2897 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
2898 + * Removed all references to CONFIG_IPSEC_PFKEYv2.
2900 + * Revision 1.55 2000/08/30 05:19:03 rgb
2901 + * Cleaned up no longer used spi_next, netlink register/unregister, other
2903 + * Removed cruft replaced by TDB_XFORM_NAME.
2904 + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
2905 + * Moved debug version strings to printk when /proc/net/ipsec_version is
2908 + * Revision 1.54 2000/08/20 18:31:05 rgb
2909 + * Changed cosmetic alignment in spi_info.
2910 + * Changed addtime and usetime to use actual value which is relative
2911 + * anyways, as intended. (Momchil)
2913 + * Revision 1.53 2000/08/18 17:37:03 rgb
2914 + * Added an (int) cast to shut up the compiler...
2916 + * Revision 1.52 2000/08/01 14:51:50 rgb
2917 + * Removed _all_ remaining traces of DES.
2919 + * Revision 1.51 2000/07/25 20:41:22 rgb
2920 + * Removed duplicate parameter in spi_getinfo.
2922 + * Revision 1.50 2000/07/17 03:21:45 rgb
2923 + * Removed /proc/net/ipsec_spinew.
2925 + * Revision 1.49 2000/06/28 05:46:51 rgb
2926 + * Renamed ivlen to iv_bits for consistency.
2927 + * Changed output of add and use times to be relative to now.
2929 + * Revision 1.48 2000/05/11 18:26:10 rgb
2930 + * Commented out calls to netlink_attach/detach to avoid activating netlink
2931 + * in the kenrel config.
2933 + * Revision 1.47 2000/05/10 22:35:26 rgb
2934 + * Comment out most of the startup version information.
2936 + * Revision 1.46 2000/03/22 16:15:36 rgb
2937 + * Fixed renaming of dev_get (MB).
2939 + * Revision 1.45 2000/03/16 06:40:48 rgb
2940 + * Hardcode PF_KEYv2 support.
2942 + * Revision 1.44 2000/01/22 23:19:20 rgb
2943 + * Simplified code to use existing macro TDB_XFORM_NAME().
2945 + * Revision 1.43 2000/01/21 06:14:04 rgb
2946 + * Print individual stats only if non-zero.
2947 + * Removed 'bits' from each keylength for brevity.
2948 + * Shortened lifetimes legend for brevity.
2949 + * Changed wording from 'last_used' to the clearer 'idle'.
2951 + * Revision 1.42 1999/12/31 14:57:19 rgb
2952 + * MB fix for new dummy-less proc_get_info in 2.3.35.
2954 + * Revision 1.41 1999/11/23 23:04:03 rgb
2955 + * Use provided macro ADDRTOA_BUF instead of hardcoded value.
2956 + * Sort out pfkey and freeswan headers, putting them in a library path.
2958 + * Revision 1.40 1999/11/18 18:47:01 rgb
2959 + * Added dynamic proc registration for 2.3.25+.
2960 + * Changed all device registrations for static linking to
2961 + * dynamic to reduce the number and size of patches.
2962 + * Changed all protocol registrations for static linking to
2963 + * dynamic to reduce the number and size of patches.
2965 + * Revision 1.39 1999/11/18 04:12:07 rgb
2966 + * Replaced all kernel version macros to shorter, readable form.
2967 + * Added Marc Boucher's 2.3.25 proc patches.
2968 + * Converted all PROC_FS entries to dynamic to reduce kernel patching.
2969 + * Added CONFIG_PROC_FS compiler directives in case it is shut off.
2971 + * Revision 1.38 1999/11/17 15:53:38 rgb
2972 + * Changed all occurrences of #include "../../../lib/freeswan.h"
2973 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
2974 + * klips/net/ipsec/Makefile.
2976 + * Revision 1.37 1999/10/16 04:23:06 rgb
2977 + * Add stats for replaywin_errs, replaywin_max_sequence_difference,
2978 + * authentication errors, encryption size errors, encryption padding
2979 + * errors, and time since last packet.
2981 + * Revision 1.36 1999/10/16 00:30:47 rgb
2982 + * Added SA lifetime counting.
2984 + * Revision 1.35 1999/10/15 22:14:00 rgb
2985 + * Clean out cruft.
2987 + * Revision 1.34 1999/10/03 18:46:28 rgb
2988 + * Spinlock fixes for 2.0.xx and 2.3.xx.
2990 + * Revision 1.33 1999/10/01 17:08:10 rgb
2991 + * Disable spinlock init.
2993 + * Revision 1.32 1999/10/01 16:22:24 rgb
2994 + * Switch from assignment init. to functional init. of spinlocks.
2996 + * Revision 1.31 1999/10/01 15:44:52 rgb
2997 + * Move spinlock header include to 2.1> scope.
2999 + * Revision 1.30 1999/10/01 00:00:16 rgb
3000 + * Added eroute structure locking.
3001 + * Added tdb structure locking.
3002 + * Minor formatting changes.
3003 + * Add call to initialize tdb hash table.
3005 + * Revision 1.29 1999/09/23 20:22:40 rgb
3006 + * Enable, tidy and fix network notifier code.
3008 + * Revision 1.28 1999/09/18 11:39:56 rgb
3009 + * Start to add (disabled) netdevice notifier code.
3011 + * Revision 1.27 1999/08/28 08:24:47 rgb
3012 + * Add compiler directives to compile cleanly without debugging.
3014 + * Revision 1.26 1999/08/06 16:03:22 rgb
3015 + * Correct error messages on failure to unload /proc entries.
3017 + * Revision 1.25 1999/08/03 17:07:25 rgb
3018 + * Report device MTU, not private MTU.
3020 + * Revision 1.24 1999/05/25 22:24:37 rgb
3021 + * /PROC/NET/ipsec* init problem fix.
3023 + * Revision 1.23 1999/05/25 02:16:38 rgb
3024 + * Make modular proc_fs entries dynamic and fix for 2.2.x.
3026 + * Revision 1.22 1999/05/09 03:25:35 rgb
3027 + * Fix bug introduced by 2.2 quick-and-dirty patch.
3029 + * Revision 1.21 1999/05/05 22:02:30 rgb
3030 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
3032 + * Revision 1.20 1999/04/29 15:15:50 rgb
3033 + * Fix undetected iv_len reporting bug.
3034 + * Add sanity checking for null pointer to private data space.
3035 + * Add return values to init and cleanup functions.
3037 + * Revision 1.19 1999/04/27 19:24:44 rgb
3038 + * Added /proc/net/ipsec_klipsdebug support for reading the current debug
3040 + * Instrument module load/init/unload.
3042 + * Revision 1.18 1999/04/15 15:37:24 rgb
3043 + * Forward check changes from POST1_00 branch.
3045 + * Revision 1.15.2.3 1999/04/13 20:29:19 rgb
3046 + * /proc/net/ipsec_* cleanup.
3048 + * Revision 1.15.2.2 1999/04/02 04:28:23 rgb
3049 + * /proc/net/ipsec_* formatting enhancements.
3051 + * Revision 1.15.2.1 1999/03/30 17:08:33 rgb
3052 + * Add pfkey initialisation.
3054 + * Revision 1.17 1999/04/11 00:28:57 henry
3057 + * Revision 1.16 1999/04/06 04:54:25 rgb
3058 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
3059 + * patch shell fixes.
3061 + * Revision 1.15 1999/02/24 20:15:07 rgb
3062 + * Update output format.
3064 + * Revision 1.14 1999/02/17 16:49:39 rgb
3065 + * Convert DEBUG_IPSEC to KLIPS_PRINT
3066 + * Ditch NET_IPIP dependancy.
3068 + * Revision 1.13 1999/01/26 02:06:37 rgb
3069 + * Remove ah/esp switching on include files.
3070 + * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
3071 + * Removed dead code.
3072 + * Remove references to INET_GET_PROTOCOL.
3074 + * Revision 1.12 1999/01/22 06:19:18 rgb
3075 + * Cruft clean-out.
3076 + * 64-bit clean-up.
3077 + * Added algorithm switch code.
3079 + * Revision 1.11 1998/12/01 05:54:53 rgb
3080 + * Cleanup and order debug version output.
3082 + * Revision 1.10 1998/11/30 13:22:54 rgb
3083 + * Rationalised all the klips kernel file headers. They are much shorter
3084 + * now and won't conflict under RH5.2.
3086 + * Revision 1.9 1998/11/10 05:35:13 rgb
3087 + * Print direction in/out flag from /proc/net/ipsec_spi.
3089 + * Revision 1.8 1998/10/27 13:48:10 rgb
3090 + * Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts.
3091 + * Fixed less(1) truncated output bug.
3094 + * Revision 1.7 1998/10/22 06:43:16 rgb
3095 + * Convert to use satoa for printk.
3097 + * Revision 1.6 1998/10/19 14:24:35 rgb
3098 + * Added inclusion of freeswan.h.
3100 + * Revision 1.5 1998/10/09 04:43:35 rgb
3101 + * Added 'klips_debug' prefix to all klips printk debug statements.
3103 + * Revision 1.4 1998/07/27 21:50:22 rgb
3104 + * Not necessary to traverse mask tree for /proc/net/ipsec_eroute.
3106 + * Revision 1.3 1998/06/25 19:51:20 rgb
3107 + * Clean up #endif comments.
3108 + * Shift debugging comment control for procfs to debug_tunnel.
3109 + * Make proc_dir_entries visible to rest of kernel for static link.
3110 + * Replace hardwired fileperms with macros.
3111 + * Use macros for procfs inode numbers.
3112 + * Rearrange initialisations between ipsec_init and module_init as appropriate
3113 + * for static loading.
3115 + * Revision 1.2 1998/06/23 02:55:43 rgb
3116 + * Slightly quieted init-time messages.
3117 + * Re-introduced inet_add_protocol after it mysteriously disappeared...
3118 + * Check for and warn of absence of IPIP protocol on install of module.
3119 + * Move tdbcleanup to ipsec_xform.c.
3121 + * Revision 1.10 1998/06/18 21:29:04 henry
3122 + * move sources from klips/src to klips/net/ipsec, to keep stupid kernel
3123 + * build scripts happier in presence of symbolic links
3125 + * Revision 1.9 1998/06/14 23:49:40 rgb
3126 + * Clarify version reporting on module loading.
3128 + * Revision 1.8 1998/06/11 05:54:23 rgb
3129 + * Added /proc/net/ipsec_version to report freeswan and transform versions.
3130 + * Added /proc/net/ipsec_spinew to generate new and unique spi's..
3131 + * Fixed /proc/net/ipsec_tncfg bug.
3133 + * Revision 1.7 1998/05/25 20:23:13 rgb
3134 + * proc_register changed to dynamic registration to avoid arbitrary inode
3137 + * Implement memory recovery from tdb and eroute tables.
3139 + * Revision 1.6 1998/05/21 13:08:58 rgb
3140 + * Rewrote procinfo subroutines to avoid *bad things* when more that 3k of
3141 + * information is available for printout.
3143 + * Revision 1.5 1998/05/18 21:29:48 rgb
3144 + * Cleaned up /proc/net/ipsec_* output, including a title line, algorithm
3145 + * names instead of numbers, standard format for numerical output base,
3146 + * whitespace for legibility, and the names themselves for consistency.
3148 + * Added /proc/net/ipsec_spigrp and /proc/net/ipsec_tncfg.
3150 + * Revision 1.4 1998/04/30 15:42:24 rgb
3151 + * Silencing attach for normal operations with #ifdef IPSEC_DEBUG.
3153 + * Revision 1.3 1998/04/21 21:28:58 rgb
3154 + * Rearrange debug switches to change on the fly debug output from user
3155 + * space. Only kernel changes checked in at this time. radij.c was also
3156 + * changed to temporarily remove buggy debugging code in rj_delete causing
3157 + * an OOPS and hence, netlink device open errors.
3159 + * Revision 1.2 1998/04/12 22:03:22 rgb
3160 + * Updated ESP-3DES-HMAC-MD5-96,
3161 + * ESP-DES-HMAC-MD5-96,
3163 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
3164 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
3166 + * Fixed eroute references in /proc/net/ipsec*.
3168 + * Started to patch module unloading memory leaks in ipsec_netlink and
3169 + * radij tree unloading.
3171 + * Revision 1.1 1998/04/09 03:06:05 henry
3172 + * sources moved up from linux/net/ipsec
3174 + * Revision 1.1.1.1 1998/04/08 05:35:02 henry
3175 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
3177 + * Revision 0.4 1997/01/15 01:28:15 ji
3180 + * Revision 0.3 1996/11/20 14:39:04 ji
3181 + * Fixed problem with node names of /proc/net entries.
3182 + * Other minor cleanups.
3183 + * Rationalized debugging code.
3185 + * Revision 0.2 1996/11/02 00:18:33 ji
3186 + * First limited release.
3190 diff -druN linux-noipsec/net/ipsec/ipsec_ipe4.h linux/net/ipsec/ipsec_ipe4.h
3191 --- linux-noipsec/net/ipsec/ipsec_ipe4.h Thu Jan 1 01:00:00 1970
3192 +++ linux/net/ipsec/ipsec_ipe4.h Sun Apr 11 02:28:57 1999
3195 + * IP-in-IP Header declarations
3196 + * Copyright (C) 1996, 1997 John Ioannidis.
3197 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
3199 + * This program is free software; you can redistribute it and/or modify it
3200 + * under the terms of the GNU General Public License as published by the
3201 + * Free Software Foundation; either version 2 of the License, or (at your
3202 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
3204 + * This program is distributed in the hope that it will be useful, but
3205 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
3206 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
3207 + * for more details.
3212 +/* The packet header is an IP header! */
3214 +struct ipe4_xdata /* transform table data */
3216 + struct in_addr i4_src;
3217 + struct in_addr i4_dst;
3220 +#define EMT_IPE4_ULEN 8 /* coming from user mode */
3225 + * Revision 1.3 1999/04/11 00:28:57 henry
3228 + * Revision 1.2 1999/04/06 04:54:25 rgb
3229 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
3230 + * patch shell fixes.
3232 + * Revision 1.1 1998/06/18 21:27:47 henry
3233 + * move sources from klips/src to klips/net/ipsec, to keep stupid
3234 + * kernel-build scripts happier in the presence of symlinks
3236 + * Revision 1.1 1998/04/09 03:06:07 henry
3237 + * sources moved up from linux/net/ipsec
3239 + * Revision 1.1.1.1 1998/04/08 05:35:03 henry
3240 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
3242 + * Revision 0.4 1997/01/15 01:28:15 ji
3245 + * Revision 0.3 1996/11/20 14:48:53 ji
3246 + * Release update only.
3248 + * Revision 0.2 1996/11/02 00:18:33 ji
3249 + * First limited release.
3253 diff -druN linux-noipsec/net/ipsec/ipsec_md5c.c linux/net/ipsec/ipsec_md5c.c
3254 --- linux-noipsec/net/ipsec/ipsec_md5c.c Thu Jan 1 01:00:00 1970
3255 +++ linux/net/ipsec/ipsec_md5c.c Mon Dec 13 14:59:12 1999
3262 + * The rest of the code is derived from MD5C.C by RSADSI. Minor cosmetic
3263 + * changes to accomodate it in the kernel by ji.
3266 +#include <asm/byteorder.h>
3267 +#include <linux/string.h>
3269 +#include "ipsec_md5h.h"
3271 +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
3274 +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
3277 +License to copy and use this software is granted provided that it
3278 +is identified as the "RSA Data Security, Inc. MD5 Message-Digest
3279 +Algorithm" in all material mentioning or referencing this software
3282 +License is also granted to make and use derivative works provided
3283 +that such works are identified as "derived from the RSA Data
3284 +Security, Inc. MD5 Message-Digest Algorithm" in all material
3285 +mentioning or referencing the derived work.
3287 +RSA Data Security, Inc. makes no representations concerning either
3288 +the merchantability of this software or the suitability of this
3289 +software for any particular purpose. It is provided "as is"
3290 +without express or implied warranty of any kind.
3292 +These notices must be retained in any copies of any part of this
3293 +documentation and/or software.
3299 + * HAVEMEMCOPY is defined if mem* routines are available
3301 + * HAVEHTON is defined if htons() and htonl() can be used
3302 + * for big/little endian conversions
3306 +#define HAVEMEMCOPY
3307 +#ifdef __LITTLE_ENDIAN
3308 +#define LITTLENDIAN
3310 +#ifdef __BIG_ENDIAN
3314 +/* Constants for MD5Transform routine.
3334 +static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
3336 +#ifdef LITTLEENDIAN
3337 +#define Encode MD5_memcpy
3338 +#define Decode MD5_memcpy
3340 +static void Encode PROTO_LIST
3341 + ((unsigned char *, UINT4 *, unsigned int));
3342 +static void Decode PROTO_LIST
3343 + ((UINT4 *, unsigned char *, unsigned int));
3347 +/* no need to include <memory.h> here; <linux/string.h> defines these */
3348 +#define MD5_memcpy memcpy
3349 +#define MD5_memset memset
3352 +#define MD5_memcpy(_a,_b,_c) bcopy((_b),(_a),(_c))
3353 +#define MD5_memset(_a,_b,_c) bzero((_a),(_c))
3355 +static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
3356 +static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
3359 +static unsigned char PADDING[64] = {
3360 + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3361 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3362 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
3365 +/* F, G, H and I are basic MD5 functions.
3367 +#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
3368 +#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
3369 +#define H(x, y, z) ((x) ^ (y) ^ (z))
3370 +#define I(x, y, z) ((y) ^ ((x) | (~z)))
3372 +/* ROTATE_LEFT rotates x left n bits.
3374 +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
3376 +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
3377 +Rotation is separate from addition to prevent recomputation.
3379 +#define FF(a, b, c, d, x, s, ac) { \
3380 + (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
3381 + (a) = ROTATE_LEFT ((a), (s)); \
3384 +#define GG(a, b, c, d, x, s, ac) { \
3385 + (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
3386 + (a) = ROTATE_LEFT ((a), (s)); \
3389 +#define HH(a, b, c, d, x, s, ac) { \
3390 + (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
3391 + (a) = ROTATE_LEFT ((a), (s)); \
3394 +#define II(a, b, c, d, x, s, ac) { \
3395 + (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
3396 + (a) = ROTATE_LEFT ((a), (s)); \
3400 +/* MD5 initialization. Begins an MD5 operation, writing a new context.
3402 +void MD5Init (context)
3403 +MD5_CTX *context; /* context */
3405 + context->count[0] = context->count[1] = 0;
3406 + /* Load magic initialization constants.
3408 + context->state[0] = 0x67452301;
3409 + context->state[1] = 0xefcdab89;
3410 + context->state[2] = 0x98badcfe;
3411 + context->state[3] = 0x10325476;
3414 +/* MD5 block update operation. Continues an MD5 message-digest
3415 + operation, processing another message block, and updating the
3418 +void MD5Update (context, input, inputLen)
3419 +MD5_CTX *context; /* context */
3420 +unsigned char *input; /* input block */
3421 +__u32 inputLen; /* length of input block */
3424 + unsigned int index, partLen;
3426 + /* Compute number of bytes mod 64 */
3427 + index = (unsigned int)((context->count[0] >> 3) & 0x3F);
3429 + /* Update number of bits */
3430 + if ((context->count[0] += ((UINT4)inputLen << 3))
3431 + < ((UINT4)inputLen << 3))
3432 + context->count[1]++;
3433 + context->count[1] += ((UINT4)inputLen >> 29);
3435 + partLen = 64 - index;
3437 + /* Transform as many times as possible.
3439 + if (inputLen >= partLen) {
3441 + ((POINTER)&context->buffer[index], (POINTER)input, partLen);
3442 + MD5Transform (context->state, context->buffer);
3444 + for (i = partLen; i + 63 < inputLen; i += 64)
3445 + MD5Transform (context->state, &input[i]);
3452 + /* Buffer remaining input */
3454 + ((POINTER)&context->buffer[index], (POINTER)&input[i],
3458 +/* MD5 finalization. Ends an MD5 message-digest operation, writing the
3459 + the message digest and zeroizing the context.
3461 +void MD5Final (digest, context)
3462 +unsigned char digest[16]; /* message digest */
3463 +MD5_CTX *context; /* context */
3465 + unsigned char bits[8];
3466 + unsigned int index, padLen;
3468 + /* Save number of bits */
3469 + Encode (bits, context->count, 8);
3471 + /* Pad out to 56 mod 64.
3473 + index = (unsigned int)((context->count[0] >> 3) & 0x3f);
3474 + padLen = (index < 56) ? (56 - index) : (120 - index);
3475 + MD5Update (context, PADDING, padLen);
3477 + /* Append length (before padding) */
3478 + MD5Update (context, bits, 8);
3480 + if (digest != NULL) /* Bill Simpson's padding */
3482 + /* store state in digest */
3483 + Encode (digest, context->state, 16);
3485 + /* Zeroize sensitive information.
3487 + MD5_memset ((POINTER)context, 0, sizeof (*context));
3491 +/* MD5 basic transformation. Transforms state based on block.
3493 +static void MD5Transform (state, block)
3495 +unsigned char block[64];
3497 + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
3499 + Decode (x, block, 64);
3502 + FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
3503 + FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
3504 + FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
3505 + FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
3506 + FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
3507 + FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
3508 + FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
3509 + FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
3510 + FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
3511 + FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
3512 + FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
3513 + FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
3514 + FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
3515 + FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
3516 + FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
3517 + FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
3520 + GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
3521 + GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
3522 + GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
3523 + GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
3524 + GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
3525 + GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
3526 + GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
3527 + GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
3528 + GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
3529 + GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
3530 + GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
3531 + GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
3532 + GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
3533 + GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
3534 + GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
3535 + GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
3538 + HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
3539 + HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
3540 + HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
3541 + HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
3542 + HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
3543 + HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
3544 + HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
3545 + HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
3546 + HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
3547 + HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
3548 + HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
3549 + HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
3550 + HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
3551 + HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
3552 + HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
3553 + HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
3556 + II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
3557 + II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
3558 + II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
3559 + II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
3560 + II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
3561 + II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
3562 + II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
3563 + II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
3564 + II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
3565 + II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
3566 + II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
3567 + II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
3568 + II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
3569 + II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
3570 + II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
3571 + II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
3578 + /* Zeroize sensitive information.
3580 + MD5_memset ((POINTER)x, 0, sizeof (x));
3583 +#ifndef LITTLEENDIAN
3585 +/* Encodes input (UINT4) into output (unsigned char). Assumes len is
3588 +static void Encode (output, input, len)
3589 +unsigned char *output;
3593 + unsigned int i, j;
3595 + for (i = 0, j = 0; j < len; i++, j += 4) {
3596 + output[j] = (unsigned char)(input[i] & 0xff);
3597 + output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
3598 + output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
3599 + output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
3603 +/* Decodes input (unsigned char) into output (UINT4). Assumes len is
3606 +static void Decode (output, input, len)
3608 +unsigned char *input;
3611 + unsigned int i, j;
3613 + for (i = 0, j = 0; j < len; i++, j += 4)
3614 + output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
3615 + (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
3620 +#ifndef HAVEMEMCOPY
3622 +/* Note: Replace "for loop" with standard memcpy if possible.
3625 +static void MD5_memcpy (output, input, len)
3632 + for (i = 0; i < len; i++)
3634 + output[i] = input[i];
3637 +/* Note: Replace "for loop" with standard memset if possible.
3640 +static void MD5_memset (output, value, len)
3647 + for (i = 0; i < len; i++)
3648 + ((char *)output)[i] = (char)value;
3655 + * Revision 1.4 1999/12/13 13:59:12 rgb
3656 + * Quick fix to argument size to Update bugs.
3658 + * Revision 1.3 1999/05/21 18:09:28 henry
3659 + * unnecessary <memory.h> include causes trouble in 2.2
3661 + * Revision 1.2 1999/04/06 04:54:26 rgb
3662 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
3663 + * patch shell fixes.
3665 + * Revision 1.1 1998/06/18 21:27:48 henry
3666 + * move sources from klips/src to klips/net/ipsec, to keep stupid
3667 + * kernel-build scripts happier in the presence of symlinks
3669 + * Revision 1.2 1998/04/23 20:54:02 rgb
3670 + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
3673 + * Revision 1.1 1998/04/09 03:06:08 henry
3674 + * sources moved up from linux/net/ipsec
3676 + * Revision 1.1.1.1 1998/04/08 05:35:04 henry
3677 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
3679 + * Revision 0.3 1996/11/20 14:48:53 ji
3680 + * Release update only.
3682 + * Revision 0.2 1996/11/02 00:18:33 ji
3683 + * First limited release.
3687 diff -druN linux-noipsec/net/ipsec/ipsec_md5h.h linux/net/ipsec/ipsec_md5h.h
3688 --- linux-noipsec/net/ipsec/ipsec_md5h.h Thu Jan 1 01:00:00 1970
3689 +++ linux/net/ipsec/ipsec_md5h.h Mon Dec 13 14:59:13 1999
3696 + * The rest of this file is Copyright RSA DSI. See the following comments
3697 + * for the full Copyright notice.
3700 +#ifndef _IPSEC_MD5H_H_
3701 +#define _IPSEC_MD5H_H_
3703 +/* GLOBAL.H - RSAREF types and constants
3706 +/* PROTOTYPES should be set to one if and only if the compiler supports
3707 + function argument prototyping.
3708 + The following makes PROTOTYPES default to 0 if it has not already
3709 + been defined with C compiler flags.
3712 +#define PROTOTYPES 1
3713 +#endif /* !PROTOTYPES */
3715 +/* POINTER defines a generic pointer type */
3716 +typedef __u8 *POINTER;
3718 +/* UINT2 defines a two byte word */
3719 +typedef __u16 UINT2;
3721 +/* UINT4 defines a four byte word */
3722 +typedef __u32 UINT4;
3724 +/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
3725 + If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
3726 + returns an empty list.
3730 +#define PROTO_LIST(list) list
3731 +#else /* PROTOTYPES */
3732 +#define PROTO_LIST(list) ()
3733 +#endif /* PROTOTYPES */
3736 +/* MD5.H - header file for MD5C.C
3739 +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
3742 +License to copy and use this software is granted provided that it
3743 +is identified as the "RSA Data Security, Inc. MD5 Message-Digest
3744 +Algorithm" in all material mentioning or referencing this software
3747 +License is also granted to make and use derivative works provided
3748 +that such works are identified as "derived from the RSA Data
3749 +Security, Inc. MD5 Message-Digest Algorithm" in all material
3750 +mentioning or referencing the derived work.
3752 +RSA Data Security, Inc. makes no representations concerning either
3753 +the merchantability of this software or the suitability of this
3754 +software for any particular purpose. It is provided "as is"
3755 +without express or implied warranty of any kind.
3757 +These notices must be retained in any copies of any part of this
3758 +documentation and/or software.
3763 + UINT4 state[4]; /* state (ABCD) */
3764 + UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
3765 + unsigned char buffer[64]; /* input buffer */
3768 +void MD5Init PROTO_LIST ((MD5_CTX *));
3769 +void MD5Update PROTO_LIST
3770 + ((MD5_CTX *, unsigned char *, __u32));
3771 +void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
3773 +#endif /* _IPSEC_MD5H_H_ */
3777 + * Revision 1.6 1999/12/13 13:59:13 rgb
3778 + * Quick fix to argument size to Update bugs.
3780 + * Revision 1.5 1999/12/07 18:16:23 rgb
3781 + * Fixed comments at end of #endif lines.
3783 + * Revision 1.4 1999/04/06 04:54:26 rgb
3784 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
3785 + * patch shell fixes.
3787 + * Revision 1.3 1999/01/22 06:19:58 rgb
3788 + * 64-bit clean-up.
3790 + * Revision 1.2 1998/11/30 13:22:54 rgb
3791 + * Rationalised all the klips kernel file headers. They are much shorter
3792 + * now and won't conflict under RH5.2.
3794 + * Revision 1.1 1998/06/18 21:27:48 henry
3795 + * move sources from klips/src to klips/net/ipsec, to keep stupid
3796 + * kernel-build scripts happier in the presence of symlinks
3798 + * Revision 1.2 1998/04/23 20:54:03 rgb
3799 + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
3802 + * Revision 1.1 1998/04/09 03:04:21 henry
3803 + * sources moved up from linux/net/ipsec
3804 + * these two include files modified not to include others except in kernel
3806 + * Revision 1.1.1.1 1998/04/08 05:35:03 henry
3807 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
3809 + * Revision 0.4 1997/01/15 01:28:15 ji
3812 + * Revision 0.3 1996/11/20 14:48:53 ji
3813 + * Release update only.
3815 + * Revision 0.2 1996/11/02 00:18:33 ji
3816 + * First limited release.
3820 diff -druN linux-noipsec/net/ipsec/ipsec_netlink.c linux/net/ipsec/ipsec_netlink.c
3821 --- linux-noipsec/net/ipsec/ipsec_netlink.c Thu Jan 1 01:00:00 1970
3822 +++ linux/net/ipsec/ipsec_netlink.c Mon Nov 6 05:32:08 2000
3825 + * IPSEC <> netlink interface
3826 + * Copyright (C) 1996, 1997 John Ioannidis.
3827 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
3829 + * This program is free software; you can redistribute it and/or modify it
3830 + * under the terms of the GNU General Public License as published by the
3831 + * Free Software Foundation; either version 2 of the License, or (at your
3832 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
3834 + * This program is distributed in the hope that it will be useful, but
3835 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
3836 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
3837 + * for more details.
3840 +char ipsec_netlink_c_version[] = "RCSID $Id$";
3842 +#include <linux/config.h>
3843 +#include <linux/version.h>
3845 +#include <linux/kernel.h> /* printk() */
3846 +#include <linux/malloc.h> /* kmalloc() */
3847 +#include <linux/errno.h> /* error codes */
3848 +#include <linux/types.h> /* size_t */
3849 +#include <linux/interrupt.h> /* mark_bh */
3851 +#include <linux/netdevice.h> /* struct device, and other headers */
3852 +#include <linux/etherdevice.h> /* eth_type_trans */
3853 +#include <linux/ip.h> /* struct iphdr */
3854 +#include <linux/skbuff.h>
3855 +#include <freeswan.h>
3857 + #ifdef SPINLOCK_23
3858 + #include <linux/spinlock.h> /* *lock* */
3859 + #else /* 23_SPINLOCK */
3860 + #include <asm/spinlock.h> /* *lock* */
3861 + #endif /* 23_SPINLOCK */
3862 +#endif /* SPINLOCK */
3864 + #include <asm/uaccess.h>
3865 + #include <linux/in6.h>
3866 + #define ip_chk_addr inet_addr_type
3867 + #define IS_MYADDR RTN_LOCAL
3869 +#include <asm/checksum.h>
3870 +#include <net/ip.h>
3871 +#ifdef NETLINK_SOCK
3872 + #include <linux/netlink.h>
3874 + #include <net/netlink.h>
3878 +#include "ipsec_encap.h"
3879 +#include "ipsec_radij.h"
3880 +#include "ipsec_netlink.h"
3881 +#include "ipsec_xform.h"
3883 +#include "ipsec_rcv.h"
3884 +#include "ipsec_ah.h"
3885 +#include "ipsec_esp.h"
3887 +#ifdef CONFIG_IPSEC_DEBUG
3888 + #include "ipsec_tunnel.h"
3889 +#endif /* CONFIG_IPSEC_DEBUG */
3891 +#include <pfkeyv2.h>
3894 +#ifdef CONFIG_IPSEC_DEBUG
3895 + int debug_netlink = 0;
3896 +#endif /* CONFIG_IPSEC_DEBUG */
3898 +#define SENDERR(_x) do { len = -(_x); goto errlab; } while (0)
3902 +#ifdef NETLINK_SOCK
3903 +ipsec_callback(int proto, struct sk_buff *skb)
3904 +#else /* NETLINK_SOCK */
3905 +ipsec_callback(struct sk_buff *skb)
3906 +#endif /* NETLINK_SOCK */
3909 + * this happens when we write to /dev/ipsec (c 36 10)
3911 + int len = skb->len;
3912 + u_char *dat = (u_char *)skb->data;
3913 + struct encap_msghdr *em = (struct encap_msghdr *)dat;
3914 + struct tdb *tdbp, *tprev;
3915 + int i, nspis, error = 0;
3916 +#ifdef CONFIG_IPSEC_DEBUG
3917 + struct eroute *eret;
3918 + char sa[SATOA_BUF];
3921 + satoa(em->em_said, 0, sa, SATOA_BUF);
3923 + if(debug_netlink) {
3924 + printk("klips_debug:ipsec_callback: skb=0x%p skblen=%ld em_magic=%d em_type=%d\n",
3925 + skb, (unsigned long int)skb->len, em->em_magic, em->em_type);
3926 + switch(em->em_type) {
3927 + case EMT_SETDEBUG:
3928 + printk("klips_debug:ipsec_callback: set ipsec_debug level\n");
3930 + case EMT_DELEROUTE:
3931 + case EMT_CLREROUTE:
3935 + printk("klips_debug:ipsec_callback: called for SA:%s\n", sa);
3938 +#endif /* CONFIG_IPSEC_DEBUG */
3940 + /* XXXX Temporarily disable netlink I/F code until it gets permanantly
3941 + ripped out in favour of PF_KEYv2 I/F. */
3942 + SENDERR(EPROTONOSUPPORT);
3944 + /* em = (struct encap_msghdr *)dat; */
3945 + if (em->em_magic != EM_MAGIC) {
3946 + printk("klips_debug:ipsec_callback: bad magic=%d failed, should be %d\n",
3951 + switch (em->em_type) {
3952 + case EMT_SETDEBUG:
3953 +#ifdef CONFIG_IPSEC_DEBUG
3954 + if(em->em_db_nl >> (sizeof(em->em_db_nl) * 8 - 1)) {
3955 + em->em_db_nl &= ~(1 << (sizeof(em->em_db_nl) * 8 -1));
3956 + debug_tunnel |= em->em_db_tn;
3957 + debug_netlink |= em->em_db_nl;
3958 + debug_xform |= em->em_db_xf;
3959 + debug_eroute |= em->em_db_er;
3960 + debug_spi |= em->em_db_sp;
3961 + debug_radij |= em->em_db_rj;
3962 + debug_esp |= em->em_db_es;
3963 + debug_ah |= em->em_db_ah;
3964 + debug_rcv |= em->em_db_rx;
3965 + debug_pfkey |= em->em_db_ky;
3967 + printk("klips_debug:ipsec_callback: set\n");
3970 + printk("klips_debug:ipsec_callback: unset\n");
3971 + debug_tunnel &= em->em_db_tn;
3972 + debug_netlink &= em->em_db_nl;
3973 + debug_xform &= em->em_db_xf;
3974 + debug_eroute &= em->em_db_er;
3975 + debug_spi &= em->em_db_sp;
3976 + debug_radij &= em->em_db_rj;
3977 + debug_esp &= em->em_db_es;
3978 + debug_ah &= em->em_db_ah;
3979 + debug_rcv &= em->em_db_rx;
3980 + debug_pfkey &= em->em_db_ky;
3982 +#else /* CONFIG_IPSEC_DEBUG */
3983 + printk("klips_debug:ipsec_callback: debugging not enabled\n");
3985 +#endif /* CONFIG_IPSEC_DEBUG */
3988 + case EMT_SETEROUTE:
3989 + if ((error = ipsec_makeroute(&(em->em_eaddr), &(em->em_emask), em->em_ersaid)))
3993 + case EMT_RPLACEROUTE:
3994 + if ((error = ipsec_breakroute(&(em->em_eaddr), &(em->em_emask))) == EINVAL) {
3997 + if ((error = ipsec_makeroute(&(em->em_eaddr), &(em->em_emask), em->em_ersaid)))
4001 + case EMT_DELEROUTE:
4002 + if ((error = ipsec_breakroute(&(em->em_eaddr), &(em->em_emask))))
4006 + case EMT_CLREROUTE:
4007 + if ((error = ipsec_cleareroutes()))
4012 + if (em->em_if >= 5) /* XXX -- why 5? */
4015 + tdbp = gettdb(&(em->em_said));
4016 + if (tdbp == NULL) {
4017 + tdbp = (struct tdb *)kmalloc(sizeof (*tdbp), GFP_ATOMIC);
4022 + memset((caddr_t)tdbp, 0, sizeof(*tdbp));
4024 + tdbp->tdb_said = em->em_said;
4025 + tdbp->tdb_flags = em->em_flags;
4027 + if(ip_chk_addr((unsigned long)em->em_said.dst.s_addr) == IS_MYADDR) {
4028 + tdbp->tdb_flags |= EMT_INBOUND;
4030 + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB,
4031 + "klips_debug:ipsec_callback: existing Tunnel Descriptor Block not found (this\n"
4032 + "klips_debug: is good) for SA: %s, %s-bound, allocating.\n",
4033 + sa, (tdbp->tdb_flags & EMT_INBOUND) ? "in" : "out");
4035 +/* XXX tdbp->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/
4036 + tdbp->tdb_rcvif = NULL;
4038 + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB,
4039 + "klips_debug:ipsec_callback: EMT_SETSPI found an old Tunnel Descriptor Block\n"
4040 + "klips_debug: for SA: %s, delete it first.\n", sa);
4044 + if ((error = tdb_init(tdbp, em))) {
4045 + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB,
4046 + "klips_debug:ipsec_callback: EMT_SETSPI not successful for SA: %s, deleting.\n", sa);
4047 + ipsec_tdbwipe(tdbp);
4052 + tdbp->tdb_lifetime_addtime_c = jiffies/HZ;
4053 + tdbp->tdb_state = 1;
4054 + if(!tdbp->tdb_lifetime_allocations_c) {
4055 + tdbp->tdb_lifetime_allocations_c += 1;
4059 + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB,
4060 + "klips_debug:ipsec_callback: EMT_SETSPI successful for SA: %s\n", sa);
4064 + if (em->em_if >= 5) /* XXX -- why 5? */
4067 + spin_lock_bh(&tdb_lock);
4069 + tdbp = gettdb(&(em->em_said));
4070 + if (tdbp == NULL) {
4071 + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB,
4072 + "klips_debug:ipsec_callback: "
4073 + "EMT_DELSPI Tunnel Descriptor Block not found for SA:\n"
4074 + "klips_debug: %s, could not delete.\n", sa);
4075 + spin_unlock_bh(&tdb_lock);
4076 + SENDERR(ENXIO); /* XXX -- wrong error message... */
4078 + if((error = deltdbchain(tdbp))) {
4079 + spin_unlock_bh(&tdb_lock);
4083 + spin_unlock_bh(&tdb_lock);
4088 + nspis = (len - EMT_GRPSPIS_FLEN) / sizeof(em->em_rel[0]);
4089 + if ((nspis * (sizeof(em->em_rel[0]))) != (len - EMT_GRPSPIS_FLEN)) {
4090 + printk("klips_debug:ipsec_callback: EMT_GRPSPI message size incorrect, expected nspis(%d)*%d, got %d.\n",
4092 + sizeof(em->em_rel[0]),
4093 + (len - EMT_GRPSPIS_FLEN));
4098 + spin_lock_bh(&tdb_lock);
4100 + for (i = 0; i < nspis; i++) {
4101 + KLIPS_PRINT(debug_netlink,
4102 + "klips_debug:ipsec_callback: EMT_GRPSPI for SA(%d)\n"
4103 + "klips_debug: %s,\n", i, sa);
4104 + if ((tdbp = gettdb(&(em->em_rel[i].emr_said))) == NULL) {
4105 + KLIPS_PRINT(debug_netlink,
4106 + "klips_debug:ipsec_callback: "
4107 + "EMT_GRPSPI Tunnel Descriptor Block not found for SA:\n"
4108 + "klips_debug: %s, could not group.\n", sa);
4109 + spin_unlock_bh(&tdb_lock);
4112 + if(tdbp->tdb_inext || tdbp->tdb_onext) {
4113 + KLIPS_PRINT(debug_netlink,
4114 + "klips_debug:ipsec_callback: "
4115 + "EMT_GRPSPI Tunnel Descriptor Block already grouped\n"
4116 + "klips_debug: for SA: %s, can't regroup.\n", sa);
4117 + spin_unlock_bh(&tdb_lock);
4120 + em->em_rel[i].emr_tdb = tdbp;
4123 + tprev = em->em_rel[0].emr_tdb;
4124 + tprev->tdb_inext = NULL;
4125 + for (i = 1; i < nspis; i++) {
4126 + tdbp = em->em_rel[i].emr_tdb;
4127 + tprev->tdb_onext = tdbp;
4128 + tdbp->tdb_inext = tprev;
4131 + tprev->tdb_onext = NULL;
4133 + spin_unlock_bh(&tdb_lock);
4138 + case EMT_UNGRPSPIS:
4139 + if (len != (8 + (sizeof(struct sa_id) + sizeof(struct tdb *)) /* 12 */) ) {
4140 + printk("klips_debug:ipsec_callback: "
4141 + "EMT_UNGRPSPIS message size incorrect, expected %d, got %d.\n",
4142 + 8 + (sizeof(struct sa_id) + sizeof(struct tdb *)),
4148 + spin_lock_bh(&tdb_lock);
4150 + if ((tdbp = gettdb(&(em->em_rel[0].emr_said))) == NULL) {
4151 + KLIPS_PRINT(debug_netlink,
4152 + "klips_debug:ipsec_callback: "
4153 + "EMT_UGRPSPI Tunnel Descriptor Block not found for SA:\n"
4154 + "klips_debug: %s, could not ungroup.\n", sa);
4155 + spin_unlock_bh(&tdb_lock);
4158 + while(tdbp->tdb_onext) {
4159 + tdbp = tdbp->tdb_onext;
4161 + while(tdbp->tdb_inext) {
4163 + tdbp = tdbp->tdb_inext;
4164 + tprev->tdb_inext = NULL;
4165 + tdbp->tdb_onext = NULL;
4168 + spin_unlock_bh(&tdb_lock);
4173 + KLIPS_PRINT(debug_netlink,
4174 + "klips_debug:ipsec_callback: spi clear called.\n");
4175 + if (em->em_if >= 5) /* XXX -- why 5? */
4177 + ipsec_tdbcleanup(0);
4180 + KLIPS_PRINT(debug_netlink,
4181 + "klips_debug:ipsec_callback: unknown message type\n");
4188 + kfree_skb(skb, FREE_WRITE);
4189 +#endif /* NET_21 */
4196 + * Revision 1.47 2000/11/06 04:32:08 rgb
4197 + * Ditched spin_lock_irqsave in favour of spin_lock_bh.
4199 + * Revision 1.46 2000/09/08 19:16:50 rgb
4200 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
4201 + * Removed all references to CONFIG_IPSEC_PFKEYv2.
4203 + * Revision 1.45 2000/08/30 05:23:55 rgb
4204 + * Compiler-define out ipsec_callback() function of ipsec_netlink.c.
4205 + * Nothing should be using it anyways.
4207 + * Revision 1.44 2000/03/16 14:01:26 rgb
4208 + * Indented headers for readability.
4210 + * Revision 1.43 2000/03/16 07:13:04 rgb
4211 + * Hardcode PF_KEYv2 support.
4212 + * Disable NET_LINK support.
4214 + * Revision 1.42 2000/01/21 06:14:27 rgb
4215 + * Moved debug message for expected output on set or clear.
4217 + * Revision 1.41 1999/12/01 22:14:37 rgb
4218 + * Added debugging message for bad netlink magic.
4219 + * Initialise tdb_sastate to MATURE (1).
4220 + * Added UNGRPSPIS bad length debugging message.
4222 + * Revision 1.40 1999/11/23 23:06:25 rgb
4223 + * Sort out pfkey and freeswan headers, putting them in a library path.
4225 + * Revision 1.39 1999/11/18 04:09:18 rgb
4226 + * Replaced all kernel version macros to shorter, readable form.
4228 + * Revision 1.38 1999/11/17 15:53:39 rgb
4229 + * Changed all occurrences of #include "../../../lib/freeswan.h"
4230 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
4231 + * klips/net/ipsec/Makefile.
4233 + * Revision 1.37 1999/10/26 13:58:32 rgb
4234 + * Put spinlock flags variable declaration outside the debug compiler
4235 + * directive to enable compilation with debug shut off.
4237 + * Revision 1.36 1999/10/16 18:24:22 rgb
4238 + * Initialize lifetime_addtime_c and lifetime_allocations_c.
4239 + * Clean-up unused cruft.
4241 + * Revision 1.35 1999/10/08 18:37:34 rgb
4242 + * Fix end-of-line spacing to sate whining PHMs.
4244 + * Revision 1.34 1999/10/03 18:49:11 rgb
4245 + * Spinlock fixes for 2.0.xx and 2.3.xx.
4247 + * Revision 1.33 1999/10/01 15:44:53 rgb
4248 + * Move spinlock header include to 2.1> scope.
4250 + * Revision 1.32 1999/10/01 00:00:53 rgb
4251 + * Fix for proper netlink debugging operation.
4252 + * Added tdb structure locking.
4253 + * Minor formatting changes.
4255 + * Revision 1.31 1999/05/25 21:21:43 rgb
4256 + * Fix deltdbchain() error return code checking.
4258 + * Revision 1.30 1999/05/09 03:25:36 rgb
4259 + * Fix bug introduced by 2.2 quick-and-dirty patch.
4261 + * Revision 1.29 1999/05/08 21:23:27 rgb
4262 + * Simplify satoa() calling.
4263 + * Fix error return reporting.
4264 + * Add casting to silence the 2.2.x compile.
4266 + * Revision 1.28 1999/05/05 22:02:31 rgb
4267 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
4269 + * Revision 1.27 1999/04/29 15:16:24 rgb
4270 + * Add pfkey support to debugging.
4271 + * Change gettdb parameter to a pointer to reduce stack loading and
4273 + * parameter sanity checking.
4274 + * Add IS_MYADDR support obviating the necessity of doing this in user
4276 + * Fix undetected bug by moving puttdb in SETSPI until after initialisation
4278 + * prevent tdb usage before it is ready and to save work if it does not
4280 + * Clean up deltdb/wipe code.
4281 + * Fix undetected bug of returning error as positive value.
4282 + * Add a parameter to tdbcleanup to be able to delete a class of SAs.
4284 + * Revision 1.26 1999/04/16 15:39:35 rgb
4285 + * Fix already fixed unbalanced #endif.
4287 + * Revision 1.25 1999/04/15 15:37:24 rgb
4288 + * Forward check changes from POST1_00 branch.
4290 + * Revision 1.21.2.1 1999/04/13 20:30:26 rgb
4291 + * Add experimental 'getdebug'.
4293 + * Revision 1.24 1999/04/11 00:28:58 henry
4296 + * Revision 1.23 1999/04/07 17:44:21 rgb
4297 + * Fix ipsec_callback memory leak, skb not freed after use.
4299 + * Revision 1.22 1999/04/06 04:54:26 rgb
4300 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
4301 + * patch shell fixes.
4303 + * Revision 1.21 1999/02/17 16:50:11 rgb
4304 + * Consolidate satoa()s for space and speed efficiency.
4305 + * Convert DEBUG_IPSEC to KLIPS_PRINT
4306 + * Clean out unused cruft.
4308 + * Revision 1.20 1999/01/28 23:20:49 rgb
4309 + * Replace hard-coded numbers in macros and code with meaningful values
4310 + * automatically generated from sizeof() and offsetof() to further the
4311 + * goal of platform independance.
4313 + * Revision 1.19 1999/01/26 02:07:07 rgb
4314 + * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
4315 + * Remove ah/esp switching on include files.
4316 + * Removed dead code.
4318 + * Revision 1.18 1999/01/22 06:20:36 rgb
4319 + * Cruft clean-out.
4320 + * 64-bit clean-up.
4321 + * Added algorithm switch code.
4323 + * Revision 1.17 1998/12/02 03:09:39 rgb
4324 + * Clean up debug printing conditionals to compile with debugging off.
4326 + * Revision 1.16 1998/12/01 05:56:57 rgb
4327 + * Add support for debug printing of version info.
4328 + * Fail on unknown error for breakroute in replace command.
4330 + * Revision 1.15 1998/11/30 13:22:54 rgb
4331 + * Rationalised all the klips kernel file headers. They are much shorter
4332 + * now and won't conflict under RH5.2.
4334 + * Revision 1.14 1998/11/10 05:36:14 rgb
4335 + * Clean up debug output.
4336 + * Add direction to spi setup debug code.
4337 + * Add support for SA direction flag.
4339 + * Revision 1.13 1998/10/31 06:51:56 rgb
4340 + * Get zeroize to return something useful.
4341 + * Clean up code to isolate 'spi --add/del' memory leak.
4342 + * Fixed up comments in #endif directives.
4344 + * Revision 1.12 1998/10/27 00:35:02 rgb
4345 + * Supressed debug output during normal operation.
4347 + * Revision 1.11 1998/10/25 02:40:21 rgb
4348 + * Selective debug printing, depending upon called service.
4349 + * Institute more precise error return codes from eroute commands.
4350 + * Fix bug in size of stucture passed in from user space for grpspi command.
4352 + * Revision 1.10 1998/10/22 06:44:58 rgb
4353 + * Convert to use satoa for printk.
4354 + * Moved break; in 'set debug level code to avoid undetected bug.
4355 + * Fixed run-on error message to fit 80 columns.
4357 + * Revision 1.9 1998/10/19 14:44:28 rgb
4358 + * Added inclusion of freeswan.h.
4359 + * sa_id structure implemented and used: now includes protocol.
4361 + * Revision 1.8 1998/10/09 04:29:51 rgb
4362 + * Added support for '-replace' option to eroute.
4363 + * Fixed spiungroup bug.
4364 + * Added 'klips_debug' prefix to all klips printk debug statements.
4366 + * Revision 1.7 1998/08/12 00:10:06 rgb
4367 + * Fixed minor error return code syntax.
4369 + * Revision 1.6 1998/07/29 20:22:57 rgb
4370 + * Cosmetic cleanup.
4372 + * Revision 1.5 1998/07/27 21:53:11 rgb
4373 + * Check for proper return code from eroute clear command.
4374 + * Use appropriate error return codes from kernel.
4375 + * Add an option to clear the SA table.
4377 + * Revision 1.4 1998/07/14 18:02:40 rgb
4378 + * Add a command to clear the eroute table.
4379 + * Clean up some error codes.
4381 + * Revision 1.3 1998/06/25 19:52:33 rgb
4382 + * Code cosmetic changes only.
4384 + * Revision 1.2 1998/06/23 02:57:58 rgb
4385 + * Clean up after an error condition in setspi.
4387 + * Revision 1.9 1998/06/18 21:29:06 henry
4388 + * move sources from klips/src to klips/net/ipsec, to keep stupid kernel
4389 + * build scripts happier in presence of symbolic links
4391 + * Revision 1.8 1998/06/08 17:57:15 rgb
4392 + * Very minor spacing change.
4394 + * Revision 1.7 1998/05/18 21:46:45 rgb
4395 + * Clean up for numerical consistency of output.
4397 + * Added debugging switch output.
4399 + * SETSPI will refuse to overwrite a previous SA. This is to make it
4400 + * consistent with the eroute command.
4402 + * spidel now deletes entire chain of spi's.
4404 + * spigrp can now ungroup a set of spi's.
4406 + * spigrp will not regroup a previously grouped spi.
4408 + * Key data is properly cleaned up, ie. zeroed.
4410 + * Revision 1.6 1998/05/07 20:36:27 rgb
4411 + * Fixed case where debugging not enabled that caused ipsec_netlink.c to
4414 + * Revision 1.5 1998/05/06 03:34:21 rgb
4415 + * Updated debugging output statements.
4417 + * Revision 1.4 1998/04/23 21:03:59 rgb
4418 + * Completed kernel development for userspace access to klips kernel debugging
4420 + * Added detail to the kernel error message when trying to group non-existant
4423 + * Revision 1.3 1998/04/21 21:29:06 rgb
4424 + * Rearrange debug switches to change on the fly debug output from user
4425 + * space. Only kernel changes checked in at this time. radij.c was also
4426 + * changed to temporarily remove buggy debugging code in rj_delete causing
4427 + * an OOPS and hence, netlink device open errors.
4429 + * Revision 1.2 1998/04/12 22:03:23 rgb
4430 + * Updated ESP-3DES-HMAC-MD5-96,
4431 + * ESP-DES-HMAC-MD5-96,
4433 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
4434 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
4436 + * Fixed eroute references in /proc/net/ipsec*.
4438 + * Started to patch module unloading memory leaks in ipsec_netlink and
4439 + * radij tree unloading.
4441 + * Revision 1.1 1998/04/09 03:06:08 henry
4442 + * sources moved up from linux/net/ipsec
4444 + * Revision 1.1.1.1 1998/04/08 05:35:02 henry
4445 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
4447 + * Revision 0.4 1997/01/15 01:28:15 ji
4450 + * Revision 0.3 1996/11/20 14:39:04 ji
4452 + * Rationalized debugging code.
4454 + * Revision 0.2 1996/11/02 00:18:33 ji
4455 + * First limited release.
4459 diff -druN linux-noipsec/net/ipsec/ipsec_netlink.h linux/net/ipsec/ipsec_netlink.h
4460 --- linux-noipsec/net/ipsec/ipsec_netlink.h Thu Jan 1 01:00:00 1970
4461 +++ linux/net/ipsec/ipsec_netlink.h Tue Oct 10 22:10:18 2000
4464 + * IPSEC <> netlink interface
4465 + * Copyright (C) 1996, 1997 John Ioannidis.
4466 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
4468 + * This program is free software; you can redistribute it and/or modify it
4469 + * under the terms of the GNU General Public License as published by the
4470 + * Free Software Foundation; either version 2 of the License, or (at your
4471 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
4473 + * This program is distributed in the hope that it will be useful, but
4474 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
4475 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
4476 + * for more details.
4481 +#include <linux/stddef.h>
4483 +#ifndef NETLINK_IPSEC
4484 +#define NETLINK_IPSEC 10 /* IPSEC */
4485 +#endif /* !NETLINK_IPSEC */
4487 +#define EM_MAXRELSPIS 4 /* at most five chained xforms */
4488 +#define EM_MAGIC 0x5377616e /* "Swan" */
4490 +#define EMT_IFADDR 1 /* set enc if addr */
4491 +#define EMT_SETSPI 2 /* Set SPI properties */
4492 +#define EMT_DELSPI 3 /* Delete an SPI */
4493 +#define EMT_GRPSPIS 4 /* Group SPIs (output order) */
4494 +#define EMT_SETEROUTE 5 /* set an extended route */
4495 +#define EMT_DELEROUTE 6 /* del an extended route */
4496 +#define EMT_TESTROUTE 7 /* try to find route, print to console */
4497 +#define EMT_SETDEBUG 8 /* set debug level if active */
4498 +#define EMT_UNGRPSPIS 9 /* UnGroup SPIs (output order) */
4499 +#define EMT_CLREROUTE 10 /* clear the extended route table */
4500 +#define EMT_CLRSPIS 11 /* clear the spi table */
4501 +#define EMT_RPLACEROUTE 12 /* set an extended route */
4502 +#define EMT_GETDEBUG 13 /* get debug level if active */
4504 +#ifdef CONFIG_IPSEC_DEBUG
4505 +#define DB_NL_TDBCB 0x0001
4506 +#endif /* CONFIG_IPSEC_DEBUG */
4508 +/* em_flags constants */
4509 +/* be mindful that this flag conflicts with SADB_SAFLAGS_PFS in pfkeyv2 */
4510 +/* perhaps it should be moved... */
4511 +#define EMT_INBOUND 0x01 /* SA direction, 1=inbound */
4513 +struct encap_msghdr
4515 + __u32 em_magic; /* EM_MAGIC */
4517 + __u16 em_msglen; /* message length */
4519 + __u8 em_msglen; /* message length */
4520 + __u8 em_flags; /* message flags */
4521 + __u8 em_version; /* for future expansion */
4522 + __u8 em_type; /* message type */
4525 + __u8 C; /* Free-text */
4529 + struct sa_id Said; /* SA ID */
4530 + struct sockaddr_encap Eaddr;
4531 + struct sockaddr_encap Emask;
4536 + struct in_addr Ia;
4538 + __u8 xxx[3]; /* makes life a lot easier */
4543 + struct sa_id Said; /* SA ID */
4544 + int If; /* enc i/f for input */
4545 + int Alg; /* Algorithm to use */
4547 + /* The following union is a surrogate for
4548 + * algorithm-specific data. To insure
4549 + * proper alignment, worst-case fields
4550 + * should be included. It would be even
4551 + * better to include the types that will
4552 + * actually be used, but they may not be
4553 + * defined for each use of this header.
4554 + * The actual length is expected to be longer
4555 + * than is declared here. References are normally
4556 + * made using the em_dat macro, as if it were a
4559 + union { /* Data */
4561 + __u64 Datq[1]; /* maximal alignment (?) */
4567 + struct sa_id emr_said; /* SA ID */
4568 + struct tdb * emr_tdb; /* used internally! */
4570 + } Rel[EM_MAXRELSPIS];
4572 +#ifdef CONFIG_IPSEC_DEBUG
4576 + int debug_netlink;
4586 + int debug_verbose;
4588 +#endif /* CONFIG_IPSEC_DEBUG */
4592 +#define EM_MINLEN offsetof(struct encap_msghdr, Eu)
4593 +#define EMT_SETSPI_FLEN offsetof(struct encap_msghdr, em_dat)
4594 +#define EMT_GRPSPIS_FLEN offsetof(struct encap_msghdr, Eu.Rel)
4595 +#define EMT_SETDEBUG_FLEN (offsetof(struct encap_msghdr, Eu.Dbg + \
4596 + sizeof(((struct encap_msghdr*)0)->Eu.Dbg)))
4599 +#define em_eaddr Eu.Ert.Eaddr
4600 +#define em_emask Eu.Ert.Emask
4601 +#define em_ersaid Eu.Ert.Said
4602 +#define em_erdst Eu.Ert.Said.dst
4603 +#define em_erspi Eu.Ert.Said.spi
4604 +#define em_erproto Eu.Ert.Said.proto
4606 +#define em_ifa Eu.Ifa.Ia
4607 +#define em_ifn Eu.Ifa.Ifn
4609 +#define em_said Eu.Xfm.Said
4610 +#define em_spi Eu.Xfm.Said.spi
4611 +#define em_dst Eu.Xfm.Said.dst
4612 +#define em_proto Eu.Xfm.Said.proto
4613 +#define em_if Eu.Xfm.If
4614 +#define em_alg Eu.Xfm.Alg
4615 +#define em_dat Eu.Xfm.u.Dat
4617 +#define em_rel Eu.Rel
4618 +#define emr_dst emr_said.dst
4619 +#define emr_spi emr_said.spi
4620 +#define emr_proto emr_said.proto
4622 +#ifdef CONFIG_IPSEC_DEBUG
4623 +#define em_db_tn Eu.Dbg.debug_tunnel
4624 +#define em_db_nl Eu.Dbg.debug_netlink
4625 +#define em_db_xf Eu.Dbg.debug_xform
4626 +#define em_db_er Eu.Dbg.debug_eroute
4627 +#define em_db_sp Eu.Dbg.debug_spi
4628 +#define em_db_rj Eu.Dbg.debug_radij
4629 +#define em_db_es Eu.Dbg.debug_esp
4630 +#define em_db_ah Eu.Dbg.debug_ah
4631 +#define em_db_rx Eu.Dbg.debug_rcv
4632 +#define em_db_ky Eu.Dbg.debug_pfkey
4633 +#define em_db_gz Eu.Dbg.debug_ipcomp
4634 +#define em_db_vb Eu.Dbg.debug_verbose
4635 +#endif /* CONFIG_IPSEC_DEBUG */
4638 +extern char ipsec_netlink_c_version[];
4639 +#ifndef KERNEL_VERSION
4640 +# include <linux/version.h>
4642 +#ifdef NETLINK_SOCK
4643 +extern int ipsec_callback(int proto, struct sk_buff *skb);
4644 +#else /* NETLINK_SOCK */
4645 +extern int ipsec_callback(struct sk_buff *skb);
4646 +#endif /* NETLINK_SOCK */
4647 +extern void ipsec_print_ip(struct iphdr *ip);
4649 +#ifdef CONFIG_IPSEC_DEBUG
4650 + #define KLIPS_PRINT(flag, format, args...) \
4651 + ((flag) ? printk(KERN_INFO format , ## args) : 0)
4652 + #define KLIPS_PRINTMORE(flag, format, args...) \
4653 + ((flag) ? printk(format , ## args) : 0)
4654 + #define KLIPS_IP_PRINT(flag, ip) \
4655 + ((flag) ? ipsec_print_ip(ip) : 0)
4656 +#else /* CONFIG_IPSEC_DEBUG */
4657 + #define KLIPS_PRINT(flag, format, args...) do ; while(0)
4658 + #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0)
4659 + #define KLIPS_IP_PRINT(flag, ip) do ; while(0)
4660 +#endif /* CONFIG_IPSEC_DEBUG */
4662 +#ifdef CONFIG_IPSEC_DEBUG
4663 +extern int debug_netlink;
4664 +#endif /* CONFIG_IPSEC_DEBUG */
4665 +#endif /* __KERNEL__ */
4669 + * Revision 1.28 2000/10/10 20:10:18 rgb
4670 + * Added support for debug_ipcomp and debug_verbose to klipsdebug.
4672 + * Revision 1.27 2000/09/12 03:20:28 rgb
4673 + * Cleared out now unused pfkeyv2 switch.
4675 + * Revision 1.26 2000/09/08 19:16:50 rgb
4676 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
4677 + * Removed all references to CONFIG_IPSEC_PFKEYv2.
4679 + * Revision 1.25 2000/08/24 16:51:59 rgb
4680 + * Added KLIPS_PRINTMORE macro to continue lines without KERN_INFO level
4683 + * Revision 1.24 2000/08/09 20:43:34 rgb
4684 + * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE.
4686 + * Revision 1.23 2000/03/16 14:01:48 rgb
4687 + * Hardwired CONFIG_IPSEC_PFKEYv2 on.
4689 + * Revision 1.22 1999/12/08 20:31:32 rgb
4690 + * Moved IPPROTO_COMP to lib/freeswan.h to simplify userspace includes.
4692 + * Revision 1.21 1999/11/18 18:47:41 rgb
4693 + * Added "#define NETLINK_IPSEC" in case kernel was not compiled with it.
4695 + * Revision 1.20 1999/11/18 04:09:18 rgb
4696 + * Replaced all kernel version macros to shorter, readable form.
4698 + * Revision 1.19 1999/08/28 08:27:05 rgb
4699 + * Add a temporary kludge for 2.0.37-38 to compile even if one patch failed.
4701 + * Revision 1.18 1999/08/03 17:09:33 rgb
4702 + * Tidy up debug output, use KERN_INFO macro in printk's.
4704 + * Revision 1.17 1999/05/25 01:45:37 rgb
4705 + * Fix version macros for 2.0.x as a module.
4707 + * Revision 1.16 1999/05/05 22:02:31 rgb
4708 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
4710 + * Revision 1.15 1999/04/29 15:16:55 rgb
4711 + * Add pfkey support to debugging.
4713 + * Revision 1.14 1999/04/15 15:37:24 rgb
4714 + * Forward check changes from POST1_00 branch.
4716 + * Revision 1.13 1999/04/11 00:28:58 henry
4719 + * Revision 1.12 1999/04/06 04:54:26 rgb
4720 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
4721 + * patch shell fixes.
4723 + * Revision 1.11 1999/02/12 21:13:17 rgb
4724 + * Moved KLIPS_PRINT into a more accessible place.
4726 + * Revision 1.10 1999/01/28 23:20:49 rgb
4727 + * Replace hard-coded numbers in macros and code with meaningful values
4728 + * automatically generated from sizeof() and offsetof() to further the
4729 + * goal of platform independance.
4731 + * Revision 1.9 1999/01/22 06:21:23 rgb
4732 + * Added algorithm switch code.
4733 + * Cruft clean-out.
4734 + * 64-bit clean-up.
4736 + * Revision 1.8 1998/12/01 05:57:42 rgb
4737 + * Add support for printing debug version info.
4739 + * Revision 1.7 1998/11/10 05:37:35 rgb
4740 + * Add support for SA direction flag.
4742 + * Revision 1.6 1998/10/25 02:40:45 rgb
4743 + * Fix bug in size of stucture passed in from user space for grpspi command.
4745 + * Revision 1.5 1998/10/19 14:44:29 rgb
4746 + * Added inclusion of freeswan.h.
4747 + * sa_id structure implemented and used: now includes protocol.
4749 + * Revision 1.4 1998/10/09 04:30:11 rgb
4750 + * Added support for '-replace' option to eroute.
4752 + * Revision 1.3 1998/07/27 21:54:22 rgb
4753 + * Rearrange structures for consistent alignment within a union.
4754 + * Add an option for clearing SA table.
4756 + * Revision 1.2 1998/07/14 18:05:51 rgb
4757 + * Added #ifdef __KERNEL__ directives to restrict scope of header.
4759 + * Revision 1.1 1998/06/18 21:27:49 henry
4760 + * move sources from klips/src to klips/net/ipsec, to keep stupid
4761 + * kernel-build scripts happier in the presence of symlinks
4763 + * Revision 1.4 1998/05/18 21:48:24 rgb
4764 + * Added switch for ungrouping spi's.
4766 + * Revision 1.3 1998/04/23 21:01:50 rgb
4767 + * Added a macro for userspace access to klips kernel debugging switches.
4769 + * Revision 1.2 1998/04/21 21:29:09 rgb
4770 + * Rearrange debug switches to change on the fly debug output from user
4771 + * space. Only kernel changes checked in at this time. radij.c was also
4772 + * changed to temporarily remove buggy debugging code in rj_delete causing
4773 + * an OOPS and hence, netlink device open errors.
4775 + * Revision 1.1 1998/04/09 03:06:09 henry
4776 + * sources moved up from linux/net/ipsec
4778 + * Revision 1.1.1.1 1998/04/08 05:35:03 henry
4779 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
4781 + * Revision 0.4 1997/01/15 01:28:15 ji
4784 + * Revision 0.3 1996/11/20 14:39:04 ji
4786 + * Rationalized debugging code.
4788 + * Revision 0.2 1996/11/02 00:18:33 ji
4789 + * First limited release.
4793 diff -druN linux-noipsec/net/ipsec/ipsec_radij.c linux/net/ipsec/ipsec_radij.c
4794 --- linux-noipsec/net/ipsec/ipsec_radij.c Thu Jan 1 01:00:00 1970
4795 +++ linux/net/ipsec/ipsec_radij.c Mon Nov 6 05:32:08 2000
4798 + * Interface between the IPSEC code and the radix (radij) tree code
4799 + * Copyright (C) 1996, 1997 John Ioannidis.
4800 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
4802 + * This program is free software; you can redistribute it and/or modify it
4803 + * under the terms of the GNU General Public License as published by the
4804 + * Free Software Foundation; either version 2 of the License, or (at your
4805 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
4807 + * This program is distributed in the hope that it will be useful, but
4808 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
4809 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
4810 + * for more details.
4815 +#include <linux/config.h>
4816 +#include <linux/version.h>
4818 +#include <linux/kernel.h> /* printk() */
4819 +#include <linux/malloc.h> /* kmalloc() */
4820 +#include <linux/errno.h> /* error codes */
4821 +#include <linux/types.h> /* size_t */
4822 +#include <linux/interrupt.h> /* mark_bh */
4824 +#include <linux/netdevice.h> /* struct device, and other headers */
4825 +#include <linux/etherdevice.h> /* eth_type_trans */
4826 +#include <linux/ip.h> /* struct iphdr */
4827 +#include <linux/skbuff.h>
4828 +#include <freeswan.h>
4831 +#include <linux/spinlock.h> /* *lock* */
4832 +#else /* 23_SPINLOCK */
4833 +#include <asm/spinlock.h> /* *lock* */
4834 +#endif /* 23_SPINLOCK */
4835 +#endif /* SPINLOCK */
4837 +#include <asm/uaccess.h>
4838 +#include <linux/in6.h>
4840 +#include <asm/checksum.h>
4841 +#include <net/ip.h>
4844 +#include "ipsec_encap.h"
4845 +#include "ipsec_radij.h"
4846 +#include "ipsec_netlink.h"
4847 +#include "ipsec_xform.h"
4849 +#ifdef CONFIG_IPSEC_DEBUG
4850 +int debug_radij = 0;
4851 +#endif /* CONFIG_IPSEC_DEBUG */
4853 +struct radij_node_head *rnh = 0;
4855 +spinlock_t eroute_lock = SPIN_LOCK_UNLOCKED;
4856 +#else /* SPINLOCK */
4857 +spinlock_t eroute_lock;
4858 +#endif /* SPINLOCK */
4861 +ipsec_radijinit(void)
4863 + maj_keylen = sizeof (struct sockaddr_encap);
4867 + if (rj_inithead((void **)&rnh, 16) == 0) /* 16 is bit offset of sen_type */
4873 +ipsec_radijcleanup(void)
4877 + spin_lock_bh(&eroute_lock);
4879 + error = radijcleanup();
4881 + spin_unlock_bh(&eroute_lock);
4887 +ipsec_cleareroutes(void)
4891 + spin_lock_bh(&eroute_lock);
4893 + error = radijcleartree();
4895 + spin_unlock_bh(&eroute_lock);
4901 +ipsec_breakroute(struct sockaddr_encap *eaddr, struct sockaddr_encap *emask)
4903 + struct radij_node *rn;
4905 +#ifdef CONFIG_IPSEC_DEBUG
4906 + char buf1[64], buf2[64];
4908 + if (debug_eroute) {
4909 + subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1));
4910 + subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2));
4911 + printk("klips_debug:ipsec_breakroute: attempting to delete eroute for %s->%s\n",
4914 +#endif /* CONFIG_IPSEC_DEBUG */
4916 + spin_lock_bh(&eroute_lock);
4918 + if ((error = rj_delete(eaddr, emask, rnh, &rn)) != 0) {
4919 + spin_unlock_bh(&eroute_lock);
4920 + KLIPS_PRINT(debug_eroute, "klips_debug:ipsec_breakroute: "
4921 + "node not found, eroute delete failed.\n");
4925 + spin_unlock_bh(&eroute_lock);
4927 + if (rn->rj_flags & (RJF_ACTIVE | RJF_ROOT))
4928 + panic ("ipsec_breakroute RMT_DELEROUTE root or active node\n");
4930 + memset((caddr_t)rn, 0, sizeof (struct eroute));
4937 +ipsec_makeroute(struct sockaddr_encap *eaddr, struct sockaddr_encap *emask, struct sa_id said)
4939 + struct eroute *retrt;
4941 + char sa[SATOA_BUF];
4943 +#ifdef CONFIG_IPSEC_DEBUG
4944 + char buf1[64], buf2[64];
4946 + if (debug_eroute) {
4947 + subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1));
4948 + subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2));
4949 + sa_len = satoa(said, 0, sa, SATOA_BUF);
4950 + printk("klips_debug:ipsec_makeroute: attempting to insert eroute for %s->%s, SA: %s\n",
4953 +#endif /* CONFIG_IPSEC_DEBUG */
4955 + retrt = (struct eroute *)kmalloc(sizeof (struct eroute), GFP_ATOMIC);
4956 + if (retrt == NULL) {
4957 + printk("klips_error:ipsec_makeroute: not able to allocate kernel memory");
4960 + memset((caddr_t)retrt, 0, sizeof (struct eroute));
4962 + retrt->er_eaddr = *eaddr;
4963 + retrt->er_emask = *emask;
4964 + retrt->er_said = said;
4965 + rd_key((&(retrt->er_rjt))) = &(retrt->er_eaddr);
4967 + spin_lock_bh(&eroute_lock);
4969 + error = rj_addroute(&(retrt->er_eaddr), &(retrt->er_emask),
4970 + rnh, retrt->er_rjt.rd_nodes);
4972 + spin_unlock_bh(&eroute_lock);
4975 + sa_len = satoa(said, 0, sa, SATOA_BUF);
4976 + printk("klips_debug:ipsec_makeroute: rj_addroute not able to insert eroute for SA:%s\n", sa);
4977 + kfree(retrt); /* XXX -- should we? */
4980 + KLIPS_PRINT(debug_eroute,
4981 + "klips_debug:ipsec_makeroute: succeeded, I think...\n");
4986 +ipsec_findroute(struct sockaddr_encap *eaddr)
4988 + struct radij_node *rn;
4989 +#ifdef CONFIG_IPSEC_DEBUG
4990 + char buf1[ADDRTOA_BUF], buf2[ADDRTOA_BUF];
4992 + if (debug_radij & DB_RJ_FINDROUTE) {
4993 + addrtoa(eaddr->sen_ip_src, 0, buf1, sizeof(buf1));
4994 + addrtoa(eaddr->sen_ip_dst, 0, buf2, sizeof(buf2));
4995 + printk("klips_debug:ipsec_findroute: %s->%s\n",
4998 +#endif /* CONFIG_IPSEC_DEBUG */
4999 + rn = rj_match((caddr_t)eaddr, rnh);
5000 + return (struct eroute *)rn;
5003 +#ifdef CONFIG_PROC_FS
5005 +ipsec_rj_walker_procprint(struct radij_node *rn, void *w0)
5007 + struct eroute *ro = (struct eroute *)rn;
5008 + struct rjtentry *rd = (struct rjtentry *)rn;
5009 + struct wsbuf *w = (struct wsbuf *)w0;
5010 + char buf1[64], buf2[64];
5011 + char sa[SATOA_BUF];
5013 + struct sockaddr_encap *key, *mask;
5015 + KLIPS_PRINT(debug_radij,
5016 + "klips_debug:ipsec_rj_walker_procprint: rn=%p, w0=%p\n",
5022 + if (rn->rj_b >= 0) {
5027 + mask = rd_mask(rd);
5029 + if ((key == 0) || (mask == 0)) {
5033 + subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1));
5034 + subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2));
5035 + sa_len = satoa(ro->er_said, 0, sa, SATOA_BUF);
5036 + w->len += sprintf(w->buffer + w->len,
5037 + "%-18s -> %-18s => %s\n",
5040 + w->pos = w->begin + w->len;
5041 + if(w->pos < w->offset) {
5043 + w->begin = w->pos;
5045 + if (w->pos > w->offset + w->length) {
5050 +#endif /* CONFIG_PROC_FS */
5053 +ipsec_rj_walker_delete(struct radij_node *rn, void *w0)
5055 + struct rjtentry *rd = (struct rjtentry *)rn;
5056 + struct radij_node *rn2;
5058 + struct sockaddr_encap *key, *mask;
5059 +#ifdef CONFIG_IPSEC_DEBUG
5060 + char buf1[64] = { 0 }, buf2[64] = { 0 };
5061 +#endif /* CONFIG_IPSEC_DEBUG */
5068 + mask = rd_mask(rd);
5070 + if(!key || !mask) {
5073 +#ifdef CONFIG_IPSEC_DEBUG
5075 + subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1));
5076 + subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2));
5077 + printk("klips_debug:ipsec_rj_walker_delete: deleting: %s -> %s\n",
5080 +#endif /* CONFIG_IPSEC_DEBUG */
5082 + if((error = rj_delete(key, mask, rnh, &rn2))) {
5083 + KLIPS_PRINT(debug_radij,
5084 + "klips_debug:ipsec_rj_walker_delete: "
5085 + "rj_delete failed with error=%d.\n", error);
5090 + printk("klips_debug:ipsec_rj_walker_delete: tried to delete a different node?!?"
5091 + "This should never happen!\n");
5093 + memset((caddr_t)rn, 0, sizeof (struct eroute));
5101 + * Revision 1.41 2000/11/06 04:32:08 rgb
5102 + * Ditched spin_lock_irqsave in favour of spin_lock_bh.
5104 + * Revision 1.40 2000/09/08 19:12:56 rgb
5105 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
5107 + * Revision 1.39 2000/08/30 05:25:20 rgb
5108 + * Correct debug text in ipsec_breakroute() from incorrect
5109 + * "ipsec_callback".
5111 + * Revision 1.38 2000/07/28 14:58:31 rgb
5112 + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
5114 + * Revision 1.37 2000/03/16 14:02:50 rgb
5115 + * Fixed debug scope to enable compilation with debug off.
5117 + * Revision 1.36 2000/01/21 06:14:46 rgb
5118 + * Added debugging text to ipsec_rj_walker_delete().
5119 + * Set return code to negative for consistency.
5121 + * Revision 1.35 1999/11/23 23:05:24 rgb
5122 + * Use provided macro ADDRTOA_BUF instead of hardcoded value.
5124 + * Revision 1.34 1999/11/18 04:13:56 rgb
5125 + * Replaced all kernel version macros to shorter, readable form.
5126 + * Added CONFIG_PROC_FS compiler directives in case it is shut off.
5128 + * Revision 1.33 1999/11/17 15:53:39 rgb
5129 + * Changed all occurrences of #include "../../../lib/freeswan.h"
5130 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
5131 + * klips/net/ipsec/Makefile.
5133 + * Revision 1.32 1999/10/26 13:58:33 rgb
5134 + * Put spinlock flags variable declaration outside the debug compiler
5135 + * directive to enable compilation with debug shut off.
5137 + * Revision 1.31 1999/10/15 22:13:29 rgb
5138 + * Clean out cruft.
5139 + * Align /proc/net/ipsec_eroute output for easier readability.
5140 + * Fix double linefeed in radij debug output.
5141 + * Fix double locking bug that locks up 2.0.36 but not 2.0.38.
5143 + * Revision 1.30 1999/10/08 18:37:33 rgb
5144 + * Fix end-of-line spacing to sate whining PHMs.
5146 + * Revision 1.29 1999/10/03 18:52:45 rgb
5147 + * Spinlock support for 2.0.xx.
5148 + * Dumb return code spin_unlock fix.
5150 + * Revision 1.28 1999/10/01 16:22:24 rgb
5151 + * Switch from assignment init. to functional init. of spinlocks.
5153 + * Revision 1.27 1999/10/01 15:44:53 rgb
5154 + * Move spinlock header include to 2.1> scope.
5156 + * Revision 1.26 1999/10/01 00:01:23 rgb
5157 + * Added eroute structure locking.
5159 + * Revision 1.25 1999/06/10 16:07:30 rgb
5160 + * Silence delete eroute on no debug.
5162 + * Revision 1.24 1999/05/09 03:25:36 rgb
5163 + * Fix bug introduced by 2.2 quick-and-dirty patch.
5165 + * Revision 1.23 1999/05/05 22:02:31 rgb
5166 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
5168 + * Revision 1.22 1999/04/29 15:17:23 rgb
5169 + * Add return values to init and cleanup functions.
5170 + * Add sanity checking for null pointer arguments.
5172 + * Revision 1.21 1999/04/11 00:28:58 henry
5175 + * Revision 1.20 1999/04/06 04:54:26 rgb
5176 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
5177 + * patch shell fixes.
5179 + * Revision 1.19 1999/02/17 16:50:35 rgb
5180 + * Clean out unused cruft.
5181 + * Consolidate for space and speed efficiency.
5182 + * Convert DEBUG_IPSEC to KLIPS_PRINT
5184 + * Revision 1.18 1999/01/22 06:22:06 rgb
5185 + * Cruft clean-out.
5186 + * 64-bit clean-up.
5188 + * Revision 1.17 1998/12/02 03:09:39 rgb
5189 + * Clean up debug printing conditionals to compile with debugging off.
5191 + * Revision 1.16 1998/12/01 13:49:39 rgb
5192 + * Wrap version info printing in debug switches.
5194 + * Revision 1.15 1998/11/30 13:22:54 rgb
5195 + * Rationalised all the klips kernel file headers. They are much shorter
5196 + * now and won't conflict under RH5.2.
5198 + * Revision 1.14 1998/10/31 06:48:17 rgb
5199 + * Fixed up comments in #endif directives.
5201 + * Revision 1.13 1998/10/27 13:48:09 rgb
5202 + * Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts.
5203 + * Fixed less(1) truncated output bug.
5206 + * Revision 1.12 1998/10/25 02:41:36 rgb
5207 + * Change return type on ipsec_breakroute and ipsec_makeroute and add an
5208 + * argument to be able to transmit more infomation about errors.
5209 + * Fix cut-and-paste debug statement identifier.
5211 + * Revision 1.11 1998/10/22 06:45:39 rgb
5212 + * Cleaned up cruft.
5213 + * Convert to use satoa for printk.
5215 + * Revision 1.10 1998/10/19 14:44:28 rgb
5216 + * Added inclusion of freeswan.h.
5217 + * sa_id structure implemented and used: now includes protocol.
5219 + * Revision 1.9 1998/10/09 04:30:52 rgb
5220 + * Added 'klips_debug' prefix to all klips printk debug statements.
5221 + * Deleted old commented out cruft.
5223 + * Revision 1.8 1998/08/06 17:24:23 rgb
5224 + * Fix addrtoa return code bug from stale manpage advice preventing packets
5225 + * from being erouted.
5227 + * Revision 1.7 1998/08/06 07:44:59 rgb
5228 + * Fixed /proc/net/ipsec_eroute subnettoa and addrtoa return value bug that
5229 + * ended up in nothing being printed.
5231 + * Revision 1.6 1998/08/05 22:16:41 rgb
5232 + * Cleanup to prevent cosmetic errors (ie. debug output) from being fatal.
5234 + * Revision 1.5 1998/07/29 20:38:44 rgb
5235 + * Debug and fix subnettoa and addrtoa output.
5237 + * Revision 1.4 1998/07/28 00:02:39 rgb
5238 + * Converting to exclusive use of addrtoa.
5239 + * Fix eroute delete.
5241 + * Revision 1.3 1998/07/14 18:21:26 rgb
5242 + * Add function to clear the eroute table.
5244 + * Revision 1.2 1998/06/23 02:59:14 rgb
5245 + * Added debugging output to eroute add/delete routines.
5247 + * Revision 1.9 1998/06/18 21:29:06 henry
5248 + * move sources from klips/src to klips/net/ipsec, to keep stupid kernel
5249 + * build scripts happier in presence of symbolic links
5251 + * Revision 1.8 1998/06/05 02:32:26 rgb
5252 + * Fix spi ntoh kernel debug output.
5254 + * Revision 1.7 1998/05/25 20:30:37 rgb
5255 + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
5257 + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
5258 + * add ipsec_rj_walker_delete.
5260 + * Revision 1.6 1998/05/21 13:08:57 rgb
5261 + * Rewrote procinfo subroutines to avoid *bad things* when more that 3k of
5262 + * information is available for printout.
5264 + * Revision 1.5 1998/05/18 21:35:55 rgb
5265 + * Clean up output for numerical consistency and readability. Zero freed
5268 + * Revision 1.4 1998/04/21 21:28:58 rgb
5269 + * Rearrange debug switches to change on the fly debug output from user
5270 + * space. Only kernel changes checked in at this time. radij.c was also
5271 + * changed to temporarily remove buggy debugging code in rj_delete causing
5272 + * an OOPS and hence, netlink device open errors.
5274 + * Revision 1.3 1998/04/14 17:30:39 rgb
5275 + * Fix up compiling errors for radij tree memory reclamation.
5277 + * Revision 1.2 1998/04/12 22:03:23 rgb
5278 + * Updated ESP-3DES-HMAC-MD5-96,
5279 + * ESP-DES-HMAC-MD5-96,
5281 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
5282 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
5284 + * Fixed eroute references in /proc/net/ipsec*.
5286 + * Started to patch module unloading memory leaks in ipsec_netlink and
5287 + * radij tree unloading.
5289 + * Revision 1.1 1998/04/09 03:06:10 henry
5290 + * sources moved up from linux/net/ipsec
5292 + * Revision 1.1.1.1 1998/04/08 05:35:03 henry
5293 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
5295 + * Revision 0.4 1997/01/15 01:28:15 ji
5298 + * Revision 0.3 1996/11/20 14:39:04 ji
5300 + * Rationalized debugging code.
5302 + * Revision 0.2 1996/11/02 00:18:33 ji
5303 + * First limited release.
5307 diff -druN linux-noipsec/net/ipsec/ipsec_radij.h linux/net/ipsec/ipsec_radij.h
5308 --- linux-noipsec/net/ipsec/ipsec_radij.h Thu Jan 1 01:00:00 1970
5309 +++ linux/net/ipsec/ipsec_radij.h Fri Sep 8 21:12:56 2000
5312 + * Definitions relevant to the IPSEC <> radij tree interfacing
5313 + * Copyright (C) 1996, 1997 John Ioannidis.
5314 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
5316 + * This program is free software; you can redistribute it and/or modify it
5317 + * under the terms of the GNU General Public License as published by the
5318 + * Free Software Foundation; either version 2 of the License, or (at your
5319 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
5321 + * This program is distributed in the hope that it will be useful, but
5322 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
5323 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
5324 + * for more details.
5329 +#include <freeswan.h>
5331 +int ipsec_walk(char *);
5333 +int ipsec_rj_walker_procprint(struct radij_node *, void *);
5334 +int ipsec_rj_walker_delete(struct radij_node *, void *);
5348 +struct eroute * ipsec_makeroute(struct sockaddr_encap *ea, struct sockaddr_encap *em, struct sa_id);
5350 +int ipsec_makeroute(struct sockaddr_encap *ea, struct sockaddr_encap *em, struct sa_id);
5353 +struct eroute * ipsec_breakroute(struct sockaddr_encap *ea, struct sockaddr_encap *em);
5355 +int ipsec_breakroute(struct sockaddr_encap *ea, struct sockaddr_encap *em);
5357 +int ipsec_radijinit(void);
5358 +int ipsec_cleareroutes(void);
5359 +int ipsec_radijcleanup(void);
5361 +extern struct radij_node_head *rnh;
5362 +extern spinlock_t eroute_lock;
5364 +struct eroute * ipsec_findroute(struct sockaddr_encap *);
5366 +#define O1(x) (int)(((x)>>24)&0xff)
5367 +#define O2(x) (int)(((x)>>16)&0xff)
5368 +#define O3(x) (int)(((x)>>8)&0xff)
5369 +#define O4(x) (int)(((x))&0xff)
5371 +#ifdef CONFIG_IPSEC_DEBUG
5372 +extern int debug_radij;
5373 +void rj_dumptrees(void);
5375 +#define DB_RJ_DUMPTREES 0x0001
5376 +#define DB_RJ_FINDROUTE 0x0002
5377 +#endif /* CONFIG_IPSEC_DEBUG */
5381 + * Revision 1.11 2000/09/08 19:12:56 rgb
5382 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
5384 + * Revision 1.10 1999/11/17 15:53:39 rgb
5385 + * Changed all occurrences of #include "../../../lib/freeswan.h"
5386 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
5387 + * klips/net/ipsec/Makefile.
5389 + * Revision 1.9 1999/10/01 00:01:23 rgb
5390 + * Added eroute structure locking.
5392 + * Revision 1.8 1999/04/11 00:28:59 henry
5395 + * Revision 1.7 1999/04/06 04:54:26 rgb
5396 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
5397 + * patch shell fixes.
5399 + * Revision 1.6 1999/01/22 06:23:26 rgb
5400 + * Cruft clean-out.
5402 + * Revision 1.5 1998/10/25 02:42:08 rgb
5403 + * Change return type on ipsec_breakroute and ipsec_makeroute and add an
5404 + * argument to be able to transmit more infomation about errors.
5406 + * Revision 1.4 1998/10/19 14:44:29 rgb
5407 + * Added inclusion of freeswan.h.
5408 + * sa_id structure implemented and used: now includes protocol.
5410 + * Revision 1.3 1998/07/28 00:03:31 rgb
5411 + * Comment out temporary inet_nto4u() kluge.
5413 + * Revision 1.2 1998/07/14 18:22:00 rgb
5414 + * Add function to clear the eroute table.
5416 + * Revision 1.1 1998/06/18 21:27:49 henry
5417 + * move sources from klips/src to klips/net/ipsec, to keep stupid
5418 + * kernel-build scripts happier in the presence of symlinks
5420 + * Revision 1.5 1998/05/25 20:30:38 rgb
5421 + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
5423 + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
5424 + * add ipsec_rj_walker_delete.
5426 + * Revision 1.4 1998/05/21 13:02:56 rgb
5427 + * Imported definitions from ipsec_radij.c and radij.c to support /proc 3k
5430 + * Revision 1.3 1998/04/21 21:29:09 rgb
5431 + * Rearrange debug switches to change on the fly debug output from user
5432 + * space. Only kernel changes checked in at this time. radij.c was also
5433 + * changed to temporarily remove buggy debugging code in rj_delete causing
5434 + * an OOPS and hence, netlink device open errors.
5436 + * Revision 1.2 1998/04/14 17:30:39 rgb
5437 + * Fix up compiling errors for radij tree memory reclamation.
5439 + * Revision 1.1 1998/04/09 03:06:10 henry
5440 + * sources moved up from linux/net/ipsec
5442 + * Revision 1.1.1.1 1998/04/08 05:35:04 henry
5443 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
5445 + * Revision 0.4 1997/01/15 01:28:15 ji
5448 + * Revision 0.3 1996/11/20 14:39:04 ji
5450 + * Rationalized debugging code.
5452 + * Revision 0.2 1996/11/02 00:18:33 ji
5453 + * First limited release.
5457 diff -druN linux-noipsec/net/ipsec/ipsec_rcv.c linux/net/ipsec/ipsec_rcv.c
5458 --- linux-noipsec/net/ipsec/ipsec_rcv.c Thu Jan 1 01:00:00 1970
5459 +++ linux/net/ipsec/ipsec_rcv.c Sat Nov 25 04:50:36 2000
5463 + * Copyright (C) 1996, 1997 John Ioannidis.
5464 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
5466 + * This program is free software; you can redistribute it and/or modify it
5467 + * under the terms of the GNU General Public License as published by the
5468 + * Free Software Foundation; either version 2 of the License, or (at your
5469 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
5471 + * This program is distributed in the hope that it will be useful, but
5472 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
5473 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
5474 + * for more details.
5477 +char ipsec_rcv_c_version[] = "RCSID $Id$";
5479 +#include <linux/config.h>
5480 +#include <linux/version.h>
5482 +#define __NO_VERSION__
5483 +#include <linux/module.h>
5485 +#include <linux/kernel.h> /* printk() */
5486 +#include <linux/malloc.h> /* kmalloc() */
5487 +#include <linux/errno.h> /* error codes */
5488 +#include <linux/types.h> /* size_t */
5489 +#include <linux/interrupt.h> /* mark_bh */
5491 +#include <linux/netdevice.h> /* struct device, and other headers */
5492 +#include <linux/etherdevice.h> /* eth_type_trans */
5493 +#include <linux/ip.h> /* struct iphdr */
5494 +#include <linux/skbuff.h>
5495 +#include <freeswan.h>
5498 +#include <linux/spinlock.h> /* *lock* */
5499 +#else /* SPINLOCK_23 */
5500 +#include <asm/spinlock.h> /* *lock* */
5501 +#endif /* SPINLOCK_23 */
5502 +#endif /* SPINLOCK */
5504 +#include <asm/uaccess.h>
5505 +#include <linux/in6.h>
5506 +#define proto_priv cb
5508 +#include <asm/checksum.h>
5509 +#include <net/ip.h>
5512 +#include "ipsec_encap.h"
5513 +#include "ipsec_radij.h"
5514 +#include "ipsec_netlink.h"
5515 +#include "ipsec_xform.h"
5516 +#include "ipsec_tunnel.h"
5517 +#include "ipsec_rcv.h"
5518 +#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH)
5519 +#include "ipsec_ah.h"
5520 +#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */
5521 +#ifdef CONFIG_IPSEC_ESP
5522 +#include "ipsec_esp.h"
5523 +#endif /* !CONFIG_IPSEC_ESP */
5524 +#ifdef CONFIG_IPSEC_IPCOMP
5525 +#include "ipcomp.h"
5526 +#endif /* CONFIG_IPSEC_COMP */
5528 +#include <pfkeyv2.h>
5531 +#ifdef CONFIG_IPSEC_DEBUG
5535 +#endif /* CONFIG_IPSEC_DEBUG */
5537 +int sysctl_ipsec_inbound_policy_check = 1;
5539 +#ifdef CONFIG_IPSEC_ESP
5540 +extern void des_ede3_cbc_encrypt(caddr_t, caddr_t, int, caddr_t, caddr_t, caddr_t, caddr_t, int);
5541 +#endif /* !CONFIG_IPSEC_ESP */
5542 +#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH)
5543 +__u32 zeroes[AH_AMAX];
5544 +#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */
5547 + * Check-replay-window routine, adapted from the original
5548 + * by J. Hughes, from draft-ietf-ipsec-esp-des-md5-03.txt
5550 + * This is a routine that implements a 64 packet window. This is intend-
5551 + * ed on being an implementation sample.
5554 +DEBUG_NO_STATIC int
5555 +ipsec_checkreplaywindow(struct tdb*tdbp, __u32 seq)
5559 + if (tdbp->tdb_replaywin == 0) /* replay shut off */
5562 + return 0; /* first == 0 or wrapped */
5564 + /* new larger sequence number */
5565 + if (seq > tdbp->tdb_replaywin_lastseq) {
5566 + return 1; /* larger is good */
5568 + diff = tdbp->tdb_replaywin_lastseq - seq;
5570 + /* too old or wrapped */ /* if wrapped, kill off SA? */
5571 + if (diff >= tdbp->tdb_replaywin) {
5574 + /* this packet already seen */
5575 + if (tdbp->tdb_replaywin_bitmap & (1 << diff))
5577 + return 1; /* out of order but good */
5580 +DEBUG_NO_STATIC int
5581 +ipsec_updatereplaywindow(struct tdb*tdbp, __u32 seq)
5585 + if (tdbp->tdb_replaywin == 0) /* replay shut off */
5588 + return 0; /* first == 0 or wrapped */
5590 + /* new larger sequence number */
5591 + if (seq > tdbp->tdb_replaywin_lastseq) {
5592 + diff = seq - tdbp->tdb_replaywin_lastseq;
5594 + /* In win, set bit for this pkt */
5595 + if (diff < tdbp->tdb_replaywin)
5596 + tdbp->tdb_replaywin_bitmap =
5597 + (tdbp->tdb_replaywin_bitmap << diff) | 1;
5599 + /* This packet has way larger seq num */
5600 + tdbp->tdb_replaywin_bitmap = 1;
5602 + if(seq - tdbp->tdb_replaywin_lastseq - 1 > tdbp->tdb_replaywin_maxdiff) {
5603 + tdbp->tdb_replaywin_maxdiff = seq - tdbp->tdb_replaywin_lastseq - 1;
5605 + tdbp->tdb_replaywin_lastseq = seq;
5606 + return 1; /* larger is good */
5608 + diff = tdbp->tdb_replaywin_lastseq - seq;
5610 + /* too old or wrapped */ /* if wrapped, kill off SA? */
5611 + if (diff >= tdbp->tdb_replaywin) {
5613 + if(seq < 0.25*max && tdbp->tdb_replaywin_lastseq > 0.75*max) {
5614 + deltdbchain(tdbp);
5619 + /* this packet already seen */
5620 + if (tdbp->tdb_replaywin_bitmap & (1 << diff))
5622 + tdbp->tdb_replaywin_bitmap |= (1 << diff); /* mark as seen */
5623 + return 1; /* out of order but good */
5628 +ipsec_rcv(struct sk_buff *skb, unsigned short xlen)
5630 +ipsec_rcv(struct sk_buff *skb, struct device *dev, struct options *opt,
5631 + __u32 daddr, unsigned short xlen, __u32 saddr,
5632 + int redo, struct inet_protocol *protocol)
5633 +#endif /* NET_21 */
5636 +#ifdef CONFIG_IPSEC_DEBUG
5637 + struct device *dev = skb->dev;
5638 +#endif /* CONFIG_IPSEC_DEBUG */
5639 +#endif /* NET_21 */
5640 + unsigned char protoc;
5641 + struct iphdr *ipp;
5643 +#ifdef CONFIG_IPSEC_ESP
5644 + struct esp *espp = NULL;
5647 +#endif /* !CONFIG_IPSEC_ESP */
5648 +#ifdef CONFIG_IPSEC_AH
5649 + struct ah *ahp = NULL;
5652 +#endif /* CONFIG_IPSEC_AH */
5653 + unsigned char *authenticator = NULL;
5658 + __u8 hash[AH_AMAX];
5659 +#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH)
5660 +#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */
5661 +#ifdef CONFIG_IPSEC_IPCOMP
5662 + struct ipcomphdr*compp = NULL;
5663 +#endif /* CONFIG_IPSEC_IPCOMP */
5665 + int hard_header_len;
5667 + unsigned char *dat;
5668 + struct tdb *tdbp = NULL;
5669 + struct sa_id said;
5670 + struct net_device_stats *stats = NULL; /* This device's statistics */
5671 + struct device *ipsecdev = NULL, *prvdev;
5672 + struct ipsecpriv *prv;
5674 + char sa[SATOA_BUF];
5676 + char ipaddr_txt[ADDRTOA_BUF];
5678 + struct in_addr ipaddr;
5679 + __u8 next_header = 0;
5682 +#ifdef CONFIG_IPSEC_ESP
5683 + int pad = 0, padlen;
5684 +#endif /* CONFIG_IPSEC_ESP */
5685 + int ilen, len, replay = 0;
5687 + struct tdb* tdbprev = NULL;
5688 + struct tdb* tdbnext = NULL;
5689 +#ifdef INBOUND_POLICY_CHECK_eroute
5690 + struct sockaddr_encap matcher; /* eroute search key */
5691 + struct eroute *er;
5692 + struct tdb* policy_tdb = NULL;
5693 + struct sa_id policy_said;
5694 + struct sockaddr_encap policy_eaddr;
5695 + struct sockaddr_encap policy_emask;
5696 +#endif /* INBOUND_POLICY_CHECK_eroute */
5698 + /* Don't unlink in the middle of a turnaround */
5699 + MOD_INC_USE_COUNT;
5701 + if (skb == NULL) {
5702 + KLIPS_PRINT(debug_rcv,
5703 + "klips_debug:ipsec_rcv: "
5704 + "NULL skb passed in.\n");
5708 + if (skb->data == NULL) {
5709 + KLIPS_PRINT(debug_rcv,
5710 + "klips_debug:ipsec_rcv: "
5711 + "NULL skb->data passed in, packet is bogus, dropping.\n");
5715 + ipp = (struct iphdr *)skb->data;
5716 + iphlen = ipp->ihl << 2;
5717 + /* dev->hard_header_len is unreliable and should not be used */
5718 + hard_header_len = skb->mac.raw ? (skb->data - skb->mac.raw) : 0;
5719 + if((hard_header_len < 0) || (hard_header_len > skb_headroom(skb)))
5720 + hard_header_len = 0;
5723 + /* if skb was cloned (most likely due to a packet sniffer such as
5724 + tcpdump being momentarily attached to the interface), make
5725 + a copy of our own to modify */
5726 + if(skb_cloned(skb)) {
5727 + /* include any mac header while copying.. */
5728 + if(skb_headroom(skb) < hard_header_len) {
5729 + printk(KERN_WARNING "klips_error:ipsec_rcv: "
5730 + "tried to skb_push hhlen=%d, %d available. "
5731 + "This should never happen, please report.\n",
5732 + hard_header_len, skb_headroom(skb));
5735 + skb_push(skb, hard_header_len);
5736 + if ((skb = skb_cow(skb, skb_headroom(skb))) == NULL) {
5739 + if(skb->len < hard_header_len) {
5740 + printk(KERN_WARNING "klips_error:ipsec_rcv: "
5741 + "tried to skb_pull hhlen=%d, %d available. "
5742 + "This should never happen, please report.\n",
5743 + hard_header_len, skb->len);
5746 + skb_pull(skb, hard_header_len);
5749 +#endif /* NET_21 */
5751 + KLIPS_PRINT(debug_rcv,
5752 + "klips_debug:ipsec_rcv: <<< Info -- ");
5753 + KLIPS_PRINTMORE(debug_rcv && skb->dev, "skb->dev=%s ",
5754 + skb->dev->name ? skb->dev->name : "NULL");
5755 + KLIPS_PRINTMORE(debug_rcv && dev, "dev=%s ",
5756 + dev->name ? dev->name : "NULL");
5757 + KLIPS_PRINTMORE(debug_rcv, "\n");
5759 + KLIPS_PRINT(debug_rcv && !(skb->dev && dev && (skb->dev == dev)),
5760 + "klips_debug:ipsec_rcv: Informational -- "
5761 + "**if this happens, find out why** "
5762 + "skb->dev:%s is not equal to dev:%s\n",
5763 + skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL",
5764 + dev ? (dev->name ? dev->name : "NULL") : "NULL");
5766 + protoc = ipp->protocol;
5768 + if((!protocol) || (protocol->protocol != protoc)) {
5769 + KLIPS_PRINT(debug_rcv & DB_RX_TDB,
5770 + "klips_debug:ipsec_rcv: "
5771 + "protocol arg is NULL or unequal to the packet contents, this is odd, using value in packet.\n");
5773 +#endif /* !NET_21 */
5775 + if( (protoc != IPPROTO_AH) &&
5776 +#ifdef CONFIG_IPSEC_IPCOMP
5777 + (protoc != IPPROTO_COMP) &&
5778 +#endif /* CONFIG_IPSEC_IPCOMP */
5779 + (protoc != IPPROTO_ESP) ) {
5780 + KLIPS_PRINT(debug_rcv & DB_RX_TDB,
5781 + "klips_debug:ipsec_rcv: Why the hell is someone "
5782 + "passing me a non-ipsec packet? -- dropped.\n");
5787 + for(i = 0; i < IPSEC_NUM_IF; i++) {
5788 + sprintf(name, "ipsec%d", i);
5789 + if(!strcmp(name, skb->dev->name)) {
5790 + prv = (struct ipsecpriv *)(skb->dev->priv);
5792 + stats = (struct net_device_stats *) &(prv->mystats);
5794 + ipsecdev = skb->dev;
5795 + KLIPS_PRINT(debug_rcv,
5796 + "klips_debug:ipsec_rcv: Info -- pkt "
5797 + "already proc'ed a group of ipsec headers, "
5798 + "processing next group of ipsec headers.\n");
5801 + if((ipsecdev = ipsec_dev_get(name)) == NULL) {
5802 + KLIPS_PRINT(debug_rcv,
5803 + "klips_error:ipsec_rcv: device %s does "
5804 + "not exist\n", name);
5806 + prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL;
5807 + prvdev = prv ? (struct device *)(prv->dev) : NULL;
5809 + KLIPS_PRINT(debug_rcv && prvdev,
5810 + "klips_debug:ipsec_rcv: physical device"
5811 + " for device %s is %s\n",
5812 + name, prvdev->name);
5813 + if(prvdev && skb->dev &&
5814 + !strcmp(prvdev->name, skb->dev->name)) {
5815 + stats = prv ? ((struct net_device_stats *) &(prv->mystats)) : NULL;
5816 + skb->dev = ipsecdev;
5818 + stats->rx_packets++;
5824 + KLIPS_PRINT(debug_rcv,
5825 + "klips_debug:ipsec_rcv: device supplied"
5826 + " with skb is NULL\n");
5832 + KLIPS_PRINT((debug_rcv && !stats),
5833 + "klips_error:ipsec_rcv: packet received from physical "
5834 + "I/F (%s) not connected to ipsec I/F. Cannot record "
5836 + "klips_error May not have SA for decoding. "
5837 + "Is IPSEC traffic expected on this I/F? "
5838 + "Check routing.\n",
5839 + skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL");
5841 + KLIPS_IP_PRINT(debug_rcv, ipp);
5843 + /* begin decapsulating loop here */
5846 +#ifdef CONFIG_IPSEC_ESP
5849 +#endif /* !CONFIG_IPSEC_ESP */
5850 +#ifdef CONFIG_IPSEC_AH
5853 +#endif /* CONFIG_IPSEC_AH */
5854 +#ifdef CONFIG_IPSEC_IPCOMP
5856 +#endif /* CONFIG_IPSEC_IPCOMP */
5860 + ipp = (struct iphdr *)skb->data;
5861 + proto = ipp->protocol;
5862 + ipaddr.s_addr = ipp->saddr;
5863 + addrtoa(ipaddr, 0, ipaddr_txt, sizeof(ipaddr_txt));
5865 + iphlen = ipp->ihl << 2;
5866 + ipp->check = 0; /* we know the sum is good */
5868 +#ifdef CONFIG_IPSEC_ESP
5869 + /* XXX this will need to be 8 for IPv6 */
5870 + if ((proto == IPPROTO_ESP) && ((len - iphlen) % 4)) {
5871 + printk("klips_error:ipsec_rcv: "
5872 + "got packet with content length = %d from %s "
5873 + "-- should be on 4 octet boundary, packet dropped\n",
5874 + len - iphlen, ipaddr_txt);
5876 + stats->rx_errors++;
5880 +#endif /* !CONFIG_IPSEC_ESP */
5883 + * Find tunnel control block and (indirectly) call the
5884 + * appropriate tranform routine. The resulting sk_buf
5885 + * is a valid IP packet ready to go through input processing.
5888 + said.dst.s_addr = ipp->daddr;
5890 +#ifdef CONFIG_IPSEC_ESP
5892 + espp = (struct esp *)(skb->data + iphlen);
5893 + said.spi = espp->esp_spi;
5895 +#endif /* !CONFIG_IPSEC_ESP */
5896 +#ifdef CONFIG_IPSEC_AH
5898 + ahp = (struct ah *)(skb->data + iphlen);
5899 + said.spi = ahp->ah_spi;
5901 +#endif /* CONFIG_IPSEC_AH */
5902 +#ifdef CONFIG_IPSEC_IPCOMP
5903 + case IPPROTO_COMP:
5904 + compp = (struct ipcomphdr *)(skb->data + iphlen);
5905 + said.spi = htonl((__u32)ntohs(compp->ipcomp_cpi));
5907 +#endif /* CONFIG_IPSEC_IPCOMP */
5910 + stats->rx_errors++;
5914 + said.proto = proto;
5915 + sa_len = satoa(said, 0, sa, SATOA_BUF);
5917 +#ifdef CONFIG_IPSEC_AH
5918 + if(proto == IPPROTO_AH) {
5919 + ahhlen = (ahp->ah_hl << 2) +
5920 + ((caddr_t)&(ahp->ah_rpl) - (caddr_t)ahp);
5921 + next_header = ahp->ah_nh;
5922 + if (ahhlen != sizeof(struct ah)) {
5923 + KLIPS_PRINT(debug_rcv & DB_RX_INAU,
5924 + "klips_debug:ipsec_rcv: bad "
5925 + "authenticator length %d, expected "
5927 + ahhlen - ((caddr_t)(ahp->ah_data) -
5932 + stats->rx_errors++;
5938 +#endif /* CONFIG_IPSEC_AH */
5941 + * The spinlock is to prevent any other process from
5942 + * accessing or deleting the structure while we are
5943 + * using and updating it.
5945 + spin_lock(&tdb_lock);
5947 +#ifdef CONFIG_IPSEC_IPCOMP
5948 + if (proto == IPPROTO_COMP) {
5949 + unsigned int flags = 0;
5950 + if (tdbp == NULL) {
5951 + KLIPS_PRINT(debug_rcv,
5952 + "klips_debug:ipsec_rcv: "
5953 + "Incoming packet with outer IPCOMP "
5954 + "header SA:%s: not yet supported "
5955 + "by KLIPS, dropped\n", sa);
5957 + stats->rx_dropped++;
5960 + spin_unlock(&tdb_lock);
5967 + if(sysctl_ipsec_inbound_policy_check
5968 + && ((tdbp == NULL)
5969 + || ((tdbp != NULL)
5970 + && ((ntohl(tdbp->tdb_said.spi) & 0x0000ffff)
5971 + != ntohl(said.spi))))) {
5972 + char sa2[SATOA_BUF];
5975 + sa_len = satoa(tdbp->tdb_said, 0, sa2, SATOA_BUF);
5977 + KLIPS_PRINT(debug_rcv,
5978 + "klips_debug:ipsec_rcv: "
5979 + "Incoming packet with SA(IPCA):%s "
5980 + "does not match policy SA(IPCA):%s "
5981 + "cpi=%04x cpi->spi=%08x spi=%08x, spi->cpi=%04x for "
5982 + "SA grouping, dropped.\n",
5984 + tdbp ? sa2 : "NULL",
5985 + ntohs(compp->ipcomp_cpi),
5986 + (__u32)ntohl(said.spi),
5987 + tdbp ? (__u32)ntohl((tdbp->tdb_said.spi)) : 0,
5988 + tdbp ? (__u16)(ntohl(tdbp->tdb_said.spi) & 0x0000ffff) : 0);
5990 + stats->rx_dropped++;
5993 + spin_unlock(&tdb_lock);
5998 + tdbp->tdb_comp_ratio_cbytes += ntohs(ipp->tot_len);
5999 + tdbnext = tdbp->tdb_inext;
6001 + next_header = compp->ipcomp_nh;
6003 + skb = skb_decompress(skb, tdbp, &flags);
6004 + if (!skb || flags) {
6005 + KLIPS_PRINT(debug_rcv,
6006 + "klips_debug:ipsec_rcv: "
6007 + "skb_decompress() returned "
6008 + "error flags=%x, dropped.\n",
6012 + stats->rx_errors++;
6014 + stats->rx_dropped++;
6017 + spin_unlock(&tdb_lock);
6021 + ipp = skb->nh.iph;
6023 + ipp = skb->ip_hdr;
6024 +#endif /* NET_21 */
6027 + tdbp->tdb_comp_ratio_dbytes += ntohs(ipp->tot_len);
6030 + KLIPS_PRINT(debug_rcv,
6031 + "klips_debug:ipsec_rcv: "
6032 + "packet decompressed SA(IPCA):%s "
6033 + "cpi->spi=%08x spi=%08x, spi->cpi=%04x, nh=%d.\n",
6035 + (__u32)ntohl(said.spi),
6036 + tdbp ? (__u32)ntohl((tdbp->tdb_said.spi)) : 0,
6037 + tdbp ? (__u16)(ntohl(tdbp->tdb_said.spi) & 0x0000ffff) : 0,
6039 + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp);
6042 + /* Skip rest of stuff and decapsulate next inner
6045 +#endif /* CONFIG_IPSEC_IPCOMP */
6047 + tdbp = gettdb(&said);
6048 + if (tdbp == NULL) {
6049 + spin_unlock(&tdb_lock);
6050 + KLIPS_PRINT(debug_rcv,
6051 + "klips_debug:ipsec_rcv: no Tunnel Descriptor "
6052 + "Block for SA:%s: incoming packet with no SA "
6055 + stats->rx_dropped++;
6060 + if(sysctl_ipsec_inbound_policy_check) {
6061 + if(ipp->saddr != ((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr.s_addr) {
6062 + spin_unlock(&tdb_lock);
6063 + ipaddr.s_addr = ipp->saddr;
6064 + addrtoa(ipaddr, 0, ipaddr_txt, sizeof(ipaddr_txt));
6065 + KLIPS_PRINT(debug_rcv,
6066 + "klips_debug:ipsec_rcv: "
6067 + "SA:%s, src=%s of pkt does not agree with expected SA source address policy.\n",
6070 + stats->rx_dropped++;
6075 + ipaddr.s_addr = ipp->saddr;
6076 + addrtoa(ipaddr, 0, ipaddr_txt, sizeof(ipaddr_txt));
6077 + KLIPS_PRINT(debug_rcv,
6078 + "klips_debug:ipsec_rcv: "
6079 + "SA:%s, src=%s of pkt agrees with expected SA source address policy.\n",
6083 + if(tdbnext != tdbp) {
6084 + spin_unlock(&tdb_lock);
6085 + KLIPS_PRINT(debug_rcv,
6086 + "klips_debug:ipsec_rcv: "
6087 + "unexpected SA:%s: does not agree with tdb->inext policy, dropped\n",
6090 + stats->rx_dropped++;
6094 + KLIPS_PRINT(debug_rcv,
6095 + "klips_debug:ipsec_rcv: "
6096 + "SA:%s grouping from previous SA is OK.\n",
6099 + KLIPS_PRINT(debug_rcv,
6100 + "klips_debug:ipsec_rcv: "
6101 + "SA:%s First SA in group.\n",
6106 + if(tdbp->tdb_onext) {
6107 + if(tdbprev != tdbp->tdb_onext) {
6108 + spin_unlock(&tdb_lock);
6109 + KLIPS_PRINT(debug_rcv,
6110 + "klips_debug:ipsec_rcv: "
6111 + "unexpected SA:%s: does not agree with tdb->onext policy, dropped.\n",
6114 + stats->rx_dropped++;
6118 + KLIPS_PRINT(debug_rcv,
6119 + "klips_debug:ipsec_rcv: "
6120 + "SA:%s grouping to previous SA is OK.\n",
6124 + KLIPS_PRINT(debug_rcv,
6125 + "klips_debug:ipsec_rcv: "
6126 + "SA:%s No previous backlink in group.\n",
6132 + /* If it is in larval state, drop the packet, we cannot process yet. */
6133 + if(tdbp->tdb_state == SADB_SASTATE_LARVAL) {
6134 + spin_unlock(&tdb_lock);
6135 + KLIPS_PRINT(debug_rcv,
6136 + "klips_debug:ipsec_rcv: "
6137 + "TDB in larval state, cannot be used yet, "
6138 + "dropping packet.\n");
6140 + stats->rx_dropped++;
6145 + if(tdbp->tdb_state == SADB_SASTATE_DEAD) {
6146 + spin_unlock(&tdb_lock);
6147 + KLIPS_PRINT(debug_rcv,
6148 + "klips_debug:ipsec_rcv: "
6149 + "TDB in dead state, cannot be used any more, "
6150 + "dropping packet.\n");
6152 + stats->rx_dropped++;
6157 + if(tdbp->tdb_lifetime_bytes_h &&
6158 + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_h)) {
6159 + pfkey_expire(tdbp, 1);
6160 + deltdbchain(tdbp);
6161 + spin_unlock(&tdb_lock);
6162 + KLIPS_PRINT(debug_rcv,
6163 + "klips_debug:ipsec_rcv: "
6164 + "hard bytes lifetime of SA:%s has been reached, "
6165 + "SA expired, incoming packet dropped.\n", sa);
6167 + stats->rx_dropped++;
6171 + if(tdbp->tdb_lifetime_bytes_s &&
6172 + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_s)) {
6173 + tdbp->tdb_state = SADB_SASTATE_DYING;
6174 + KLIPS_PRINT(debug_rcv,
6175 + "klips_debug:ipsec_rcv: "
6176 + "soft bytes lifetime of SA:%s has been reached, "
6177 + "SA expiring, soft expire message sent up, "
6178 + "incoming packet still processed.\n", sa);
6179 + pfkey_expire(tdbp, 0);
6182 + if(tdbp->tdb_lifetime_addtime_h &&
6183 + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c >
6184 + tdbp->tdb_lifetime_addtime_h)) {
6185 + pfkey_expire(tdbp, 1);
6186 + deltdbchain(tdbp);
6187 + spin_unlock(&tdb_lock);
6188 + KLIPS_PRINT(debug_rcv,
6189 + "klips_debug:ipsec_rcv: "
6190 + "hard addtime lifetime of SA:%s has been reached, "
6191 + "SA expired, incoming packet dropped.\n", sa);
6193 + stats->rx_dropped++;
6197 + if(tdbp->tdb_lifetime_addtime_s &&
6198 + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c >
6199 + tdbp->tdb_lifetime_addtime_s)) {
6200 + tdbp->tdb_state = SADB_SASTATE_DYING;
6201 + KLIPS_PRINT(debug_rcv,
6202 + "klips_debug:ipsec_rcv: "
6203 + "soft addtime lifetime of SA:%s has been reached, "
6204 + "SA expiring, soft expire message sent up, "
6205 + "incoming packet still processed.\n", sa);
6206 + pfkey_expire(tdbp, 0);
6209 + if(tdbp->tdb_lifetime_usetime_c) {
6210 + if(tdbp->tdb_lifetime_usetime_h &&
6211 + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c >
6212 + tdbp->tdb_lifetime_usetime_h)) {
6213 + pfkey_expire(tdbp, 1);
6214 + deltdbchain(tdbp);
6215 + spin_unlock(&tdb_lock);
6216 + KLIPS_PRINT(debug_rcv,
6217 + "klips_debug:ipsec_rcv: "
6218 + "hard usetime lifetime of SA:%s has been reached, "
6219 + "SA expired, incoming packet dropped.\n", sa);
6221 + stats->rx_dropped++;
6225 + if(tdbp->tdb_lifetime_usetime_s &&
6226 + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c >
6227 + tdbp->tdb_lifetime_usetime_s)) {
6228 + tdbp->tdb_state = SADB_SASTATE_DYING;
6229 + KLIPS_PRINT(debug_rcv,
6230 + "klips_debug:ipsec_rcv: "
6231 + "soft usetime lifetime of SA:%s has been reached, "
6232 + "SA expiring, soft expire message sent up, "
6233 + "incoming packet still processed.\n", sa);
6234 + pfkey_expire(tdbp, 0);
6238 + if(tdbp->tdb_lifetime_packets_h &&
6239 + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_h)) {
6240 + pfkey_expire(tdbp, 1);
6241 + deltdbchain(tdbp);
6242 + spin_unlock(&tdb_lock);
6243 + KLIPS_PRINT(debug_rcv,
6244 + "klips_debug:ipsec_rcv: "
6245 + "hard packets lifetime of SA:%s has been reached, "
6246 + "SA expired, incoming packet dropped.\n", sa);
6248 + stats->rx_dropped++;
6252 + if(tdbp->tdb_lifetime_packets_s &&
6253 + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_s)) {
6254 + tdbp->tdb_state = SADB_SASTATE_DYING;
6255 + KLIPS_PRINT(debug_rcv,
6256 + "klips_debug:ipsec_rcv: "
6257 + "soft packets lifetime of SA:%s has been reached, "
6258 + "SA expiring, soft expire message sent up, "
6259 + "incoming packet still processed.\n", sa);
6260 + pfkey_expire(tdbp, 0);
6263 + /* authenticate, if required */
6264 + idat = dat + iphlen;
6265 + switch(tdbp->tdb_authalg) {
6266 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
6268 + authlen = AHHMAC_HASHLEN;
6270 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
6271 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
6273 + authlen = AHHMAC_HASHLEN;
6275 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
6281 + stats->rx_errors++;
6283 + tdbp->tdb_alg_errs += 1;
6284 + spin_unlock(&tdb_lock);
6287 + ilen = len - iphlen - authlen;
6289 +#ifdef CONFIG_IPSEC_ESP
6290 + KLIPS_PRINT(proto == IPPROTO_ESP && debug_rcv,
6291 + "klips_debug:ipsec_rcv: packet from %s received with"
6292 + " seq=%d (iv)=0x%08x%08x iplen=%d esplen=%d sa=%s\n",
6294 + (__u32)ntohl(espp->esp_rpl),
6295 + (__u32)ntohl(*((__u32 *)(espp->esp_iv) )),
6296 + (__u32)ntohl(*((__u32 *)(espp->esp_iv) + 1)),
6298 +#endif /* !CONFIG_IPSEC_ESP */
6301 +#ifdef CONFIG_IPSEC_ESP
6303 + replay = ntohl(espp->esp_rpl);
6304 + authenticator = &(dat[len - authlen]);
6306 +#endif /* !CONFIG_IPSEC_ESP */
6307 +#ifdef CONFIG_IPSEC_AH
6309 + replay = ntohl(ahp->ah_rpl);
6310 + authenticator = ahp->ah_data;
6312 +#endif /* CONFIG_IPSEC_AH */
6315 + /* If the sequence number == 0, expire SA, it had rolled */
6316 + if(tdbp->tdb_replaywin && !replay /* !tdbp->tdb_replaywin_lastseq */) {
6317 + deltdbchain(tdbp);
6318 + spin_unlock(&tdb_lock);
6319 + KLIPS_PRINT(debug_rcv,
6320 + "klips_debug:ipsec_tunnel_start_xmit: "
6321 + "replay window counter rolled, expiring SA.\n");
6323 + stats->rx_dropped++;
6328 + if (!ipsec_checkreplaywindow(tdbp, replay)) {
6329 + KLIPS_PRINT(debug_rcv & DB_RX_REPLAY,
6330 + "klips_debug:ipsec_rcv: duplicate frame from %s,"
6331 + " packet dropped\n",
6334 + stats->rx_dropped++;
6336 + tdbp->tdb_replaywin_errs += 1;
6337 + spin_unlock(&tdb_lock);
6342 + * verify authenticator
6345 + KLIPS_PRINT(debug_rcv,
6346 + "klips_debug:ipsec_rcv: encalg = %d, authalg = %d.\n",
6347 + tdbp->tdb_encalg, tdbp->tdb_authalg);
6349 + if(tdbp->tdb_authalg) {
6350 + switch(tdbp->tdb_authalg) {
6351 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
6353 + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->ictx;
6354 + if(proto == IPPROTO_ESP) {
6355 + MD5Update(&tctx.md5, (caddr_t)espp, ilen);
6356 +#ifdef CONFIG_IPSEC_AH
6359 + ipo.tos = 0; /* mutable RFC 2402 3.3.3.1.1.1 */
6364 + MD5Update(&tctx.md5, (caddr_t)&ipo,
6365 + sizeof(struct iphdr));
6366 + MD5Update(&tctx.md5, (caddr_t)ahp,
6367 + ahhlen - AHHMAC_HASHLEN);
6368 + MD5Update(&tctx.md5, (caddr_t)zeroes,
6370 + MD5Update(&tctx.md5,
6371 + (caddr_t)dat + iphlen + ahhlen,
6372 + len - iphlen - ahhlen);
6373 +#endif /* CONFIG_IPSEC_AH */
6375 + MD5Final(hash, &tctx.md5);
6376 + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->octx;
6377 + MD5Update(&tctx.md5, hash, AHMD596_ALEN);
6378 + MD5Final(hash, &tctx.md5);
6380 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
6381 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
6383 + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx;
6384 + if(proto == IPPROTO_ESP) {
6385 + SHA1Update(&tctx.sha1, (caddr_t)espp, ilen);
6386 +#ifdef CONFIG_IPSEC_AH
6394 + SHA1Update(&tctx.sha1, (caddr_t)&ipo,
6395 + sizeof(struct iphdr));
6396 + SHA1Update(&tctx.sha1, (caddr_t)ahp,
6397 + ahhlen - AHHMAC_HASHLEN);
6398 + SHA1Update(&tctx.sha1, (caddr_t)zeroes,
6400 + SHA1Update(&tctx.sha1,
6401 + (caddr_t)dat + iphlen + ahhlen,
6402 + len - iphlen - ahhlen);
6403 +#endif /* CONFIG_IPSEC_AH */
6405 + SHA1Final(hash, &tctx.sha1);
6406 + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->octx;
6407 + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN);
6408 + SHA1Final(hash, &tctx.sha1);
6410 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
6415 + if(!authenticator) {
6417 + stats->rx_dropped++;
6419 + tdbp->tdb_auth_errs += 1;
6420 + spin_unlock(&tdb_lock);
6424 + if (memcmp(hash, authenticator, authlen)) {
6425 + KLIPS_PRINT(debug_rcv & DB_RX_INAU,
6426 + "klips_debug:ipsec_rcv: auth failed on incoming "
6427 + "packet from %s: hash=%08x%08x%08x "
6428 + "auth=%08x%08x%08x, dropped\n", ipaddr_txt,
6429 + *(__u32*)&hash[0],
6430 + *(__u32*)&hash[4],
6431 + *(__u32*)&hash[8],
6432 + *(__u32*)authenticator,
6433 + *((__u32*)authenticator + 1),
6434 + *((__u32*)authenticator + 2));
6436 + stats->rx_dropped++;
6438 + tdbp->tdb_auth_errs += 1;
6439 + spin_unlock(&tdb_lock);
6442 + KLIPS_PRINT(debug_rcv,
6443 + "klips_debug:ipsec_rcv: authentication successful.\n");
6446 + memset((caddr_t)&tctx, 0, sizeof(tctx));
6447 + memset(hash, 0, sizeof(hash));
6450 + if (!ipsec_updatereplaywindow(tdbp, replay)) {
6451 + KLIPS_PRINT(debug_rcv & DB_RX_REPLAY,
6452 + "klips_debug:ipsec_rcv: duplicate frame from %s,"
6453 + " packet dropped\n",
6456 + stats->rx_dropped++;
6458 + tdbp->tdb_replaywin_errs += 1;
6459 + spin_unlock(&tdb_lock);
6464 +#ifdef CONFIG_IPSEC_ESP
6466 + switch(tdbp->tdb_encalg) {
6468 + iv[0] = *((__u32 *)(espp->esp_iv) );
6469 + iv[1] = *((__u32 *)(espp->esp_iv) + 1);
6470 + esphlen = sizeof(struct esp);
6473 + esphlen = offsetof(struct esp, esp_iv);
6477 + stats->rx_errors++;
6479 + tdbp->tdb_alg_errs += 1;
6480 + spin_unlock(&tdb_lock);
6486 + switch(tdbp->tdb_encalg) {
6489 + printk("klips_error:ipsec_rcv: "
6490 + "got packet with esplen = %d from %s "
6491 + "-- should be on 8 octet boundary, packet dropped\n",
6492 + ilen, ipaddr_txt);
6494 + stats->rx_errors++;
6496 + tdbp->tdb_encsize_errs += 1;
6497 + spin_unlock(&tdb_lock);
6500 + des_ede3_cbc_encrypt(idat, idat, ilen,
6502 + tdbp->tdb_key_e + sizeof(struct des_eks),
6503 + tdbp->tdb_key_e + 2 * sizeof(struct des_eks),
6509 + next_header = idat[ilen - 1];
6510 + padlen = idat[ilen - 2];
6511 + pad = padlen + 2 + authlen;
6515 + KLIPS_PRINT(debug_rcv & DB_RX_IPAD,
6516 + "klips_debug:ipsec_rcv: "
6517 + "padlen=%d, contents: 0x<offset>: 0x<value> 0x<value> ...\n",
6520 + for (i = 1; i <= padlen; i++) {
6521 + if((i % 16) == 1) {
6522 + KLIPS_PRINT(debug_rcv & DB_RX_IPAD,
6523 + "klips_debug: %02x:",
6526 + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD,
6528 + idat[ilen - 2 - padlen + i - 1]);
6529 + if(i != idat[ilen - 2 - padlen + i - 1]) {
6532 + if((i % 16) == 0) {
6533 + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD,
6537 + if((i % 16) != 1) {
6538 + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD,
6542 + KLIPS_PRINT(debug_rcv & DB_RX_IPAD,
6543 + "klips_debug:ipsec_rcv: "
6544 + "warning, decrypted packet from %s has bad padding\n",
6546 + KLIPS_PRINT(debug_rcv & DB_RX_IPAD,
6547 + "klips_debug:ipsec_rcv: "
6548 + "...may be bad decryption -- not dropped\n");
6549 + tdbp->tdb_encpad_errs += 1;
6552 + KLIPS_PRINT(debug_rcv & DB_RX_IPAD,
6553 + "klips_debug:ipsec_rcv: "
6554 + "packet decrypted from %s: next_header = %d, padding = %d\n",
6557 + pad - 2 - authlen);
6559 +#endif /* !CONFIG_IPSEC_ESP */
6560 +#ifdef CONFIG_IPSEC_AH
6563 +#endif /* CONFIG_IPSEC_AH */
6567 + * Discard the original IP header
6570 + ipp->protocol = next_header;
6573 +#ifdef CONFIG_IPSEC_ESP
6575 + ipp->tot_len = htons(ntohs(ipp->tot_len) - (esphlen + pad));
6576 + memmove((void *)(skb->data + esphlen),
6577 + (void *)(skb->data), iphlen);
6578 + if(skb->len < esphlen) {
6579 + spin_unlock(&tdb_lock);
6580 + printk(KERN_WARNING "klips_error:ipsec_rcv: "
6581 + "tried to skb_pull esphlen=%d, %d available. "
6582 + "This should never happen, please report.\n",
6583 + esphlen, (int)(skb->len));
6586 + skb_pull(skb, esphlen);
6588 + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
6589 + "klips_debug:ipsec_rcv: trimming to %d.\n",
6590 + len - esphlen - pad);
6591 + if(pad + esphlen <= len) {
6592 + skb_trim(skb, len - esphlen - pad);
6594 + spin_unlock(&tdb_lock);
6595 + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
6596 + "klips_debug:ipsec_rcv: bogus packet, size is zero or negative, dropping.\n");
6600 +#endif /* !CONFIG_IPSEC_ESP */
6601 +#ifdef CONFIG_IPSEC_AH
6603 + ipp->tot_len = htons(ntohs(ipp->tot_len) - ahhlen);
6604 + memmove((void *)(skb->data + ahhlen),
6605 + (void *)(skb->data), iphlen);
6606 + if(skb->len < ahhlen) {
6607 + spin_unlock(&tdb_lock);
6608 + printk(KERN_WARNING "klips_error:ipsec_rcv: "
6609 + "tried to skb_pull ahhlen=%d, %d available. "
6610 + "This should never happen, please report.\n",
6611 + ahhlen, (int)(skb->len));
6614 + skb_pull(skb, ahhlen);
6616 +#endif /* CONFIG_IPSEC_AH */
6628 +/* skb->h.ipiph=(struct iphdr *)skb->data; */
6629 + skb->nh.raw = skb->data;
6630 + skb->h.raw = skb->nh.raw + (skb->nh.iph->ihl << 2);
6632 + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
6634 + skb->h.iph=(struct iphdr *)skb->data;
6635 + skb->ip_hdr=(struct iphdr *)skb->data;
6636 + memset(skb->proto_priv, 0, sizeof(struct options));
6637 +#endif /* NET_21 */
6639 + ipp = (struct iphdr *)dat;
6641 + ipp->check = ip_fast_csum((unsigned char *)dat, iphlen >> 2);
6643 + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
6644 + "klips_debug:ipsec_rcv: after <%s%s%s>, SA:%s:\n",
6645 + TDB_XFORM_NAME(tdbp), sa);
6646 + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp);
6648 + skb->protocol = htons(ETH_P_IP);
6649 + skb->ip_summed = 0;
6652 + tdbnext = tdbp->tdb_inext;
6653 + if(sysctl_ipsec_inbound_policy_check) {
6655 + if(tdbnext->tdb_onext != tdbp) {
6656 + spin_unlock(&tdb_lock);
6657 + KLIPS_PRINT(debug_rcv,
6658 + "klips_debug:ipsec_rcv: "
6659 + "SA:%s, backpolicy does not agree with fwdpolicy.\n",
6662 + stats->rx_dropped++;
6666 + KLIPS_PRINT(debug_rcv,
6667 + "klips_debug:ipsec_rcv: "
6668 + "SA:%s, backpolicy agrees with fwdpolicy.\n",
6670 + if(!( (ipp->protocol == IPPROTO_AH )
6671 + || (ipp->protocol == IPPROTO_ESP )
6672 + || (ipp->protocol == IPPROTO_IPIP)
6673 +#ifdef CONFIG_IPSEC_IPCOMP
6674 + || (ipp->protocol == IPPROTO_COMP)
6675 +#endif /* CONFIG_IPSEC_IPCOMP */
6677 + spin_unlock(&tdb_lock);
6678 + KLIPS_PRINT(debug_rcv,
6679 + "klips_debug:ipsec_rcv: "
6680 + "packet with incomplete policy dropped, last successful SA:%s.\n",
6683 + stats->rx_dropped++;
6687 + KLIPS_PRINT(debug_rcv,
6688 + "klips_debug:ipsec_rcv: "
6689 + "SA:%s, Another IPSEC header to process.\n",
6692 + KLIPS_PRINT(debug_rcv,
6693 + "klips_debug:ipsec_rcv: "
6694 + "No tdb_inext from this SA:%s.\n",
6699 +#ifdef CONFIG_IPSEC_IPCOMP
6700 + /* update ipcomp ratio counters, even if no ipcomp packet is present */
6702 + && tdbnext->tdb_said.proto == IPPROTO_COMP
6703 + && ipp->protocol != IPPROTO_COMP) {
6704 + tdbnext->tdb_comp_ratio_cbytes += ntohs(ipp->tot_len);
6705 + tdbnext->tdb_comp_ratio_dbytes += ntohs(ipp->tot_len);
6707 +#endif /* CONFIG_IPSEC_IPCOMP */
6709 + tdbp->tdb_lifetime_bytes_c += len;
6710 + if(!tdbp->tdb_lifetime_usetime_c) {
6711 + tdbp->tdb_lifetime_usetime_c = jiffies / HZ;
6713 + tdbp->tdb_lifetime_usetime_l = jiffies / HZ;
6714 + tdbp->tdb_lifetime_packets_c += 1;
6716 + /* end decapsulation loop here */
6717 + } while( (ipp->protocol == IPPROTO_ESP )
6718 + || (ipp->protocol == IPPROTO_AH )
6719 +#ifdef CONFIG_IPSEC_IPCOMP
6720 + || (ipp->protocol == IPPROTO_COMP)
6721 +#endif /* CONFIG_IPSEC_IPCOMP */
6724 +#ifdef CONFIG_IPSEC_IPCOMP
6725 + if(tdbnext && tdbnext->tdb_said.proto == IPPROTO_COMP) {
6728 + tdbnext = tdbp->tdb_inext;
6730 +#endif /* CONFIG_IPSEC_IPCOMP */
6733 + * XXX this needs to be locked from when it was first looked
6734 + * up in the decapsulation loop. Perhaps it is better to put
6735 + * the IPIP decap inside the loop.
6739 + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
6740 + if(ipp->protocol != IPPROTO_IPIP) {
6741 + spin_unlock(&tdb_lock);
6742 + KLIPS_PRINT(debug_rcv,
6743 + "klips_debug:ipsec_rcv: "
6744 + "SA:%s, Hey! How did this get through? Dropped.\n",
6747 + stats->rx_dropped++;
6751 + if(sysctl_ipsec_inbound_policy_check && (tdbnext = tdbp->tdb_inext)) {
6752 + char sa2[SATOA_BUF];
6753 + sa_len = satoa(tdbnext->tdb_said, 0, sa2, SATOA_BUF);
6754 + spin_unlock(&tdb_lock);
6755 + KLIPS_PRINT(debug_rcv,
6756 + "klips_debug:ipsec_rcv: "
6757 + "unexpected SA:%s after IPIP SA:%s\n",
6760 + stats->rx_dropped++;
6766 +#ifdef INBOUND_POLICY_CHECK_eroute
6768 + Do *not* enable this without thoroughly checking spinlock issues
6769 + first. In particular, nesting an eroute spinlock within a tdb
6770 + spinlock could result in a deadlock. (Well, only on a SMP machine
6775 + * First things first -- look us up in the erouting tables.
6777 + matcher.sen_len = sizeof (struct sockaddr_encap);
6778 + matcher.sen_family = AF_ENCAP;
6779 + matcher.sen_type = SENT_IP4;
6780 + if(ipp->protocol == IPPROTO_IPIP) {
6781 + struct iphdr *ipp2;
6783 + ipp2 = (struct iphdr*) (((char*)ipp) + (ipp->ihl << 2));
6784 + matcher.sen_ip_src.s_addr = ipp2->saddr;
6785 + matcher.sen_ip_dst.s_addr = ipp2->daddr;
6787 + matcher.sen_ip_src.s_addr = ipp->saddr;
6788 + matcher.sen_ip_dst.s_addr = ipp->daddr;
6792 + * The spinlock is to prevent any other process from accessing or
6793 + * deleting the eroute while we are using and updating it.
6795 + spin_lock(&eroute_lock);
6797 + er = ipsec_findroute(&matcher);
6799 + policy_said = er->er_said;
6800 + policy_eaddr = er->er_eaddr;
6801 + policy_emask = er->er_emask;
6804 + spin_unlock(&eroute_lock);
6808 + * The spinlock is to prevent any other process from
6809 + * accessing or deleting the tdb while we are using and
6812 + /* spin_lock(&tdb_lock); */
6814 + policy_tdb = gettdb(&policy_said);
6815 + if (policy_tdb == NULL) {
6816 + /* spin_unlock(&tdb_lock); */
6817 + KLIPS_PRINT(debug_rcv,
6818 + "klips_debug:ipsec_rcv: "
6819 + "no Tunnel Descriptor Block for SA%s: "
6820 + "incoming packet with no policy SA, dropped.\n", sa);
6824 + sa_len = satoa(policy_said, 0, sa, SATOA_BUF);
6826 + KLIPS_PRINT(debug_rcv,
6827 + "klips_debug:ipsec_rcv: "
6828 + "found policy Tunnel Descriptor Block -- SA:%s\n", sa);
6830 + if(policy_tdb->tdb_inext) {
6831 + policy_tdb = policy_tdb->tdb_inext;
6836 + if(policy_tdb != tdbp) {
6837 + /* spin_unlock(&tdb_lock); */
6838 + KLIPS_PRINT(debug_rcv,
6839 + "klips_debug:ipsec_rcv: "
6840 + " Tunnel Descriptor Block for SA%s: "
6841 + "incoming packet with different policy SA, dropped.\n", sa);
6845 + /* spin_unlock(&tdb_lock); */
6847 +#endif /* INBOUND_POLICY_CHECK_eroute */
6849 + if(ipp->protocol == IPPROTO_IPIP) {
6851 + * XXX this needs to be locked from when it was first looked
6852 + * up in the decapsulation loop. Perhaps it is better to put
6853 + * the IPIP decap inside the loop.
6856 + tdbp->tdb_lifetime_bytes_c += len;
6857 + if(!tdbp->tdb_lifetime_usetime_c) {
6858 + tdbp->tdb_lifetime_usetime_c = jiffies / HZ;
6860 + tdbp->tdb_lifetime_usetime_l = jiffies / HZ;
6861 + tdbp->tdb_lifetime_packets_c += 1;
6864 + if(skb->len < iphlen) {
6865 + printk(KERN_WARNING "klips_debug:ipsec_rcv: "
6866 + "tried to skb_pull iphlen=%d, %d available. "
6867 + "This should never happen, please report.\n",
6868 + iphlen, (int)(skb->len));
6870 + spin_unlock(&tdb_lock);
6873 + skb_pull(skb, iphlen);
6876 + ipp = (struct iphdr *)skb->nh.raw = skb->data;
6877 + skb->h.raw = skb->nh.raw + (skb->nh.iph->ihl << 2);
6879 + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
6881 + ipp = skb->ip_hdr = skb->h.iph = (struct iphdr *)skb->data;
6883 + memset(skb->proto_priv, 0, sizeof(struct options));
6884 +#endif /* NET_21 */
6886 + skb->protocol = htons(ETH_P_IP);
6887 + skb->ip_summed = 0;
6888 + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
6889 + "klips_debug:ipsec_rcv: IPIP tunnel stripped.\n");
6890 + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp);
6893 + spin_unlock(&tdb_lock);
6897 + stats->rx_bytes += skb->len;
6900 + dst_release(skb->dst);
6903 + skb->pkt_type = PACKET_HOST;
6904 + if(hard_header_len &&
6905 + (skb->mac.raw != (skb->data - hard_header_len)) &&
6906 + (hard_header_len <= skb_headroom(skb))) {
6907 + /* copy back original MAC header */
6908 + memmove(skb->data - hard_header_len, skb->mac.raw, hard_header_len);
6909 + skb->mac.raw = skb->data - hard_header_len;
6911 +#endif /* NET_21 */
6913 +#ifdef CONFIG_IPSEC_IPCOMP
6914 + if(ipp->protocol == IPPROTO_COMP) {
6915 + unsigned int flags = 0;
6917 + if(sysctl_ipsec_inbound_policy_check) {
6918 + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
6919 + "klips_debug:ipsec_rcv: "
6920 + "inbound policy checking enabled, IPCOMP follows IPIP, dropped.\n");
6922 + stats->rx_errors++;
6926 + /* XXX need a tdb for updating ratio counters XXX */
6927 + skb = skb_decompress(skb, NULL, &flags);
6928 + if (!skb || flags) {
6929 + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
6930 + "klips_debug:ipsec_rcv: "
6931 + "skb_decompress() returned error flags: %d, dropped.\n",
6934 + stats->rx_errors++;
6939 + ipp = skb->nh.iph;
6941 + ipp = skb->ip_hdr;
6942 +#endif /* NET_21 */
6944 +#endif /* CONFIG_IPSEC_IPCOMP */
6946 +#ifdef SKB_RESET_NFCT
6947 + nf_conntrack_put(skb->nfct);
6949 +#ifdef CONFIG_NETFILTER_DEBUG
6950 + skb->nf_debug = 0;
6951 +#endif /* CONFIG_NETFILTER_DEBUG */
6952 +#endif /* SKB_RESET_NFCT */
6953 + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX,
6954 + "klips_debug:ipsec_rcv: netif_rx() called.\n");
6957 + MOD_DEC_USE_COUNT;
6965 + kfree_skb(skb, FREE_WRITE);
6966 +#endif /* NET_21 */
6969 + MOD_DEC_USE_COUNT;
6973 +struct inet_protocol ah_protocol =
6975 + ipsec_rcv, /* AH handler */
6976 + NULL, /* TUNNEL error control */
6978 + IPPROTO_AH, /* protocol ID */
6984 +struct inet_protocol esp_protocol =
6986 + ipsec_rcv, /* ESP handler */
6987 + NULL, /* TUNNEL error control */
6989 + IPPROTO_ESP, /* protocol ID */
6996 +/* We probably don't want to install a pure IPCOMP protocol handler, but
6997 + only want to handle IPCOMP if it is encapsulated inside an ESP payload
6998 + (which is already handled) */
6999 +#ifdef CONFIG_IPSEC_IPCOMP
7000 +struct inet_protocol comp_protocol =
7002 + ipsec_rcv, /* COMP handler */
7003 + NULL, /* COMP error control */
7005 + IPPROTO_COMP, /* protocol ID */
7010 +#endif /* CONFIG_IPSEC_IPCOMP */
7015 + * Revision 1.74 2000/11/25 03:50:36 rgb
7016 + * Oops fix by minor re-arrangement of code to avoid accessing a freed tdb.
7018 + * Revision 1.73 2000/11/09 20:52:15 rgb
7019 + * More spinlock shuffling, locking earlier and unlocking later in rcv to
7020 + * include ipcomp and prevent races, renaming some tdb variables that got
7021 + * forgotten, moving some unlocks to include tdbs and adding a missing
7022 + * unlock. Thanks to Svenning for some of these.
7024 + * Revision 1.72 2000/11/09 20:11:22 rgb
7025 + * Minor shuffles to fix non-standard kernel config option selection.
7027 + * Revision 1.71 2000/11/06 04:36:18 rgb
7028 + * Ditched spin_lock_irqsave in favour of spin_lock.
7029 + * Minor initial protocol check rewrite.
7030 + * Clean up debug printing.
7031 + * Clean up tdb handling on ipcomp.
7032 + * Fixed transport mode null pointer de-reference without ipcomp.
7033 + * Add Svenning's adaptive content compression.
7034 + * Disabled registration of ipcomp handler.
7036 + * Revision 1.70 2000/10/30 23:41:43 henry
7037 + * Hans-Joerg Hoexer's null-pointer fix
7039 + * Revision 1.69 2000/10/10 18:54:16 rgb
7040 + * Added a fix for incoming policy check with ipcomp enabled but
7043 + * Revision 1.68 2000/09/22 17:53:12 rgb
7044 + * Fixed ipcomp tdb pointers update for policy checking.
7046 + * Revision 1.67 2000/09/21 03:40:58 rgb
7047 + * Added more debugging to try and track down the cpi outward copy problem.
7049 + * Revision 1.66 2000/09/20 04:00:10 rgb
7050 + * Changed static functions to DEBUG_NO_STATIC to reveal function names for
7051 + * debugging oopsen.
7053 + * Revision 1.65 2000/09/19 07:07:16 rgb
7054 + * Added debugging to inbound policy check for ipcomp.
7055 + * Added missing spin_unlocks (thanks Svenning!).
7056 + * Fixed misplaced tdbnext pointers causing mismatched ipip policy check.
7057 + * Protect ipcomp policy check following ipip decap with sysctl switch.
7059 + * Revision 1.64 2000/09/18 21:27:29 rgb
7062 + * Revision 1.63 2000/09/18 02:35:50 rgb
7063 + * Added policy checking to ipcomp and re-enabled policy checking by
7065 + * Optimised satoa calls.
7067 + * Revision 1.62 2000/09/17 21:02:32 rgb
7068 + * Clean up debugging, removing slow timestamp debug code.
7070 + * Revision 1.61 2000/09/16 01:07:55 rgb
7071 + * Fixed erroneous ref from struct ipcomp to struct ipcomphdr.
7073 + * Revision 1.60 2000/09/15 11:37:01 rgb
7074 + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
7075 + * IPCOMP zlib deflate code.
7077 + * Revision 1.59 2000/09/15 04:56:20 rgb
7078 + * Remove redundant satoa() call, reformat comment.
7080 + * Revision 1.58 2000/09/13 08:00:52 rgb
7081 + * Flick on inbound policy checking.
7083 + * Revision 1.57 2000/09/12 03:22:19 rgb
7084 + * Converted inbound_policy_check to sysctl.
7085 + * Re-enabled policy backcheck.
7086 + * Moved policy checks to top and within tdb lock.
7088 + * Revision 1.56 2000/09/08 19:12:56 rgb
7089 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
7091 + * Revision 1.55 2000/08/28 18:15:46 rgb
7092 + * Added MB's nf-debug reset patch.
7094 + * Revision 1.54 2000/08/27 01:41:26 rgb
7095 + * More minor tweaks to the bad padding debug code.
7097 + * Revision 1.53 2000/08/24 16:54:16 rgb
7098 + * Added KLIPS_PRINTMORE macro to continue lines without KERN_INFO level
7100 + * Tidied up device reporting at the start of ipsec_rcv.
7101 + * Tidied up bad padding debugging and processing.
7103 + * Revision 1.52 2000/08/20 21:36:03 rgb
7104 + * Activated pfkey_expire() calls.
7105 + * Added a hard/soft expiry parameter to pfkey_expire().
7106 + * Added sanity checking to avoid propagating zero or smaller-length skbs
7107 + * from a bogus decryption.
7108 + * Re-arranged the order of soft and hard expiry to conform to RFC2367.
7109 + * Clean up references to CONFIG_IPSEC_PFKEYv2.
7111 + * Revision 1.51 2000/08/18 21:23:30 rgb
7112 + * Improve bad padding warning so that the printk buffer doesn't get
7115 + * Revision 1.50 2000/08/01 14:51:51 rgb
7116 + * Removed _all_ remaining traces of DES.
7118 + * Revision 1.49 2000/07/28 13:50:53 rgb
7119 + * Changed enet_statistics to net_device_stats and added back compatibility
7122 + * Revision 1.48 2000/05/10 19:14:40 rgb
7123 + * Only check usetime against soft and hard limits if the tdb has been
7125 + * Cast output of ntohl so that the broken prototype doesn't make our
7128 + * Revision 1.47 2000/05/09 17:45:43 rgb
7129 + * Fix replay bitmap corruption bug upon receipt of bogus packet
7130 + * with correct SPI. This was a DoS.
7132 + * Revision 1.46 2000/03/27 02:31:58 rgb
7133 + * Fixed authentication failure printout bug.
7135 + * Revision 1.45 2000/03/22 16:15:37 rgb
7136 + * Fixed renaming of dev_get (MB).
7138 + * Revision 1.44 2000/03/16 08:17:24 rgb
7139 + * Hardcode PF_KEYv2 support.
7140 + * Fixed minor bug checking AH header length.
7142 + * Revision 1.43 2000/03/14 12:26:59 rgb
7143 + * Added skb->nfct support for clearing netfilter conntrack bits (MB).
7145 + * Revision 1.42 2000/01/26 10:04:04 rgb
7146 + * Fixed inbound policy checking on transport mode bug.
7147 + * Fixed noisy 2.0 printk arguments.
7149 + * Revision 1.41 2000/01/24 20:58:02 rgb
7150 + * Improve debugging/reporting support for (disabled) inbound
7151 + * policy checking.
7153 + * Revision 1.40 2000/01/22 23:20:10 rgb
7154 + * Fixed up inboud policy checking code.
7155 + * Cleaned out unused crud.
7157 + * Revision 1.39 2000/01/21 06:15:29 rgb
7158 + * Added sanity checks on skb_push(), skb_pull() to prevent panics.
7159 + * Fixed cut-and-paste debug_tunnel to debug_rcv.
7160 + * Added inbound policy checking code, disabled.
7161 + * Simplified output code by updating ipp to post-IPIP decapsulation.
7163 + * Revision 1.38 1999/12/22 05:08:36 rgb
7164 + * Checked for null skb, skb->dev, skb->data, skb->dev->name, dev->name,
7165 + * protocol and take appropriate action for sanity.
7166 + * Set ipsecdev to NULL if device could not be determined.
7167 + * Fixed NULL stats access bug if device could not be determined.
7169 + * Revision 1.37 1999/12/14 20:07:59 rgb
7170 + * Added a default switch case to catch bogus encalg values.
7172 + * Revision 1.36 1999/12/07 18:57:57 rgb
7173 + * Fix PFKEY symbol compile error (SADB_*) without pfkey enabled.
7175 + * Revision 1.35 1999/12/01 22:15:35 rgb
7176 + * Add checks for LARVAL and DEAD SAs.
7177 + * Change state of SA from MATURE to DYING when a soft lifetime is
7178 + * reached and print debug warning.
7180 + * Revision 1.34 1999/11/23 23:04:03 rgb
7181 + * Use provided macro ADDRTOA_BUF instead of hardcoded value.
7182 + * Sort out pfkey and freeswan headers, putting them in a library path.
7184 + * Revision 1.33 1999/11/19 01:10:06 rgb
7185 + * Enable protocol handler structures for static linking.
7187 + * Revision 1.32 1999/11/18 04:09:19 rgb
7188 + * Replaced all kernel version macros to shorter, readable form.
7190 + * Revision 1.31 1999/11/17 15:53:39 rgb
7191 + * Changed all occurrences of #include "../../../lib/freeswan.h"
7192 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
7193 + * klips/net/ipsec/Makefile.
7195 + * Revision 1.30 1999/10/26 15:09:07 rgb
7196 + * Used debug compiler directives to shut up compiler for decl/assign
7199 + * Revision 1.29 1999/10/16 18:25:37 rgb
7200 + * Moved SA lifetime expiry checks before packet processing.
7201 + * Expire SA on replay counter rollover.
7203 + * Revision 1.28 1999/10/16 04:23:07 rgb
7204 + * Add stats for replaywin_errs, replaywin_max_sequence_difference,
7205 + * authentication errors, encryption size errors, encryption padding
7206 + * errors, and time since last packet.
7208 + * Revision 1.27 1999/10/16 00:30:47 rgb
7209 + * Added SA lifetime counting.
7211 + * Revision 1.26 1999/10/15 22:14:37 rgb
7214 + * Revision 1.25 1999/10/08 18:37:34 rgb
7215 + * Fix end-of-line spacing to sate whining PHMs.
7217 + * Revision 1.24 1999/10/03 18:54:51 rgb
7218 + * Spinlock support for 2.3.xx.
7219 + * Don't forget to undo spinlocks on error!
7221 + * Revision 1.23 1999/10/01 15:44:53 rgb
7222 + * Move spinlock header include to 2.1> scope.
7224 + * Revision 1.22 1999/10/01 00:01:54 rgb
7225 + * Added tdb structure locking.
7227 + * Revision 1.21 1999/09/18 11:42:12 rgb
7228 + * Add Marc Boucher's tcpdump cloned packet fix.
7230 + * Revision 1.20 1999/09/17 23:50:25 rgb
7231 + * Add Marc Boucher's hard_header_len patches.
7233 + * Revision 1.19 1999/09/10 05:31:36 henry
7234 + * tentative fix for 2.0.38-crash bug (move chunk of new code into 2.2 #ifdef)
7236 + * Revision 1.18 1999/08/28 08:28:06 rgb
7237 + * Delete redundant sanity check.
7239 + * Revision 1.17 1999/08/28 02:00:58 rgb
7240 + * Add an extra sanity check for null skbs.
7242 + * Revision 1.16 1999/08/27 05:21:38 rgb
7243 + * Clean up skb->data/raw/nh/h manipulation.
7244 + * Add Marc Boucher's mods to aid tcpdump.
7246 + * Revision 1.15 1999/08/25 14:22:40 rgb
7247 + * Require 4-octet boundary check only for ESP.
7249 + * Revision 1.14 1999/08/11 08:36:44 rgb
7250 + * Add compiler directives to allow configuring out AH, ESP or transforms.
7252 + * Revision 1.13 1999/08/03 17:10:49 rgb
7253 + * Cosmetic fixes and clarification to debug output.
7255 + * Revision 1.12 1999/05/09 03:25:36 rgb
7256 + * Fix bug introduced by 2.2 quick-and-dirty patch.
7258 + * Revision 1.11 1999/05/08 21:23:57 rgb
7259 + * Add casting to silence the 2.2.x compile.
7261 + * Revision 1.10 1999/05/05 22:02:31 rgb
7262 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
7264 + * Revision 1.9 1999/04/29 15:18:01 rgb
7265 + * hange debugging to respond only to debug_rcv.
7266 + * Change gettdb parameter to a pointer to reduce stack loading and
7267 + * facilitate parameter sanity checking.
7269 + * Revision 1.8 1999/04/15 15:37:24 rgb
7270 + * Forward check changes from POST1_00 branch.
7272 + * Revision 1.4.2.2 1999/04/13 20:32:45 rgb
7273 + * Move null skb sanity check.
7274 + * Silence debug a bit more when off.
7275 + * Use stats more effectively.
7277 + * Revision 1.4.2.1 1999/03/30 17:10:32 rgb
7278 + * Update AH+ESP bugfix.
7280 + * Revision 1.7 1999/04/11 00:28:59 henry
7283 + * Revision 1.6 1999/04/06 04:54:27 rgb
7284 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
7285 + * patch shell fixes.
7287 + * Revision 1.5 1999/03/17 15:39:23 rgb
7289 + * Bundling bug fix.
7290 + * ESP_NULL esphlen and IV bug fix.
7292 + * Revision 1.4 1999/02/17 16:51:02 rgb
7293 + * Ditch NET_IPIP dependancy.
7294 + * Decapsulate recursively for an entire bundle.
7296 + * Revision 1.3 1999/02/12 21:22:47 rgb
7297 + * Convert debugging printks to KLIPS_PRINT macro.
7299 + * Process IPIP tunnels internally.
7301 + * Revision 1.2 1999/01/26 02:07:36 rgb
7302 + * Clean up debug code when switched off.
7303 + * Remove references to INET_GET_PROTOCOL.
7305 + * Revision 1.1 1999/01/21 20:29:11 rgb
7306 + * Converted from transform switching to algorithm switching.
7309 + * Id: ipsec_esp.c,v 1.16 1998/12/02 03:08:11 rgb Exp $
7311 + * Log: ipsec_esp.c,v $
7312 + * Revision 1.16 1998/12/02 03:08:11 rgb
7313 + * Fix incoming I/F bug in AH and clean up inconsistencies in the I/F
7314 + * discovery routine in both AH and ESP.
7316 + * Revision 1.15 1998/11/30 13:22:51 rgb
7317 + * Rationalised all the klips kernel file headers. They are much shorter
7318 + * now and won't conflict under RH5.2.
7320 + * Revision 1.14 1998/11/10 05:55:37 rgb
7321 + * Add even more detail to 'wrong I/F' debug statement.
7323 + * Revision 1.13 1998/11/10 05:01:30 rgb
7324 + * Clean up debug output to be quiet when disabled.
7325 + * Add more detail to 'wrong I/F' debug statement.
7327 + * Revision 1.12 1998/10/31 06:39:32 rgb
7328 + * Fixed up comments in #endif directives.
7329 + * Tidied up debug printk output.
7330 + * Convert to addrtoa and satoa where possible.
7332 + * Revision 1.11 1998/10/27 00:49:30 rgb
7333 + * AH+ESP bundling bug has been squished.
7334 + * Cosmetic brace fixing in code.
7335 + * Newlines added before calls to ipsec_print_ip.
7336 + * Fix debug output function ID's.
7338 + * Revision 1.10 1998/10/22 06:37:22 rgb
7339 + * Fixed run-on error message to fit 80 columns.
7341 + * Revision 1.9 1998/10/20 02:41:04 rgb
7342 + * Fixed a replay window size sanity test bug.
7344 + * Revision 1.8 1998/10/19 18:55:27 rgb
7345 + * Added inclusion of freeswan.h.
7346 + * sa_id structure implemented and used: now includes protocol.
7347 + * \n bugfix to printk debug message.
7349 + * Revision 1.7 1998/10/09 04:23:03 rgb
7350 + * Fixed possible DoS caused by invalid transform called from an ESP
7351 + * packet. This should not be a problem when protocol is added to the SA.
7352 + * Sanity check added for null xf_input routine. Sanity check added for null
7353 + * socket buffer returned from xf_input routine.
7354 + * Added 'klips_debug' prefix to all klips printk debug statements.
7356 + * Revision 1.6 1998/07/14 15:56:04 rgb
7357 + * Set sdb->dev to virtual ipsec I/F.
7359 + * Revision 1.5 1998/06/30 18:07:46 rgb
7360 + * Change for ah/esp_protocol stuct visible only if module.
7362 + * Revision 1.4 1998/06/30 00:12:46 rgb
7363 + * Clean up a module compile error.
7365 + * Revision 1.3 1998/06/25 19:28:06 rgb
7366 + * Readjust premature unloading of module on packet receipt.
7367 + * Make protocol structure abailable to rest of kernel.
7368 + * Use macro for protocol number.
7370 + * Revision 1.2 1998/06/23 02:49:34 rgb
7371 + * Fix minor #include bug that prevented compiling without debugging.
7372 + * Added code to check for presence of IPIP protocol if an incoming packet
7373 + * is IPIP encapped.
7375 + * Revision 1.1 1998/06/18 21:27:44 henry
7376 + * move sources from klips/src to klips/net/ipsec, to keep stupid
7377 + * kernel-build scripts happier in the presence of symlinks
7379 + * Revision 1.9 1998/06/14 23:48:42 rgb
7380 + * Fix I/F name comparison oops bug.
7382 + * Revision 1.8 1998/06/11 07:20:04 rgb
7383 + * Stats fixed for rx_packets.
7385 + * Revision 1.7 1998/06/11 05:53:34 rgb
7386 + * Added stats for rx error and good packet reporting.
7388 + * Revision 1.6 1998/06/05 02:27:28 rgb
7389 + * Add rx_errors stats.
7390 + * Fix DoS bug: skb's not being freed on dropped packets.
7392 + * Revision 1.5 1998/05/27 21:21:29 rgb
7393 + * Fix DoS potential bug. skb was not being freed if the packet was bad.
7395 + * Revision 1.4 1998/05/18 22:31:37 rgb
7396 + * Minor change in debug output and comments.
7398 + * Revision 1.3 1998/04/21 21:29:02 rgb
7399 + * Rearrange debug switches to change on the fly debug output from user
7400 + * space. Only kernel changes checked in at this time. radij.c was also
7401 + * changed to temporarily remove buggy debugging code in rj_delete causing
7402 + * an OOPS and hence, netlink device open errors.
7404 + * Revision 1.2 1998/04/12 22:03:19 rgb
7405 + * Updated ESP-3DES-HMAC-MD5-96,
7406 + * ESP-DES-HMAC-MD5-96,
7408 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
7409 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
7411 + * Fixed eroute references in /proc/net/ipsec*.
7413 + * Started to patch module unloading memory leaks in ipsec_netlink and
7414 + * radij tree unloading.
7416 + * Revision 1.1 1998/04/09 03:05:59 henry
7417 + * sources moved up from linux/net/ipsec
7419 + * Revision 1.1.1.1 1998/04/08 05:35:04 henry
7420 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
7422 + * Revision 0.4 1997/01/15 01:28:15 ji
7423 + * Minor cosmetic changes.
7425 + * Revision 0.3 1996/11/20 14:35:48 ji
7427 + * Rationalized debugging code.
7429 + * Revision 0.2 1996/11/02 00:18:33 ji
7430 + * First limited release.
7434 diff -druN linux-noipsec/net/ipsec/ipsec_rcv.h linux/net/ipsec/ipsec_rcv.h
7435 --- linux-noipsec/net/ipsec/ipsec_rcv.h Thu Jan 1 01:00:00 1970
7436 +++ linux/net/ipsec/ipsec_rcv.h Thu Sep 21 06:34:21 2000
7440 + * Copyright (C) 1996, 1997 John Ioannidis.
7441 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
7443 + * This program is free software; you can redistribute it and/or modify it
7444 + * under the terms of the GNU General Public License as published by the
7445 + * Free Software Foundation; either version 2 of the License, or (at your
7446 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
7448 + * This program is distributed in the hope that it will be useful, but
7449 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
7450 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
7451 + * for more details.
7456 +#define DB_RX_PKTRX 0x0001
7457 +#define DB_RX_PKTRX2 0x0002
7458 +#define DB_RX_DMP 0x0004
7459 +#define DB_RX_TDB 0x0010
7460 +#define DB_RX_XF 0x0020
7461 +#define DB_RX_IPAD 0x0040
7462 +#define DB_RX_INAU 0x0080
7463 +#define DB_RX_OINFO 0x0100
7464 +#define DB_RX_OINFO2 0x0200
7465 +#define DB_RX_OH 0x0400
7466 +#define DB_RX_REPLAY 0x0800
7469 +/* struct options; */
7471 +#define __NO_VERSION__
7472 +#include <linux/module.h>
7473 +#include <linux/config.h> /* for CONFIG_IP_FORWARD */
7474 +#include <linux/version.h>
7475 +#include <freeswan.h>
7478 +ipsec_rcv(struct sk_buff *skb,
7480 + unsigned short xlen);
7482 + struct device *dev,
7483 + struct options *opt,
7485 + unsigned short len,
7488 + struct inet_protocol *protocol);
7489 +#endif /* NET_21 */
7491 +#ifdef CONFIG_IPSEC_DEBUG
7492 +extern int debug_rcv;
7493 +#endif /* CONFIG_IPSEC_DEBUG */
7494 +extern int sysctl_ipsec_inbound_policy_check;
7499 + * Revision 1.11 2000/09/21 04:34:21 rgb
7500 + * Moved declaration of sysctl_ipsec_inbound_policy_check outside
7501 + * CONFIG_IPSEC_DEBUG. (MB)
7503 + * Revision 1.10 2000/09/18 02:36:10 rgb
7504 + * Exported sysctl_ipsec_inbound_policy_check for skb_decompress().
7506 + * Revision 1.9 2000/09/08 19:12:56 rgb
7507 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
7509 + * Revision 1.8 1999/11/18 04:09:19 rgb
7510 + * Replaced all kernel version macros to shorter, readable form.
7512 + * Revision 1.7 1999/05/25 01:45:37 rgb
7513 + * Fix version macros for 2.0.x as a module.
7515 + * Revision 1.6 1999/05/08 21:24:27 rgb
7516 + * Add includes for 2.2.x include into net/ipv4/protocol.c
7518 + * Revision 1.5 1999/05/05 22:02:32 rgb
7519 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
7521 + * Revision 1.4 1999/04/11 00:28:59 henry
7524 + * Revision 1.3 1999/04/06 04:54:27 rgb
7525 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
7526 + * patch shell fixes.
7528 + * Revision 1.2 1999/01/22 20:06:59 rgb
7529 + * Fixed cut-and-paste error from ipsec_esp.h.
7531 + * Revision 1.1 1999/01/21 20:29:12 rgb
7532 + * Converted from transform switching to algorithm switching.
7534 + * Log: ipsec_esp.h,v
7535 + * Revision 1.4 1998/08/12 00:07:32 rgb
7536 + * Added data structures for new xforms: null, {,3}dessha1.
7538 + * Revision 1.3 1998/07/14 15:57:01 rgb
7539 + * Add #ifdef __KERNEL__ to protect kernel-only structures.
7541 + * Revision 1.2 1998/06/25 19:33:46 rgb
7542 + * Add prototype for protocol receive function.
7543 + * Rearrange for more logical layout.
7545 + * Revision 1.1 1998/06/18 21:27:45 henry
7546 + * move sources from klips/src to klips/net/ipsec, to keep stupid
7547 + * kernel-build scripts happier in the presence of symlinks
7549 + * Revision 1.6 1998/06/05 02:28:08 rgb
7550 + * Minor comment fix.
7552 + * Revision 1.5 1998/05/27 22:34:00 rgb
7553 + * Changed structures to accomodate key separation.
7555 + * Revision 1.4 1998/05/18 22:28:43 rgb
7556 + * Disable key printing facilities from /proc/net/ipsec_*.
7558 + * Revision 1.3 1998/04/21 21:29:07 rgb
7559 + * Rearrange debug switches to change on the fly debug output from user
7560 + * space. Only kernel changes checked in at this time. radij.c was also
7561 + * changed to temporarily remove buggy debugging code in rj_delete causing
7562 + * an OOPS and hence, netlink device open errors.
7564 + * Revision 1.2 1998/04/12 22:03:20 rgb
7565 + * Updated ESP-3DES-HMAC-MD5-96,
7566 + * ESP-DES-HMAC-MD5-96,
7568 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
7569 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
7571 + * Fixed eroute references in /proc/net/ipsec*.
7573 + * Started to patch module unloading memory leaks in ipsec_netlink and
7574 + * radij tree unloading.
7576 + * Revision 1.1 1998/04/09 03:06:00 henry
7577 + * sources moved up from linux/net/ipsec
7579 + * Revision 1.1.1.1 1998/04/08 05:35:02 henry
7580 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
7582 + * Revision 0.5 1997/06/03 04:24:48 ji
7583 + * Added ESP-3DES-MD5-96 transform.
7585 + * Revision 0.4 1997/01/15 01:28:15 ji
7586 + * Added definitions for new ESP transforms.
7588 + * Revision 0.3 1996/11/20 14:35:48 ji
7590 + * Rationalized debugging code.
7592 + * Revision 0.2 1996/11/02 00:18:33 ji
7593 + * First limited release.
7599 diff -druN linux-noipsec/net/ipsec/ipsec_sha1.c linux/net/ipsec/ipsec_sha1.c
7600 --- linux-noipsec/net/ipsec/ipsec_sha1.c Thu Jan 1 01:00:00 1970
7601 +++ linux/net/ipsec/ipsec_sha1.c Mon Dec 13 14:59:13 1999
7608 + * The rest of the code is derived from sha1.c by Steve Reid, which is
7610 + * Minor cosmetic changes to accomodate it in the Linux kernel by ji.
7613 +#include <asm/byteorder.h>
7614 +#include <linux/string.h>
7616 +#include "ipsec_sha1.h"
7622 +#define SHA1HANDSOFF
7624 +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
7626 +/* blk0() and blk() perform the initial expand. */
7627 +/* I got the idea of expanding during the round function from SSLeay */
7628 +#ifdef __LITTLE_ENDIAN
7629 +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
7630 + |(rol(block->l[i],8)&0x00FF00FF))
7632 +#define blk0(i) block->l[i]
7634 +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
7635 + ^block->l[(i+2)&15]^block->l[i&15],1))
7637 +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
7638 +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
7639 +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
7640 +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
7641 +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
7642 +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
7645 +/* Hash a single 512-bit block. This is the core of the algorithm. */
7647 +void SHA1Transform(__u32 state[5], __u8 buffer[64])
7649 +__u32 a, b, c, d, e;
7651 + unsigned char c[64];
7654 +CHAR64LONG16* block;
7655 +#ifdef SHA1HANDSOFF
7656 +static unsigned char workspace[64];
7657 + block = (CHAR64LONG16*)workspace;
7658 + memcpy(block, buffer, 64);
7660 + block = (CHAR64LONG16*)buffer;
7662 + /* Copy context->state[] to working vars */
7668 + /* 4 rounds of 20 operations each. Loop unrolled. */
7669 + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
7670 + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
7671 + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
7672 + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
7673 + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
7674 + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
7675 + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
7676 + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
7677 + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
7678 + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
7679 + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
7680 + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
7681 + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
7682 + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
7683 + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
7684 + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
7685 + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
7686 + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
7687 + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
7688 + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
7689 + /* Add the working vars back into context.state[] */
7695 + /* Wipe variables */
7696 + a = b = c = d = e = 0;
7700 +/* SHA1Init - Initialize new context */
7702 +void SHA1Init(SHA1_CTX* context)
7704 + /* SHA1 initialization constants */
7705 + context->state[0] = 0x67452301;
7706 + context->state[1] = 0xEFCDAB89;
7707 + context->state[2] = 0x98BADCFE;
7708 + context->state[3] = 0x10325476;
7709 + context->state[4] = 0xC3D2E1F0;
7710 + context->count[0] = context->count[1] = 0;
7714 +/* Run your data through this. */
7716 +void SHA1Update(SHA1_CTX* context, unsigned char* data, __u32 len)
7720 + j = context->count[0];
7721 + if ((context->count[0] += len << 3) < j)
7722 + context->count[1]++;
7723 + context->count[1] += (len>>29);
7724 + j = (j >> 3) & 63;
7725 + if ((j + len) > 63) {
7726 + memcpy(&context->buffer[j], data, (i = 64-j));
7727 + SHA1Transform(context->state, context->buffer);
7728 + for ( ; i + 63 < len; i += 64) {
7729 + SHA1Transform(context->state, &data[i]);
7734 + memcpy(&context->buffer[j], &data[i], len - i);
7738 +/* Add padding and return the message digest. */
7740 +void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
7743 +unsigned char finalcount[8];
7745 + for (i = 0; i < 8; i++) {
7746 + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
7747 + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
7749 + SHA1Update(context, (unsigned char *)"\200", 1);
7750 + while ((context->count[0] & 504) != 448) {
7751 + SHA1Update(context, (unsigned char *)"\0", 1);
7753 + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
7754 + for (i = 0; i < 20; i++) {
7755 + digest[i] = (unsigned char)
7756 + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
7758 + /* Wipe variables */
7760 + memset(context->buffer, 0, 64);
7761 + memset(context->state, 0, 20);
7762 + memset(context->count, 0, 8);
7763 + memset(&finalcount, 0, 8);
7764 +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */
7765 + SHA1Transform(context->state, context->buffer);
7772 + * Revision 1.5 1999/12/13 13:59:13 rgb
7773 + * Quick fix to argument size to Update bugs.
7775 + * Revision 1.4 1999/04/11 00:29:00 henry
7778 + * Revision 1.3 1999/04/06 04:54:27 rgb
7779 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
7780 + * patch shell fixes.
7782 + * Revision 1.2 1999/01/22 06:55:50 rgb
7783 + * 64-bit clean-up.
7785 + * Revision 1.1 1998/06/18 21:27:50 henry
7786 + * move sources from klips/src to klips/net/ipsec, to keep stupid
7787 + * kernel-build scripts happier in the presence of symlinks
7789 + * Revision 1.2 1998/04/23 20:54:04 rgb
7790 + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
7793 + * Revision 1.1 1998/04/09 03:06:11 henry
7794 + * sources moved up from linux/net/ipsec
7796 + * Revision 1.1.1.1 1998/04/08 05:35:05 henry
7797 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
7799 + * Revision 0.4 1997/01/15 01:28:15 ji
7804 diff -druN linux-noipsec/net/ipsec/ipsec_sha1.h linux/net/ipsec/ipsec_sha1.h
7805 --- linux-noipsec/net/ipsec/ipsec_sha1.h Thu Jan 1 01:00:00 1970
7806 +++ linux/net/ipsec/ipsec_sha1.h Mon Dec 13 14:59:13 1999
7813 + * Here is the original comment from the distribution:
7816 +By Steve Reid <steve@edmweb.com>
7819 + * Adapted for use by the IPSEC code by John Ioannidis
7823 +#ifndef _IPSEC_SHA1_H_
7824 +#define _IPSEC_SHA1_H_
7833 +void SHA1Transform(__u32 state[5], __u8 buffer[64]);
7834 +void SHA1Init(SHA1_CTX *context);
7835 +void SHA1Update(SHA1_CTX *context, unsigned char *data, __u32 len);
7836 +void SHA1Final(unsigned char digest[20], SHA1_CTX *context);
7839 +#endif /* _IPSEC_SHA1_H_ */
7843 + * Revision 1.5 1999/12/13 13:59:13 rgb
7844 + * Quick fix to argument size to Update bugs.
7846 + * Revision 1.4 1999/12/07 18:16:23 rgb
7847 + * Fixed comments at end of #endif lines.
7849 + * Revision 1.3 1999/04/06 04:54:27 rgb
7850 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
7851 + * patch shell fixes.
7853 + * Revision 1.2 1998/11/30 13:22:54 rgb
7854 + * Rationalised all the klips kernel file headers. They are much shorter
7855 + * now and won't conflict under RH5.2.
7857 + * Revision 1.1 1998/06/18 21:27:50 henry
7858 + * move sources from klips/src to klips/net/ipsec, to keep stupid
7859 + * kernel-build scripts happier in the presence of symlinks
7861 + * Revision 1.2 1998/04/23 20:54:05 rgb
7862 + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
7865 + * Revision 1.1 1998/04/09 03:04:21 henry
7866 + * sources moved up from linux/net/ipsec
7867 + * these two include files modified not to include others except in kernel
7869 + * Revision 1.1.1.1 1998/04/08 05:35:04 henry
7870 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
7872 + * Revision 0.4 1997/01/15 01:28:15 ji
7876 diff -druN linux-noipsec/net/ipsec/ipsec_tunnel.c linux/net/ipsec/ipsec_tunnel.c
7877 --- linux-noipsec/net/ipsec/ipsec_tunnel.c Thu Jan 1 01:00:00 1970
7878 +++ linux/net/ipsec/ipsec_tunnel.c Thu Nov 9 21:52:15 2000
7881 + * IPSEC Tunneling code. Heavily based on drivers/net/new_tunnel.c
7882 + * Copyright (C) 1996, 1997 John Ioannidis.
7883 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
7885 + * This program is free software; you can redistribute it and/or modify it
7886 + * under the terms of the GNU General Public License as published by the
7887 + * Free Software Foundation; either version 2 of the License, or (at your
7888 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
7890 + * This program is distributed in the hope that it will be useful, but
7891 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
7892 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
7893 + * for more details.
7896 +char ipsec_tunnel_c_version[] = "RCSID $Id$";
7898 +#define __NO_VERSION__
7899 +#include <linux/module.h>
7900 +#include <linux/config.h> /* for CONFIG_IP_FORWARD */
7901 +#include <linux/version.h>
7903 +#include <linux/kernel.h> /* printk() */
7904 +#include <linux/malloc.h> /* kmalloc() */
7905 +#include <linux/errno.h> /* error codes */
7906 +#include <linux/types.h> /* size_t */
7907 +#include <linux/interrupt.h> /* mark_bh */
7909 +#include <linux/netdevice.h> /* struct device, and other headers */
7910 +#include <linux/etherdevice.h> /* eth_type_trans */
7911 +#include <linux/ip.h> /* struct iphdr */
7912 +#include <linux/tcp.h> /* struct tcphdr */
7913 +#include <linux/udp.h> /* struct udphdr */
7914 +#include <linux/skbuff.h>
7915 +#include <freeswan.h>
7917 + #ifdef SPINLOCK_23
7918 + #include <linux/spinlock.h> /* *lock* */
7919 + #else /* SPINLOCK_23 */
7920 + #include <asm/spinlock.h> /* *lock* */
7921 + #endif /* SPINLOCK_23 */
7922 +#endif /* SPINLOCK */
7924 + #define MSS_HACK_ /* experimental */
7925 + #include <asm/uaccess.h>
7926 + #include <linux/in6.h>
7927 + #define ip_chk_addr inet_addr_type
7928 + #define IS_MYADDR RTN_LOCAL
7929 + #include <net/dst.h>
7930 + #undef dev_kfree_skb
7931 + #define dev_kfree_skb(a,b) kfree_skb(a)
7932 + #define proto_priv cb
7933 + #define PHYSDEV_TYPE
7934 + #define DEV_QUEUE_XMIT(skb, device, pri) {\
7935 + skb->dev = device; \
7936 + neigh_compat_output(skb); \
7937 + /* skb->dst->output(skb); */ \
7939 + #define ICMP_SEND(skb_in, type, code, info, dev) \
7940 + icmp_send(skb_in, type, code, htonl(info))
7941 + #define IP_SEND(skb, dev) \
7944 + #define DEV_QUEUE_XMIT(skb, device, pri) {\
7945 + dev_queue_xmit(skb, device, pri); \
7947 + #define ICMP_SEND(skb_in, type, code, info, dev) \
7948 + icmp_send(skb_in, type, code, info, dev)
7949 + #define IP_SEND(skb, dev) \
7950 + if(ntohs(iph->tot_len) > physmtu) { \
7951 + ip_fragment(NULL, skb, dev, 0); \
7952 + dev_kfree_skb(skb, FREE_WRITE); \
7954 + dev_queue_xmit(skb, dev, SOPRI_NORMAL); \
7956 +#endif /* NET_21 */
7957 +#include <asm/checksum.h>
7958 +#include <net/icmp.h> /* icmp_send() */
7959 +#include <net/ip.h>
7961 +#include <linux/netfilter_ipv4.h>
7965 +#include "ipsec_encap.h"
7966 +#include "ipsec_radij.h"
7967 +#include "ipsec_netlink.h"
7968 +#include "ipsec_xform.h"
7969 +#include "ipsec_tunnel.h"
7970 +#include "ipsec_ipe4.h"
7971 +#include "ipsec_ah.h"
7972 +#include "ipsec_esp.h"
7974 +#ifdef CONFIG_IPSEC_IPCOMP
7975 +#include "ipcomp.h"
7976 +#endif /* CONFIG_IPSEC_IPCOMP */
7978 +#include <pfkeyv2.h>
7981 +#include <net/ip.h>
7982 +#include <linux/if_arp.h>
7984 +#include <net/tcp.h> /* TCP options */
7985 +#endif /* MSS_HACK */
7986 +extern void des_ede3_cbc_encrypt(caddr_t, caddr_t, int, caddr_t, caddr_t, caddr_t, caddr_t, int);
7987 +static __u32 zeroes[64];
7989 +#ifdef CONFIG_IPSEC_DEBUG
7990 +int debug_tunnel = 0;
7991 +int sysctl_ipsec_debug_verbose = 0;
7992 +#endif /* CONFIG_IPSEC_DEBUG */
7994 +int sysctl_ipsec_icmp = 0;
7995 +int sysctl_ipsec_no_eroute_pass = 0;
7996 +int sysctl_ipsec_opportunistic = 0;
7997 +int sysctl_ipsec_tos = 0;
7999 +#ifdef CONFIG_IPSEC_DEBUG_
8000 +DEBUG_NO_STATIC void
8001 +dmp(char *s, caddr_t bb, int len)
8004 + unsigned char *b = bb;
8006 + if (debug_tunnel) {
8007 + printk(KERN_INFO "klips_debug:ipsec_tunnel_:at %s, len=%d:", s, len);
8008 + for (i=0; i < len; i++) {
8010 + printk("\nklips_debug: ");
8012 + printk(" %02x", *b++);
8017 +#else /* CONFIG_IPSEC_DEBUG */
8018 +#define dmp(_x, _y, _z)
8019 +#endif /* CONFIG_IPSEC_DEBUG */
8021 +#ifndef SKB_COPY_EXPAND
8023 + * This is mostly skbuff.c:skb_copy().
8026 +skb_copy_expand(struct sk_buff *skb, int headroom, int tailroom, int priority)
8028 + struct sk_buff *n;
8029 + unsigned long offset;
8032 + * Do sanity checking
8034 + if((headroom < 0) || (tailroom < 0) || ((headroom+tailroom) < 0)) {
8035 + printk(KERN_WARNING "klips_error:skb_copy_expand: "
8036 + "Illegal negative head,tailroom %d,%d\n",
8037 + headroom, tailroom);
8041 + * Allocate the copy buffer
8046 +#endif /* !NET_21 */
8049 + n=alloc_skb(skb->end - skb->head + headroom + tailroom, priority);
8051 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8052 + "klips_debug:skb_copy_expand: "
8053 + "head=%p data=%p tail=%p end=%p end-head=%d tail-data=%d\n",
8058 + skb->end - skb->head,
8059 + skb->tail - skb->data);
8065 + * Shift between the two data areas in bytes
8068 + /* offset=n->head-skb->head; */ /* moved down a few lines */
8070 + /* Set the data pointer */
8071 + skb_reserve(n,skb->data-skb->head+headroom);
8072 + /* Set the tail pointer and length */
8073 + if(skb_tailroom(n) < skb->len) {
8074 + printk(KERN_WARNING "klips_error:skb_copy_expand: "
8075 + "tried to skb_put %ld, %d available. "
8076 + "This should never happen, please report.\n",
8077 + (unsigned long int)skb->len, skb_tailroom(n));
8078 + dev_kfree_skb(n, FREE_WRITE);
8081 + skb_put(n,skb->len);
8083 + offset=n->head + headroom - skb->head;
8085 + /* Copy the bytes */
8086 + memcpy(n->head + headroom, skb->head,skb->end-skb->head);
8088 + n->csum=skb->csum;
8089 + n->priority=skb->priority;
8090 + n->dst=dst_clone(skb->dst);
8092 + n->nh.raw=skb->nh.raw+offset;
8094 + atomic_set(&n->users, 1);
8095 + n->destructor = NULL;
8096 + n->security=skb->security;
8099 + n->when=skb->when;
8101 + n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset);
8102 + n->saddr=skb->saddr;
8103 + n->daddr=skb->daddr;
8104 + n->raddr=skb->raddr;
8106 + n->end_seq=skb->end_seq;
8107 + n->ack_seq=skb->ack_seq;
8108 + n->acked=skb->acked;
8114 +#endif /* NET_21 */
8115 + n->protocol=skb->protocol;
8120 + n->h.raw=skb->h.raw+offset;
8122 + n->mac.raw=skb->mac.raw+offset;
8123 + memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv));
8124 + n->used=skb->used;
8125 + n->pkt_type=skb->pkt_type;
8126 + n->stamp=skb->stamp;
8130 +#endif /* !NET_21 */
8133 +#endif /* !SKB_COPY_EXPAND */
8135 +#ifdef CONFIG_IPSEC_DEBUG
8137 +ipsec_print_ip(struct iphdr *ip)
8139 + char buf[ADDRTOA_BUF];
8141 + printk(KERN_INFO "klips_debug: IP:");
8142 + printk(" ihl:%d", ip->ihl*4);
8143 + printk(" ver:%d", ip->version);
8144 + printk(" tos:%d", ip->tos);
8145 + printk(" tlen:%d", ntohs(ip->tot_len));
8146 + printk(" id:%d", ip->id);
8147 + printk(" frag_off:%d", ip->frag_off);
8148 + printk(" ttl:%d", ip->ttl);
8149 + printk(" proto:%d", ip->protocol);
8150 + printk(" chk:%d", ip->check);
8151 + addrtoa(*((struct in_addr*)(&ip->saddr)), 0, buf, sizeof(buf));
8152 + printk(" saddr:%s", buf);
8153 + addrtoa(*((struct in_addr*)(&ip->daddr)), 0, buf, sizeof(buf));
8154 + printk(" daddr:%s", buf);
8157 + if(sysctl_ipsec_debug_verbose) {
8161 + c = ((__u8*)ip) + ip->ihl*4;
8162 + for(i = 0; i < ntohs(ip->tot_len) - ip->ihl*4; i++ /*, c++*/) {
8164 + printk(KERN_INFO "klips_debug: @%03x:",
8167 + printk(" %02x", /***/c[i]);
8168 + if(!((i + 1) % 16)) {
8177 +#endif /* CONFIG_IPSEC_DEBUG */
8179 +#ifdef REAL_LOCKING_P
8184 +DEBUG_NO_STATIC int
8185 +ipsec_tunnel_lock(struct ipsecpriv *prv)
8187 + unsigned long flags;
8188 + save_flags(flags);
8191 + * Lock in an interrupt may fail
8193 + if(prv->locked && in_interrupt()) {
8194 + restore_flags(flags);
8197 + while(prv->locked)
8198 + sleep_on(&prv->wait_queue);
8200 + restore_flags(flags);
8204 +DEBUG_NO_STATIC void
8205 +ipsec_tunnel_unlock(struct ipsecpriv *prv)
8208 + wake_up(&prv->wait_queue);
8210 +#endif /* REAL_LOCKING_P */
8212 +DEBUG_NO_STATIC int
8213 +ipsec_tunnel_open(struct device *dev)
8215 + struct ipsecpriv *prv = dev->priv;
8218 + * Can't open until attached.
8221 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
8222 + "klips_debug:ipsec_tunnel_open: "
8223 + "dev = %s, prv->dev = %s\n",
8224 + dev->name, prv->dev?prv->dev->name:"NONE");
8226 + if (prv->dev == NULL)
8229 + MOD_INC_USE_COUNT;
8233 +DEBUG_NO_STATIC int
8234 +ipsec_tunnel_close(struct device *dev)
8236 + MOD_DEC_USE_COUNT;
8243 + * 1) Fragments arriving in the tunnel should probably be rejected.
8244 + * 2) How does this affect syncookies, mss_cache, dst cache ?
8245 + * 3) Path MTU discovery handling needs to be reviewed. For example,
8246 + * if we receive an ICMP 'packet too big' message from an intermediate
8247 + * router specifying it's next hop MTU, our stack may process this and
8248 + * adjust the MSS without taking our AH/ESP overheads into account.
8253 + * Recaclulate checksum using differences between changed datum,
8254 + * borrowed from netfilter.
8256 +DEBUG_NO_STATIC u_int16_t
8257 +ipsec_fast_csum(u_int32_t oldvalinv, u_int32_t newval, u_int16_t oldcheck)
8259 + u_int32_t diffs[] = { oldvalinv, newval };
8260 + return csum_fold(csum_partial((char *)diffs, sizeof(diffs),
8261 + oldcheck^0xFFFF));
8265 + * Determine effective MSS.
8267 + * Note that we assume that there is always an MSS option for our own
8268 + * SYN segments, which is mentioned in tcp_syn_build_options(), kernel 2.2.x.
8269 + * This could change, and we should probably parse TCP options instead.
8272 +DEBUG_NO_STATIC u_int8_t
8273 +ipsec_adjust_mss(struct sk_buff *skb, struct tcphdr *tcph, u_int16_t mtu)
8275 + u_int16_t oldmss, newmss;
8277 + struct sock *sk = skb->sk;
8279 + newmss = tcp_sync_mss(sk, mtu);
8280 + printk(KERN_INFO "klips: setting mss to %u\n", newmss);
8281 + mssp = (u_int32_t *)tcph + sizeof(struct tcphdr) / sizeof(u_int32_t);
8282 + oldmss = ntohl(*mssp) & 0x0000FFFF;
8283 + *mssp = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | newmss);
8284 + tcph->check = ipsec_fast_csum(htons(~oldmss),
8285 + htons(newmss), tcph->check);
8288 +#endif /* MSS_HACK */
8291 +static inline int ipsec_tunnel_xmit2(struct sk_buff *skb)
8293 + return ip_send(skb);
8298 + * This function assumes it is being called from dev_queue_xmit()
8299 + * and that skb is filled properly by that function.
8303 +ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev)
8305 + struct ipsecpriv *prv; /* Our device' private space */
8306 + struct sk_buff *oskb = NULL; /* Original skb pointer */
8307 + struct net_device_stats *stats; /* This device's statistics */
8308 + struct iphdr *iph; /* Our new IP header */
8309 + __u32 newdst; /* The other SG's IP address */
8310 + __u32 orgdst; /* Original IP destination address */
8311 + __u32 orgedst; /* 1st SG's IP address */
8312 + __u32 newsrc; /* The new source SG's IP address */
8313 + __u32 orgsrc; /* Original IP source address */
8314 + __u32 innersrc; /* Innermost IP source address */
8315 + int iphlen; /* IP header length */
8316 + int pyldsz; /* upper protocol payload size */
8319 + int max_headroom = 0; /* The extra header space needed */
8320 + int max_tailroom = 0; /* The extra stuffing needed */
8321 + int ll_headroom; /* The extra link layer hard_header space needed */
8322 + int tot_headroom = 0; /* The total header space needed */
8323 + int tot_tailroom = 0; /* The totalstuffing needed */
8324 + __u8 *saved_header = NULL; /* saved copy of the hard header */
8327 + struct sockaddr_encap matcher; /* eroute search key */
8328 + struct eroute *er;
8329 + struct tdb *tdbp, *tdbq; /* Tunnel Descriptor Block pointers */
8330 + char sa[SATOA_BUF];
8332 + int hard_header_stripped = 0; /* has the hard header been removed yet? */
8333 + int hard_header_len = 0;
8334 + struct device *physdev;
8335 +/* struct device *virtdev; */
8339 + struct rtable *rt = NULL;
8340 +#endif /* NET_21 */
8341 + struct sa_id outgoing_said;
8344 + * Return if there is nothing to do. (Does this ever happen?) XXX
8346 + if (skb == NULL) {
8347 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8348 + "klips_error:ipsec_tunnel_start_xmit: "
8349 + "Nothing to do!\n" );
8352 + if (dev == NULL) {
8353 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8354 + "klips_error:ipsec_tunnel_start_xmit: "
8355 + "No device associated with skb!\n" );
8360 + if (prv == NULL) {
8361 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8362 + "klips_error:ipsec_tunnel_start_xmit: "
8363 + "Device has no private structure!\n" );
8367 + physdev = prv->dev;
8368 + if (physdev == NULL) {
8369 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8370 + "klips_error:ipsec_tunnel_start_xmit: "
8371 + "Device is not attached to physical device!\n" );
8375 + physmtu = physdev->mtu;
8377 + stats = (struct net_device_stats *) &(prv->mystats);
8380 + /* if skb was cloned (most likely due to a packet sniffer such as
8381 + tcpdump being momentarily attached to the interface), make
8382 + a copy of our own to modify */
8383 + if(skb_cloned(skb)) {
8384 + if ((skb = skb_cow(skb, skb_headroom(skb))) == NULL) {
8385 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8386 + "klips_error:ipsec_tunnel_start_xmit: "
8387 + "skb_cow failed to allocate buffer, dropping.\n" );
8391 +#endif /* NET_21 */
8394 + iph = skb->nh.iph;
8396 + iph = skb->ip_hdr;
8397 +#endif /* NET_21 */
8399 + /* physdev->hard_header_len is unreliable and should not be used */
8400 + hard_header_len = (unsigned char *)iph - skb->data;
8402 + if(hard_header_len < 0) {
8403 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8404 + "klips_error:ipsec_tunnel_start_xmit: "
8405 + "Negative hard_header_len (%d)?!\n", hard_header_len);
8406 + stats->tx_dropped++;
8410 + if(hard_header_len == 0) { /* no hard header present */
8411 + hard_header_stripped = 1;
8414 +#ifdef CONFIG_IPSEC_DEBUG
8415 + if (debug_tunnel & DB_TN_XMIT) {
8419 + printk(KERN_INFO "klips_debug:ipsec_tunnel_start_xmit: "
8420 + ">>> skb->len=%ld hard_header_len:%d",
8421 + (unsigned long int)skb->len, hard_header_len);
8423 + for (i=0; i < hard_header_len; i++) {
8424 + printk("%c%02x", c, skb->data[i]);
8429 +#endif /* CONFIG_IPSEC_DEBUG */
8431 + KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, iph);
8437 + if ((iph->ihl << 2) != sizeof (struct iphdr)) {
8438 + KLIPS_PRINT(debug_tunnel,
8439 + "klips_debug:ipsec_tunnel_start_xmit: "
8440 + "cannot process IP header options yet. "
8441 + "May be mal-formed packet.\n"); /* XXX */
8442 + stats->tx_dropped++;
8447 + /* TTL decrement code (on the way out!) borrowed from ip_forward.c */
8449 + unsigned long checksum = iph->check;
8452 + * Re-compute the IP header checksum.
8453 + * This is efficient. We know what has happened to the header
8454 + * and can thus adjust the checksum as Phil Karn does in KA9Q
8455 + * except we do this in "network byte order".
8457 + checksum += htons(0x0100);
8458 + /* carry overflow? */
8459 + checksum += checksum >> 16;
8460 + iph->check = checksum;
8462 + if (iph->ttl <= 0) {
8463 + /* Tell the sender its packet died... */
8464 + ICMP_SEND(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0, physdev);
8466 + KLIPS_PRINT(debug_tunnel, "klips_debug:ipsec_tunnel_start_xmit: "
8467 + "TTL=0, too many hops!\n");
8468 + stats->tx_dropped++;
8471 +#endif /* !NET_21 */
8474 + * First things first -- look us up in the erouting tables.
8476 + matcher.sen_len = sizeof (struct sockaddr_encap);
8477 + matcher.sen_family = AF_ENCAP;
8478 + matcher.sen_type = SENT_IP4;
8479 + matcher.sen_ip_src.s_addr = iph->saddr;
8480 + matcher.sen_ip_dst.s_addr = iph->daddr;
8483 + * The spinlock is to prevent any other process from accessing or deleting
8484 + * the eroute while we are using and updating it.
8486 + spin_lock(&eroute_lock);
8488 + er = ipsec_findroute(&matcher);
8490 + outgoing_said = er->er_said;
8493 + spin_unlock(&eroute_lock);
8496 + * Quick cheat for now...are we udp/500? If so, let it through
8497 + * without interference since it is most likely an IKE packet.
8499 + if((ip_chk_addr((unsigned long)iph->saddr) == IS_MYADDR)
8500 + && ((!er) || (iph->daddr == outgoing_said.dst.s_addr))) {
8501 + if(iph->protocol == IPPROTO_UDP) {
8502 + struct udphdr *udph = (struct udphdr*)((caddr_t)iph + (iph->ihl << 2));
8503 + if(ntohs(udph->dest) == 500) {
8504 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8505 + "klips_debug:ipsec_tunnel_start_xmit: "
8506 + "udp/500 IKE packet, sending unprocessed, "
8507 + "calling dev_queue_xmit\n");
8511 + DEV_QUEUE_XMIT(skb, physdev, SOPRI_NORMAL);
8512 + /* IP_SEND(skb, physdev); */
8520 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8521 + "klips_debug:ipsec_tunnel_start_xmit: "
8522 + "Original head,tailroom: %d,%d\n",
8523 + skb_headroom(skb), skb_tailroom(skb));
8525 + innersrc = iph->saddr;
8526 + /* start encapsulation loop here XXX */
8528 + newdst = orgdst = iph->daddr;
8529 + newsrc = orgsrc = iph->saddr;
8530 + orgedst = outgoing_said.dst.s_addr;
8531 + iphlen = iph->ihl << 2;
8532 + pyldsz = ntohs(iph->tot_len) - iphlen;
8533 + max_headroom = max_tailroom = 0;
8536 + if(sysctl_ipsec_no_eroute_pass) {
8537 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8538 + "klips_debug:ipsec_tunnel_start_xmit: "
8539 + "no eroute!: calling dev_queue_xmit\n");
8543 + DEV_QUEUE_XMIT(skb, physdev, SOPRI_NORMAL);
8544 + /* IP_SEND(skb, physdev); */
8548 + if(sysctl_ipsec_opportunistic && !er) {
8550 + struct sockaddr_in src, dst;
8551 +#ifdef CONFIG_IPSEC_DEBUG
8552 + char buf[ADDRTOA_BUF];
8553 +#endif /* CONFIG_IPSEC_DEBUG */
8555 + tdb.tdb_said.proto = iph->protocol;
8556 + src.sin_family = AF_INET;
8557 + dst.sin_family = AF_INET;
8558 + src.sin_addr.s_addr = iph->saddr;
8559 + dst.sin_addr.s_addr = iph->daddr;
8561 + (iph->protocol == IPPROTO_UDP
8562 + ? ((struct udphdr*) (((caddr_t)iph) + (iph->ihl << 2)))->source
8563 + : (iph->protocol == IPPROTO_TCP
8564 + ? ((struct tcphdr*)((caddr_t)iph + (iph->ihl << 2)))->source
8567 + (iph->protocol == IPPROTO_UDP
8568 + ? ((struct udphdr*) (((caddr_t)iph) + (iph->ihl << 2)))->dest
8569 + : (iph->protocol == IPPROTO_TCP
8570 + ? ((struct tcphdr*)((caddr_t)iph + (iph->ihl << 2)))->dest
8573 + i < sizeof(struct sockaddr_in)
8574 + - offsetof(struct sockaddr_in, sin_zero);
8576 + src.sin_zero[i] = 0;
8577 + dst.sin_zero[i] = 0;
8580 + tdb.tdb_addr_s = (struct sockaddr*)(&src);
8581 + tdb.tdb_addr_d = (struct sockaddr*)(&dst);
8582 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8583 + "klips_debug:ipsec_tunnel_start_xmit: "
8584 + "SADB_ACQUIRE sent with src=%s:%d, dst=%s:%d, proto=%d.\n",
8585 + addrtoa(((struct sockaddr_in*)(tdb.tdb_addr_s))->sin_addr, 0, buf, sizeof(buf)) <= ADDRTOA_BUF ? buf : "BAD_ADDR",
8586 + ((struct sockaddr_in*)(tdb.tdb_addr_s))->sin_port,
8587 + addrtoa(((struct sockaddr_in*)(tdb.tdb_addr_d))->sin_addr, 0, buf, sizeof(buf)) <= ADDRTOA_BUF ? buf : "BAD_ADDR",
8588 + ((struct sockaddr_in*)(tdb.tdb_addr_d))->sin_port,
8589 + tdb.tdb_said.proto);
8590 + pfkey_acquire(&tdb);
8592 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8593 + "klips_debug:ipsec_tunnel_start_xmit: "
8594 + "no eroute!: dropping.\n");
8595 + stats->tx_dropped++;
8602 + If the packet matches an eroute with an SA.proto of IP
8604 + an SA.spi of '0', then forward the packet unprotected.
8605 + XXX -- This should eventually go into an SPD.
8607 + if((outgoing_said.proto == IPPROTO_IPIP) && (outgoing_said.spi == 0)) {
8608 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8609 + "klips_debug:ipsec_tunnel_start_xmit: "
8610 + "passthrough eroute, packet sent.\n");
8614 + DEV_QUEUE_XMIT(skb, physdev, SOPRI_NORMAL);
8615 + /* IP_SEND(skb, physdev); */
8622 + * The spinlock is to prevent any other process from accessing or deleting
8623 + * the tdb while we are using and updating it.
8625 + spin_lock(&tdb_lock);
8627 + tdbp = gettdb(&outgoing_said);
8628 + sa_len = satoa(outgoing_said, 0, sa, SATOA_BUF);
8630 + if (tdbp == NULL) {
8631 + spin_unlock(&tdb_lock);
8632 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8633 + "klips_debug:ipsec_tunnel_start_xmit: "
8634 + "no Tunnel Descriptor Block for SA%s: "
8635 + "outgoing packet with no SA, dropped.\n", sa);
8636 + stats->tx_dropped++;
8640 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8641 + "klips_debug:ipsec_tunnel_start_xmit: "
8642 + "found Tunnel Descriptor Block -- SA:<%s%s%s> %s\n",
8643 + TDB_XFORM_NAME(tdbp), sa);
8646 + * How much headroom do we need to be able to apply
8647 + * all the grouped transforms?
8649 + tdbq = tdbp; /* save the head of the tdb chain */
8651 + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
8653 + /* If it is in larval state, drop the packet, we cannot process yet. */
8654 + if(tdbp->tdb_state == SADB_SASTATE_LARVAL) {
8655 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8656 + "klips_debug:ipsec_tunnel_start_xmit: "
8657 + "TDB in larval state for SA:<%s%s%s> %s, "
8658 + "cannot be used yet, dropping packet.\n",
8659 + TDB_XFORM_NAME(tdbp), sa);
8660 + spin_unlock(&tdb_lock);
8661 + stats->tx_errors++;
8665 + if(tdbp->tdb_state == SADB_SASTATE_DEAD) {
8666 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8667 + "klips_debug:ipsec_tunnel_start_xmit: "
8668 + "TDB in dead state for SA:<%s%s%s> %s, "
8669 + "can no longer be used, dropping packet.\n",
8670 + TDB_XFORM_NAME(tdbp), sa);
8671 + spin_unlock(&tdb_lock);
8672 + stats->tx_errors++;
8676 + /* If the replay window counter == -1, expire SA, it will roll */
8677 + if(tdbp->tdb_replaywin && tdbp->tdb_replaywin_lastseq == -1) {
8678 + pfkey_expire(tdbp, 1);
8679 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8680 + "klips_debug:ipsec_tunnel_start_xmit: "
8681 + "replay window counter rolled for SA:<%s%s%s> %s, "
8682 + "packet dropped, expiring SA.\n",
8683 + TDB_XFORM_NAME(tdbp), sa);
8684 + deltdbchain(tdbp);
8685 + spin_unlock(&tdb_lock);
8686 + stats->tx_errors++;
8690 + /* If any of the lifetime counters have overflowed, expire the SA(s). */
8691 + if(tdbp->tdb_lifetime_bytes_h &&
8692 + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_h)) {
8693 + pfkey_expire(tdbp, 1);
8694 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8695 + "klips_debug:ipsec_tunnel_start_xmit: "
8696 + "hard bytes lifetime of SA:<%s%s%s> %s has been reached, "
8697 + "SA expired, outgoing packet dropped.\n",
8698 + TDB_XFORM_NAME(tdbp), sa);
8699 + deltdbchain(tdbp);
8700 + spin_unlock(&tdb_lock);
8701 + stats->tx_errors++;
8704 + if(tdbp->tdb_lifetime_bytes_s &&
8705 + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_s)) {
8706 + pfkey_expire(tdbp, 0);
8707 + tdbp->tdb_state = SADB_SASTATE_DYING;
8708 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8709 + "klips_debug:ipsec_tunnel_start_xmit: "
8710 + "soft bytes lifetime of SA:<%s%s%s> %s has been reached, "
8711 + "SA expiring, soft expire message sent up, "
8712 + "outgoing packet still processed.\n",
8713 + TDB_XFORM_NAME(tdbp), sa);
8716 + if(tdbp->tdb_lifetime_addtime_h &&
8717 + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c >
8718 + tdbp->tdb_lifetime_addtime_h)) {
8719 + pfkey_expire(tdbp, 1);
8720 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8721 + "klips_debug:ipsec_tunnel_start_xmit: "
8722 + "hard addtime lifetime of SA:<%s%s%s> %s has been reached, "
8723 + "SA expired, outgoing packet dropped.\n",
8724 + TDB_XFORM_NAME(tdbp), sa);
8725 + deltdbchain(tdbp);
8726 + spin_unlock(&tdb_lock);
8727 + stats->tx_errors++;
8730 + if(tdbp->tdb_lifetime_addtime_s &&
8731 + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c >
8732 + tdbp->tdb_lifetime_addtime_s)) {
8733 + pfkey_expire(tdbp, 0);
8734 + tdbp->tdb_state = SADB_SASTATE_DYING;
8735 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8736 + "klips_debug:ipsec_tunnel_start_xmit: "
8737 + "soft addtime lifetime of SA:<%s%s%s> %s has been reached, "
8738 + "SA expiring, soft expire message sent up, "
8739 + "outgoing packet still processed.\n",
8740 + TDB_XFORM_NAME(tdbp), sa);
8743 + if(tdbp->tdb_lifetime_usetime_c) {
8744 + if(tdbp->tdb_lifetime_usetime_h &&
8745 + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c >
8746 + tdbp->tdb_lifetime_usetime_h)) {
8747 + pfkey_expire(tdbp, 1);
8748 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8749 + "klips_debug:ipsec_tunnel_start_xmit: "
8750 + "hard usetime lifetime of SA:<%s%s%s> %s has been reached, "
8751 + "SA expired, outgoing packet dropped.\n",
8752 + TDB_XFORM_NAME(tdbp), sa);
8753 + deltdbchain(tdbp);
8754 + spin_unlock(&tdb_lock);
8755 + stats->tx_errors++;
8758 + if(tdbp->tdb_lifetime_usetime_s &&
8759 + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c >
8760 + tdbp->tdb_lifetime_usetime_s)) {
8761 + pfkey_expire(tdbp, 0);
8762 + tdbp->tdb_state = SADB_SASTATE_DYING;
8763 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8764 + "klips_debug:ipsec_tunnel_start_xmit: "
8765 + "soft usetime lifetime of SA:<%s%s%s> %s has been reached, "
8766 + "SA expiring, soft expire message sent up, "
8767 + "outgoing packet still processed.\n",
8768 + TDB_XFORM_NAME(tdbp), sa);
8772 + if(tdbp->tdb_lifetime_packets_h &&
8773 + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_h)) {
8774 + pfkey_expire(tdbp, 1);
8775 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8776 + "klips_debug:ipsec_tunnel_start_xmit: "
8777 + "hard packets lifetime of SA:<%s%s%s> %s has been reached, "
8778 + "SA expired, outgoing packet dropped.\n",
8779 + TDB_XFORM_NAME(tdbp), sa);
8780 + deltdbchain(tdbp);
8781 + spin_unlock(&tdb_lock);
8782 + stats->tx_errors++;
8785 + if(tdbp->tdb_lifetime_packets_s &&
8786 + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_s)) {
8787 + pfkey_expire(tdbp, 0);
8788 + tdbp->tdb_state = SADB_SASTATE_DYING;
8789 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
8790 + "klips_debug:ipsec_tunnel_start_xmit: "
8791 + "soft packets lifetime of SA:<%s%s%s> %s has been reached, "
8792 + "SA expiring, soft expire message sent up, "
8793 + "outgoing packet still processed.\n",
8794 + TDB_XFORM_NAME(tdbp), sa);
8797 + headroom = tailroom = 0;
8798 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8799 + "klips_debug:ipsec_tunnel_start_xmit: "
8800 + "calling room for <%s%s%s>, SA:%s\n",
8801 + TDB_XFORM_NAME(tdbp), sa);
8802 + switch(tdbp->tdb_said.proto) {
8803 +#ifdef CONFIG_IPSEC_AH
8805 + headroom += sizeof(struct ah);
8807 +#endif /* CONFIG_IPSEC_AH */
8808 +#ifdef CONFIG_IPSEC_ESP
8810 + switch(tdbp->tdb_encalg) {
8811 +#ifdef CONFIG_IPSEC_ENC_3DES
8813 + headroom += sizeof(struct esp);
8815 +#endif /* CONFIG_IPSEC_ENC_3DES */
8816 +#ifdef CONFIG_IPSEC_ENC_NULL
8818 + headroom += offsetof(struct esp, esp_iv);
8820 +#endif /* CONFIG_IPSEC_ENC_NULL */
8822 + spin_unlock(&tdb_lock);
8823 + stats->tx_errors++;
8826 + switch(tdbp->tdb_authalg) {
8827 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
8829 + tailroom += AHHMAC_HASHLEN;
8831 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
8832 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
8834 + tailroom += AHHMAC_HASHLEN;
8836 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
8840 + spin_unlock(&tdb_lock);
8841 + stats->tx_errors++;
8844 + tailroom += ((8 - ((pyldsz + 2 * sizeof(unsigned char)) % 8)) % 8) + 2;
8846 +#endif /* !CONFIG_IPSEC_ESP */
8847 +#ifdef CONFIG_IPSEC_IPIP
8848 + case IPPROTO_IPIP:
8849 + headroom += sizeof(struct iphdr);
8851 +#endif /* !CONFIG_IPSEC_IPIP */
8852 + case IPPROTO_COMP:
8853 +#ifdef CONFIG_IPSEC_IPCOMP
8855 + We can't predict how much the packet will
8856 + shrink without doing the actual compression.
8857 + We could do it here, if we were the first
8858 + encapsulation in the chain. That might save
8859 + us a skb_copy_expand, since we might fit
8860 + into the existing skb then. However, this
8861 + would be a bit unclean (and this hack has
8862 + bit us once), so we better not do it. After
8863 + all, the skb_copy_expand is cheap in
8864 + comparison to the actual compression.
8865 + At least we know the packet will not grow.
8868 +#endif /* CONFIG_IPSEC_IPCOMP */
8870 + spin_unlock(&tdb_lock);
8871 + stats->tx_errors++;
8874 + tdbp = tdbp->tdb_onext;
8875 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8876 + "klips_debug:ipsec_tunnel_start_xmit: "
8877 + "Required head,tailroom: %d,%d\n",
8878 + headroom, tailroom);
8879 + max_headroom += headroom;
8880 + max_tailroom += tailroom;
8881 + pyldsz += (headroom + tailroom);
8883 + tdbp = tdbq; /* restore the head of the tdb chain */
8885 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8886 + "klips_debug:ipsec_tunnel_start_xmit: "
8887 + "existing head,tailroom: %d,%d "
8888 + "before applying xforms with head,tailroom: %d,%d .\n",
8889 + skb_headroom(skb), skb_tailroom(skb),
8890 + max_headroom, max_tailroom);
8892 + tot_headroom += max_headroom;
8893 + tot_tailroom += max_tailroom;
8895 + mtudiff = prv->mtu + tot_headroom + tot_tailroom - physmtu;
8897 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8898 + "klips_debug:ipsec_tunnel_start_xmit: mtu:%d physmtu:%d "
8899 + "tothr:%d tottr:%d mtudiff:%d ippkttotlen:%d\n",
8900 + prv->mtu, physmtu,
8901 + tot_headroom, tot_tailroom, mtudiff, ntohs(iph->tot_len));
8903 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8904 + "klips_info:ipsec_tunnel_start_xmit: "
8905 + "dev %s mtu of %d decreased by %d\n",
8908 + prv->mtu - (physmtu - tot_headroom - tot_tailroom));
8909 + prv->mtu = physmtu - (tot_headroom + tot_tailroom + 7); /* add some slop? */
8912 + skb->dst->pmtu = prv->mtu; /* RGB */
8916 + dev->mtu = prv->mtu; /* RGB */
8918 +#endif /* NET_21 */
8923 + * If this is a transport mode TCP packet with
8924 + * SYN set, determine an effective MSS based on
8925 + * AH/ESP overheads determined above.
8927 + if (iph->protocol == IPPROTO_TCP
8928 + && outgoing_said.proto != IPPROTO_IPIP) {
8929 + struct tcphdr *tcph = skb->h.th;
8930 + if (tcph->syn && !tcph->ack) {
8931 + if(!ipsec_adjust_mss(skb, tcph, prv->mtu)) {
8932 + spin_unlock(&tdb_lock);
8933 + printk(KERN_WARNING "klips: "
8934 + "ipsec_adjust_mss() failed\n");
8935 + stats->tx_errors++;
8940 +#endif /* MSS_HACK */
8942 + if(!hard_header_stripped) {
8943 + if((saved_header = kmalloc(hard_header_len, GFP_ATOMIC)) == NULL) {
8944 + spin_unlock(&tdb_lock);
8945 + printk(KERN_WARNING "klips_debug:ipsec_tunnel_start_xmit: Failed, "
8946 + "tried to allocate %d bytes for temp hard_header.\n",
8948 + stats->tx_errors++;
8951 + for (i = 0; i < hard_header_len; i++) {
8952 + saved_header[i] = skb->data[i];
8954 + if(skb->len < hard_header_len) {
8955 + spin_unlock(&tdb_lock);
8956 + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: "
8957 + "tried to skb_pull hhlen=%d, %d available. "
8958 + "This should never happen, please report.\n",
8959 + hard_header_len, (int)(skb->len));
8960 + stats->tx_errors++;
8963 + skb_pull(skb, hard_header_len);
8964 + hard_header_stripped = 1;
8966 +/* iph = (struct iphdr *) (skb->data); */
8967 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8968 + "klips_debug:ipsec_tunnel_start_xmit: "
8969 + "head,tailroom: %d,%d after hard_header stripped.\n",
8970 + skb_headroom(skb), skb_tailroom(skb));
8971 + KLIPS_IP_PRINT(debug_tunnel & DB_TN_CROUT, iph);
8973 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8974 + "klips_debug:ipsec_tunnel_start_xmit: "
8975 + "hard header already stripped.\n");
8978 + ll_headroom = (hard_header_len + 15) & ~15;
8980 + if ((skb_headroom(skb) >= max_headroom + 2 * ll_headroom) &&
8981 + (skb_tailroom(skb) >= max_tailroom)
8984 +#endif /* !NET_21 */
8986 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
8987 + "klips_debug:ipsec_tunnel_start_xmit: "
8988 + "data fits in existing skb\n");
8990 + struct sk_buff* tskb = skb;
8996 + tskb = skb_copy_expand(skb,
8997 + /* The reason for 2 * link layer length here still baffles me...RGB */
8998 + max_headroom + 2 * ll_headroom,
9002 + if(tskb && skb->sk) {
9003 + skb_set_owner_w(tskb, skb->sk);
9005 +#endif /* NET_21 */
9006 + if(!(skb == oskb) ) {
9007 + dev_kfree_skb(skb, FREE_WRITE);
9011 + spin_unlock(&tdb_lock);
9012 + printk(KERN_WARNING "klips_debug:ipsec_tunnel_start_xmit: Failed, "
9013 + "tried to allocate %d head and %d tailroom\n",
9014 + max_headroom, max_tailroom);
9015 + stats->tx_errors++;
9018 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9019 + "klips_debug:ipsec_tunnel_start_xmit: "
9020 + "head,tailroom: %d,%d after allocation\n",
9021 + skb_headroom(skb), skb_tailroom(skb));
9025 + * Apply grouped transforms to packet
9028 +#ifdef CONFIG_IPSEC_ESP
9031 + unsigned char *idat, *pad;
9032 + int authlen = 0, padlen = 0, i;
9033 +#endif /* !CONFIG_IPSEC_ESP */
9034 +#ifdef CONFIG_IPSEC_AH
9037 +#endif /* CONFIG_IPSEC_AH */
9038 +#if defined(CONFIG_IPSEC_AUTH_HMAC_MD5) || defined(CONFIG_IPSEC_AUTH_HMAC_SHA1)
9040 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
9042 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
9043 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
9045 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
9047 + __u8 hash[AH_AMAX];
9048 +#endif /* defined(CONFIG_IPSEC_AUTH_HMAC_MD5) || defined(CONFIG_IPSEC_AUTH_HMAC_SHA1) */
9049 + int headroom = 0, tailroom = 0, ilen = 0, len = 0;
9050 + unsigned char *dat;
9052 + iphlen = iph->ihl << 2;
9053 + pyldsz = ntohs(iph->tot_len) - iphlen;
9054 + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
9055 + KLIPS_PRINT(debug_tunnel & DB_TN_OXFS,
9056 + "klips_debug:ipsec_tunnel_start_xmit: "
9057 + "calling output for <%s%s%s>, SA:%s\n",
9058 + TDB_XFORM_NAME(tdbp), sa);
9060 + switch(tdbp->tdb_said.proto) {
9061 +#ifdef CONFIG_IPSEC_AH
9063 + headroom += sizeof(struct ah);
9065 +#endif /* CONFIG_IPSEC_AH */
9066 +#ifdef CONFIG_IPSEC_ESP
9068 + switch(tdbp->tdb_encalg) {
9069 +#ifdef CONFIG_IPSEC_ENC_3DES
9071 + headroom += sizeof(struct esp);
9073 +#endif /* CONFIG_IPSEC_ENC_3DES */
9074 +#ifdef CONFIG_IPSEC_ENC_NULL
9076 + headroom += offsetof(struct esp, esp_iv);
9078 +#endif /* CONFIG_IPSEC_ENC_NULL */
9080 + spin_unlock(&tdb_lock);
9081 + stats->tx_errors++;
9084 + switch(tdbp->tdb_authalg) {
9085 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
9087 + authlen = AHHMAC_HASHLEN;
9089 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
9090 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
9092 + authlen = AHHMAC_HASHLEN;
9094 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
9098 + spin_unlock(&tdb_lock);
9099 + stats->tx_errors++;
9102 + tailroom += ((8 - ((pyldsz + 2 * sizeof(unsigned char)) % 8)) % 8) + 2;
9103 + tailroom += authlen;
9105 +#endif /* !CONFIG_IPSEC_ESP */
9106 +#ifdef CONFIG_IPSEC_IPIP
9107 + case IPPROTO_IPIP:
9108 + headroom += sizeof(struct iphdr);
9110 +#endif /* !CONFIG_IPSEC_IPIP */
9111 +#ifdef CONFIG_IPSEC_IPCOMP
9112 + case IPPROTO_COMP:
9114 +#endif /* CONFIG_IPSEC_IPCOMP */
9116 + spin_unlock(&tdb_lock);
9117 + stats->tx_errors++;
9121 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9122 + "klips_debug:ipsec_tunnel_start_xmit: "
9123 + "pushing %d bytes, putting %d, proto %d.\n",
9124 + headroom, tailroom, tdbp->tdb_said.proto);
9125 + if(skb_headroom(skb) < headroom) {
9126 + spin_unlock(&tdb_lock);
9127 + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: "
9128 + "tried to skb_push headroom=%d, %d available. "
9129 + "This should never happen, please report.\n",
9130 + headroom, skb_headroom(skb));
9131 + stats->tx_errors++;
9134 + dat = skb_push(skb, headroom);
9135 + ilen = skb->len - tailroom;
9136 + if(skb_tailroom(skb) < tailroom) {
9137 + spin_unlock(&tdb_lock);
9138 + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: "
9139 + "tried to skb_put %d, %d available. "
9140 + "This should never happen, please report.\n",
9141 + tailroom, skb_tailroom(skb));
9142 + stats->tx_errors++;
9145 + skb_put(skb, tailroom);
9146 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9147 + "klips_debug:ipsec_tunnel_start_xmit: "
9148 + "head,tailroom: %d,%d before xform.\n",
9149 + skb_headroom(skb), skb_tailroom(skb));
9151 + if(len > 0xfff0) {
9152 + spin_unlock(&tdb_lock);
9153 + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: "
9154 + "tot_len (%d) > 65520. "
9155 + "This should never happen, please report.\n",
9157 + stats->tx_errors++;
9160 + memmove((void *)dat, (void *)(dat + headroom), iphlen);
9161 + iph = (struct iphdr *)dat;
9162 + iph->tot_len = htons(skb->len);
9164 + switch(tdbp->tdb_said.proto) {
9165 +#ifdef CONFIG_IPSEC_ESP
9167 + espp = (struct esp *)(dat + iphlen);
9168 + espp->esp_spi = tdbp->tdb_said.spi;
9169 + espp->esp_rpl = htonl(++(tdbp->tdb_replaywin_lastseq));
9171 + switch(tdbp->tdb_encalg) {
9172 +#if defined(CONFIG_IPSEC_ENC_3DES)
9173 +#ifdef CONFIG_IPSEC_ENC_3DES
9175 +#endif /* CONFIG_IPSEC_ENC_3DES */
9176 + iv[0] = *((__u32*)&(espp->esp_iv) ) =
9177 + ((__u32*)(tdbp->tdb_iv))[0];
9178 + iv[1] = *((__u32*)&(espp->esp_iv) + 1) =
9179 + ((__u32*)(tdbp->tdb_iv))[1];
9181 +#endif /* defined(CONFIG_IPSEC_ENC_3DES) */
9182 +#ifdef CONFIG_IPSEC_ENC_NULL
9185 +#endif /* CONFIG_IPSEC_ENC_NULL */
9187 + spin_unlock(&tdb_lock);
9188 + stats->tx_errors++;
9192 + idat = dat + iphlen + headroom;
9193 + ilen = len - (iphlen + headroom + authlen);
9195 + /* Self-describing padding */
9196 + pad = &dat[len - tailroom];
9197 + padlen = tailroom - 2 - authlen;
9198 + for (i = 0; i < padlen; i++) {
9201 + dat[len - authlen - 2] = padlen;
9203 + dat[len - authlen - 1] = iph->protocol;
9204 + iph->protocol = IPPROTO_ESP;
9206 + switch(tdbp->tdb_encalg) {
9207 +#ifdef CONFIG_IPSEC_ENC_3DES
9209 + des_ede3_cbc_encrypt(idat, idat, ilen,
9210 + (caddr_t)(&((struct des_eks*)(tdbp->tdb_key_e))[0]),
9211 + (caddr_t)(&((struct des_eks*)(tdbp->tdb_key_e))[1]),
9212 + (caddr_t)(&((struct des_eks*)(tdbp->tdb_key_e))[2]),
9215 +#endif /* CONFIG_IPSEC_ENC_3DES */
9216 +#ifdef CONFIG_IPSEC_ENC_NULL
9219 +#endif /* CONFIG_IPSEC_ENC_NULL */
9221 + spin_unlock(&tdb_lock);
9222 + stats->tx_errors++;
9226 + switch(tdbp->tdb_encalg) {
9227 +#if defined(CONFIG_IPSEC_ENC_3DES)
9228 +#ifdef CONFIG_IPSEC_ENC_3DES
9230 +#endif /* CONFIG_IPSEC_ENC_3DES */
9231 + /* XXX update IV with the last 8 octets of the encryption */
9232 + ((__u32*)(tdbp->tdb_iv))[0] =
9233 + ((__u32 *)(idat))[(ilen >> 2) - 2];
9234 + ((__u32*)(tdbp->tdb_iv))[1] =
9235 + ((__u32 *)(idat))[(ilen >> 2) - 1];
9237 +#endif /* defined(CONFIG_IPSEC_ENC_3DES) */
9238 +#ifdef CONFIG_IPSEC_ENC_NULL
9241 +#endif /* CONFIG_IPSEC_ENC_NULL */
9243 + spin_unlock(&tdb_lock);
9244 + stats->tx_errors++;
9248 + switch(tdbp->tdb_authalg) {
9249 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
9251 + dmp("espp", (char*)espp, len - iphlen - authlen);
9252 + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->ictx;
9253 + dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5));
9254 + MD5Update(&tctx.md5, (caddr_t)espp, len - iphlen - authlen);
9255 + dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5));
9256 + MD5Final(hash, &tctx.md5);
9257 + dmp("ictx hash", (char*)&hash, sizeof(hash));
9258 + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->octx;
9259 + dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5));
9260 + MD5Update(&tctx.md5, hash, AHMD596_ALEN);
9261 + dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5));
9262 + MD5Final(hash, &tctx.md5);
9263 + dmp("octx hash", (char*)&hash, sizeof(hash));
9264 + memcpy(&(dat[len - authlen]), hash, authlen);
9267 + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5));
9268 + memset((caddr_t)hash, 0, sizeof(*hash));
9270 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
9271 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
9273 + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx;
9274 + SHA1Update(&tctx.sha1, (caddr_t)espp, len - iphlen - authlen);
9275 + SHA1Final(hash, &tctx.sha1);
9276 + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->octx;
9277 + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN);
9278 + SHA1Final(hash, &tctx.sha1);
9279 + memcpy(&(dat[len - authlen]), hash, authlen);
9282 + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1));
9283 + memset((caddr_t)hash, 0, sizeof(*hash));
9285 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
9289 + spin_unlock(&tdb_lock);
9290 + stats->tx_errors++;
9294 + skb->h.raw = (unsigned char*)espp;
9295 +#endif /* NET_21 */
9297 +#endif /* !CONFIG_IPSEC_ESP */
9298 +#ifdef CONFIG_IPSEC_AH
9300 + ahp = (struct ah *)(dat + iphlen);
9301 + ahp->ah_spi = tdbp->tdb_said.spi;
9302 + ahp->ah_rpl = htonl(++(tdbp->tdb_replaywin_lastseq));
9304 + ahp->ah_nh = iph->protocol;
9305 + ahp->ah_hl = (headroom >> 2) - sizeof(__u64)/sizeof(__u32);
9306 + iph->protocol = IPPROTO_AH;
9307 + dmp("ahp", (char*)ahp, sizeof(*ahp));
9314 + dmp("ipo", (char*)&ipo, sizeof(ipo));
9316 + switch(tdbp->tdb_authalg) {
9317 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
9319 + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->ictx;
9320 + dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5));
9321 + MD5Update(&tctx.md5, (unsigned char *)&ipo, sizeof (struct iphdr));
9322 + dmp("ictx+ipo", (char*)&tctx.md5, sizeof(tctx.md5));
9323 + MD5Update(&tctx.md5, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data));
9324 + dmp("ictx+ahp", (char*)&tctx.md5, sizeof(tctx.md5));
9325 + MD5Update(&tctx.md5, (unsigned char *)zeroes, AHHMAC_HASHLEN);
9326 + dmp("ictx+zeroes", (char*)&tctx.md5, sizeof(tctx.md5));
9327 + MD5Update(&tctx.md5, dat + iphlen + headroom, len - iphlen - headroom);
9328 + dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5));
9329 + MD5Final(hash, &tctx.md5);
9330 + dmp("ictx hash", (char*)&hash, sizeof(hash));
9331 + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->octx;
9332 + dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5));
9333 + MD5Update(&tctx.md5, hash, AHMD596_ALEN);
9334 + dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5));
9335 + MD5Final(hash, &tctx.md5);
9336 + dmp("octx hash", (char*)&hash, sizeof(hash));
9338 + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN);
9341 + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5));
9342 + memset((caddr_t)hash, 0, sizeof(hash));
9344 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
9345 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
9347 + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx;
9348 + SHA1Update(&tctx.sha1, (unsigned char *)&ipo, sizeof (struct iphdr));
9349 + SHA1Update(&tctx.sha1, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data));
9350 + SHA1Update(&tctx.sha1, (unsigned char *)zeroes, AHHMAC_HASHLEN);
9351 + SHA1Update(&tctx.sha1, dat + iphlen + headroom, len - iphlen - headroom);
9352 + SHA1Final(hash, &tctx.sha1);
9353 + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->octx;
9354 + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN);
9355 + SHA1Final(hash, &tctx.sha1);
9357 + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN);
9360 + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1));
9361 + memset((caddr_t)hash, 0, sizeof(hash));
9363 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
9365 + spin_unlock(&tdb_lock);
9366 + stats->tx_errors++;
9370 + skb->h.raw = (unsigned char*)ahp;
9371 +#endif /* NET_21 */
9373 +#endif /* CONFIG_IPSEC_AH */
9374 +#ifdef CONFIG_IPSEC_IPIP
9375 + case IPPROTO_IPIP:
9377 + switch(sysctl_ipsec_tos) {
9380 + iph->tos = skb->nh.iph->tos;
9382 + iph->tos = skb->ip_hdr->tos;
9383 +#endif /* NET_21 */
9391 + iph->ttl = ip_statistics.IpDefaultTTL;
9393 + iph->ttl = 64; /* ip_statistics.IpDefaultTTL; */
9394 +#endif /* NET_21 */
9395 + iph->frag_off = 0;
9396 + iph->saddr = ((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr.s_addr;
9397 + iph->daddr = ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr;
9398 + iph->protocol = IPPROTO_IPIP;
9399 + iph->ihl = sizeof(struct iphdr) >> 2 /* 5 */;
9400 +#ifdef IP_SELECT_IDENT
9401 + /* XXX use of skb->dst below is a questionable
9402 + substitute for &rt->u.dst which is only
9403 + available later-on */
9404 + ip_select_ident(iph, skb->dst);
9406 + iph->id = htons(ip_id_count++); /* Race condition here? */
9409 + newdst = (__u32)iph->daddr;
9410 + newsrc = (__u32)iph->saddr;
9413 + skb->h.ipiph = skb->nh.iph;
9414 +#endif /* NET_21 */
9416 +#endif /* !CONFIG_IPSEC_IPIP */
9417 +#ifdef CONFIG_IPSEC_IPCOMP
9418 + case IPPROTO_COMP:
9420 + unsigned int flags = 0;
9421 +#ifdef CONFIG_IPSEC_DEBUG
9422 + unsigned int old_tot_len = ntohs(iph->tot_len);
9424 + tdbp->tdb_comp_ratio_dbytes += ntohs(iph->tot_len);
9426 + skb = skb_compress(skb, tdbp, &flags);
9429 + iph = skb->nh.iph;
9431 + iph = skb->ip_hdr;
9432 +#endif /* NET_21 */
9434 + tdbp->tdb_comp_ratio_cbytes += ntohs(iph->tot_len);
9436 +#ifdef CONFIG_IPSEC_DEBUG
9437 + if (debug_tunnel & DB_TN_CROUT)
9439 + if (old_tot_len > ntohs(iph->tot_len))
9440 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9441 + "klips_debug:ipsec_tunnel_start_xmit: "
9442 + "packet shrunk from %d to %d bytes after compression, cpi=%04x (should be from spi=%08x, spi&0xffff=%04x.\n",
9443 + old_tot_len, ntohs(iph->tot_len),
9444 + ntohs(((struct ipcomphdr*)(((char*)iph) + ((iph->ihl) << 2)))->ipcomp_cpi),
9445 + ntohl(tdbp->tdb_said.spi),
9446 + (__u16)(ntohl(tdbp->tdb_said.spi) & 0x0000ffff));
9448 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9449 + "klips_debug:ipsec_tunnel_start_xmit: "
9450 + "packet did not compress (flags = %d).\n",
9453 +#endif /* CONFIG_IPSEC_DEBUG */
9456 +#endif /* CONFIG_IPSEC_IPCOMP */
9458 + spin_unlock(&tdb_lock);
9459 + stats->tx_errors++;
9464 + skb->nh.raw = skb->data;
9466 + skb->ip_hdr = skb->h.iph = (struct iphdr *) skb->data;
9467 +#endif /* NET_21 */
9469 + iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
9471 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
9472 + "klips_debug:ipsec_tunnel_start_xmit: "
9473 + "after <%s%s%s>, SA:%s:\n",
9474 + TDB_XFORM_NAME(tdbp), sa);
9475 + KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, iph);
9477 + tdbp->tdb_lifetime_bytes_c += len;
9478 + if(!tdbp->tdb_lifetime_usetime_c) {
9479 + tdbp->tdb_lifetime_usetime_c = jiffies / HZ;
9481 + tdbp->tdb_lifetime_usetime_l = jiffies / HZ;
9482 + tdbp->tdb_lifetime_packets_c += 1;
9484 + tdbp = tdbp->tdb_onext;
9487 + /* end encapsulation loop here XXX */
9489 + spin_unlock(&tdb_lock);
9491 + matcher.sen_ip_src.s_addr = iph->saddr;
9492 + matcher.sen_ip_dst.s_addr = iph->daddr;
9493 + spin_lock(&eroute_lock);
9494 + er = ipsec_findroute(&matcher);
9496 + outgoing_said = er->er_said;
9498 + spin_unlock(&eroute_lock);
9499 + KLIPS_PRINT(/* ((orgdst != newdst) || (orgsrc != newsrc)) */
9500 + (orgedst != outgoing_said.dst.s_addr) &&
9501 + outgoing_said.dst.s_addr &&
9503 + (debug_tunnel & DB_TN_XMIT),
9504 + "klips_debug:ipsec_tunnel_start_xmit: We are recursing here.\n");
9505 + } while(/*((orgdst != newdst) || (orgsrc != newsrc))*/
9506 + (orgedst != outgoing_said.dst.s_addr) &&
9507 + outgoing_said.dst.s_addr &&
9510 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9511 + "klips_debug:ipsec_tunnel_start_xmit: "
9512 + "After recursive xforms -- head,tailroom: %d,%d\n",
9513 + skb_headroom(skb), skb_tailroom(skb));
9515 + if(sysctl_ipsec_icmp && (innersrc != newsrc) && (ntohs(iph->tot_len) > physmtu)) {
9516 + ICMP_SEND(oskb ? oskb : skb,
9517 + ICMP_DEST_UNREACH,
9521 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9522 + "klips_debug:ipsec_tunnel_start_xmit: "
9523 + "IPSEC tunnel mode packet is larger than MTU, ICMP sent.\n");
9526 + if(saved_header) {
9527 + if(skb_headroom(skb) < hard_header_len) {
9528 + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: "
9529 + "tried to skb_push hhlen=%d, %d available. "
9530 + "This should never happen, please report.\n",
9531 + hard_header_len, skb_headroom(skb));
9532 + stats->tx_errors++;
9535 + skb_push(skb, hard_header_len);
9536 + for (i = 0; i < hard_header_len; i++) {
9537 + skb->data[i] = saved_header[i];
9541 + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT,
9542 + "klips_debug:ipsec_tunnel_start_xmit: "
9543 + "With hard_header, final head,tailroom: %d,%d\n",
9544 + skb_headroom(skb), skb_tailroom(skb));
9547 + /* new route/dst cache code from James Morris */
9548 + skb->dev = physdev;
9549 + /*skb_orphan(skb);*/
9550 + if(ip_route_output(&rt,
9551 + skb->nh.iph->daddr,
9552 + skb->nh.iph->saddr,
9553 + RT_TOS(skb->nh.iph->tos),
9554 + physdev->iflink)) {
9555 + stats->tx_errors++;
9558 + if(dev == rt->u.dst.dev) {
9560 + /* This is recursion, drop it. */
9561 + stats->tx_errors++;
9562 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
9563 + "klips_debug:ipsec_tunnel_start_xmit: "
9564 + "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n", dev->name);
9567 + dst_release(skb->dst);
9568 + skb->dst = &rt->u.dst;
9569 + stats->tx_bytes += skb->len;
9570 + if(skb->len < skb->nh.raw - skb->data) {
9571 + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: "
9572 + "tried to __skb_pull nh-data=%d, %d available. "
9573 + "This should never happen, please report.\n",
9574 + skb->nh.raw - skb->data, skb->len);
9575 + stats->tx_errors++;
9578 + __skb_pull(skb, skb->nh.raw - skb->data);
9579 +#ifdef SKB_RESET_NFCT
9580 + nf_conntrack_put(skb->nfct);
9582 +#ifdef CONFIG_NETFILTER_DEBUG
9583 + skb->nf_debug = 0;
9584 +#endif /* CONFIG_NETFILTER_DEBUG */
9585 +#endif /* SKB_RESET_NFCT */
9586 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
9587 + "klips_debug:ipsec_tunnel_start_xmit: "
9588 + "...done, calling ip_send()\n");
9593 + err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
9594 + ipsec_tunnel_xmit2);
9595 + if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) {
9596 + if(net_ratelimit())
9598 + "ipsec_tunnel_start_xmit: ip_send() failed, err=%d\n",
9600 + stats->tx_errors++;
9601 + stats->tx_aborted_errors++;
9611 + /* ISDN/ASYNC PPP from Matjaz Godec. */
9612 + /* skb->protocol = htons(ETH_P_IP); */
9613 + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
9614 + "klips_debug:ipsec_tunnel_start_xmit: "
9615 + "...done, calling dev_queue_xmit() or ip_fragment().\n");
9616 + IP_SEND(skb, physdev);
9617 +#endif /* NET_21 */
9618 + stats->tx_packets++;
9622 +#if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE)
9623 + netif_wake_queue(dev);
9628 + kfree(saved_header);
9630 + dev_kfree_skb(skb, FREE_WRITE);
9633 + dev_kfree_skb(oskb, FREE_WRITE);
9637 +DEBUG_NO_STATIC struct net_device_stats *
9638 +ipsec_tunnel_get_stats(struct device *dev)
9640 + return &(((struct ipsecpriv *)(dev->priv))->mystats);
9644 + * Revectored calls.
9645 + * For each of these calls, a field exists in our private structure.
9648 +DEBUG_NO_STATIC int
9649 +ipsec_tunnel_hard_header(struct sk_buff *skb, struct device *dev,
9650 + unsigned short type, void *daddr, void *saddr, unsigned len)
9652 + struct ipsecpriv *prv = dev->priv;
9653 + struct device *tmp;
9656 + if(!prv->hard_header) {
9657 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9658 + "klips_debug:ipsec_tunnel_hard_header: "
9659 + "physical device has been detached, packet dropped "
9660 + "0x%p->0x%p len=%d type=%d dev=%s->NULL ",
9661 + saddr, daddr, len, type, dev->name);
9663 + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC,
9664 + "ip=%08x->%08x\n",
9665 + (__u32)ntohl(skb->nh.iph->saddr),
9666 + (__u32)ntohl(skb->nh.iph->daddr) );
9668 + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC,
9669 + "ip=%08x->%08x\n",
9670 + (__u32)ntohl(skb->ip_hdr->saddr),
9671 + (__u32)ntohl(skb->ip_hdr->daddr) );
9672 +#endif /* NET_21 */
9676 +#define da ((struct device *)(prv->dev))->dev_addr
9677 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9678 + "klips_debug:ipsec_tunnel_hard_header: "
9679 + "Revectored 0x%p->0x%p len=%d type=%d dev=%s->%s "
9680 + "dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ",
9681 + saddr, daddr, len, type, dev->name, prv->dev->name,
9682 + da[0], da[1], da[2], da[3], da[4], da[5]);
9684 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9685 + "ip=%08x->%08x\n",
9686 + (__u32)ntohl(skb->nh.iph->saddr),
9687 + (__u32)ntohl(skb->nh.iph->daddr) );
9689 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9690 + "ip=%08x->%08x\n",
9691 + (__u32)ntohl(skb->ip_hdr->saddr),
9692 + (__u32)ntohl(skb->ip_hdr->daddr) );
9693 +#endif /* NET_21 */
9695 + skb->dev = prv->dev;
9696 + ret = prv->hard_header(skb, prv->dev, type, (void *)daddr, (void *)saddr, len);
9701 +DEBUG_NO_STATIC int
9703 +ipsec_tunnel_rebuild_header(struct sk_buff *skb)
9705 +ipsec_tunnel_rebuild_header(void *buff, struct device *dev,
9706 + unsigned long raddr, struct sk_buff *skb)
9707 +#endif /* NET_21 */
9709 + struct ipsecpriv *prv = skb->dev->priv;
9710 + struct device *tmp;
9713 + if(!prv->rebuild_header) {
9714 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9715 + "klips_debug:ipsec_tunnel_rebuild_header: "
9716 + "physical device has been detached, packet dropped "
9717 + "skb->dev=%s->NULL ",
9720 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9721 + "ip=%08x->%08x\n",
9722 + (__u32)ntohl(skb->nh.iph->saddr),
9723 + (__u32)ntohl(skb->nh.iph->daddr) );
9725 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9726 + "ip=%08x->%08x\n",
9727 + (__u32)ntohl(skb->ip_hdr->saddr),
9728 + (__u32)ntohl(skb->ip_hdr->daddr) );
9729 +#endif /* NET_21 */
9733 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9734 + "klips_debug:ipsec_tunnel: "
9735 + "Revectored rebuild_header dev=%s->%s ",
9736 + skb->dev->name, prv->dev->name);
9738 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9739 + "ip=%08x->%08x\n",
9740 + (__u32)ntohl(skb->nh.iph->saddr),
9741 + (__u32)ntohl(skb->nh.iph->daddr) );
9743 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9744 + "ip=%08x->%08x\n",
9745 + (__u32)ntohl(skb->ip_hdr->saddr),
9746 + (__u32)ntohl(skb->ip_hdr->daddr) );
9747 +#endif /* NET_21 */
9749 + skb->dev = prv->dev;
9752 + ret = prv->rebuild_header(skb);
9754 + ret = prv->rebuild_header(buff, prv->dev, raddr, skb);
9755 +#endif /* NET_21 */
9760 +DEBUG_NO_STATIC int
9761 +ipsec_tunnel_set_mac_address(struct device *dev, void *addr)
9763 + struct ipsecpriv *prv = dev->priv;
9765 + if(!prv->set_mac_address) {
9766 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9767 + "klips_debug:ipsec_tunnel_set_mac_address: "
9768 + "physical device has been detached, cannot set - "
9769 + "skb->dev=%s->NULL\n",
9774 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9775 + "klips_debug:ipsec_tunnel_set_mac_address: "
9776 + "Revectored dev=%s->%s addr=%p\n",
9777 + dev->name, prv->dev->name, addr);
9778 + return prv->set_mac_address(prv->dev, addr);
9783 +DEBUG_NO_STATIC void
9784 +ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct device *dev,
9785 + unsigned short htype, __u32 daddr)
9787 + struct ipsecpriv *prv = dev->priv;
9789 + if(!prv->header_cache_bind) {
9790 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9791 + "klips_debug:ipsec_tunnel_cache_bind: "
9792 + "physical device has been detached, cannot set - "
9793 + "skb->dev=%s->NULL\n",
9798 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9799 + "klips_debug:ipsec_tunnel_cache_bind: "
9801 + prv->header_cache_bind(hhp, prv->dev, htype, daddr);
9804 +#endif /* !NET_21 */
9807 +DEBUG_NO_STATIC void
9808 +ipsec_tunnel_cache_update(struct hh_cache *hh, struct device *dev, unsigned char * haddr)
9810 + struct ipsecpriv *prv = dev->priv;
9812 + if(!prv->header_cache_update) {
9813 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9814 + "klips_debug:ipsec_tunnel_cache_update: "
9815 + "physical device has been detached, cannot set - "
9816 + "skb->dev=%s->NULL\n",
9821 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9822 + "klips_debug:ipsec_tunnel: "
9823 + "Revectored cache_update\n");
9824 + prv->header_cache_update(hh, prv->dev, haddr);
9829 +DEBUG_NO_STATIC int
9830 +ipsec_tunnel_neigh_setup(struct neighbour *n)
9832 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9833 + "klips_debug:ipsec_tunnel: "
9834 + "ipsec_tunnel_neigh_setup\n");
9836 + if (n->nud_state == NUD_NONE) {
9837 + n->ops = &arp_broken_ops;
9838 + n->output = n->ops->output;
9843 +DEBUG_NO_STATIC int
9844 +ipsec_tunnel_neigh_setup_dev(struct device *dev, struct neigh_parms *p)
9846 + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC,
9847 + "klips_debug:ipsec_tunnel: "
9848 + "ipsec_tunnel_neigh_setup_dev\n");
9850 + if (p->tbl->family == AF_INET) {
9851 + p->neigh_setup = ipsec_tunnel_neigh_setup;
9852 + p->ucast_probes = 0;
9853 + p->mcast_probes = 0;
9857 +#endif /* NET_21 */
9860 + * We call the attach routine to attach another device.
9863 +DEBUG_NO_STATIC int
9864 +ipsec_tunnel_attach(struct device *tndev, struct ipsecpriv *prv, struct device *dev)
9869 + prv->hard_start_xmit = dev->hard_start_xmit;
9870 + prv->get_stats = dev->get_stats;
9872 + if (dev->hard_header) {
9873 + prv->hard_header = dev->hard_header;
9874 + tndev->hard_header = ipsec_tunnel_hard_header;
9876 + tndev->hard_header = NULL;
9878 + if (dev->rebuild_header) {
9879 + prv->rebuild_header = dev->rebuild_header;
9880 + tndev->rebuild_header = ipsec_tunnel_rebuild_header;
9882 + tndev->rebuild_header = NULL;
9884 + if (dev->set_mac_address) {
9885 + prv->set_mac_address = dev->set_mac_address;
9886 + tndev->set_mac_address = ipsec_tunnel_set_mac_address;
9888 + tndev->set_mac_address = NULL;
9891 + if (dev->header_cache_bind) {
9892 + prv->header_cache_bind = dev->header_cache_bind;
9893 + tndev->header_cache_bind = ipsec_tunnel_cache_bind;
9895 + tndev->header_cache_bind = NULL;
9896 +#endif /* !NET_21 */
9898 + if (dev->header_cache_update) {
9899 + prv->header_cache_update = dev->header_cache_update;
9900 + tndev->header_cache_update = ipsec_tunnel_cache_update;
9902 + tndev->header_cache_update = NULL;
9904 + tndev->hard_header_len = dev->hard_header_len;
9907 +/* prv->neigh_setup = dev->neigh_setup; */
9908 + dev->neigh_setup = ipsec_tunnel_neigh_setup_dev;
9909 +#endif /* NET_21 */
9910 + tndev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */
9911 + prv->mtu = dev->mtu;
9913 +#ifdef PHYSDEV_TYPE
9914 + tndev->type = dev->type /* ARPHRD_TUNNEL */; /* initially */
9915 +#endif /* PHYSDEV_TYPE */
9917 + tndev->addr_len = dev->addr_len;
9918 + for (i=0; i<tndev->addr_len; i++) {
9919 + tndev->dev_addr[i] = dev->dev_addr[i];
9921 +#ifdef CONFIG_IPSEC_DEBUG
9922 + if(debug_tunnel & DB_TN_INIT) {
9923 + printk(KERN_INFO "klips_debug:ipsec_tunnel_attach: "
9924 + "physical device %s being attached has HW address: %2x",
9925 + dev->name, dev->dev_addr[0]);
9926 + for (i=1; i < dev->addr_len; i++) {
9927 + printk(":%02x", dev->dev_addr[i]);
9931 +#endif /* CONFIG_IPSEC_DEBUG */
9937 + * We call the detach routine to detach the ipsec tunnel from another device.
9940 +DEBUG_NO_STATIC int
9941 +ipsec_tunnel_detach(struct device *dev, struct ipsecpriv *prv)
9945 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
9946 + "klips_debug:ipsec_tunnel_detach: "
9947 + "physical device %s being detached from virtual device %s\n",
9948 + prv->dev->name, dev->name);
9951 + prv->hard_start_xmit = NULL;
9952 + prv->get_stats = NULL;
9954 + prv->hard_header = NULL;
9955 + dev->hard_header = NULL;
9957 + prv->rebuild_header = NULL;
9958 + dev->rebuild_header = NULL;
9960 + prv->set_mac_address = NULL;
9961 + dev->set_mac_address = NULL;
9964 + prv->header_cache_bind = NULL;
9965 + dev->header_cache_bind = NULL;
9966 +#endif /* !NET_21 */
9968 + prv->header_cache_update = NULL;
9969 + dev->header_cache_update = NULL;
9972 +/* prv->neigh_setup = NULL; */
9973 + dev->neigh_setup = NULL;
9974 +#endif /* NET_21 */
9975 + dev->hard_header_len = 0;
9978 + for (i=0; i<MAX_ADDR_LEN; i++) {
9979 + dev->dev_addr[i] = 0;
9981 + dev->addr_len = 0;
9982 +#ifdef PHYSDEV_TYPE
9984 +#endif /* PHYSDEV_TYPE */
9990 + * We call the clear routine to detach all ipsec tunnels from other devices.
9992 +DEBUG_NO_STATIC int
9993 +ipsec_tunnel_clear(void)
9996 + struct device *ipsecdev = NULL, *prvdev;
9997 + struct ipsecpriv *prv;
10001 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10002 + "klips_debug:ipsec_tunnel_clear: called.\n");
10004 + for(i = 0; i < IPSEC_NUM_IF; i++) {
10005 + sprintf(name, "ipsec%d", i);
10006 + if((ipsecdev = ipsec_dev_get(name)) != NULL) {
10007 + if((prv = (struct ipsecpriv *)(ipsecdev->priv))) {
10008 + prvdev = (struct device *)(prv->dev);
10010 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10011 + "klips_debug:ipsec_tunnel_clear: "
10012 + "physical device for device %s is %s\n",
10013 + name, prvdev->name);
10014 + if((ret = ipsec_tunnel_detach(ipsecdev, prv))) {
10015 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10016 + "klips_debug:ipsec_tunnel_clear: "
10017 + "error %d detatching device %s from device %s.\n",
10018 + ret, name, prvdev->name);
10028 +DEBUG_NO_STATIC int
10029 +ipsec_tunnel_ioctl(struct device *dev, struct ifreq *ifr, int cmd)
10031 + struct ipsectunnelconf *cf = (struct ipsectunnelconf *)&ifr->ifr_data;
10032 + struct ipsecpriv *prv = dev->priv;
10033 + struct device *them; /* physical device */
10034 +#ifdef CONFIG_IP_ALIAS
10036 + char realphysname[IFNAMSIZ];
10037 +#endif /* CONFIG_IP_ALIAS */
10039 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10040 + "klips_debug:ipsec_tunnel_ioctl: "
10041 + "tncfg service call #%d\n", cmd);
10043 + /* attach a virtual ipsec? device to a physical device */
10044 + case IPSEC_SET_DEV:
10045 +#ifdef CONFIG_IP_ALIAS
10046 + /* If this is an IP alias interface, get its real physical name */
10047 + strncpy(realphysname, cf->cf_name, IFNAMSIZ);
10048 + realphysname[IFNAMSIZ-1] = 0;
10049 + colon = strchr(realphysname, ':');
10050 + if (colon) *colon = 0;
10051 + them = ipsec_dev_get(realphysname);
10052 +#else /* CONFIG_IP_ALIAS */
10053 + them = ipsec_dev_get(cf->cf_name);
10054 +#endif /* CONFIG_IP_ALIAS */
10056 + if (them == NULL) {
10057 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10058 + "klips_debug:ipsec_tunnel_ioctl: "
10059 + "physical device requested is null\n");
10066 + return ipsec_tunnel_attach(dev, dev->priv, them);
10068 + case IPSEC_DEL_DEV:
10071 + return ipsec_tunnel_detach(dev, dev->priv);
10073 + case IPSEC_CLR_DEV:
10074 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10075 + "klips_debug:ipsec_tunnel_ioctl: "
10076 + "calling ipsec_tunnel_clear.\n");
10077 + return ipsec_tunnel_clear();
10080 + return -EOPNOTSUPP;
10085 +ipsec_device_event(struct notifier_block *unused, unsigned long event, void *ptr)
10087 + struct device *dev = ptr;
10088 + struct device *ipsec_dev;
10089 + struct ipsecpriv *priv;
10093 + /* check for loopback devices */
10094 + if (dev->flags & IFF_LOOPBACK)
10095 + return(NOTIFY_DONE);
10099 + case NETDEV_DOWN:
10100 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10101 + "ipsec_device_event: NETDEV_DOWN...\n");
10102 + /* find the attached physical device and detach it. */
10103 + for(i = 0; i < IPSEC_NUM_IF; i++) {
10104 + sprintf(name, "ipsec%d", i);
10105 + ipsec_dev = ipsec_dev_get(name);
10107 + priv = (struct ipsecpriv *)(ipsec_dev->priv);
10110 + if(((struct device *)(priv->dev)) == dev) {
10111 + dev_close(ipsec_dev);
10112 + /* return */ ipsec_tunnel_detach(ipsec_dev, priv);
10113 + return NOTIFY_DONE;
10117 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10118 + "klips_debug:ipsec_device_event: device '%s' has no private data space!\n",
10119 + ipsec_dev->name);
10126 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10127 + "ipsec_device_event: NETDEV_UP...\n");
10128 + /* Only handle ethernet ports */
10129 + if(dev->type!=ARPHRD_ETHER && dev->type!=ARPHRD_LOOPBACK)
10130 + return NOTIFY_DONE;
10134 + case NETDEV_UNREGISTER:
10135 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10136 + "ipsec_device_event: NETDEV_UNREGISTER...\n");
10139 +#endif /* NET_21 */
10141 + return NOTIFY_DONE;
10145 + * Called when an ipsec tunnel device is initialized.
10146 + * The ipsec tunnel device structure is passed to us.
10150 +ipsec_tunnel_init(struct device *dev)
10154 + printk(KERN_INFO "klips_debug:ipsec_tunnel_init: "
10155 + "initialisation of device: %s\n",
10156 + dev->name ? dev->name : "NULL");
10158 + /* Add our tunnel functions to the device */
10159 + dev->open = ipsec_tunnel_open;
10160 + dev->stop = ipsec_tunnel_close;
10161 + dev->hard_start_xmit = ipsec_tunnel_start_xmit;
10162 + dev->get_stats = ipsec_tunnel_get_stats;
10164 + dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL);
10165 + if (dev->priv == NULL)
10167 + memset(dev->priv, 0, sizeof(struct ipsecpriv));
10169 + for(i = 0; i < sizeof(zeroes); i++) {
10170 + ((__u8*)(zeroes))[i] = 0;
10174 + /* Initialize the tunnel device structure */
10175 + for (i = 0; i < DEV_NUMBUFFS; i++)
10176 + skb_queue_head_init(&dev->buffs[i]);
10177 +#endif /* !NET_21 */
10179 + dev->set_multicast_list = NULL;
10180 + dev->do_ioctl = ipsec_tunnel_ioctl;
10181 + dev->hard_header = NULL;
10182 + dev->rebuild_header = NULL;
10183 + dev->set_mac_address = NULL;
10185 + dev->header_cache_bind = NULL;
10186 +#endif /* !NET_21 */
10187 + dev->header_cache_update= NULL;
10190 +/* prv->neigh_setup = NULL; */
10191 + dev->neigh_setup = ipsec_tunnel_neigh_setup_dev;
10192 +#endif /* NET_21 */
10193 + dev->hard_header_len = 0;
10195 + dev->addr_len = 0;
10196 + dev->type = ARPHRD_TUNNEL; /* 0 */ /* ARPHRD_ETHER; */ /* initially */
10197 + dev->tx_queue_len = 10; /* Small queue */
10198 + memset(dev->broadcast,0xFF, ETH_ALEN); /* what if this is not attached to ethernet? */
10200 + /* New-style flags. */
10201 + dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */;
10203 + dev_init_buffers(dev);
10204 +#else /* NET_21 */
10205 + dev->family = AF_INET;
10206 + dev->pa_addr = 0;
10207 + dev->pa_brdaddr = 0;
10208 + dev->pa_mask = 0;
10209 + dev->pa_alen = 4;
10210 +#endif /* NET_21 */
10212 + /* We're done. Have I forgotten anything? */
10216 +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
10217 +/* Module specific interface (but it links with the rest of IPSEC */
10218 +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
10221 +ipsec_tunnel_probe(struct device *dev)
10223 + ipsec_tunnel_init(dev);
10227 +static struct device dev_ipsec3 =
10229 + "ipsec3\0 ", /* name */
10230 + 0, /* recv memory end */
10231 + 0, /* recv memory start */
10232 + 0, /* memory end */
10233 + 0, /* memory start */
10234 + 0x0, /* base I/O address */
10236 + 0, 0, 0, /* flags */
10237 + NULL, /* next device */
10238 + ipsec_tunnel_probe /* setup */
10241 +static struct device dev_ipsec2 =
10243 + "ipsec2\0 ", /* name */
10244 + 0, /* recv memory end */
10245 + 0, /* recv memory start */
10246 + 0, /* memory end */
10247 + 0, /* memory start */
10248 + 0x0, /* base I/O address */
10250 + 0, 0, 0, /* flags */
10251 + NULL, /* next device */
10252 + ipsec_tunnel_probe /* setup */
10255 +static struct device dev_ipsec1 =
10257 + "ipsec1\0 ", /* name */
10258 + 0, /* recv memory end */
10259 + 0, /* recv memory start */
10260 + 0, /* memory end */
10261 + 0, /* memory start */
10262 + 0x0, /* base I/O address */
10264 + 0, 0, 0, /* flags */
10265 + NULL, /* next device */
10266 + ipsec_tunnel_probe /* setup */
10269 +static struct device dev_ipsec0 =
10271 + "ipsec0\0 ", /* name */
10272 + 0, /* recv memory end */
10273 + 0, /* recv memory start */
10274 + 0, /* memory end */
10275 + 0, /* memory start */
10276 + 0x0, /* base I/O address */
10278 + 0, 0, 0, /* flags */
10279 + NULL, /* next device */
10280 + ipsec_tunnel_probe /* setup */
10284 +ipsec_tunnel_init_devices(void)
10287 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10288 + "klips_debug:ipsec_tunnel_init_devices: "
10289 + "registering device %s\n",
10290 + dev_ipsec0.name);
10292 + if (register_netdev(&dev_ipsec0) != 0)
10295 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10296 + "klips_debug:ipsec_tunnel_init_devices: "
10297 + "registering device %s\n",
10298 + dev_ipsec1.name);
10300 + if (register_netdev(&dev_ipsec1) != 0)
10303 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10304 + "klips_debug:ipsec_tunnel_init_devices: "
10305 + "registering device %s\n",
10306 + dev_ipsec2.name);
10308 + if (register_netdev(&dev_ipsec2) != 0)
10311 + KLIPS_PRINT(debug_tunnel & DB_TN_INIT,
10312 + "klips_debug:ipsec_tunnel_init_devices: "
10313 + "registering device %s\n",
10314 + dev_ipsec3.name);
10316 + if (register_netdev(&dev_ipsec3) != 0)
10323 +ipsec_tunnel_cleanup_devices(void)
10327 + unregister_netdev(&dev_ipsec0);
10328 + unregister_netdev(&dev_ipsec1);
10329 + unregister_netdev(&dev_ipsec2);
10330 + unregister_netdev(&dev_ipsec3);
10331 + kfree(dev_ipsec0.priv);
10332 + kfree(dev_ipsec1.priv);
10333 + kfree(dev_ipsec2.priv);
10334 + kfree(dev_ipsec3.priv);
10335 + dev_ipsec0.priv=NULL;
10336 + dev_ipsec1.priv=NULL;
10337 + dev_ipsec2.priv=NULL;
10338 + dev_ipsec3.priv=NULL;
10345 + * Revision 1.131 2000/11/09 20:52:15 rgb
10346 + * More spinlock shuffling, locking earlier and unlocking later in rcv to
10347 + * include ipcomp and prevent races, renaming some tdb variables that got
10348 + * forgotten, moving some unlocks to include tdbs and adding a missing
10349 + * unlock. Thanks to Svenning for some of these.
10351 + * Revision 1.130 2000/11/09 20:11:22 rgb
10352 + * Minor shuffles to fix non-standard kernel config option selection.
10354 + * Revision 1.129 2000/11/06 04:32:49 rgb
10355 + * Clean up debug printing.
10356 + * Copy skb->protocol for all kernel versions.
10357 + * Ditched spin_lock_irqsave in favour of spin_lock.
10358 + * Disabled TTL decrement, done in ip_forward.
10359 + * Added debug printing before pfkey_acquire().
10360 + * Fixed printk-deltdbchain-spin_lock races (Svenning).
10361 + * Use defaultTTL for 2.1+ kernels.
10362 + * Add Svenning's adaptive content compression.
10363 + * Fix up debug display arguments.
10365 + * Revision 1.128 2000/09/28 00:58:57 rgb
10366 + * Moved the IKE passthrough check after the eroute lookup so we can pass
10367 + * IKE through intermediate tunnels.
10369 + * Revision 1.127 2000/09/22 17:52:11 rgb
10370 + * Fixed misleading ipcomp debug output.
10372 + * Revision 1.126 2000/09/22 04:22:56 rgb
10373 + * Fixed dumb spi->cpi conversion error.
10375 + * Revision 1.125 2000/09/21 04:34:48 rgb
10376 + * A few debug-specific things should be hidden under
10377 + * CONFIG_IPSEC_DEBUG.(MB)
10378 + * Improved ip_send() error handling.(MB)
10380 + * Revision 1.124 2000/09/21 03:40:58 rgb
10381 + * Added more debugging to try and track down the cpi outward copy problem.
10383 + * Revision 1.123 2000/09/19 07:08:49 rgb
10384 + * Added debugging to outgoing compression report.
10386 + * Revision 1.122 2000/09/18 19:21:26 henry
10387 + * RGB-supplied fix for RH5.2 problem
10389 + * Revision 1.121 2000/09/17 21:05:09 rgb
10390 + * Added tdb to skb_compress call to write in cpi.
10392 + * Revision 1.120 2000/09/17 16:57:16 rgb
10393 + * Added Svenning's patch to remove restriction of ipcomp to innermost
10396 + * Revision 1.119 2000/09/15 11:37:01 rgb
10397 + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
10398 + * IPCOMP zlib deflate code.
10400 + * Revision 1.118 2000/09/15 04:57:16 rgb
10401 + * Moved debug output after sanity check.
10402 + * Added tos copy sysctl.
10404 + * Revision 1.117 2000/09/12 03:22:51 rgb
10405 + * Converted ipsec_icmp, no_eroute_pass, opportunistic and #if0 debugs to
10408 + * Revision 1.116 2000/09/08 19:18:19 rgb
10409 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
10410 + * Added outgoing opportunistic hook, ifdef'ed out.
10412 + * Revision 1.115 2000/08/30 05:27:29 rgb
10413 + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
10414 + * Kill remainder of tdb_xform, tdb_xdata, xformsw.
10416 + * Revision 1.114 2000/08/28 18:15:46 rgb
10417 + * Added MB's nf-debug reset patch.
10419 + * Revision 1.113 2000/08/27 02:26:40 rgb
10420 + * Send all no-eroute-bypass, pluto-bypass and passthrough packets through
10421 + * fragmentation machinery for 2.0, 2.2 and 2.4 kernels.
10423 + * Revision 1.112 2000/08/20 21:37:33 rgb
10424 + * Activated pfkey_expire() calls.
10425 + * Added a hard/soft expiry parameter to pfkey_expire(). (Momchil)
10426 + * Re-arranged the order of soft and hard expiry to conform to RFC2367.
10427 + * Clean up references to CONFIG_IPSEC_PFKEYv2.
10429 + * Revision 1.111 2000/08/01 14:51:51 rgb
10430 + * Removed _all_ remaining traces of DES.
10432 + * Revision 1.110 2000/07/28 14:58:31 rgb
10433 + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
10435 + * Revision 1.109 2000/07/28 13:50:54 rgb
10436 + * Changed enet_statistics to net_device_stats and added back compatibility
10437 + * for pre-2.1.19.
10439 + * Revision 1.108 2000/05/16 03:03:11 rgb
10440 + * Updates for 2.3.99pre8 from MB.
10442 + * Revision 1.107 2000/05/10 23:08:21 rgb
10443 + * Print a debug warning about bogus packets received by the outgoing
10444 + * processing machinery only when klipsdebug is not set to none.
10445 + * Comment out the device initialisation informational messages.
10447 + * Revision 1.106 2000/05/10 19:17:14 rgb
10448 + * Define an IP_SEND macro, intending to have all packet passthroughs
10449 + * use fragmentation. This didn't quite work, but is a step in the
10450 + * right direction.
10451 + * Added buffer allocation debugging statements.
10452 + * Added configure option to shut off no eroute passthrough.
10453 + * Only check usetime against soft and hard limits if the tdb has been
10455 + * Cast output of ntohl so that the broken prototype doesn't make our
10458 + * Revision 1.105 2000/03/22 16:15:37 rgb
10459 + * Fixed renaming of dev_get (MB).
10461 + * Revision 1.104 2000/03/16 14:04:15 rgb
10462 + * Indented headers for readability.
10463 + * Fixed debug scope to enable compilation with debug off.
10464 + * Added macros for ip_chk_addr and IS_MYADDR for identifying self.
10466 + * Revision 1.103 2000/03/16 07:11:07 rgb
10467 + * Hardcode PF_KEYv2 support.
10468 + * Fixed bug which allowed UDP/500 packet from another machine
10469 + * through in the clear.
10470 + * Added disabled skb->protocol fix for ISDN/ASYNC PPP from Matjaz Godec.
10472 + * Revision 1.102 2000/03/14 12:26:59 rgb
10473 + * Added skb->nfct support for clearing netfilter conntrack bits (MB).
10475 + * Revision 1.101 2000/02/14 21:05:22 rgb
10476 + * Added MB's netif_queue fix for kernels 2.3.43+.
10478 + * Revision 1.100 2000/01/26 10:04:57 rgb
10479 + * Fixed noisy 2.0 printk arguments.
10481 + * Revision 1.99 2000/01/21 06:16:25 rgb
10482 + * Added sanity checks on skb_push(), skb_pull() to prevent panics.
10483 + * Switched to AF_ENCAP macro.
10484 + * Shortened debug output per packet and re-arranging debug_tunnel
10485 + * bitmap flags, while retaining necessary information to avoid
10486 + * trampling the kernel print ring buffer.
10487 + * Reformatted recursion switch code.
10488 + * Changed all references to tdb_proto to tdb_said.proto for clarity.
10490 + * Revision 1.98 2000/01/13 08:09:31 rgb
10491 + * Shuffled debug_tunnel switches to focus output.
10492 + * Fixed outgoing recursion bug, limiting to recursing only if the remote
10493 + * SG changes and if it is valid, ie. not passthrough.
10494 + * Clarified a number of debug messages.
10496 + * Revision 1.97 2000/01/10 16:37:16 rgb
10497 + * MB support for new ip_select_ident() upon disappearance of
10498 + * ip_id_count in 2.3.36+.
10500 + * Revision 1.96 1999/12/31 14:59:08 rgb
10501 + * MB fix to use new skb_copy_expand in kernel 2.3.35.
10503 + * Revision 1.95 1999/12/29 21:15:44 rgb
10504 + * Fix tncfg to aliased device bug.
10506 + * Revision 1.94 1999/12/22 04:26:06 rgb
10507 + * Converted all 'static' functions to 'DEBUG_NO_STATIC' to enable
10508 + * debugging by providing external labels to all functions with debugging
10511 + * Revision 1.93 1999/12/13 13:30:14 rgb
10512 + * Changed MTU reports and HW address reporting back to debug only.
10514 + * Revision 1.92 1999/12/07 18:57:56 rgb
10515 + * Fix PFKEY symbol compile error (SADB_*) without pfkey enabled.
10517 + * Revision 1.91 1999/12/01 22:15:36 rgb
10518 + * Add checks for LARVAL and DEAD SAs.
10519 + * Change state of SA from MATURE to DYING when a soft lifetime is
10520 + * reached and print debug warning.
10522 + * Revision 1.90 1999/11/23 23:04:04 rgb
10523 + * Use provided macro ADDRTOA_BUF instead of hardcoded value.
10524 + * Sort out pfkey and freeswan headers, putting them in a library path.
10526 + * Revision 1.89 1999/11/18 18:50:59 rgb
10527 + * Changed all device registrations for static linking to
10528 + * dynamic to reduce the number and size of patches.
10530 + * Revision 1.88 1999/11/18 04:09:19 rgb
10531 + * Replaced all kernel version macros to shorter, readable form.
10533 + * Revision 1.87 1999/11/17 15:53:40 rgb
10534 + * Changed all occurrences of #include "../../../lib/freeswan.h"
10535 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
10536 + * klips/net/ipsec/Makefile.
10538 + * Revision 1.86 1999/10/16 18:25:37 rgb
10539 + * Moved SA lifetime expiry checks before packet processing.
10540 + * Expire SA on replay counter rollover.
10542 + * Revision 1.85 1999/10/16 04:24:31 rgb
10543 + * Add stats for time since last packet.
10545 + * Revision 1.84 1999/10/16 00:30:47 rgb
10546 + * Added SA lifetime counting.
10548 + * Revision 1.83 1999/10/15 22:15:57 rgb
10549 + * Clean out cruft.
10552 + * Revision 1.82 1999/10/08 18:26:19 rgb
10553 + * Fix 2.0.3x outgoing fragmented packet memory leak.
10555 + * Revision 1.81 1999/10/05 02:38:54 rgb
10556 + * Lower the default mtu of virtual devices to 16260.
10558 + * Revision 1.80 1999/10/03 18:56:41 rgb
10559 + * Spinlock support for 2.3.xx.
10560 + * Don't forget to undo spinlocks on error!
10561 + * Check for valid eroute before copying the structure.
10563 + * Revision 1.79 1999/10/01 15:44:53 rgb
10564 + * Move spinlock header include to 2.1> scope.
10566 + * Revision 1.78 1999/10/01 00:02:43 rgb
10567 + * Added tdb structure locking.
10568 + * Added eroute structure locking.
10570 + * Revision 1.77 1999/09/30 02:52:29 rgb
10571 + * Add Marc Boucher's Copy-On-Write code (same as ipsec_rcv.c).
10573 + * Revision 1.76 1999/09/25 19:31:27 rgb
10574 + * Refine MSS hack to affect SYN, but not SYN+ACK packets.
10576 + * Revision 1.75 1999/09/24 22:52:38 rgb
10577 + * Fix two things broken in 2.0.38 by trying to fix network notifiers.
10579 + * Revision 1.74 1999/09/24 00:30:37 rgb
10580 + * Add test for changed source as well as destination to check for
10583 + * Revision 1.73 1999/09/23 20:52:24 rgb
10584 + * Add James Morris' MSS hack patch, disabled.
10586 + * Revision 1.72 1999/09/23 20:22:40 rgb
10587 + * Enable, tidy and fix network notifier code.
10589 + * Revision 1.71 1999/09/23 18:09:05 rgb
10590 + * Clean up 2.2.x fragmenting traces.
10591 + * Disable dev->type switching, forcing ARPHRD_TUNNEL.
10593 + * Revision 1.70 1999/09/22 14:14:24 rgb
10594 + * Add sanity checks for revectored calls to prevent calling a downed I/F.
10596 + * Revision 1.69 1999/09/21 15:00:57 rgb
10597 + * Add Marc Boucher's packet size check.
10598 + * Flesh out network device notifier code.
10600 + * Revision 1.68 1999/09/18 11:39:57 rgb
10601 + * Start to add (disabled) netdevice notifier code.
10603 + * Revision 1.67 1999/09/17 23:44:40 rgb
10604 + * Add a comment warning potential code hackers to stay away from mac.raw.
10606 + * Revision 1.66 1999/09/17 18:04:02 rgb
10607 + * Add fix for unpredictable hard_header_len for ISDN folks (thanks MB).
10608 + * Ditch TTL decrement in 2.2 (MB).
10610 + * Revision 1.65 1999/09/15 23:15:35 henry
10611 + * Marc Boucher's PPP fixes
10613 + * Revision 1.64 1999/09/07 13:40:53 rgb
10614 + * Ditch unreliable references to skb->mac.raw.
10616 + * Revision 1.63 1999/08/28 11:33:09 rgb
10617 + * Check for null skb->mac pointer.
10619 + * Revision 1.62 1999/08/28 02:02:30 rgb
10620 + * Add Marc Boucher's fix for properly dealing with skb->sk.
10622 + * Revision 1.61 1999/08/27 05:23:05 rgb
10623 + * Clean up skb->data/raw/nh/h manipulation.
10624 + * Add Marc Boucher's mods to aid tcpdump.
10625 + * Add sanity checks to skb->raw/nh/h pointer copies in skb_copy_expand.
10626 + * Re-order hard_header stripping -- might be able to remove it...
10628 + * Revision 1.60 1999/08/26 20:01:02 rgb
10629 + * Tidy up compiler directives and macros.
10630 + * Re-enable ICMP for tunnels where inner_dst != outer_dst.
10631 + * Remove unnecessary skb->dev = physdev assignment affecting 2.2.x.
10633 + * Revision 1.59 1999/08/25 15:44:41 rgb
10634 + * Clean up from 2.2.x instrumenting for compilation under 2.0.36.
10636 + * Revision 1.58 1999/08/25 15:00:54 rgb
10637 + * Add dst cache code for 2.2.xx.
10638 + * Add sanity check for skb packet header pointers.
10639 + * Add/modify debugging instrumentation to *_start_xmit, *_hard_header and
10640 + * *_rebuild_header.
10641 + * Add neigh_* cache code.
10642 + * Change dev->type back to ARPHRD_TUNNEL.
10644 + * Revision 1.57 1999/08/17 21:50:23 rgb
10645 + * Fixed minor debug output bugs.
10646 + * Regrouped error recovery exit code.
10647 + * Added compiler directives to remove unwanted code and symbols.
10648 + * Shut off ICMP messages: to be refined to only send ICMP to remote systems.
10649 + * Add debugging code for output function addresses.
10650 + * Fix minor bug in (possibly unused) header_cache_bind function.
10651 + * Add device neighbour caching code.
10652 + * Change dev->type from ARPHRD_TUNNEL to physdev->type.
10654 + * Revision 1.56 1999/08/03 17:22:56 rgb
10655 + * Debug output clarification using KERN_* macros. Other inactive changes
10658 + * Revision 1.55 1999/08/03 16:58:46 rgb
10659 + * Fix skb_copy_expand size bug. Was getting incorrect size.
10661 + * Revision 1.54 1999/07/14 19:32:38 rgb
10662 + * Fix oversize packet crash and ssh stalling in 2.2.x kernels.
10664 + * Revision 1.53 1999/06/10 15:44:02 rgb
10665 + * Minor reformatting and clean-up.
10667 + * Revision 1.52 1999/05/09 03:25:36 rgb
10668 + * Fix bug introduced by 2.2 quick-and-dirty patch.
10670 + * Revision 1.51 1999/05/08 21:24:59 rgb
10671 + * Add casting to silence the 2.2.x compile.
10673 + * Revision 1.50 1999/05/05 22:02:32 rgb
10674 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
10676 + * Revision 1.49 1999/04/29 15:18:52 rgb
10677 + * Change gettdb parameter to a pointer to reduce stack loading and
10678 + * facilitate parameter sanity checking.
10679 + * Fix undetected bug that might have tried to access a null pointer.
10680 + * Eliminate unnessessary usage of tdb_xform member to further switch
10681 + * away from the transform switch to the algorithm switch.
10682 + * Add return values to init and cleanup functions.
10684 + * Revision 1.48 1999/04/16 15:38:00 rgb
10685 + * Minor rearrangement of freeing code to avoid memory leaks with impossible or
10686 + * rare situations.
10688 + * Revision 1.47 1999/04/15 15:37:25 rgb
10689 + * Forward check changes from POST1_00 branch.
10691 + * Revision 1.32.2.4 1999/04/13 21:00:18 rgb
10692 + * Ditch 'things I wish I had known before...'.
10694 + * Revision 1.32.2.3 1999/04/13 20:34:38 rgb
10695 + * Free skb after fragmentation.
10696 + * Use stats more effectively.
10697 + * Add I/F to mtu notch-down reporting.
10699 + * Revision 1.32.2.2 1999/04/02 04:26:14 rgb
10700 + * Backcheck from HEAD, pre1.0.
10702 + * Revision 1.46 1999/04/11 00:29:00 henry
10703 + * GPL boilerplate
10705 + * Revision 1.45 1999/04/07 15:42:01 rgb
10706 + * Fix mtu/ping bug AGAIN!
10708 + * Revision 1.44 1999/04/06 04:54:27 rgb
10709 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
10710 + * patch shell fixes.
10712 + * Revision 1.43 1999/04/04 03:57:07 rgb
10713 + * ip_fragment() doesn't free the supplied skb. Freed.
10715 + * Revision 1.42 1999/04/01 23:27:15 rgb
10716 + * Preload size of virtual mtu.
10718 + * Revision 1.41 1999/04/01 09:31:23 rgb
10719 + * Invert meaning of ICMP PMTUD config option and clarify.
10722 + * Revision 1.40 1999/04/01 04:37:17 rgb
10723 + * SSH stalling bug fix.
10725 + * Revision 1.39 1999/03/31 23:44:28 rgb
10726 + * Don't send ICMP on DF and frag_off.
10728 + * Revision 1.38 1999/03/31 15:20:10 rgb
10729 + * Quiet down debugging.
10731 + * Revision 1.37 1999/03/31 08:30:31 rgb
10732 + * Add switch to shut off ICMP PMTUD packets.
10734 + * Revision 1.36 1999/03/31 05:44:47 rgb
10735 + * Keep PMTU reduction private.
10737 + * Revision 1.35 1999/03/27 15:13:02 rgb
10738 + * PMTU/fragmentation bug fix.
10740 + * Revision 1.34 1999/03/17 21:19:26 rgb
10741 + * Fix kmalloc nonatomic bug.
10743 + * Revision 1.33 1999/03/17 15:38:42 rgb
10745 + * ESP_NULL IV bug fix.
10747 + * Revision 1.32 1999/03/01 20:44:25 rgb
10749 + * Memory leak bug fix.
10751 + * Revision 1.31 1999/02/27 00:02:09 rgb
10752 + * Tune to report the MTU reduction once, rather than after every recursion
10753 + * through the encapsulating code, preventing tcp stream stalling.
10755 + * Revision 1.30 1999/02/24 20:21:01 rgb
10756 + * Reformat debug printk's.
10757 + * Fix recursive encapsulation, dynamic MTU bugs and add debugging code.
10760 + * Revision 1.29 1999/02/22 17:08:14 rgb
10761 + * Fix recursive encapsulation code.
10763 + * Revision 1.28 1999/02/19 18:27:02 rgb
10764 + * Improve DF, fragmentation and PMTU behaviour and add dynamic MTU discovery.
10766 + * Revision 1.27 1999/02/17 16:51:37 rgb
10767 + * Clean out unused cruft.
10768 + * Temporarily tone down volume of debug output.
10769 + * Temporarily shut off fragment rejection.
10770 + * Disabled temporary failed recursive encapsulation loop.
10772 + * Revision 1.26 1999/02/12 21:21:26 rgb
10773 + * Move KLIPS_PRINT to ipsec_netlink.h for accessibility.
10775 + * Revision 1.25 1999/02/11 19:38:27 rgb
10777 + * Add sanity checking for skb_copy_expand() to prevent kernel panics on
10778 + * skb_put() values out of range.
10779 + * Fix head/tailroom calculation causing skb_put() out-of-range values.
10780 + * Fix return values to prevent 'nonatomic alloc_skb' warnings.
10781 + * Allocate new skb iff needed.
10782 + * Added more debug statements.
10783 + * Make headroom depend on structure, not hard-coded values.
10785 + * Revision 1.24 1999/02/10 23:20:33 rgb
10786 + * Shut up annoying 'statement has no effect' compiler warnings with
10787 + * debugging compiled out.
10789 + * Revision 1.23 1999/02/10 22:36:30 rgb
10790 + * Clean-up obsolete, unused and messy code.
10791 + * Converted most IPSEC_DEBUG statements to KLIPS_PRINT macros.
10792 + * Rename ipsec_tunnel_do_xmit to ipsec_tunnel_start_xmit and eliminated
10793 + * original ipsec_tunnel_start_xmit.
10794 + * Send all packet with different inner and outer destinations directly to
10795 + * the attached physical device, rather than back through ip_forward,
10796 + * preventing disappearing routes problems.
10797 + * Do sanity checking before investing too much CPU in allocating new
10799 + * Fail on IP header options: We cannot process them yet.
10800 + * Add some helpful comments.
10801 + * Use virtual device for parameters instead of physical device.
10803 + * Revision 1.22 1999/02/10 03:03:02 rgb
10804 + * Duh. Fixed the TTL bug: forgot to update the checksum.
10806 + * Revision 1.21 1999/02/09 23:17:53 rgb
10807 + * Add structure members to ipsec_print_ip debug function.
10808 + * Temporarily fix TTL bug preventing tunnel mode from functioning.
10810 + * Revision 1.20 1999/02/09 00:14:25 rgb
10811 + * Add KLIPSPRINT macro. (Not used yet, though.)
10812 + * Delete old ip_tunnel code (BADCODE).
10813 + * Decrement TTL in outgoing packet.
10814 + * Set TTL on new IPIP_TUNNEL to default, not existing packet TTL.
10815 + * Delete ethernet only feature and fix hard-coded hard_header_len.
10817 + * Revision 1.19 1999/01/29 17:56:22 rgb
10818 + * 64-bit re-fix submitted by Peter Onion.
10820 + * Revision 1.18 1999/01/28 22:43:24 rgb
10821 + * Fixed bug in ipsec_print_ip that caused an OOPS, found by P.Onion.
10823 + * Revision 1.17 1999/01/26 02:08:16 rgb
10824 + * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
10825 + * Removed dead code.
10827 + * Revision 1.16 1999/01/22 06:25:26 rgb
10828 + * Cruft clean-out.
10829 + * Added algorithm switch code.
10830 + * 64-bit clean-up.
10831 + * Passthrough on IPIP protocol, spi 0x0 fix.
10832 + * Enhanced debugging.
10834 + * Revision 1.15 1998/12/01 13:22:04 rgb
10835 + * Added support for debug printing of version info.
10837 + * Revision 1.14 1998/11/30 13:22:55 rgb
10838 + * Rationalised all the klips kernel file headers. They are much shorter
10839 + * now and won't conflict under RH5.2.
10841 + * Revision 1.13 1998/11/17 21:13:52 rgb
10842 + * Put IKE port bypass debug output in user-switched debug statements.
10844 + * Revision 1.12 1998/11/13 13:20:25 rgb
10845 + * Fixed ntohs bug in udp/500 hole for IKE.
10847 + * Revision 1.11 1998/11/10 08:01:19 rgb
10848 + * Kill tcp/500 hole, keep udp/500 hole.
10850 + * Revision 1.10 1998/11/09 21:29:26 rgb
10851 + * If no eroute is found, discard packet and incr. tx_error.
10853 + * Revision 1.9 1998/10/31 06:50:00 rgb
10854 + * Add tcp/udp/500 bypass.
10855 + * Fixed up comments in #endif directives.
10857 + * Revision 1.8 1998/10/27 00:34:31 rgb
10858 + * Reformat debug output of IP headers.
10859 + * Newlines added before calls to ipsec_print_ip.
10861 + * Revision 1.7 1998/10/19 14:44:28 rgb
10862 + * Added inclusion of freeswan.h.
10863 + * sa_id structure implemented and used: now includes protocol.
10865 + * Revision 1.6 1998/10/09 04:31:35 rgb
10866 + * Added 'klips_debug' prefix to all klips printk debug statements.
10868 + * Revision 1.5 1998/08/28 03:09:51 rgb
10869 + * Prevent kernel log spam with default route through ipsec.
10871 + * Revision 1.4 1998/08/05 22:23:09 rgb
10872 + * Change setdev return code to ENXIO for a non-existant physical device.
10874 + * Revision 1.3 1998/07/29 20:41:11 rgb
10875 + * Add ipsec_tunnel_clear to clear all tunnel attachments.
10877 + * Revision 1.2 1998/06/25 20:00:33 rgb
10878 + * Clean up #endif comments.
10879 + * Rename dev_ipsec to dev_ipsec0 for consistency.
10880 + * Document ipsec device fields.
10881 + * Make ipsec_tunnel_probe visible from rest of kernel for static linking.
10882 + * Get debugging report for *every* ipsec device initialisation.
10883 + * Comment out redundant code.
10885 + * Revision 1.1 1998/06/18 21:27:50 henry
10886 + * move sources from klips/src to klips/net/ipsec, to keep stupid
10887 + * kernel-build scripts happier in the presence of symlinks
10889 + * Revision 1.8 1998/06/14 23:49:40 rgb
10890 + * Clarify version reporting on module loading.
10892 + * Revision 1.7 1998/05/27 23:19:20 rgb
10893 + * Added version reporting.
10895 + * Revision 1.6 1998/05/18 21:56:23 rgb
10896 + * Clean up for numerical consistency of output and cleaning up debug code.
10898 + * Revision 1.5 1998/05/12 02:44:23 rgb
10899 + * Clarifying 'no e-route to host' message.
10901 + * Revision 1.4 1998/04/30 15:34:35 rgb
10902 + * Enclosed most remaining debugging statements in #ifdef's to make it quieter.
10904 + * Revision 1.3 1998/04/21 21:28:54 rgb
10905 + * Rearrange debug switches to change on the fly debug output from user
10906 + * space. Only kernel changes checked in at this time. radij.c was also
10907 + * changed to temporarily remove buggy debugging code in rj_delete causing
10908 + * an OOPS and hence, netlink device open errors.
10910 + * Revision 1.2 1998/04/12 22:03:24 rgb
10911 + * Updated ESP-3DES-HMAC-MD5-96,
10912 + * ESP-DES-HMAC-MD5-96,
10913 + * AH-HMAC-MD5-96,
10914 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
10915 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
10917 + * Fixed eroute references in /proc/net/ipsec*.
10919 + * Started to patch module unloading memory leaks in ipsec_netlink and
10920 + * radij tree unloading.
10922 + * Revision 1.1 1998/04/09 03:06:12 henry
10923 + * sources moved up from linux/net/ipsec
10925 + * Revision 1.1.1.1 1998/04/08 05:35:04 henry
10926 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
10928 + * Revision 0.5 1997/06/03 04:24:48 ji
10929 + * Added transport mode.
10930 + * Changed the way routing is done.
10931 + * Lots of bug fixes.
10933 + * Revision 0.4 1997/01/15 01:28:15 ji
10936 + * Revision 0.3 1996/11/20 14:39:04 ji
10937 + * Minor cleanups.
10938 + * Rationalized debugging code.
10940 + * Revision 0.2 1996/11/02 00:18:33 ji
10941 + * First limited release.
10945 diff -druN linux-noipsec/net/ipsec/ipsec_tunnel.h linux/net/ipsec/ipsec_tunnel.h
10946 --- linux-noipsec/net/ipsec/ipsec_tunnel.h Thu Jan 1 01:00:00 1970
10947 +++ linux/net/ipsec/ipsec_tunnel.h Fri Sep 15 13:37:02 2000
10950 + * IPSEC tunneling code
10951 + * Copyright (C) 1996, 1997 John Ioannidis.
10952 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
10954 + * This program is free software; you can redistribute it and/or modify it
10955 + * under the terms of the GNU General Public License as published by the
10956 + * Free Software Foundation; either version 2 of the License, or (at your
10957 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10959 + * This program is distributed in the hope that it will be useful, but
10960 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
10961 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
10962 + * for more details.
10968 + * Heavily based on drivers/net/new_tunnel.c. Lots
10969 + * of ideas also taken from the 2.1.x version of drivers/net/shaper.c
10972 +struct ipsectunnelconf
10977 + char cfu_name[12];
10979 +#define cf_name cf_u.cfu_name
10982 +#define IPSEC_SET_DEV (SIOCDEVPRIVATE)
10983 +#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1)
10984 +#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2)
10987 +#include <linux/version.h>
10988 +#ifndef KERNEL_VERSION
10989 +# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
10993 + struct sk_buff_head sendq;
10994 + struct device *dev;
10995 + struct wait_queue *wait_queue;
10997 + int (*hard_start_xmit) (struct sk_buff *skb,
10998 + struct device *dev);
10999 + int (*hard_header) (struct sk_buff *skb,
11000 + struct device *dev,
11001 + unsigned short type,
11006 + int (*rebuild_header)(struct sk_buff *skb);
11007 +#else /* NET_21 */
11008 + int (*rebuild_header)(void *buff, struct device *dev,
11009 + unsigned long raddr, struct sk_buff *skb);
11010 +#endif /* NET_21 */
11011 + int (*set_mac_address)(struct device *dev, void *addr);
11013 + void (*header_cache_bind)(struct hh_cache **hhp, struct device *dev,
11014 + unsigned short htype, __u32 daddr);
11015 +#endif /* !NET_21 */
11016 + void (*header_cache_update)(struct hh_cache *hh, struct device *dev, unsigned char * haddr);
11017 + struct net_device_stats *(*get_stats)(struct device *dev);
11018 + struct net_device_stats mystats;
11019 + int mtu; /* What is the desired MTU? */
11022 +#define IPSEC_NUM_IF 4
11024 +extern char ipsec_tunnel_c_version[];
11026 +int ipsec_tunnel_init_devices(void);
11028 +/* void */ int ipsec_tunnel_cleanup_devices(void);
11030 +extern /* void */ int ipsec_init(void);
11032 +#ifdef CONFIG_IPSEC_DEBUG
11033 +extern int debug_tunnel;
11034 +extern int sysctl_ipsec_debug_verbose;
11035 +#endif /* CONFIG_IPSEC_DEBUG */
11036 +#endif /* __KERNEL__ */
11038 +#ifdef CONFIG_IPSEC_DEBUG
11039 +#define DB_TN_INIT 0x0001
11040 +#define DB_TN_PROCFS 0x0002
11041 +#define DB_TN_XMIT 0x0010
11042 +#define DB_TN_OHDR 0x0020
11043 +#define DB_TN_CROUT 0x0040
11044 +#define DB_TN_OXFS 0x0080
11045 +#define DB_TN_REVEC 0x0100
11046 +#endif /* CONFIG_IPSEC_DEBUG */
11050 + * Revision 1.20 2000/09/15 11:37:02 rgb
11051 + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
11052 + * IPCOMP zlib deflate code.
11054 + * Revision 1.19 2000/09/08 19:12:56 rgb
11055 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
11057 + * Revision 1.18 2000/07/28 13:50:54 rgb
11058 + * Changed enet_statistics to net_device_stats and added back compatibility
11059 + * for pre-2.1.19.
11061 + * Revision 1.17 1999/11/19 01:12:15 rgb
11062 + * Purge unneeded proc_info prototypes, now that static linking uses
11063 + * dynamic proc_info registration.
11065 + * Revision 1.16 1999/11/18 18:51:00 rgb
11066 + * Changed all device registrations for static linking to
11067 + * dynamic to reduce the number and size of patches.
11069 + * Revision 1.15 1999/11/18 04:14:21 rgb
11070 + * Replaced all kernel version macros to shorter, readable form.
11071 + * Added CONFIG_PROC_FS compiler directives in case it is shut off.
11072 + * Added Marc Boucher's 2.3.25 proc patches.
11074 + * Revision 1.14 1999/05/25 02:50:10 rgb
11075 + * Fix kernel version macros for 2.0.x static linking.
11077 + * Revision 1.13 1999/05/25 02:41:06 rgb
11078 + * Add ipsec_klipsdebug support for static linking.
11080 + * Revision 1.12 1999/05/05 22:02:32 rgb
11081 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
11083 + * Revision 1.11 1999/04/29 15:19:50 rgb
11084 + * Add return values to init and cleanup functions.
11086 + * Revision 1.10 1999/04/16 16:02:39 rgb
11087 + * Bump up macro to 4 ipsec I/Fs.
11089 + * Revision 1.9 1999/04/15 15:37:25 rgb
11090 + * Forward check changes from POST1_00 branch.
11092 + * Revision 1.5.2.1 1999/04/02 04:26:14 rgb
11093 + * Backcheck from HEAD, pre1.0.
11095 + * Revision 1.8 1999/04/11 00:29:01 henry
11096 + * GPL boilerplate
11098 + * Revision 1.7 1999/04/06 04:54:28 rgb
11099 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
11100 + * patch shell fixes.
11102 + * Revision 1.6 1999/03/31 05:44:48 rgb
11103 + * Keep PMTU reduction private.
11105 + * Revision 1.5 1999/02/10 22:31:20 rgb
11106 + * Change rebuild_header member to reflect generality of link layer.
11108 + * Revision 1.4 1998/12/01 13:22:04 rgb
11109 + * Added support for debug printing of version info.
11111 + * Revision 1.3 1998/07/29 20:42:46 rgb
11112 + * Add a macro for clearing all tunnel devices.
11113 + * Rearrange structures and declarations for sharing with userspace.
11115 + * Revision 1.2 1998/06/25 20:01:45 rgb
11116 + * Make prototypes available for ipsec_init and ipsec proc_dir_entries
11117 + * for static linking.
11119 + * Revision 1.1 1998/06/18 21:27:50 henry
11120 + * move sources from klips/src to klips/net/ipsec, to keep stupid
11121 + * kernel-build scripts happier in the presence of symlinks
11123 + * Revision 1.3 1998/05/18 21:51:50 rgb
11124 + * Added macros for num of I/F's and a procfs debug switch.
11126 + * Revision 1.2 1998/04/21 21:29:09 rgb
11127 + * Rearrange debug switches to change on the fly debug output from user
11128 + * space. Only kernel changes checked in at this time. radij.c was also
11129 + * changed to temporarily remove buggy debugging code in rj_delete causing
11130 + * an OOPS and hence, netlink device open errors.
11132 + * Revision 1.1 1998/04/09 03:06:13 henry
11133 + * sources moved up from linux/net/ipsec
11135 + * Revision 1.1.1.1 1998/04/08 05:35:05 henry
11136 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
11138 + * Revision 0.5 1997/06/03 04:24:48 ji
11139 + * Added transport mode.
11140 + * Changed the way routing is done.
11141 + * Lots of bug fixes.
11143 + * Revision 0.4 1997/01/15 01:28:15 ji
11146 + * Revision 0.3 1996/11/20 14:39:04 ji
11147 + * Minor cleanups.
11148 + * Rationalized debugging code.
11150 + * Revision 0.2 1996/11/02 00:18:33 ji
11151 + * First limited release.
11155 diff -druN linux-noipsec/net/ipsec/ipsec_xform.c linux/net/ipsec/ipsec_xform.c
11156 --- linux-noipsec/net/ipsec/ipsec_xform.c Thu Jan 1 01:00:00 1970
11157 +++ linux/net/ipsec/ipsec_xform.c Mon Nov 6 05:32:08 2000
11160 + * Common routines for IPSEC transformations.
11161 + * Copyright (C) 1996, 1997 John Ioannidis.
11162 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
11164 + * This program is free software; you can redistribute it and/or modify it
11165 + * under the terms of the GNU General Public License as published by the
11166 + * Free Software Foundation; either version 2 of the License, or (at your
11167 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11169 + * This program is distributed in the hope that it will be useful, but
11170 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11171 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
11172 + * for more details.
11177 +#include <linux/config.h>
11178 +#include <linux/version.h>
11180 +#include <linux/kernel.h> /* printk() */
11181 +#include <linux/malloc.h> /* kmalloc() */
11182 +#include <linux/errno.h> /* error codes */
11183 +#include <linux/types.h> /* size_t */
11184 +#include <linux/interrupt.h> /* mark_bh */
11186 +#include <linux/netdevice.h> /* struct device, and other headers */
11187 +#include <linux/etherdevice.h> /* eth_type_trans */
11188 +#include <linux/ip.h> /* struct iphdr */
11189 +#include <linux/skbuff.h>
11190 +#include <linux/random.h> /* get_random_bytes() */
11191 +#include <freeswan.h>
11193 +#ifdef SPINLOCK_23
11194 +#include <linux/spinlock.h> /* *lock* */
11195 +#else /* SPINLOCK_23 */
11196 +#include <asm/spinlock.h> /* *lock* */
11197 +#endif /* SPINLOCK_23 */
11198 +#endif /* SPINLOCK */
11200 +#include <asm/uaccess.h>
11201 +#include <linux/in6.h>
11203 +#include <asm/checksum.h>
11204 +#include <net/ip.h>
11206 +#include "radij.h"
11207 +#include "ipsec_encap.h"
11208 +#include "ipsec_radij.h"
11209 +#include "ipsec_netlink.h"
11210 +#include "ipsec_xform.h"
11211 +#include "ipsec_ipe4.h"
11212 +#include "ipsec_ah.h"
11213 +#include "ipsec_esp.h"
11215 +#include <pfkeyv2.h>
11216 +#include <pfkey.h>
11218 +#ifdef CONFIG_IPSEC_DEBUG
11219 +int debug_xform = 0;
11220 +#endif /* CONFIG_IPSEC_DEBUG */
11222 +#define SENDERR(_x) do { len = -(_x); goto errlab; } while (0)
11224 +extern int des_set_key(caddr_t, caddr_t);
11226 +struct xformsw xformsw[] = {
11227 +{ XF_IP4, 0, "IPv4_Encapsulation"},
11228 +{ XF_AHHMACMD5, XFT_AUTH, "HMAC_MD5_Authentication"},
11229 +{ XF_AHHMACSHA1, XFT_AUTH, "HMAC_SHA-1_Authentication"},
11230 +{ XF_ESP3DES, XFT_CONF, "3DES_Encryption"},
11231 +{ XF_ESP3DESMD596, XFT_CONF, "3DES-MD5-96_Encryption"},
11232 +{ XF_ESP3DESSHA196, XFT_CONF, "3DES-SHA1-96_Encryption"},
11233 +{ XF_ESPNULLMD596, XFT_CONF, "NULL-MD5-96_ESP_*Plaintext*"},
11234 +{ XF_ESPNULLSHA196, XFT_CONF, "NULL-SHA1-96_ESP_*Plaintext*"},
11237 +struct tdb *tdbh[TDB_HASHMOD];
11239 +spinlock_t tdb_lock = SPIN_LOCK_UNLOCKED;
11240 +#else /* SPINLOCK */
11241 +spinlock_t tdb_lock;
11242 +#endif /* SPINLOCK */
11243 +struct xformsw *xformswNXFORMSW = &xformsw[sizeof(xformsw)/sizeof(xformsw[0])];
11246 +ipsec_tdbinit(void)
11250 + for(i = 1; i < TDB_HASHMOD; i++) {
11257 +gettdb(struct sa_id *said)
11260 + struct tdb *tdbp;
11261 + char sa[SATOA_BUF];
11264 + KLIPS_PRINT(debug_xform,
11265 + "klips_error:gettdb: null pointer passed in!\n");
11269 + satoa(*said, 0, sa, SATOA_BUF);
11271 + hashval = (said->spi+said->dst.s_addr+said->proto) % TDB_HASHMOD;
11273 + KLIPS_PRINT(debug_xform,
11274 + "klips_debug:gettdb: linked entry in tdb table for hash=%d of SA:%s requested.\n",
11277 + if(!(tdbp = tdbh[hashval])) {
11278 + KLIPS_PRINT(debug_xform,
11279 + "klips_debug:gettdb: no entries in tdb table for hash=%d of SA:%s.\n",
11284 + for (; tdbp; tdbp = tdbp->tdb_hnext) {
11285 + if ((tdbp->tdb_said.spi == said->spi) &&
11286 + (tdbp->tdb_said.dst.s_addr == said->dst.s_addr) &&
11287 + (tdbp->tdb_said.proto == said->proto)) {
11292 + KLIPS_PRINT(debug_xform,
11293 + "klips_debug:gettdb: no entry in linked list for hash=%d of SA:%s.\n",
11300 +puttdb(struct tdb *tdbp)
11303 + unsigned int hashval;
11306 + KLIPS_PRINT(debug_xform,
11307 + "klips_error:puttdb: null pointer passed in!\n");
11310 + hashval = ((tdbp->tdb_said.spi + tdbp->tdb_said.dst.s_addr + tdbp->tdb_said.proto) % TDB_HASHMOD);
11312 + spin_lock_bh(&tdb_lock);
11314 + tdbp->tdb_hnext = tdbh[hashval];
11315 + tdbh[hashval] = tdbp;
11317 + spin_unlock_bh(&tdb_lock);
11322 +/* This tdb better be locked before it is handed in, or races might
11327 +deltdb(struct tdb *tdbp)
11329 + unsigned int hashval;
11330 + struct tdb *tdbtp;
11331 + char sa[SATOA_BUF];
11334 + KLIPS_PRINT(debug_xform,
11335 + "klips_error:deltdb: null pointer passed in!\n");
11339 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
11340 + if(tdbp->tdb_inext || tdbp->tdb_onext) {
11341 + KLIPS_PRINT(debug_xform,
11342 + "klips_error:deltdb: SA:%s still linked!\n",
11347 + hashval = ((tdbp->tdb_said.spi + tdbp->tdb_said.dst.s_addr + tdbp->tdb_said.proto) % TDB_HASHMOD);
11349 + KLIPS_PRINT(debug_xform,
11350 + "klips_debug:deltdb: deleting SA:%s, hashval=%d.\n",
11352 + if(!tdbh[hashval]) {
11353 + KLIPS_PRINT(debug_xform,
11354 + "klips_debug:deltdb: no entries in tdb table for hash=%d of SA:%s.\n",
11359 + if (tdbp == tdbh[hashval]) {
11360 + tdbh[hashval] = tdbh[hashval]->tdb_hnext;
11361 + tdbp->tdb_hnext = NULL;
11362 + KLIPS_PRINT(debug_xform,
11363 + "klips_debug:deltdb: successfully deleted first tdb in chain.\n");
11366 + for (tdbtp = tdbh[hashval]; tdbtp; tdbtp = tdbtp->tdb_hnext) {
11367 + if (tdbtp->tdb_hnext == tdbp) {
11368 + tdbtp->tdb_hnext = tdbp->tdb_hnext;
11369 + tdbp->tdb_hnext = NULL;
11370 + KLIPS_PRINT(debug_xform,
11371 + "klips_debug:deltdb: successfully "
11372 + "deleted link in tdb chain.\n");
11378 + KLIPS_PRINT(debug_xform,
11379 + "klips_debug:deltdb: no entries in linked list for hash=%d of SA:%s.\n",
11384 +/* This tdb better be locked before it is handed in, or races might
11388 +deltdbchain(struct tdb *tdbp)
11390 + struct tdb *tdbdel;
11392 + char sa[SATOA_BUF];
11395 + KLIPS_PRINT(debug_xform,
11396 + "klips_error:deltdbchain: null pointer passed in!\n");
11400 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
11401 + KLIPS_PRINT(debug_xform,
11402 + "klips_debug:deltdbchain: passed SA:%s\n", sa);
11403 + while(tdbp->tdb_onext) {
11404 + tdbp = tdbp->tdb_onext;
11408 + /* XXX send a pfkey message up to advise of deleted TDB */
11409 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
11410 + KLIPS_PRINT(debug_xform,
11411 + "klips_debug:deltdbchain: unlinking and delting SA:%s", sa);
11413 + tdbp = tdbp->tdb_inext;
11415 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
11416 + KLIPS_PRINT(debug_xform,
11417 + ", inext=%s", sa);
11418 + tdbdel->tdb_inext = NULL;
11419 + tdbp->tdb_onext = NULL;
11421 + KLIPS_PRINT(debug_xform,
11423 + if((error = deltdb(tdbdel))) {
11424 + KLIPS_PRINT(debug_xform,
11425 + "klips_debug:deltdbchain: "
11426 + "deltdb returned error %d.\n", -error);
11429 + if((error = ipsec_tdbwipe(tdbdel))) {
11430 + KLIPS_PRINT(debug_xform,
11431 + "klips_debug:deltdbchain: "
11432 + "ipsec_tdbwipe returned error %d.\n", -error);
11441 +tdb_init(struct tdb *tdbp, struct encap_msghdr *em)
11444 + struct xformsw *xsp;
11447 +#if defined(CONFIG_IPSEC_ENC_3DES)
11449 +#endif /* CONFIG_IPSEC_ENC_3DES */
11451 + char sa[SATOA_BUF];
11454 + if(!tdbp || !em) {
11455 + KLIPS_PRINT(debug_xform,
11456 + "klips_error:tdb_init: null pointer passed in!\n");
11457 + SENDERR(ENODATA);
11460 + sa_len = satoa(em->em_said, 0, sa, SATOA_BUF);
11462 + KLIPS_PRINT(debug_esp,
11463 + "klips_debug:tdb_init: (algo_switch defined) called for SA:%s\n", sa);
11464 + alg = em->em_alg;
11466 + for (xsp = xformsw; xsp < xformswNXFORMSW; xsp++) {
11467 + if (xsp->xf_type == alg) {
11468 + KLIPS_PRINT(debug_netlink,
11469 + "klips_debug:tdb_init: called with tdbp=0x%p, xsp=0x%p, em=0x%p\n",
11471 + KLIPS_PRINT(debug_netlink,
11472 + "klips_debug:tdb_init: calling init routine of %s\n",
11474 + tdbp->tdb_xform = xsp;
11475 + tdbp->tdb_replaywin_lastseq = 0;
11476 + tdbp->tdb_replaywin_bitmap = 0;
11477 + /* check size of message here XXX */
11479 +#ifdef CONFIG_IPSEC_IPIP
11481 + struct ipe4_xdata *xd;
11482 + xd = (struct ipe4_xdata *)(em->em_dat);
11484 + tdbp->tdb_authalg = AH_NONE;
11485 + tdbp->tdb_encalg = ESP_NONE;
11487 + if((tdbp->tdb_addr_s = (struct sockaddr*)
11488 + kmalloc((tdbp->tdb_addr_s_size = sizeof(struct sockaddr_in)),
11489 + GFP_ATOMIC)) == NULL) {
11492 + if((tdbp->tdb_addr_d = (struct sockaddr*)
11493 + kmalloc((tdbp->tdb_addr_d_size = sizeof(struct sockaddr_in)),
11494 + GFP_ATOMIC)) == NULL) {
11498 + /* might want to use a different structure here, or set sin_family and sin_port */
11499 + ((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr = xd->i4_src;
11500 + ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr = xd->i4_dst;
11503 +#endif /* !CONFIG_IPSEC_IPIP */
11505 +#ifdef CONFIG_IPSEC_AH
11507 +# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
11508 + case XF_AHHMACMD5: {
11509 + struct ahhmacmd5_edata *ed;
11510 + unsigned char kb[AHMD596_BLKLEN];
11514 + ed = (struct ahhmacmd5_edata *)em->em_dat;
11516 + tdbp->tdb_authalg = AH_MD5;
11517 + tdbp->tdb_encalg = ESP_NONE;
11519 + if (em->em_msglen - EMT_SETSPI_FLEN > sizeof (struct ahhmacmd5_edata))
11522 + if (ed->ame_klen != AHMD596_KLEN) {
11523 + KLIPS_PRINT(debug_ah,
11524 + "klips_debug:tdb_init: incorrect key size: %d"
11525 + "-- must be %d octets (bytes)\n",
11526 + ed->ame_klen, AHMD596_KLEN);
11530 + if (ed->ame_alen != AHMD596_ALEN) {
11531 + KLIPS_PRINT(debug_ah,
11532 + "klips_debug:tdb_init: authenticator size: %d"
11533 + " -- must be %d octets (bytes)\n",
11534 + ed->ame_alen, AHMD596_ALEN);
11538 + KLIPS_PRINT(debug_ah,
11539 + "klips_debug:tdb_init: hmac md5-96 key is 0x%08x %08x %08x %08x\n",
11540 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)),
11541 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)),
11542 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)),
11543 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3)));
11545 + tdbp->tdb_key_bits_a = ed->ame_klen;
11546 + tdbp->tdb_auth_bits = ed->ame_alen * 8;
11548 + if(ed->ame_ooowin > 64) {
11549 + KLIPS_PRINT(debug_ah,
11550 + "klips_debug:tdb_init: replay window size: %d"
11551 + " -- must be 0 <= size <= 64\n",
11555 + tdbp->tdb_replaywin = ed->ame_ooowin;
11556 + tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0;
11558 + if((tdbp->tdb_key_a = (caddr_t)
11559 + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)),
11560 + GFP_ATOMIC)) == NULL) {
11564 + for (i = 0; i < ed->ame_klen; i++) {
11565 + kb[i] = ed->ame_key[i] ^ HMAC_IPAD;
11567 + for (; i < AHMD596_BLKLEN; i++) {
11568 + kb[i] = HMAC_IPAD;
11571 + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx);
11573 + MD5Update(ictx, kb, AHMD596_BLKLEN);
11575 + for (i = 0; i < AHMD596_BLKLEN; i++)
11576 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
11578 + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx);
11580 + MD5Update(octx, kb, AHMD596_BLKLEN);
11582 + KLIPS_PRINT(debug_ah,
11583 + "klips_debug:tdb_init: MD5 ictx=0x%08x %08x %08x %08x"
11584 + " octx=0x%08x %08x %08x %08x\n",
11585 + ((__u32*)ictx)[0],
11586 + ((__u32*)ictx)[1],
11587 + ((__u32*)ictx)[2],
11588 + ((__u32*)ictx)[3],
11589 + ((__u32*)octx)[0],
11590 + ((__u32*)octx)[1],
11591 + ((__u32*)octx)[2],
11592 + ((__u32*)octx)[3] );
11594 + /* zero key buffer -- paranoid */
11595 + memset(kb, 0, sizeof(kb));
11596 + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen);
11599 +# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
11600 +# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
11601 + case XF_AHHMACSHA1: {
11602 + struct ahhmacsha1_edata *ed;
11603 + unsigned char kb[AHSHA196_BLKLEN];
11607 + ed = (struct ahhmacsha1_edata *)em->em_dat;
11609 + tdbp->tdb_authalg = AH_SHA;
11610 + tdbp->tdb_encalg = ESP_NONE;
11612 + if (em->em_msglen - EMT_SETSPI_FLEN > sizeof (struct ahhmacsha1_edata))
11615 + if (ed->ame_klen != AHSHA196_KLEN) {
11616 + KLIPS_PRINT(debug_ah,
11617 + "klips_debug:tdb_init: incorrect key size: %d"
11618 + "-- must be %d octets (bytes)\n",
11619 + ed->ame_klen, AHSHA196_KLEN);
11623 + if (ed->ame_alen != AHSHA196_ALEN) {
11624 + KLIPS_PRINT(debug_ah,
11625 + "klips_debug:tdb_init: authenticator size: %d"
11626 + " -- must be %d octets (bytes)\n",
11627 + ed->ame_alen, AHSHA196_ALEN);
11631 + KLIPS_PRINT(debug_ah,
11632 + "klips_debug:tdb_init: hmac sha1-96 key is 0x%08x %08x %08x %08x\n",
11633 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)),
11634 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)),
11635 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)),
11636 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3)));
11638 + tdbp->tdb_key_bits_a = ed->ame_klen;
11639 + tdbp->tdb_auth_bits = ed->ame_alen * 8;
11641 + if(ed->ame_ooowin > 64) {
11642 + KLIPS_PRINT(debug_ah,
11643 + "klips_debug:tdb_init: replay window size: %d"
11644 + " -- must be 0 <= size <= 64\n",
11648 + tdbp->tdb_replaywin = ed->ame_ooowin;
11649 + tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0;
11651 + if((tdbp->tdb_key_a = (caddr_t)
11652 + kmalloc((tdbp->tdb_key_a_size = (__u16)sizeof(struct sha1_ctx)),
11653 + GFP_ATOMIC)) == NULL) {
11657 + for (i = 0; i < ed->ame_klen; i++)
11658 + kb[i] = ed->ame_key[i] ^ HMAC_IPAD;
11659 + for (; i < AHSHA196_BLKLEN; i++)
11660 + kb[i] = HMAC_IPAD;
11662 + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx);
11664 + SHA1Update(ictx, kb, AHSHA196_BLKLEN);
11666 + for (i = 0; i < AHSHA196_BLKLEN; i++)
11667 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
11669 + octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx);
11671 + SHA1Update(octx, kb, AHSHA196_BLKLEN);
11673 + KLIPS_PRINT(debug_ah,
11674 + "klips_debug:tdb_init: SHA1 ictx=0x%08x %08x %08x %08x"
11675 + " octx=0x%08x %08x %08x %08x\n",
11676 + ((__u32*)ictx)[0],
11677 + ((__u32*)ictx)[1],
11678 + ((__u32*)ictx)[2],
11679 + ((__u32*)ictx)[3],
11680 + ((__u32*)octx)[0],
11681 + ((__u32*)octx)[1],
11682 + ((__u32*)octx)[2],
11683 + ((__u32*)octx)[3] );
11685 + /* zero key buffer -- paranoid */
11686 + memset(kb, 0, sizeof(kb));
11687 + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen);
11690 +# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
11692 +#endif /* CONFIG_IPSEC_AH */
11694 +#ifdef CONFIG_IPSEC_ESP
11695 +#ifdef CONFIG_IPSEC_ENC_3DES
11697 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
11698 + case XF_ESP3DESMD596:
11699 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
11700 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
11701 + case XF_ESP3DESSHA196:
11702 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
11703 +#endif /* CONFIG_IPSEC_ENC_3DES */
11704 +#ifdef CONFIG_IPSEC_ENC_NULL
11705 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
11706 + case XF_ESPNULLMD596:
11707 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
11708 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
11709 + case XF_ESPNULLSHA196:
11710 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
11711 +#endif /* CONFIG_IPSEC_ENC_NULL */
11713 + struct espblkrply_edata *ed;
11714 + unsigned char kb[AHMD596_BLKLEN];
11715 + ed = (struct espblkrply_edata *)em->em_dat;
11717 + KLIPS_PRINT(debug_esp,
11718 + "klips_debug:tdb_init: "
11729 + if(ed->eme_ooowin > 64) {
11730 + KLIPS_PRINT(debug_esp,
11731 + "klips_debug:tdb_init: replay window size: %d"
11732 + "-- must be 0 <= size <= 64\n",
11736 + tdbp->tdb_replaywin = ed->eme_ooowin;
11740 + case XF_ESP3DESMD596:
11741 + case XF_ESP3DESSHA196:
11742 + if((tdbp->tdb_iv = (caddr_t)
11743 + kmalloc((tdbp->tdb_iv_size = EMT_ESPDES_IV_SZ), GFP_ATOMIC)) == NULL) {
11746 + get_random_bytes((void *)tdbp->tdb_iv, EMT_ESPDES_IV_SZ);
11747 + tdbp->tdb_iv_bits = tdbp->tdb_iv_size * 8;
11753 +#ifdef CONFIG_IPSEC_ENC_3DES
11755 + case XF_ESP3DESMD596:
11756 + case XF_ESP3DESSHA196:
11757 + tdbp->tdb_encalg = ESP_3DES;
11759 + if (ed->eme_klen != EMT_ESP3DES_KEY_SZ) {
11760 + KLIPS_PRINT(debug_esp,
11761 + "klips_debug:tdb_init: incorrect encryption "
11762 + "key size: %d -- must be %d octets (bytes)\n",
11763 + ed->eme_klen, EMT_ESP3DES_KEY_SZ);
11767 + tdbp->tdb_key_bits_e = ed->eme_klen;
11769 + if((tdbp->tdb_key_e = (caddr_t)
11770 + kmalloc((tdbp->tdb_key_e_size = 3 * sizeof(struct des_eks)),
11771 + GFP_ATOMIC)) == NULL) {
11775 + for(i = 0; i < 3; i++) {
11777 + KLIPS_PRINT(debug_esp,
11778 + "klips_debug:tdb_init: 3des key %d/3 is 0x%08lx%08lx\n",
11780 + ntohl(*((__u32 *)ed->eme_key + i * 2)),
11781 + ntohl(*((__u32 *)ed->eme_key + i * 2 + 1)));
11783 + error = des_set_key((caddr_t)(ed->eme_key) + EMT_ESPDES_KEY_SZ * i,
11784 + (caddr_t)&((struct des_eks*)(tdbp->tdb_key_e))[i]);
11786 + printk("klips_debug:tdb_init: parity error in des key %d/3\n", i + 1);
11787 + else if (error == -2)
11788 + printk("klips_debug:tdb_init: illegal weak des key %d/3\n", i + 1);
11790 + memset(tdbp->tdb_key_e, 0, 3 * sizeof(struct des_eks));
11791 + kfree(tdbp->tdb_key_e);
11797 +#endif /* CONFIG_IPSEC_ENC_3DES */
11799 + tdbp->tdb_encalg = ESP_NULL;
11803 +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
11804 + case XF_ESP3DESMD596:
11805 + case XF_ESPNULLMD596:
11810 + tdbp->tdb_authalg = AH_MD5;
11812 + if (ed->ame_klen != AHMD596_KLEN) {
11813 + KLIPS_PRINT(debug_esp,
11814 + "klips_debug:tdb_init: incorrect authorisation "
11815 + " key size: %d -- must be %d octets (bytes)\n",
11816 + ed->ame_klen, AHMD596_KLEN);
11820 + tdbp->tdb_key_bits_a = ed->ame_klen;
11821 + tdbp->tdb_auth_bits = ed->ame_klen * 8;
11824 + if((tdbp->tdb_key_a = (caddr_t)
11825 + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)),
11826 + GFP_ATOMIC)) == NULL) {
11829 + KLIPS_PRINT(debug_esp,
11830 + "klips_debug:tdb_init: hmac md5-96 key is 0x%08x %08x %08x %08x\n",
11831 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)),
11832 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)),
11833 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)),
11834 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3)));
11836 + for (i=0; i< AHMD596_KLEN; i++)
11837 + kb[i] = (*(((unsigned char *)(ed->ame_key)) + i)) ^ HMAC_IPAD;
11839 + * HMAC_key is now contained in the first 128 bits of kb.
11840 + * Pad with zeroes and XOR with HMAC_IPAD to create the inner context
11842 + for (; i<AHMD596_BLKLEN; i++) {
11843 + kb[i] = HMAC_IPAD;
11846 + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx);
11848 + MD5Update(ictx, kb, AHMD596_BLKLEN);
11850 + for (i=0; i<AHMD596_BLKLEN; i++) {
11851 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
11854 + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx);
11856 + MD5Update(octx, kb, AHMD596_BLKLEN);
11858 + KLIPS_PRINT(debug_esp,
11859 + "klips_debug:tdb_init: MD5 ictx=0x%08x %08x %08x %08x"
11860 + " octx=0x%08x %08x %08x %08x\n",
11861 + ((__u32*)ictx)[0],
11862 + ((__u32*)ictx)[1],
11863 + ((__u32*)ictx)[2],
11864 + ((__u32*)ictx)[3],
11865 + ((__u32*)octx)[0],
11866 + ((__u32*)octx)[1],
11867 + ((__u32*)octx)[2],
11868 + ((__u32*)octx)[3] );
11870 + memset(kb, 0, sizeof(kb)); /* paranoid */
11871 + memset((caddr_t)&(ed->eme_key), 0, ed->eme_klen);
11872 + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen);
11875 +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
11876 +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
11877 + case XF_ESPNULLSHA196:
11878 + case XF_ESP3DESSHA196:
11883 + tdbp->tdb_authalg = AH_SHA;
11885 + if (ed->ame_klen != AHSHA196_KLEN) {
11886 + KLIPS_PRINT(debug_esp,
11887 + "klips_debug:tdb_init: incorrect authorisation "
11888 + " key size: %d -- must be %d octets (bytes)\n",
11889 + ed->ame_klen, AHSHA196_KLEN);
11893 + tdbp->tdb_key_bits_a = ed->ame_klen;
11894 + tdbp->tdb_auth_bits = ed->ame_klen * 8;
11896 + if((tdbp->tdb_key_a = (caddr_t)
11897 + kmalloc((tdbp->tdb_key_a_size = sizeof(struct sha1_ctx)),
11898 + GFP_ATOMIC)) == NULL) {
11901 + KLIPS_PRINT(debug_esp,
11902 + "klips_debug:tdb_init: hmac sha1-96 key is 0x%08x %08x %08x %08x\n",
11903 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)),
11904 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)),
11905 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)),
11906 + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3)));
11908 + for (i=0; i< AHSHA196_KLEN; i++)
11909 + kb[i] = (*(((unsigned char *)(ed->ame_key)) + i)) ^ HMAC_IPAD;
11911 + * HMAC_key is now contained in the first 128 bits of kb.
11912 + * Pad with zeroes and XOR with HMAC_IPAD to create the inner context
11914 + for (; i<AHSHA196_BLKLEN; i++)
11915 + kb[i] = HMAC_IPAD;
11917 + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx);
11919 + SHA1Update(ictx, kb, AHSHA196_BLKLEN);
11921 + for (i=0; i<AHSHA196_BLKLEN; i++)
11922 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
11924 + octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx);
11926 + SHA1Update(octx, kb, AHSHA196_BLKLEN);
11928 + KLIPS_PRINT(debug_esp,
11929 + "klips_debug:tdb_init: SHA1 ictx=0x%08x %08x %08x %08x"
11930 + " octx=0x%08x %08x %08x %08x\n",
11931 + ((__u32*)ictx)[0],
11932 + ((__u32*)ictx)[1],
11933 + ((__u32*)ictx)[2],
11934 + ((__u32*)ictx)[3],
11935 + ((__u32*)octx)[0],
11936 + ((__u32*)octx)[1],
11937 + ((__u32*)octx)[2],
11938 + ((__u32*)octx)[3] );
11940 + memset(kb, 0, sizeof(kb)); /* paranoid */
11941 + memset((caddr_t)&(ed->eme_key), 0, ed->eme_klen);
11942 + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen);
11945 +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
11947 + tdbp->tdb_authalg = AH_NONE;
11953 +#endif /* !CONFIG_IPSEC_ESP */
11955 + KLIPS_PRINT(debug_xform,
11956 + "klips_debug:tdb_init: alg=%d not configured\n", alg);
11957 + SENDERR(ESOCKTNOSUPPORT);
11962 + KLIPS_PRINT(debug_xform & DB_XF_INIT,
11963 + "klips_debug:tdb_init: unregistered algorithm %d requested\n"
11964 + "klips_debug: trying to setup SA:%s\n", alg, sa);
11972 +ipsec_tdbcleanup(__u8 proto)
11976 + struct tdb *tdbp, **tdbprev, *tdbdel;
11977 + char sa[SATOA_BUF];
11979 + KLIPS_PRINT(debug_xform,
11980 + "klips_debug:ipsec_tdbcleanup: cleaning up proto=%d.\n", proto);
11982 + spin_lock_bh(&tdb_lock);
11984 + for (i = 0; i < TDB_HASHMOD; i++) {
11985 + tdbprev = &(tdbh[i]);
11988 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
11989 + KLIPS_PRINT(debug_xform,
11990 + "klips_debug:ipsec_tdbcleanup: checking SA:%s, hash=%d",
11993 + tdbp = tdbdel->tdb_hnext;
11995 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
11996 + KLIPS_PRINT(debug_xform,
11997 + ", hnext=%s", sa);
12000 + satoa((*tdbprev)->tdb_said, 0, sa, SATOA_BUF);
12001 + KLIPS_PRINT(debug_xform,
12002 + ", *tdbprev=%s", sa);
12003 + if((*tdbprev)->tdb_hnext) {
12004 + satoa((*tdbprev)->tdb_hnext->tdb_said, 0, sa, SATOA_BUF);
12005 + KLIPS_PRINT(debug_xform,
12006 + ", *tdbprev->tdb_hnext=%s", sa);
12009 + KLIPS_PRINT(debug_xform,
12011 + if(!proto || (proto == tdbdel->tdb_said.proto)) {
12012 + satoa(tdbdel->tdb_said, 0, sa, SATOA_BUF);
12013 + KLIPS_PRINT(debug_xform,
12014 + "klips_debug:ipsec_tdbcleanup: deleting SA chain:%s.\n",
12016 + /* *tdbprev = tdbdel->tdb_hnext; */
12017 + if((error = deltdbchain(tdbdel))) {
12020 + tdbprev = &(tdbh[i]);
12023 + KLIPS_PRINT(debug_xform,
12024 + "klips_debug:ipsec_tdbcleanup: deleted SA chain:%s", sa);
12026 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
12027 + KLIPS_PRINT(debug_xform,
12028 + ", tdbh[%d]=%s", i, sa);
12031 + satoa((*tdbprev)->tdb_said, 0, sa, SATOA_BUF);
12032 + KLIPS_PRINT(debug_xform,
12033 + ", *tdbprev=%s", sa);
12034 + if((*tdbprev)->tdb_hnext) {
12035 + satoa((*tdbprev)->tdb_hnext->tdb_said, 0, sa, SATOA_BUF);
12036 + KLIPS_PRINT(debug_xform,
12037 + ", *tdbprev->tdb_hnext=%s", sa);
12040 + KLIPS_PRINT(debug_xform,
12043 + tdbprev = &tdbdel;
12049 + spin_unlock_bh(&tdb_lock);
12055 +ipsec_tdbwipe(struct tdb *tdbp)
12061 + if(tdbp->tdb_addr_s) {
12062 + memset((caddr_t)(tdbp->tdb_addr_s), 0, tdbp->tdb_addr_s_size);
12063 + kfree(tdbp->tdb_addr_s);
12065 + tdbp->tdb_addr_s = NULL;
12067 + if(tdbp->tdb_addr_d) {
12068 + memset((caddr_t)(tdbp->tdb_addr_d), 0, tdbp->tdb_addr_d_size);
12069 + kfree(tdbp->tdb_addr_d);
12071 + tdbp->tdb_addr_d = NULL;
12073 + if(tdbp->tdb_addr_p) {
12074 + memset((caddr_t)(tdbp->tdb_addr_p), 0, tdbp->tdb_addr_p_size);
12075 + kfree(tdbp->tdb_addr_p);
12077 + tdbp->tdb_addr_p = NULL;
12079 + if(tdbp->tdb_key_a) {
12080 + memset((caddr_t)(tdbp->tdb_key_a), 0, tdbp->tdb_key_a_size);
12081 + kfree(tdbp->tdb_key_a);
12083 + tdbp->tdb_key_a = NULL;
12085 + if(tdbp->tdb_key_e) {
12086 + memset((caddr_t)(tdbp->tdb_key_e), 0, tdbp->tdb_key_e_size);
12087 + kfree(tdbp->tdb_key_e);
12089 + tdbp->tdb_key_e = NULL;
12091 + if(tdbp->tdb_iv) {
12092 + memset((caddr_t)(tdbp->tdb_iv), 0, tdbp->tdb_iv_size);
12093 + kfree(tdbp->tdb_iv);
12095 + tdbp->tdb_iv = NULL;
12097 + if(tdbp->tdb_ident_data_s) {
12098 + memset((caddr_t)(tdbp->tdb_ident_data_s),
12100 + tdbp->tdb_ident_len_s * IPSEC_PFKEYv2_ALIGN);
12101 + kfree(tdbp->tdb_ident_data_s);
12103 + tdbp->tdb_ident_data_s = NULL;
12105 + if(tdbp->tdb_ident_data_d) {
12106 + memset((caddr_t)(tdbp->tdb_ident_data_d),
12108 + tdbp->tdb_ident_len_d * IPSEC_PFKEYv2_ALIGN);
12109 + kfree(tdbp->tdb_ident_data_d);
12111 + tdbp->tdb_ident_data_d = NULL;
12113 + memset((caddr_t)tdbp, 0, sizeof(*tdbp));
12122 + * Revision 1.47 2000/11/06 04:32:08 rgb
12123 + * Ditched spin_lock_irqsave in favour of spin_lock_bh.
12125 + * Revision 1.46 2000/09/20 16:21:57 rgb
12126 + * Cleaned up ident string alloc/free.
12128 + * Revision 1.45 2000/09/08 19:16:51 rgb
12129 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
12130 + * Removed all references to CONFIG_IPSEC_PFKEYv2.
12132 + * Revision 1.44 2000/08/30 05:29:04 rgb
12133 + * Compiler-define out no longer used tdb_init() in ipsec_xform.c.
12135 + * Revision 1.43 2000/08/18 21:30:41 rgb
12136 + * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear.
12138 + * Revision 1.42 2000/08/01 14:51:51 rgb
12139 + * Removed _all_ remaining traces of DES.
12141 + * Revision 1.41 2000/07/28 14:58:31 rgb
12142 + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
12144 + * Revision 1.40 2000/06/28 05:50:11 rgb
12145 + * Actually set iv_bits.
12147 + * Revision 1.39 2000/05/10 23:11:09 rgb
12148 + * Added netlink debugging output.
12149 + * Added a cast to quiet down the ntohl bug.
12151 + * Revision 1.38 2000/05/10 19:18:42 rgb
12152 + * Cast output of ntohl so that the broken prototype doesn't make our
12155 + * Revision 1.37 2000/03/16 14:04:59 rgb
12156 + * Hardwired CONFIG_IPSEC_PFKEYv2 on.
12158 + * Revision 1.36 2000/01/26 10:11:28 rgb
12159 + * Fixed spacing in error text causing run-in words.
12161 + * Revision 1.35 2000/01/21 06:17:16 rgb
12162 + * Tidied up compiler directive indentation for readability.
12163 + * Added ictx,octx vars for simplification.(kravietz)
12164 + * Added macros for HMAC padding magic numbers.(kravietz)
12165 + * Fixed missing key length reporting bug.
12166 + * Fixed bug in tdbwipe to return immediately on NULL tdbp passed in.
12168 + * Revision 1.34 1999/12/08 00:04:19 rgb
12169 + * Fixed SA direction overwriting bug for netlink users.
12171 + * Revision 1.33 1999/12/01 22:16:44 rgb
12172 + * Minor formatting changes in ESP MD5 initialisation.
12174 + * Revision 1.32 1999/11/25 09:06:36 rgb
12175 + * Fixed error return messages, should be returning negative numbers.
12176 + * Implemented SENDERR macro for propagating error codes.
12177 + * Added debug message and separate error code for algorithms not compiled
12180 + * Revision 1.31 1999/11/23 23:06:26 rgb
12181 + * Sort out pfkey and freeswan headers, putting them in a library path.
12183 + * Revision 1.30 1999/11/18 04:09:20 rgb
12184 + * Replaced all kernel version macros to shorter, readable form.
12186 + * Revision 1.29 1999/11/17 15:53:40 rgb
12187 + * Changed all occurrences of #include "../../../lib/freeswan.h"
12188 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
12189 + * klips/net/ipsec/Makefile.
12191 + * Revision 1.28 1999/10/18 20:04:01 rgb
12192 + * Clean-out unused cruft.
12194 + * Revision 1.27 1999/10/03 19:01:03 rgb
12195 + * Spinlock support for 2.3.xx and 2.0.xx kernels.
12197 + * Revision 1.26 1999/10/01 16:22:24 rgb
12198 + * Switch from assignment init. to functional init. of spinlocks.
12200 + * Revision 1.25 1999/10/01 15:44:54 rgb
12201 + * Move spinlock header include to 2.1> scope.
12203 + * Revision 1.24 1999/10/01 00:03:46 rgb
12204 + * Added tdb structure locking.
12205 + * Minor formatting changes.
12206 + * Add function to initialize tdb hash table.
12208 + * Revision 1.23 1999/05/25 22:42:12 rgb
12209 + * Add deltdbchain() debugging.
12211 + * Revision 1.22 1999/05/25 21:24:31 rgb
12212 + * Add debugging statements to deltdbchain().
12214 + * Revision 1.21 1999/05/25 03:51:48 rgb
12215 + * Refix error return code.
12217 + * Revision 1.20 1999/05/25 03:34:07 rgb
12218 + * Fix error return for flush.
12220 + * Revision 1.19 1999/05/09 03:25:37 rgb
12221 + * Fix bug introduced by 2.2 quick-and-dirty patch.
12223 + * Revision 1.18 1999/05/05 22:02:32 rgb
12224 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
12226 + * Revision 1.17 1999/04/29 15:20:16 rgb
12227 + * Change gettdb parameter to a pointer to reduce stack loading and
12228 + * facilitate parameter sanity checking.
12229 + * Add sanity checking for null pointer arguments.
12230 + * Add debugging instrumentation.
12231 + * Add function deltdbchain() which will take care of unlinking,
12232 + * zeroing and deleting a chain of tdbs.
12233 + * Add a parameter to tdbcleanup to be able to delete a class of SAs.
12234 + * tdbwipe now actually zeroes the tdb as well as any of its pointed
12237 + * Revision 1.16 1999/04/16 15:36:29 rgb
12238 + * Fix cut-and-paste error causing a memory leak in IPIP TDB freeing.
12240 + * Revision 1.15 1999/04/11 00:29:01 henry
12241 + * GPL boilerplate
12243 + * Revision 1.14 1999/04/06 04:54:28 rgb
12244 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
12245 + * patch shell fixes.
12247 + * Revision 1.13 1999/02/19 18:23:01 rgb
12248 + * Nix debug off compile warning.
12250 + * Revision 1.12 1999/02/17 16:52:16 rgb
12251 + * Consolidate satoa()s for space and speed efficiency.
12252 + * Convert DEBUG_IPSEC to KLIPS_PRINT
12253 + * Clean out unused cruft.
12254 + * Ditch NET_IPIP dependancy.
12255 + * Loop for 3des key setting.
12257 + * Revision 1.11 1999/01/26 02:09:05 rgb
12258 + * Remove ah/esp/IPIP switching on include files.
12259 + * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
12260 + * Removed dead code.
12261 + * Clean up debug code when switched off.
12262 + * Remove references to INET_GET_PROTOCOL.
12263 + * Added code exclusion macros to reduce code from unused algorithms.
12265 + * Revision 1.10 1999/01/22 06:28:55 rgb
12266 + * Cruft clean-out.
12267 + * Put random IV generation in kernel.
12268 + * Added algorithm switch code.
12269 + * Enhanced debugging.
12270 + * 64-bit clean-up.
12272 + * Revision 1.9 1998/11/30 13:22:55 rgb
12273 + * Rationalised all the klips kernel file headers. They are much shorter
12274 + * now and won't conflict under RH5.2.
12276 + * Revision 1.8 1998/11/25 04:59:06 rgb
12277 + * Add conditionals for no IPIP tunnel code.
12278 + * Delete commented out code.
12280 + * Revision 1.7 1998/10/31 06:50:41 rgb
12281 + * Convert xform ASCII names to no spaces.
12282 + * Fixed up comments in #endif directives.
12284 + * Revision 1.6 1998/10/19 14:44:28 rgb
12285 + * Added inclusion of freeswan.h.
12286 + * sa_id structure implemented and used: now includes protocol.
12288 + * Revision 1.5 1998/10/09 04:32:19 rgb
12289 + * Added 'klips_debug' prefix to all klips printk debug statements.
12291 + * Revision 1.4 1998/08/12 00:11:31 rgb
12292 + * Added new xform functions to the xform table.
12293 + * Fixed minor debug output spelling error.
12295 + * Revision 1.3 1998/07/09 17:45:31 rgb
12296 + * Clarify algorithm not available message.
12298 + * Revision 1.2 1998/06/23 03:00:51 rgb
12299 + * Check for presence of IPIP protocol if it is setup one way (we don't
12300 + * know what has been set up the other way and can only assume it will be
12301 + * symmetrical with the exception of keys).
12303 + * Revision 1.1 1998/06/18 21:27:51 henry
12304 + * move sources from klips/src to klips/net/ipsec, to keep stupid
12305 + * kernel-build scripts happier in the presence of symlinks
12307 + * Revision 1.3 1998/06/11 05:54:59 rgb
12308 + * Added transform version string pointer to xformsw initialisations.
12310 + * Revision 1.2 1998/04/21 21:28:57 rgb
12311 + * Rearrange debug switches to change on the fly debug output from user
12312 + * space. Only kernel changes checked in at this time. radij.c was also
12313 + * changed to temporarily remove buggy debugging code in rj_delete causing
12314 + * an OOPS and hence, netlink device open errors.
12316 + * Revision 1.1 1998/04/09 03:06:13 henry
12317 + * sources moved up from linux/net/ipsec
12319 + * Revision 1.1.1.1 1998/04/08 05:35:02 henry
12320 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
12322 + * Revision 0.5 1997/06/03 04:24:48 ji
12323 + * Added ESP-3DES-MD5-96
12325 + * Revision 0.4 1997/01/15 01:28:15 ji
12326 + * Added new transforms.
12328 + * Revision 0.3 1996/11/20 14:39:04 ji
12329 + * Minor cleanups.
12330 + * Rationalized debugging code.
12332 + * Revision 0.2 1996/11/02 00:18:33 ji
12333 + * First limited release.
12337 diff -druN linux-noipsec/net/ipsec/ipsec_xform.h linux/net/ipsec/ipsec_xform.h
12338 --- linux-noipsec/net/ipsec/ipsec_xform.h Thu Jan 1 01:00:00 1970
12339 +++ linux/net/ipsec/ipsec_xform.h Mon Nov 6 05:30:40 2000
12342 + * Definitions relevant to IPSEC transformations
12343 + * Copyright (C) 1996, 1997 John Ioannidis.
12344 + * Copyright (C) 1998, 1999 Richard Guy Briggs.
12346 + * This program is free software; you can redistribute it and/or modify it
12347 + * under the terms of the GNU General Public License as published by the
12348 + * Free Software Foundation; either version 2 of the License, or (at your
12349 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12351 + * This program is distributed in the hope that it will be useful, but
12352 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12353 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12354 + * for more details.
12359 +#include <freeswan.h>
12361 +#define XF_NONE 0 /* No transform set */
12362 +#define XF_IP4 1 /* IPv4 inside IPv4 */
12363 +#define XF_AHMD5 2 /* AH MD5 */
12364 +#define XF_AHSHA 3 /* AH SHA */
12365 +#define XF_ESP3DES 5 /* ESP DES3-CBC */
12366 +#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */
12367 +#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */
12368 +#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */
12369 +#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */
12370 +#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */
12371 +#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */
12372 +#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */
12373 +#define XF_IP6 15 /* IPv6 inside IPv6 */
12374 +#define XF_COMPDEFLATE 16 /* IPCOMP deflate */
12376 +#define XF_CLR 126 /* Clear SA table */
12377 +#define XF_DEL 127 /* Delete SA */
12379 +/* IPsec AH transform values
12381 + * draft-ietf-ipsec-doi-tc-mib-02.txt
12388 +/* IPsec ESP transform values */
12390 +#define ESP_NONE 0
12391 +#define ESP_3DES 3
12393 +#define ESP_IDEA 5
12394 +#define ESP_CAST 6
12395 +#define ESP_BLOWFISH 7
12396 +#define ESP_3IDEA 8
12397 +#define ESP_RC4 10
12398 +#define ESP_NULL 11
12400 +/* IPCOMP transform values */
12402 +#define IPCOMP_NONE 0
12403 +#define IPCOMP_OUI 1
12404 +#define IPCOMP_DEFLAT 2
12405 +#define IPCOMP_LZS 3
12406 +#define IPCOMP_V42BIS 4
12408 +#define XFT_AUTH 0x0001
12409 +#define XFT_CONF 0x0100
12411 +#ifdef CONFIG_IPSEC_DEBUG
12412 +#define DB_XF_INIT 0x0001
12413 +#endif /* CONFIG_IPSEC_DEBUG */
12416 +/* 'struct tdb' should really be 64bit aligned... XXX */
12417 +struct tdb /* tunnel descriptor block */
12419 + struct tdb *tdb_hnext; /* next in hash chain */
12420 + struct tdb *tdb_onext; /* next in output */
12421 + struct tdb *tdb_inext; /* next in input (prev!) */
12422 + struct ifnet *tdb_rcvif; /* related rcv encap interface */
12423 + struct sa_id tdb_said; /* SA ID */
12424 + __u32 tdb_seq; /* seq num of msg that set this SA */
12425 + __u32 tdb_pid; /* PID of process that set this SA */
12426 + __u8 tdb_authalg; /* auth algorithm for this SA */
12427 + __u8 tdb_encalg; /* enc algorithm for this SA */
12429 + __u32 tdb_alg_errs; /* number of algorithm errors */
12430 + __u32 tdb_auth_errs; /* number of authentication errors */
12431 + __u32 tdb_encsize_errs; /* number of encryption size errors */
12432 + __u32 tdb_encpad_errs; /* number of encryption size errors */
12433 + __u32 tdb_replaywin_errs; /* number of pkt sequence errors */
12435 + __u8 tdb_replaywin; /* replay window size */
12436 + __u8 tdb_state; /* state of SA */
12437 + __u32 tdb_replaywin_lastseq; /* last pkt sequence num */
12438 + __u64 tdb_replaywin_bitmap; /* bitmap of received pkts */
12439 + __u32 tdb_replaywin_maxdiff; /* maximum pkt sequence difference */
12441 + __u32 tdb_flags; /* generic xform flags */
12443 + __u32 tdb_lifetime_allocations_c; /* see rfc2367 */
12444 + __u32 tdb_lifetime_allocations_s;
12445 + __u32 tdb_lifetime_allocations_h;
12446 + __u64 tdb_lifetime_bytes_c;
12447 + __u64 tdb_lifetime_bytes_s;
12448 + __u64 tdb_lifetime_bytes_h;
12449 + __u64 tdb_lifetime_addtime_c;
12450 + __u64 tdb_lifetime_addtime_s;
12451 + __u64 tdb_lifetime_addtime_h;
12452 + __u64 tdb_lifetime_usetime_c;
12453 + __u64 tdb_lifetime_usetime_s;
12454 + __u64 tdb_lifetime_usetime_h;
12455 + __u64 tdb_lifetime_packets_c;
12456 + __u64 tdb_lifetime_packets_s;
12457 + __u64 tdb_lifetime_packets_h;
12458 + __u64 tdb_lifetime_usetime_l; /* last time transform was used */
12459 + struct sockaddr *tdb_addr_s; /* src sockaddr */
12460 + struct sockaddr *tdb_addr_d; /* dst sockaddr */
12461 + struct sockaddr *tdb_addr_p; /* proxy sockaddr */
12462 + __u16 tdb_addr_s_size;
12463 + __u16 tdb_addr_d_size;
12464 + __u16 tdb_addr_p_size;
12465 + __u16 tdb_key_bits_a; /* size of authkey in bits */
12466 + __u16 tdb_auth_bits; /* size of authenticator in bits */
12467 + __u16 tdb_key_bits_e; /* size of enckey in bits */
12468 + __u16 tdb_iv_bits; /* size of IV in bits */
12470 + __u8 tdb_iv_size;
12471 + __u16 tdb_key_a_size;
12472 + __u16 tdb_key_e_size;
12473 + caddr_t tdb_key_a; /* authentication key */
12474 + caddr_t tdb_key_e; /* encryption key */
12475 + caddr_t tdb_iv; /* Initialisation Vector */
12476 + __u16 tdb_ident_type_s; /* src identity type */
12477 + __u16 tdb_ident_type_d; /* dst identity type */
12478 + __u64 tdb_ident_id_s; /* src identity id */
12479 + __u64 tdb_ident_id_d; /* dst identity id */
12480 + __u8 tdb_ident_len_s; /* src identity type */
12481 + __u8 tdb_ident_len_d; /* dst identity type */
12482 + caddr_t tdb_ident_data_s; /* src identity data */
12483 + caddr_t tdb_ident_data_d; /* dst identity data */
12484 +#ifdef CONFIG_IPSEC_IPCOMP
12485 + __u16 tdb_comp_adapt_tries; /* ipcomp self-adaption tries */
12486 + __u16 tdb_comp_adapt_skip; /* ipcomp self-adaption to-skip */
12487 + __u64 tdb_comp_ratio_cbytes; /* compressed bytes */
12488 + __u64 tdb_comp_ratio_dbytes; /* decompressed (or uncompressed) bytes */
12489 +#endif /* CONFIG_IPSEC_IPCOMP */
12491 + __u32 tdb_sens_dpd;
12492 + __u8 tdb_sens_sens_level;
12493 + __u8 tdb_sens_sens_len;
12494 + __u64* tdb_sens_sens_bitmap;
12495 + __u8 tdb_sens_integ_level;
12496 + __u8 tdb_sens_integ_len;
12497 + __u64* tdb_sens_integ_bitmap;
12501 +#define PROTO2TXT(x) \
12502 + (x) == IPPROTO_AH ? "AH" : \
12503 + (x) == IPPROTO_ESP ? "ESP" : \
12504 + (x) == IPPROTO_IPIP ? "IPIP" : \
12505 + (x) == IPPROTO_COMP ? "COMP" : \
12509 + (x)->tdb_said.proto == IPPROTO_AH ? "AH" : \
12510 + (x)->tdb_said.proto == IPPROTO_ESP ? "ESP" : \
12511 + (x)->tdb_said.proto == IPPROTO_IPIP ? "IPIP" : \
12512 + (x)->tdb_said.proto == IPPROTO_COMP ? "COMP" : \
12513 + "UNKNOWN_proto", \
12516 +#define TDB_XFORM_NAME(x) \
12517 + PROTO2TXT((x)->tdb_said.proto), \
12518 + (x)->tdb_said.proto == IPPROTO_COMP ? \
12519 + ((x)->tdb_encalg == SADB_X_CALG_DEFLATE ? \
12520 + "_DEFLATE" : "_UNKNOWN_comp") : \
12521 + (x)->tdb_encalg == ESP_NONE ? "" : \
12522 + (x)->tdb_encalg == ESP_3DES ? "_3DES" : \
12523 + (x)->tdb_encalg == ESP_NULL ? "_NULL_encr" : \
12524 + "_UNKNOWN_encr", \
12525 + (x)->tdb_authalg == AH_NONE ? "" : \
12526 + (x)->tdb_authalg == AH_MD5 ? "_HMAC_MD5" : \
12527 + (x)->tdb_authalg == AH_SHA ? "_HMAC_SHA1" : \
12528 + "_UNKNOWN_auth" \
12530 +#define TDB_HASHMOD 257
12534 + u_short xf_type; /* Unique ID of xform */
12535 + u_short xf_flags; /* secondary type reall) */
12536 + char *xf_name; /* human-readable name */
12539 +extern struct tdb *tdbh[TDB_HASHMOD];
12540 +extern spinlock_t tdb_lock;
12541 +extern struct xformsw xformsw[], *xformswNXFORMSW;
12543 +extern int ipsec_tdbinit(void);
12544 +extern struct tdb *gettdb(struct sa_id*);
12545 +extern /* void */ int deltdb(struct tdb *);
12546 +extern /* void */ int deltdbchain(struct tdb *);
12547 +extern /* void */ int puttdb(struct tdb *);
12548 +extern int tdb_init(struct tdb *, struct encap_msghdr *);
12549 +extern int ipsec_tdbcleanup(__u8);
12550 +extern int ipsec_tdbwipe(struct tdb *);
12552 +#ifdef CONFIG_IPSEC_DEBUG
12553 +extern int debug_xform;
12554 +#endif /* CONFIG_IPSEC_DEBUG */
12555 +#endif /* __KERNEL__ */
12559 + * Revision 1.28 2000/11/06 04:30:40 rgb
12560 + * Add Svenning's adaptive content compression.
12562 + * Revision 1.27 2000/09/19 00:38:25 rgb
12563 + * Fixed algorithm name bugs introduced for ipcomp.
12565 + * Revision 1.26 2000/09/17 21:36:48 rgb
12566 + * Added proto2txt macro.
12568 + * Revision 1.25 2000/09/17 18:56:47 rgb
12569 + * Added IPCOMP support.
12571 + * Revision 1.24 2000/09/12 19:34:12 rgb
12572 + * Defined XF_IP6 from Gerhard for ipv6 tunnel support.
12574 + * Revision 1.23 2000/09/12 03:23:14 rgb
12575 + * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb.
12577 + * Revision 1.22 2000/09/08 19:12:56 rgb
12578 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
12580 + * Revision 1.21 2000/09/01 18:32:43 rgb
12581 + * Added (disabled) sensitivity members to tdb struct.
12583 + * Revision 1.20 2000/08/30 05:31:01 rgb
12584 + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
12585 + * Kill remainder of tdb_xform, tdb_xdata, xformsw.
12587 + * Revision 1.19 2000/08/01 14:51:52 rgb
12588 + * Removed _all_ remaining traces of DES.
12590 + * Revision 1.18 2000/01/21 06:17:45 rgb
12591 + * Tidied up spacing.
12593 + * Revision 1.17 1999/11/17 15:53:40 rgb
12594 + * Changed all occurrences of #include "../../../lib/freeswan.h"
12595 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
12596 + * klips/net/ipsec/Makefile.
12598 + * Revision 1.16 1999/10/16 04:23:07 rgb
12599 + * Add stats for replaywin_errs, replaywin_max_sequence_difference,
12600 + * authentication errors, encryption size errors, encryption padding
12601 + * errors, and time since last packet.
12603 + * Revision 1.15 1999/10/16 00:29:11 rgb
12604 + * Added SA lifetime packet counting variables.
12606 + * Revision 1.14 1999/10/01 00:04:14 rgb
12607 + * Added tdb structure locking.
12608 + * Add function to initialize tdb hash table.
12610 + * Revision 1.13 1999/04/29 15:20:57 rgb
12611 + * dd return values to init and cleanup functions.
12612 + * Eliminate unnessessary usage of tdb_xform member to further switch
12613 + * away from the transform switch to the algorithm switch.
12614 + * Change gettdb parameter to a pointer to reduce stack loading and
12615 + * facilitate parameter sanity checking.
12616 + * Add a parameter to tdbcleanup to be able to delete a class of SAs.
12618 + * Revision 1.12 1999/04/15 15:37:25 rgb
12619 + * Forward check changes from POST1_00 branch.
12621 + * Revision 1.9.2.2 1999/04/13 20:35:57 rgb
12622 + * Fix spelling mistake in comment.
12624 + * Revision 1.9.2.1 1999/03/30 17:13:52 rgb
12625 + * Extend struct tdb to support pfkey.
12627 + * Revision 1.11 1999/04/11 00:29:01 henry
12628 + * GPL boilerplate
12630 + * Revision 1.10 1999/04/06 04:54:28 rgb
12631 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
12632 + * patch shell fixes.
12634 + * Revision 1.9 1999/01/26 02:09:31 rgb
12635 + * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
12636 + * Removed dead code.
12638 + * Revision 1.8 1999/01/22 06:29:35 rgb
12639 + * Added algorithm switch code.
12640 + * Cruft clean-out.
12642 + * Revision 1.7 1998/11/10 05:37:35 rgb
12643 + * Add support for SA direction flag.
12645 + * Revision 1.6 1998/10/19 14:44:29 rgb
12646 + * Added inclusion of freeswan.h.
12647 + * sa_id structure implemented and used: now includes protocol.
12649 + * Revision 1.5 1998/08/12 00:12:30 rgb
12650 + * Added macros for new xforms. Added prototypes for new xforms.
12652 + * Revision 1.4 1998/07/28 00:04:20 rgb
12653 + * Add macro for clearing the SA table.
12655 + * Revision 1.3 1998/07/14 18:06:46 rgb
12656 + * Added #ifdef __KERNEL__ directives to restrict scope of header.
12658 + * Revision 1.2 1998/06/23 03:02:19 rgb
12659 + * Created a prototype for ipsec_tdbcleanup when it was moved from
12662 + * Revision 1.1 1998/06/18 21:27:51 henry
12663 + * move sources from klips/src to klips/net/ipsec, to keep stupid
12664 + * kernel-build scripts happier in the presence of symlinks
12666 + * Revision 1.4 1998/06/11 05:55:31 rgb
12667 + * Added transform version string pointer to xformsw structure definition.
12668 + * Added extern declarations for transform version strings.
12670 + * Revision 1.3 1998/05/18 22:02:54 rgb
12671 + * Modify the *_zeroize function prototypes to include one parameter.
12673 + * Revision 1.2 1998/04/21 21:29:08 rgb
12674 + * Rearrange debug switches to change on the fly debug output from user
12675 + * space. Only kernel changes checked in at this time. radij.c was also
12676 + * changed to temporarily remove buggy debugging code in rj_delete causing
12677 + * an OOPS and hence, netlink device open errors.
12679 + * Revision 1.1 1998/04/09 03:06:14 henry
12680 + * sources moved up from linux/net/ipsec
12682 + * Revision 1.1.1.1 1998/04/08 05:35:06 henry
12683 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
12685 + * Revision 0.5 1997/06/03 04:24:48 ji
12686 + * Added ESP-3DES-MD5-96
12688 + * Revision 0.4 1997/01/15 01:28:15 ji
12689 + * Added new transforms.
12691 + * Revision 0.3 1996/11/20 14:39:04 ji
12692 + * Minor cleanups.
12693 + * Rationalized debugging code.
12695 + * Revision 0.2 1996/11/02 00:18:33 ji
12696 + * First limited release.
12700 diff -druN linux-noipsec/net/ipsec/libdes/Makefile linux/net/ipsec/libdes/Makefile
12701 --- linux-noipsec/net/ipsec/libdes/Makefile Thu Jan 1 01:00:00 1970
12702 +++ linux/net/ipsec/libdes/Makefile Fri Dec 15 15:02:26 2000
12704 +# You must select the correct terminal control system to be used to
12705 +# turn character echo off when reading passwords. There a 5 systems
12706 +# SGTTY - the old BSD system
12707 +# TERMIO - most system V boxes
12708 +# TERMIOS - SGI (ala IRIX).
12709 +# VMS - the DEC operating system
12710 +# MSDOS - we all know what it is :-)
12711 +# read_pwd.c makes a reasonable guess at what is correct.
12714 +# make - twidle the options yourself :-)
12715 +# make cc - standard cc options
12716 +# make gcc - standard gcc options
12717 +# make x86-elf - linux-elf etc
12718 +# make x86-out - linux-a.out, FreeBSD etc
12719 +# make x86-solaris
12722 +# If you are on a DEC Alpha, edit des.h and change the DES_LONG
12723 +# define to 'unsigned int'. I have seen this give a %20 speedup.
12725 +OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST
12727 +# Version 1.94 has changed the strings_to_key function so that it is
12728 +# now compatible with MITs when the string is longer than 8 characters.
12729 +# If you wish to keep the old version, uncomment the following line.
12730 +# This will affect the -E/-D options on des(1).
12731 +#OPTS1= -DOLD_STR_TO_KEY
12733 +# There are 4 possible performance options
12736 +# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
12738 +# after the initial build, run 'des_opts' to see which options are best
12739 +# for your platform. There are some listed in options.txt
12741 +#OPTS3= -DDES_RISC1 # or DES_RISC2
12742 +#OPTS4= -DDES_UNROLL
12744 +OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
12746 +MAKE=make -f Makefile
12751 +#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
12752 +CFLAG=-fomit-frame-pointer
12754 +CFLAGS=$(OPT_FLAGS) $(CFLAG)
12758 +# Assember version of des_encrypt*().
12759 +DES_ENC=des_enc.o fcrypt_b.o # normal C version
12760 +#DES_ENC=asm/dx86-elf.o asm/yx86-elf.o # elf format x86
12761 +#DES_ENC=asm/dx86-out.o asm/yx86-out.o # a.out format x86
12762 +#DES_ENC=asm/dx86-sol.o asm/yx86-sol.o # solaris format x86
12763 +#DES_ENC=asm/dx86bsdi.o asm/yx86basi.o # bsdi format x86
12767 +INCDIR=/usr/include
12768 +MANDIR=/usr/share/man
12772 +OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
12773 +OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
12774 + xcbc_enc.o qud_cksm.o \
12775 + cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
12776 + enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o \
12777 + rand_key.o read_pwd.o read2pwd.o rpc_enc.o str2key.o supp.o
12779 +GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
12780 + des.doc options.txt asm
12781 +GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
12782 + des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
12783 + Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
12784 + des.org des_locl.org
12785 +TESTING_LIT= destest speed des_opts
12786 +TESTING_FULL= rpw $(TESTING_LIT)
12787 +TESTING_SRC_LIT=destest.c speed.c des_opts.c
12788 +TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
12789 +HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
12790 +HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
12791 +LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
12792 +LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
12793 + cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
12794 + enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c \
12795 + rand_key.c rpc_enc.c str2key.c supp.c \
12796 + xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
12798 +PERL= des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
12801 +GENERAL=$(GENERAL_LIT)
12802 +TESTING=$(TESTING_LIT)
12803 +TESTING_SRC=$(TESTING_SRC_LIT)
12804 +HEADERS=$(HEADERS_LIT)
12805 +LIBDES= $(LIBDES_LIT)
12807 +ALL= $(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
12811 +all: $(DLIB) $(TESTING)
12814 + $(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
12817 + $(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
12820 + $(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC='$(CC)' CFLAGS="-DELF $(OPTS) $(CFLAG)" all
12823 + $(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC='$(CC)' CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
12826 + $(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC='$(CC)' CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
12829 + $(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC='$(CC)' CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
12832 +asm/dx86-elf.o: asm/dx86unix.cpp
12833 + $(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
12835 +asm/yx86-elf.o: asm/yx86unix.cpp
12836 + $(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
12839 +asm/dx86-sol.o: asm/dx86unix.cpp
12840 + $(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
12841 + as -o asm/dx86-sol.o asm/dx86-sol.s
12842 + rm -f asm/dx86-sol.s
12844 +asm/yx86-sol.o: asm/yx86unix.cpp
12845 + $(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
12846 + as -o asm/yx86-sol.o asm/yx86-sol.s
12847 + rm -f asm/yx86-sol.s
12850 +asm/dx86-out.o: asm/dx86unix.cpp
12851 + $(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
12853 +asm/yx86-out.o: asm/yx86unix.cpp
12854 + $(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
12857 +asm/dx86bsdi.o: asm/dx86unix.cpp
12858 + $(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
12860 +asm/yx86bsdi.o: asm/yx86unix.cpp
12861 + $(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
12864 + (cd asm; perl des-586.pl cpp >dx86unix.cpp)
12867 + (cd asm; perl crypt586.pl cpp >yx86unix.cpp)
12873 + /bin/rm -f $(DLIB)
12874 + ar cr $(DLIB) $(OBJ)
12875 + -if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
12876 + else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
12877 + else exit 0; fi; fi
12879 +des_opts: des_opts.o $(DLIB)
12880 + $(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
12882 +destest: destest.o $(DLIB)
12883 + $(CC) $(CFLAGS) -o destest destest.o $(DLIB)
12885 +rpw: rpw.o $(DLIB)
12886 + $(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
12888 +speed: speed.o $(DLIB)
12889 + $(CC) $(CFLAGS) -o speed speed.o $(DLIB)
12891 +des: des.o $(DLIB)
12892 + $(CC) $(CFLAGS) -o des des.o $(DLIB)
12895 + ctags $(TESTING_SRC) $(LIBDES)
12898 + /bin/mv Makefile Makefile.tmp
12899 + /bin/cp Makefile.lit Makefile
12900 + tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
12901 + $(GENERAL_LIT) $(TESTING_SRC_LIT)
12902 + /bin/rm -f Makefile
12903 + /bin/mv Makefile.tmp Makefile
12906 + tar chf libdes.tar $(ALL)
12909 + shar $(ALL) >libdes.shar
12912 + makedepend $(LIBDES) $(TESTING_SRC)
12915 + /bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o
12918 + sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
12919 + mv -f Makefile.new Makefile
12921 +# Eric is probably going to choke when he next looks at this --tjh
12923 + if test $(INSTALLTOP); then \
12924 + echo SSL style install; \
12925 + cp $(DLIB) $(INSTALLTOP)/lib; \
12926 + if test -s /bin/ranlib; then \
12927 + /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
12929 + if test -s /usr/bin/ranlib; then \
12930 + /usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
12932 + chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
12933 + cp des.h $(INSTALLTOP)/include; \
12934 + chmod 644 $(INSTALLTOP)/include/des.h; \
12936 + echo Standalone install; \
12937 + cp $(DLIB) $(DESTDIR)$(LIBDIR)/$(DLIB); \
12938 + if test -s /bin/ranlib; then \
12939 + /bin/ranlib $(DESTDIR)$(LIBDIR)/$(DLIB); \
12941 + if test -s /usr/bin/ranlib; then \
12942 + /usr/bin/ranlib $(LIBDIR)/$(DLIB); \
12945 + cp des_crypt.man $(DESTDIR)$(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
12946 + cp des.man $(DESTDIR)$(MANDIR)/man$(MAN1)/des.$(MAN1); \
12947 + cp des.h $(DESTDIR)$(INCDIR)/des.h; \
12949 +# DO NOT DELETE THIS LINE -- make depend depends on it.
12950 diff -druN linux-noipsec/net/ipsec/libdes/asm/crypt586.pl linux/net/ipsec/libdes/asm/crypt586.pl
12951 --- linux-noipsec/net/ipsec/libdes/asm/crypt586.pl Thu Jan 1 01:00:00 1970
12952 +++ linux/net/ipsec/libdes/asm/crypt586.pl Thu Feb 18 17:41:30 1999
12954 +#!/usr/local/bin/perl
12956 +# The inner loop instruction sequence and the IP/FP modifications are from
12957 +# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
12958 +# I've added the stuff needed for crypt() but I've not worried about making
12962 +push(@INC,"perlasm","../../perlasm");
12963 +require "x86asm.pl";
12965 +&asm_init($ARGV[0],"crypt586.pl");
12970 +&external_label("des_SPtrans");
12971 +&fcrypt_body("fcrypt_body");
12976 + local($name,$do_ip)=@_;
12978 + &function_begin($name,"EXTRN _des_SPtrans:DWORD");
12981 + &comment("Load the 2 words");
12986 + &mov($ks,&wparam(1));
12988 + &push(25); # add a variable
12990 + &set_label("start");
12991 + for ($i=0; $i<16; $i+=2)
12994 + &comment("Round $i");
12995 + &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
12998 + &comment("Round ".sprintf("%d",$i+1));
12999 + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
13001 + &mov("ebx", &swtmp(0));
13006 + &mov(&swtmp(0), "ebx");
13007 + &jnz(&label("start"));
13011 + &mov("edx",&wparam(0));
13013 + &FP_new($R,$L,"eax",3);
13014 + &mov(&DWP(0,"edx","",0),"eax");
13015 + &mov(&DWP(4,"edx","",0),$L);
13017 + &pop("ecx"); # remove variable
13019 + &function_end($name);
13024 + local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
13026 + &mov( $u, &wparam(2)); # 2
13028 + &shr( $t, 16); # 1
13029 + &mov( $tmp2, &wparam(3)); # 2
13030 + &xor( $t, $R); # 1
13032 + &and( $u, $t); # 2
13033 + &and( $t, $tmp2); # 2
13035 + &mov( $tmp1, $u);
13036 + &shl( $tmp1, 16); # 1
13037 + &mov( $tmp2, $t);
13038 + &shl( $tmp2, 16); # 1
13039 + &xor( $u, $tmp1); # 2
13040 + &xor( $t, $tmp2); # 2
13041 + &mov( $tmp1, &DWP(&n2a($S*4),$ks,"",0)); # 2
13042 + &xor( $u, $tmp1);
13043 + &mov( $tmp2, &DWP(&n2a(($S+1)*4),$ks,"",0)); # 2
13046 + &xor( $t, $tmp2);
13048 + &and( $u, "0xfcfcfcfc" ); # 2
13049 + &xor( $tmp1, $tmp1); # 1
13050 + &and( $t, "0xcfcfcfcf" ); # 2
13051 + &xor( $tmp2, $tmp2);
13052 + &movb( &LB($tmp1), &LB($u) );
13053 + &movb( &LB($tmp2), &HB($u) );
13055 + &mov( $ks, &DWP(" $desSP",$tmp1,"",0));
13056 + &movb( &LB($tmp1), &LB($t) );
13058 + &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0));
13060 + &movb( &LB($tmp2), &HB($t) );
13062 + &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0));
13064 + &movb( &LB($tmp1), &HB($u) );
13066 + &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0));
13068 + &mov( $ks, &wparam(1));
13069 + &movb( &LB($tmp2), &HB($t) );
13070 + &and( $u, "0xff" );
13071 + &and( $t, "0xff" );
13072 + &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0));
13073 + &xor( $L, $tmp1);
13074 + &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0));
13075 + &xor( $L, $tmp1);
13076 + &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0));
13077 + &xor( $L, $tmp1);
13078 + &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0));
13079 + &xor( $L, $tmp1);
13084 + sprintf("%d",$_[0]);
13087 +# now has a side affect of rotating $a by $shift
13090 + local($a,$b,$tt,$shift,$mask,$last)=@_;
13092 + &rotl( $a, $shift ) if ($shift != 0);
13095 + &and( $a, $mask );
13096 + if ($notlast eq $b)
13111 + local($l,$r,$tt,$lr)=@_;
13113 + &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
13114 + &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
13115 + &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
13116 + &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
13117 + &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
13122 + { &rotr($tt, 3-$lr); }
13123 + else { &rotl($tt, $lr-3); }
13128 + { &rotr($r, 2-$lr); }
13129 + else { &rotl($r, $lr-2); }
13135 + local($l,$r,$tt,$lr)=@_;
13140 + { &rotl($r, 2-$lr); }
13141 + else { &rotr($r, $lr-2); }
13146 + { &rotl($l, 3-$lr); }
13147 + else { &rotr($l, $lr-3); }
13150 + &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
13151 + &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
13152 + &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
13153 + &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
13154 + &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
13158 diff -druN linux-noipsec/net/ipsec/libdes/asm/des-586.pl linux/net/ipsec/libdes/asm/des-586.pl
13159 --- linux-noipsec/net/ipsec/libdes/asm/des-586.pl Thu Jan 1 01:00:00 1970
13160 +++ linux/net/ipsec/libdes/asm/des-586.pl Thu Feb 18 17:41:31 1999
13162 +#!/usr/local/bin/perl
13164 +# The inner loop instruction sequence and the IP/FP modifications are from
13165 +# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
13168 +push(@INC,"perlasm","../../perlasm");
13169 +require "x86asm.pl";
13171 +require "desboth.pl";
13173 +# base code is in microsft
13178 +&asm_init($ARGV[0],"des-586.pl");
13183 +&external_label("des_SPtrans");
13184 +&des_encrypt("des_encrypt",1);
13185 +&des_encrypt("des_encrypt2",0);
13186 +&des_encrypt3("des_encrypt3",1);
13187 +&des_encrypt3("des_decrypt3",0);
13188 +&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
13189 +&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
13195 + local($name,$do_ip)=@_;
13197 + &function_begin_B($name,"EXTRN _des_SPtrans:DWORD");
13203 + &comment("Load the 2 words");
13208 + &mov($R,&wparam(0));
13209 + &xor( "ecx", "ecx" );
13214 + &mov("eax",&DWP(0,$R,"",0));
13215 + &mov("ebx",&wparam(2)); # get encrypt flag
13216 + &mov($L,&DWP(4,$R,"",0));
13219 + &IP_new("eax",$L,$R,3);
13223 + &mov("eax",&wparam(0));
13224 + &xor( "ecx", "ecx" );
13229 + &mov($R,&DWP(0,"eax","",0));
13230 + &mov("ebx",&wparam(2)); # get encrypt flag
13232 + &mov($L,&DWP(4,"eax","",0));
13236 + &mov( $ks, &wparam(1) );
13238 + &je(&label("start_decrypt"));
13240 + for ($i=0; $i<16; $i+=2)
13243 + &comment("Round $i");
13244 + &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
13247 + &comment("Round ".sprintf("%d",$i+1));
13248 + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
13250 + &jmp(&label("end"));
13252 + &set_label("start_decrypt");
13254 + for ($i=15; $i>0; $i-=2)
13257 + &comment("Round $i");
13258 + &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
13260 + &comment("Round ".sprintf("%d",$i-1));
13261 + &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
13264 + &set_label("end");
13270 + &mov("edx",&wparam(0));
13271 + &FP_new($L,$R,"eax",3);
13273 + &mov(&DWP(0,"edx","",0),"eax");
13274 + &mov(&DWP(4,"edx","",0),$R);
13279 + &comment("Fixup");
13281 + &mov("eax",&wparam(0));
13283 + &mov(&DWP(0,"eax","",0),$L);
13284 + &mov(&DWP(4,"eax","",0),$R);
13293 + &function_end_B($name);
13298 + local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
13300 + &mov( $u, &DWP(&n2a($S*4),$ks,"",0));
13301 + &xor( $tmp1, $tmp1);
13302 + &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0));
13305 + &and( $u, "0xfcfcfcfc" );
13306 + &and( $t, "0xcfcfcfcf" );
13307 + &movb( &LB($tmp1), &LB($u) );
13308 + &movb( &LB($tmp2), &HB($u) );
13310 + &mov( $ks, &DWP(" $desSP",$tmp1,"",0));
13311 + &movb( &LB($tmp1), &LB($t) );
13313 + &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0));
13314 + &xor( $L, $ks); ######
13315 + &movb( &LB($tmp2), &HB($t) );
13317 + &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0));
13318 + &xor( $L, $ks); ######
13319 + &movb( &LB($tmp1), &HB($u) );
13321 + &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0));
13323 + &mov( $ks, &wparam(1) );
13324 + &movb( &LB($tmp2), &HB($t) );
13325 + &and( $u, "0xff" );
13326 + &and( $t, "0xff" );
13327 + &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0));
13328 + &xor( $L, $tmp1);
13329 + &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0));
13330 + &xor( $L, $tmp1);
13331 + &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0));
13332 + &xor( $L, $tmp1);
13333 + &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0));
13334 + &xor( $L, $tmp1);
13339 + sprintf("%d",$_[0]);
13342 +# now has a side affect of rotating $a by $shift
13345 + local($a,$b,$tt,$shift,$mask,$last)=@_;
13347 + &rotl( $a, $shift ) if ($shift != 0);
13350 + &and( $a, $mask );
13351 + if (!$last eq $b)
13366 + local($l,$r,$tt,$lr)=@_;
13368 + &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
13369 + &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
13370 + &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
13371 + &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
13372 + &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
13377 + { &rotr($tt, 3-$lr); }
13378 + else { &rotl($tt, $lr-3); }
13383 + { &rotr($r, 2-$lr); }
13384 + else { &rotl($r, $lr-2); }
13390 + local($l,$r,$tt,$lr)=@_;
13395 + { &rotl($r, 2-$lr); }
13396 + else { &rotr($r, $lr-2); }
13401 + { &rotl($l, 3-$lr); }
13402 + else { &rotr($l, $lr-3); }
13405 + &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
13406 + &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
13407 + &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
13408 + &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
13409 + &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
13413 diff -druN linux-noipsec/net/ipsec/libdes/asm/des686.pl linux/net/ipsec/libdes/asm/des686.pl
13414 --- linux-noipsec/net/ipsec/libdes/asm/des686.pl Thu Jan 1 01:00:00 1970
13415 +++ linux/net/ipsec/libdes/asm/des686.pl Thu Feb 18 17:41:32 1999
13417 +#!/usr/local/bin/perl
13419 +$prog="des686.pl";
13421 +# base code is in microsft
13426 +# WILL NOT WORK ANYMORE WITH desboth.pl
13427 +require "desboth.pl";
13429 +if ( ($ARGV[0] eq "elf"))
13430 + { require "x86unix.pl"; }
13431 +elsif ( ($ARGV[0] eq "a.out"))
13432 + { $aout=1; require "x86unix.pl"; }
13433 +elsif ( ($ARGV[0] eq "sol"))
13434 + { $sol=1; require "x86unix.pl"; }
13435 +elsif ( ($ARGV[0] eq "cpp"))
13436 + { $cpp=1; require "x86unix.pl"; }
13437 +elsif ( ($ARGV[0] eq "win32"))
13438 + { require "x86ms.pl"; }
13441 + print STDERR <<"EOF";
13442 +Pick one target type from
13443 + elf - linux, FreeBSD etc
13444 + a.out - old linux
13445 + sol - x86 solaris
13446 + cpp - format so x86unix.cpp can be used
13447 + win32 - Windows 95/Windows NT
13452 +&comment("Don't even think of reading this code");
13453 +&comment("It was automatically generated by $prog");
13454 +&comment("Which is a perl program used to generate the x86 assember for");
13455 +&comment("any of elf, a.out, Win32, or Solaris");
13456 +&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
13457 +&comment("eric <eay\@cryptsoft.com>");
13460 +&file("dx86xxxx");
13465 +&des_encrypt("des_encrypt",1);
13466 +&des_encrypt("des_encrypt2",0);
13468 +&des_encrypt3("des_encrypt3",1);
13469 +&des_encrypt3("des_decrypt3",0);
13475 + local($name,$do_ip)=@_;
13477 + &function_begin($name,"EXTRN _des_SPtrans:DWORD");
13480 + &comment("Load the 2 words");
13481 + &mov("eax",&wparam(0));
13482 + &mov($L,&DWP(0,"eax","",0));
13483 + &mov($R,&DWP(4,"eax","",0));
13491 + &IP_new($L,$R,"eax");
13495 + &comment("fixup rotate");
13501 + &comment("load counter, key_schedule and enc flag");
13502 + &mov("eax",&wparam(2)); # get encrypt flag
13503 + &mov("ebp",&wparam(1)); # get ks
13505 + &je(&label("start_decrypt"));
13507 + # encrypting part
13509 + for ($i=0; $i<16; $i+=2)
13512 + &comment("Round $i");
13513 + &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
13516 + &comment("Round ".sprintf("%d",$i+1));
13517 + &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
13519 + &jmp(&label("end"));
13521 + &set_label("start_decrypt");
13523 + for ($i=15; $i>0; $i-=2)
13526 + &comment("Round $i");
13527 + &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
13529 + &comment("Round ".sprintf("%d",$i-1));
13530 + &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
13533 + &set_label("end");
13536 + &comment("Fixup");
13544 + &FP_new($R,$L,"eax");
13547 + &mov("eax",&wparam(0));
13548 + &mov(&DWP(0,"eax","",0),$L);
13549 + &mov(&DWP(4,"eax","",0),$R);
13551 + &function_end($name);
13555 +# The logic is to load R into 2 registers and operate on both at the same time.
13556 +# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
13557 +# while also masking the other copy and doing a lookup. We then also accumulate the
13558 +# L value in 2 registers then combine them at the end.
13561 + local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
13563 + &mov( $u, &DWP(&n2a($S*4),$ks,"",0));
13564 + &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0));
13569 + # the numbers at the end of the line are origional instruction order
13570 + &mov( $tmp2, $u ); # 1 2
13571 + &mov( $tmp1, $t ); # 1 1
13572 + &and( $tmp2, "0xfc" ); # 1 4
13573 + &and( $tmp1, "0xfc" ); # 1 3
13574 + &shr( $t, 8 ); # 1 5
13575 + &xor( $L, &DWP("0x100+$desSP",$tmp1,"",0)); # 1 7
13576 + &shr( $u, 8 ); # 1 6
13577 + &mov( $tmp1, &DWP(" $desSP",$tmp2,"",0)); # 1 8
13579 + &mov( $tmp2, $u ); # 2 2
13580 + &xor( $L, $tmp1 ); # 1 9
13581 + &and( $tmp2, "0xfc" ); # 2 4
13582 + &mov( $tmp1, $t ); # 2 1
13583 + &and( $tmp1, "0xfc" ); # 2 3
13584 + &shr( $t, 8 ); # 2 5
13585 + &xor( $L, &DWP("0x300+$desSP",$tmp1,"",0)); # 2 7
13586 + &shr( $u, 8 ); # 2 6
13587 + &mov( $tmp1, &DWP("0x200+$desSP",$tmp2,"",0)); # 2 8
13588 + &mov( $tmp2, $u ); # 3 2
13590 + &xor( $L, $tmp1 ); # 2 9
13591 + &and( $tmp2, "0xfc" ); # 3 4
13593 + &mov( $tmp1, $t ); # 3 1
13594 + &shr( $u, 8 ); # 3 6
13595 + &and( $tmp1, "0xfc" ); # 3 3
13596 + &shr( $t, 8 ); # 3 5
13597 + &xor( $L, &DWP("0x500+$desSP",$tmp1,"",0)); # 3 7
13598 + &mov( $tmp1, &DWP("0x400+$desSP",$tmp2,"",0)); # 3 8
13600 + &and( $t, "0xfc" ); # 4 1
13601 + &xor( $L, $tmp1 ); # 3 9
13603 + &and( $u, "0xfc" ); # 4 2
13604 + &xor( $L, &DWP("0x700+$desSP",$t,"",0)); # 4 3
13605 + &xor( $L, &DWP("0x600+$desSP",$u,"",0)); # 4 4
13610 + local($a,$b,$tt,$shift,$mask)=@_;
13613 + &shr( $tt, $shift );
13615 + &and( $tt, $mask );
13617 + &shl( $tt, $shift );
13623 + local($l,$r,$tt)=@_;
13625 + &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
13626 + &PERM_OP($l,$r,$tt,16,"0x0000ffff");
13627 + &PERM_OP($r,$l,$tt, 2,"0x33333333");
13628 + &PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
13629 + &PERM_OP($r,$l,$tt, 1,"0x55555555");
13634 + local($l,$r,$tt)=@_;
13636 + &PERM_OP($l,$r,$tt, 1,"0x55555555");
13637 + &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
13638 + &PERM_OP($l,$r,$tt, 2,"0x33333333");
13639 + &PERM_OP($r,$l,$tt,16,"0x0000ffff");
13640 + &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
13645 + sprintf("%d",$_[0]);
13647 diff -druN linux-noipsec/net/ipsec/libdes/asm/desboth.pl linux/net/ipsec/libdes/asm/desboth.pl
13648 --- linux-noipsec/net/ipsec/libdes/asm/desboth.pl Thu Jan 1 01:00:00 1970
13649 +++ linux/net/ipsec/libdes/asm/desboth.pl Thu Feb 18 17:41:32 1999
13651 +#!/usr/local/bin/perl
13658 + local($name,$enc)=@_;
13660 + &function_begin_B($name,"");
13662 + &mov("ebx",&wparam(0));
13670 + &comment("Load the data words");
13671 + &mov($L,&DWP(0,"ebx","",0));
13672 + &mov($R,&DWP(4,"ebx","",0));
13677 + &IP_new($L,$R,"edx",0);
13683 + &mov(&DWP(4,"ebx","",0),$R);
13684 + &mov("eax",&wparam(1));
13685 + &mov(&DWP(0,"ebx","",0),"edx");
13686 + &mov("edi",&wparam(2));
13687 + &mov("esi",&wparam(3));
13691 + &mov(&DWP(4,"ebx","",0),$R);
13692 + &mov("esi",&wparam(1));
13693 + &mov(&DWP(0,"ebx","",0),"edx");
13694 + &mov("edi",&wparam(2));
13695 + &mov("eax",&wparam(3));
13697 + &mov(&swtmp(2), (($enc)?"1":"0"));
13698 + &mov(&swtmp(1), "eax");
13699 + &mov(&swtmp(0), "ebx");
13700 + &call("des_encrypt2");
13701 + &mov(&swtmp(2), (($enc)?"0":"1"));
13702 + &mov(&swtmp(1), "edi");
13703 + &mov(&swtmp(0), "ebx");
13704 + &call("des_encrypt2");
13705 + &mov(&swtmp(2), (($enc)?"1":"0"));
13706 + &mov(&swtmp(1), "esi");
13707 + &mov(&swtmp(0), "ebx");
13708 + &call("des_encrypt2");
13711 + &mov($L,&DWP(0,"ebx","",0));
13712 + &mov($R,&DWP(4,"ebx","",0));
13716 + &FP_new($L,$R,"eax",0);
13718 + &mov(&DWP(0,"ebx","",0),"eax");
13719 + &mov(&DWP(4,"ebx","",0),$R);
13726 + &function_end_B($name);
13730 diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/cbc.pl linux/net/ipsec/libdes/asm/perlasm/cbc.pl
13731 --- linux-noipsec/net/ipsec/libdes/asm/perlasm/cbc.pl Thu Jan 1 01:00:00 1970
13732 +++ linux/net/ipsec/libdes/asm/perlasm/cbc.pl Thu Feb 18 17:41:34 1999
13734 +#!/usr/local/bin/perl
13736 +# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
13737 +# des_cblock (*input);
13738 +# des_cblock (*output);
13740 +# des_key_schedule schedule;
13741 +# des_cblock (*ivec);
13745 +# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
13748 +#&cbc("des_ncbc_encrypt","des_encrypt",0);
13749 +#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
13751 +#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
13753 +#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
13756 +# When doing a cipher that needs bigendian order,
13757 +# for encrypt, the iv is kept in bigendian form,
13758 +# while for decrypt, it is kept in little endian.
13761 + local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
13762 + # name is the function name
13763 + # enc_func and dec_func and the functions to call for encrypt/decrypt
13764 + # swap is true if byte order needs to be reversed
13765 + # iv_off is parameter number for the iv
13766 + # enc_off is parameter number for the encrypt/decrypt flag
13767 + # p1,p2,p3 are the offsets for parameters to be passed to the
13768 + # underlying calls.
13770 + &function_begin_B($name,"");
13783 + $data_off+=4 if ($p1 > 0);
13784 + $data_off+=4 if ($p2 > 0);
13785 + $data_off+=4 if ($p3 > 0);
13787 + &mov($count, &wparam(2)); # length
13789 + &comment("getting iv ptr from parameter $iv_off");
13790 + &mov("ebx", &wparam($iv_off)); # Get iv ptr
13792 + &mov($in, &DWP(0,"ebx","",0));# iv[0]
13793 + &mov($out, &DWP(4,"ebx","",0));# iv[1]
13797 + &push($out); # used in decrypt for iv[1]
13798 + &push($in); # used in decrypt for iv[0]
13800 + &mov("ebx", "esp"); # This is the address of tin[2]
13802 + &mov($in, &wparam(0)); # in
13803 + &mov($out, &wparam(1)); # out
13805 + # We have loaded them all, how lets push things
13806 + &comment("getting encrypt flag from parameter $enc_off");
13807 + &mov("ecx", &wparam($enc_off)); # Get enc flag
13810 + &comment("get and push parameter $p3");
13811 + if ($enc_off != $p3)
13812 + { &mov("eax", &wparam($p3)); &push("eax"); }
13813 + else { &push("ecx"); }
13817 + &comment("get and push parameter $p2");
13818 + if ($enc_off != $p2)
13819 + { &mov("eax", &wparam($p2)); &push("eax"); }
13820 + else { &push("ecx"); }
13824 + &comment("get and push parameter $p1");
13825 + if ($enc_off != $p1)
13826 + { &mov("eax", &wparam($p1)); &push("eax"); }
13827 + else { &push("ecx"); }
13829 + &push("ebx"); # push data/iv
13832 + &jz(&label("decrypt"));
13834 + &and($count,0xfffffff8);
13835 + &mov("eax", &DWP($data_off,"esp","",0)); # load iv[0]
13836 + &mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1]
13838 + &jz(&label("encrypt_finish"));
13840 + #############################################################
13842 + &set_label("encrypt_loop");
13844 + # "eax" and "ebx" hold iv (or the last cipher text)
13846 + &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes
13847 + &mov("edx", &DWP(4,$in,"",0)); # second 4 bytes
13849 + &xor("eax", "ecx");
13850 + &xor("ebx", "edx");
13852 + &bswap("eax") if $swap;
13853 + &bswap("ebx") if $swap;
13855 + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
13856 + &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
13858 + &call($enc_func);
13860 + &mov("eax", &DWP($data_off,"esp","",0));
13861 + &mov("ebx", &DWP($data_off+4,"esp","",0));
13863 + &bswap("eax") if $swap;
13864 + &bswap("ebx") if $swap;
13866 + &mov(&DWP(0,$out,"",0),"eax");
13867 + &mov(&DWP(4,$out,"",0),"ebx");
13869 + # eax and ebx are the next iv.
13875 + &jnz(&label("encrypt_loop"));
13877 +###################################################################3
13878 + &set_label("encrypt_finish");
13879 + &mov($count, &wparam(2)); # length
13881 + &jz(&label("finish"));
13882 + &xor("ecx","ecx");
13883 + &xor("edx","edx");
13884 + &mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
13885 + &jmp_ptr($count);
13887 +&set_label("ej7");
13888 + &xor("edx", "edx") if $ppro; # ppro friendly
13889 + &movb(&HB("edx"), &BP(6,$in,"",0));
13891 +&set_label("ej6");
13892 + &movb(&HB("edx"), &BP(5,$in,"",0));
13893 +&set_label("ej5");
13894 + &movb(&LB("edx"), &BP(4,$in,"",0));
13895 +&set_label("ej4");
13896 + &mov("ecx", &DWP(0,$in,"",0));
13897 + &jmp(&label("ejend"));
13898 +&set_label("ej3");
13899 + &movb(&HB("ecx"), &BP(2,$in,"",0));
13900 + &xor("ecx", "ecx") if $ppro; # ppro friendly
13902 +&set_label("ej2");
13903 + &movb(&HB("ecx"), &BP(1,$in,"",0));
13904 +&set_label("ej1");
13905 + &movb(&LB("ecx"), &BP(0,$in,"",0));
13906 +&set_label("ejend");
13908 + &xor("eax", "ecx");
13909 + &xor("ebx", "edx");
13911 + &bswap("eax") if $swap;
13912 + &bswap("ebx") if $swap;
13914 + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
13915 + &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
13917 + &call($enc_func);
13919 + &mov("eax", &DWP($data_off,"esp","",0));
13920 + &mov("ebx", &DWP($data_off+4,"esp","",0));
13922 + &bswap("eax") if $swap;
13923 + &bswap("ebx") if $swap;
13925 + &mov(&DWP(0,$out,"",0),"eax");
13926 + &mov(&DWP(4,$out,"",0),"ebx");
13928 + &jmp(&label("finish"));
13930 + #############################################################
13931 + #############################################################
13932 + &set_label("decrypt",1);
13934 + &and($count,0xfffffff8);
13935 + # The next 2 instructions are only for if the jz is taken
13936 + &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0]
13937 + &mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1]
13938 + &jz(&label("decrypt_finish"));
13940 + &set_label("decrypt_loop");
13941 + &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes
13942 + &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes
13944 + &bswap("eax") if $swap;
13945 + &bswap("ebx") if $swap;
13947 + &mov(&DWP($data_off,"esp","",0), "eax"); # put back
13948 + &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
13950 + &call($dec_func);
13952 + &mov("eax", &DWP($data_off,"esp","",0)); # get return
13953 + &mov("ebx", &DWP($data_off+4,"esp","",0)); #
13955 + &bswap("eax") if $swap;
13956 + &bswap("ebx") if $swap;
13958 + &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0]
13959 + &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1]
13961 + &xor("ecx", "eax");
13962 + &xor("edx", "ebx");
13964 + &mov("eax", &DWP(0,$in,"",0)); # get old cipher text,
13965 + &mov("ebx", &DWP(4,$in,"",0)); # next iv actually
13967 + &mov(&DWP(0,$out,"",0),"ecx");
13968 + &mov(&DWP(4,$out,"",0),"edx");
13970 + &mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv
13971 + &mov(&DWP($data_off+12,"esp","",0), "ebx"); #
13977 + &jnz(&label("decrypt_loop"));
13978 +############################ ENDIT #######################3
13979 + &set_label("decrypt_finish");
13980 + &mov($count, &wparam(2)); # length
13982 + &jz(&label("finish"));
13984 + &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes
13985 + &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes
13987 + &bswap("eax") if $swap;
13988 + &bswap("ebx") if $swap;
13990 + &mov(&DWP($data_off,"esp","",0), "eax"); # put back
13991 + &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
13993 + &call($dec_func);
13995 + &mov("eax", &DWP($data_off,"esp","",0)); # get return
13996 + &mov("ebx", &DWP($data_off+4,"esp","",0)); #
13998 + &bswap("eax") if $swap;
13999 + &bswap("ebx") if $swap;
14001 + &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0]
14002 + &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1]
14004 + &xor("ecx", "eax");
14005 + &xor("edx", "ebx");
14007 + # this is for when we exit
14008 + &mov("eax", &DWP(0,$in,"",0)); # get old cipher text,
14009 + &mov("ebx", &DWP(4,$in,"",0)); # next iv actually
14011 +&set_label("dj7");
14012 + &rotr("edx", 16);
14013 + &movb(&BP(6,$out,"",0), &LB("edx"));
14015 +&set_label("dj6");
14016 + &movb(&BP(5,$out,"",0), &HB("edx"));
14017 +&set_label("dj5");
14018 + &movb(&BP(4,$out,"",0), &LB("edx"));
14019 +&set_label("dj4");
14020 + &mov(&DWP(0,$out,"",0), "ecx");
14021 + &jmp(&label("djend"));
14022 +&set_label("dj3");
14023 + &rotr("ecx", 16);
14024 + &movb(&BP(2,$out,"",0), &LB("ecx"));
14026 +&set_label("dj2");
14027 + &movb(&BP(1,$in,"",0), &HB("ecx"));
14028 +&set_label("dj1");
14029 + &movb(&BP(0,$in,"",0), &LB("ecx"));
14030 +&set_label("djend");
14032 + # final iv is still in eax:ebx
14033 + &jmp(&label("finish"));
14036 +############################ FINISH #######################3
14037 + &set_label("finish",1);
14038 + &mov("ecx", &wparam($iv_off)); # Get iv ptr
14040 + #################################################
14042 + $total+=4 if ($p1 > 0);
14043 + $total+=4 if ($p2 > 0);
14044 + $total+=4 if ($p3 > 0);
14045 + &add("esp",$total);
14047 + &mov(&DWP(0,"ecx","",0), "eax"); # save iv
14048 + &mov(&DWP(4,"ecx","",0), "ebx"); # save iv
14050 + &function_end_A($name);
14052 + &set_label("cbc_enc_jmp_table",1);
14054 + &data_word(&label("ej1"));
14055 + &data_word(&label("ej2"));
14056 + &data_word(&label("ej3"));
14057 + &data_word(&label("ej4"));
14058 + &data_word(&label("ej5"));
14059 + &data_word(&label("ej6"));
14060 + &data_word(&label("ej7"));
14061 + &set_label("cbc_dec_jmp_table",1);
14063 + &data_word(&label("dj1"));
14064 + &data_word(&label("dj2"));
14065 + &data_word(&label("dj3"));
14066 + &data_word(&label("dj4"));
14067 + &data_word(&label("dj5"));
14068 + &data_word(&label("dj6"));
14069 + &data_word(&label("dj7"));
14071 + &function_end_B($name);
14076 diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/readme linux/net/ipsec/libdes/asm/perlasm/readme
14077 --- linux-noipsec/net/ipsec/libdes/asm/perlasm/readme Thu Jan 1 01:00:00 1970
14078 +++ linux/net/ipsec/libdes/asm/perlasm/readme Thu Feb 18 17:41:35 1999
14080 +The perl scripts in this directory are my 'hack' to generate
14081 +multiple different assembler formats via the one origional script.
14083 +The way to use this library is to start with adding the path to this directory
14084 +and then include it.
14086 +push(@INC,"perlasm","../../perlasm");
14087 +require "x86asm.pl";
14089 +The first thing we do is setup the file and type of assember
14091 +&asm_init($ARGV[0],$0);
14093 +The first argument is the 'type'. Currently
14094 +'cpp', 'sol', 'a.out', 'elf' or 'win32'.
14095 +Argument 2 is the file name.
14097 +The reciprocal function is
14098 +&asm_finish() which should be called at the end.
14100 +There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
14101 +and x86unix.pl which is the unix (gas) version.
14103 +Functions of interest are:
14104 +&external_label("des_SPtrans"); declare and external variable
14105 +&LB(reg); Low byte for a register
14106 +&HB(reg); High byte for a register
14107 +&BP(off,base,index,scale) Byte pointer addressing
14108 +&DWP(off,base,index,scale) Word pointer addressing
14109 +&stack_push(num) Basically a 'sub esp, num*4' with extra
14110 +&stack_pop(num) inverse of stack_push
14111 +&function_begin(name,extra) Start a function with pushing of
14112 + edi, esi, ebx and ebp. extra is extra win32
14113 + external info that may be required.
14114 +&function_begin_B(name,extra) Same as norma function_begin but no pushing.
14115 +&function_end(name) Call at end of function.
14116 +&function_end_A(name) Standard pop and ret, for use inside functions
14117 +&function_end_B(name) Call at end but with poping or 'ret'.
14118 +&swtmp(num) Address on stack temp word.
14119 +&wparam(num) Parameter number num, that was push
14120 + in C convention. This all works over pushes
14122 +&comment("hello there") Put in a comment.
14123 +&label("loop") Refer to a label, normally a jmp target.
14124 +&set_label("loop") Set a label at this point.
14125 +&data_word(word) Put in a word of data.
14127 +So how does this all hold together? Given
14129 +int calc(int len, int *data)
14133 + for (i=0; i<len; i++)
14135 + j+=other(data[i]);
14139 +So a very simple version of this function could be coded as
14141 + push(@INC,"perlasm","../../perlasm");
14142 + require "x86asm.pl";
14144 + &asm_init($ARGV[0],"cacl.pl");
14146 + &external_label("other");
14153 + &comment("a simple function");
14154 + &function_begin("calc");
14155 + &mov( $data, &wparam(1)); # data
14159 + &set_label("loop");
14160 + &cmp( $i, &wparam(0));
14161 + &jge( &label("end"));
14163 + &mov( $tmp1, &DWP(0,$data,$i,4));
14166 + &add( $j, "eax");
14169 + &jmp( &label("loop"));
14171 + &set_label("end");
14172 + &mov( "eax", $j);
14174 + &function_end("calc");
14178 +The above example is very very unoptimised but gives an idea of how
14181 +There is also a cbc mode function generator in cbc.pl
14184 + $encrypt_function_name,
14185 + $decrypt_function_name,
14186 + $true_if_byte_swap_needed,
14187 + $parameter_number_for_iv,
14188 + $parameter_number_for_encrypt_flag,
14189 + $first_parameter_to_pass,
14190 + $second_parameter_to_pass,
14191 + $third_parameter_to_pass);
14193 +So for example, given
14194 +void BF_encrypt(BF_LONG *data,BF_KEY *key);
14195 +void BF_decrypt(BF_LONG *data,BF_KEY *key);
14196 +void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
14197 + BF_KEY *ks, unsigned char *iv, int enc);
14199 +&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
14201 +&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
14202 +&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
14204 diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/x86asm.pl linux/net/ipsec/libdes/asm/perlasm/x86asm.pl
14205 --- linux-noipsec/net/ipsec/libdes/asm/perlasm/x86asm.pl Thu Jan 1 01:00:00 1970
14206 +++ linux/net/ipsec/libdes/asm/perlasm/x86asm.pl Thu Feb 18 17:41:35 1999
14208 +#!/usr/local/bin/perl
14210 +# require 'x86asm.pl';
14211 +# &asm_init("cpp","des-586.pl");
14216 +sub main'asm_finish
14219 + &asm_finish_cpp() if $cpp;
14220 + print &asm_get_output();
14228 + $cpp=$sol=$aout=$win32=0;
14229 + if ( ($type eq "elf"))
14230 + { require "x86unix.pl"; }
14231 + elsif ( ($type eq "a.out"))
14232 + { $aout=1; require "x86unix.pl"; }
14233 + elsif ( ($type eq "sol"))
14234 + { $sol=1; require "x86unix.pl"; }
14235 + elsif ( ($type eq "cpp"))
14236 + { $cpp=1; require "x86unix.pl"; }
14237 + elsif ( ($type eq "win32"))
14238 + { $win32=1; require "x86ms.pl"; }
14241 + print STDERR <<"EOF";
14242 +Pick one target type from
14243 + elf - linux, FreeBSD etc
14244 + a.out - old linux
14245 + sol - x86 solaris
14246 + cpp - format so x86unix.cpp can be used
14247 + win32 - Windows 95/Windows NT
14252 + &asm_init_output();
14254 +&comment("Don't even think of reading this code");
14255 +&comment("It was automatically generated by $filename");
14256 +&comment("Which is a perl program used to generate the x86 assember for");
14257 +&comment("any of elf, a.out, BSDI,Win32, or Solaris");
14258 +&comment("eric <eay\@cryptsoft.com>");
14261 + $filename =~ s/\.pl$//;
14262 + &file($filename);
14265 +sub asm_finish_cpp
14267 + return unless $cpp;
14270 + foreach $i (&get_labels())
14272 + $tmp.="#define $i _$i\n";
14275 +/* Run the C pre-processor over this file with one of the following defined
14276 + * ELF - elf object files,
14277 + * OUT - a.out object files,
14278 + * BSDI - BSDI style a.out object files
14279 + * SOL - Solaris style elf
14282 +#define TYPE(a,b) .type a,b
14283 +#define SIZE(a,b) .size a,b
14285 +#if defined(OUT) || defined(BSDI)
14301 +#if defined(ELF) || defined(SOL)
14307 +You need to define one of
14308 +ELF - elf systems - linux-elf, NetBSD and DG-UX
14309 +OUT - a.out systems - linux-a.out and FreeBSD
14310 +SOL - solaris systems, which are elf with strange comment lines
14311 +BSDI - a.out with a very primative version of as.
14314 +/* Let the Assembler begin :-) */
14319 diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/x86ms.pl linux/net/ipsec/libdes/asm/perlasm/x86ms.pl
14320 --- linux-noipsec/net/ipsec/libdes/asm/perlasm/x86ms.pl Thu Jan 1 01:00:00 1970
14321 +++ linux/net/ipsec/libdes/asm/perlasm/x86ms.pl Thu Feb 18 17:41:35 1999
14323 +#!/usr/local/bin/perl
14329 +%lb=( 'eax', 'al',
14339 +%hb=( 'eax', 'ah',
14349 +sub main'asm_init_output { @out=(); }
14350 +sub main'asm_get_output { return(@out); }
14351 +sub main'get_labels { return(@labels); }
14352 +sub main'external_label { push(@labels,@_); }
14356 + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
14357 + return($lb{$_[0]});
14362 + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
14363 + return($hb{$_[0]});
14368 + &get_mem("BYTE",@_);
14373 + &get_mem("DWORD",@_);
14376 +sub main'stack_push
14380 + &main'sub("esp",$num*4);
14383 +sub main'stack_pop
14387 + &main'add("esp",$num*4);
14392 + local($size,$addr,$reg1,$reg2,$idx)=@_;
14394 + local($ret)="$size PTR ";
14396 + $addr =~ s/^\s+//;
14397 + if ($addr =~ /^(.+)\+(.+)$/)
14402 + elsif ($addr =~ /^[_a-zA-Z]/)
14407 + $reg1="$regs{$reg1}" if defined($regs{$reg1});
14408 + $reg2="$regs{$reg2}" if defined($regs{$reg2});
14409 + if (($addr ne "") && ($addr ne 0))
14411 + if ($addr !~ /^-/)
14413 + else { $post=$addr; }
14418 + $t="*$idx" if ($idx != 0);
14419 + $reg1="+".$reg1 if ("$reg1$post" ne "");
14420 + $ret.="[$reg2$t$reg1$post]";
14424 + $ret.="[$reg1$post]"
14429 +sub main'mov { &out2("mov",@_); }
14430 +sub main'movb { &out2("mov",@_); }
14431 +sub main'and { &out2("and",@_); }
14432 +sub main'or { &out2("or",@_); }
14433 +sub main'shl { &out2("shl",@_); }
14434 +sub main'shr { &out2("shr",@_); }
14435 +sub main'xor { &out2("xor",@_); }
14436 +sub main'xorb { &out2("xor",@_); }
14437 +sub main'add { &out2("add",@_); }
14438 +sub main'adc { &out2("adc",@_); }
14439 +sub main'sub { &out2("sub",@_); }
14440 +sub main'rotl { &out2("rol",@_); }
14441 +sub main'rotr { &out2("ror",@_); }
14442 +sub main'exch { &out2("xchg",@_); }
14443 +sub main'cmp { &out2("cmp",@_); }
14444 +sub main'lea { &out2("lea",@_); }
14445 +sub main'mul { &out1("mul",@_); }
14446 +sub main'div { &out1("div",@_); }
14447 +sub main'dec { &out1("dec",@_); }
14448 +sub main'inc { &out1("inc",@_); }
14449 +sub main'jmp { &out1("jmp",@_); }
14450 +sub main'jmp_ptr { &out1p("jmp",@_); }
14451 +sub main'je { &out1("je",@_); }
14452 +sub main'jle { &out1("jle",@_); }
14453 +sub main'jz { &out1("jz",@_); }
14454 +sub main'jge { &out1("jge",@_); }
14455 +sub main'jl { &out1("jl",@_); }
14456 +sub main'jb { &out1("jb",@_); }
14457 +sub main'jnz { &out1("jnz",@_); }
14458 +sub main'jne { &out1("jne",@_); }
14459 +sub main'push { &out1("push",@_); $stack+=4; }
14460 +sub main'pop { &out1("pop",@_); $stack-=4; }
14461 +sub main'bswap { &out1("bswap",@_); &using486(); }
14462 +sub main'not { &out1("not",@_); }
14463 +sub main'call { &out1("call",'_'.$_[0]); }
14464 +sub main'ret { &out0("ret"); }
14465 +sub main'nop { &out0("nop"); }
14469 + local($name,$p1,$p2)=@_;
14472 + push(@out,"\t$name\t");
14473 + $t=&conv($p1).",";
14477 + push(@out,"\t" x $l);
14478 + push(@out,&conv($p2));
14486 + push(@out,"\t$name\n");
14491 + local($name,$p1)=@_;
14494 + push(@out,"\t$name\t".&conv($p1)."\n");
14501 + $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
14507 + return if $using486;
14509 + grep(s/\.386/\.486/,@out);
14516 + local($tmp)=<<"EOF";
14524 +sub main'function_begin
14526 + local($func,$extra)=@_;
14528 + push(@labels,$func);
14530 + local($tmp)=<<"EOF";
14544 +sub main'function_begin_B
14546 + local($func,$extra)=@_;
14548 + local($tmp)=<<"EOF";
14558 +sub main'function_end
14562 + local($tmp)=<<"EOF";
14576 +sub main'function_end_B
14580 + local($tmp)=<<"EOF";
14589 +sub main'function_end_A
14593 + local($tmp)=<<"EOF";
14605 + push(@out,"END\n");
14612 + return(&main'DWP($stack+$num*4,"esp","",0));
14617 + return(&main'DWP($_[0]*4,"esp","",0));
14620 +# Should use swtmp, which is above esp. Linix can trash the stack above esp
14625 +# return(&main'DWP(-(($num+1)*4),"esp","",0));
14632 + push(@out,"\t; $_\n");
14638 + if (!defined($label{$_[0]}))
14640 + $label{$_[0]}="\$${label}${_[0]}";
14643 + return($label{$_[0]});
14646 +sub main'set_label
14648 + if (!defined($label{$_[0]}))
14650 + $label{$_[0]}="${label}${_[0]}";
14653 + push(@out,"$label{$_[0]}:\n");
14656 +sub main'data_word
14658 + push(@out,"\tDD\t$_[0]\n");
14663 + local($name,$p1)=@_;
14666 + push(@out,"\t$name\t ".&conv($p1)."\n");
14668 diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/x86unix.pl linux/net/ipsec/libdes/asm/perlasm/x86unix.pl
14669 --- linux-noipsec/net/ipsec/libdes/asm/perlasm/x86unix.pl Thu Jan 1 01:00:00 1970
14670 +++ linux/net/ipsec/libdes/asm/perlasm/x86unix.pl Thu Feb 18 17:41:36 1999
14672 +#!/usr/local/bin/perl
14678 +$align=($main'aout)?"4":"16";
14679 +$under=($main'aout)?"_":"";
14680 +$com_start=($main'sol)?"/":"#";
14682 +sub main'asm_init_output { @out=(); }
14683 +sub main'asm_get_output { return(@out); }
14684 +sub main'get_labels { return(@labels); }
14685 +sub main'external_label { push(@labels,@_); }
14695 +%lb=( 'eax', '%al',
14705 +%hb=( 'eax', '%ah',
14715 +%regs=( 'eax', '%eax',
14738 + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
14739 + return($lb{$_[0]});
14744 + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
14745 + return($hb{$_[0]});
14750 + local($addr,$reg1,$reg2,$idx)=@_;
14753 + $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
14754 + $reg1="$regs{$reg1}" if defined($regs{$reg1});
14755 + $reg2="$regs{$reg2}" if defined($regs{$reg2});
14756 + $ret.=$addr if ($addr ne "") && ($addr ne 0);
14758 + { $ret.="($reg1,$reg2,$idx)"; }
14760 + { $ret.="($reg1)" }
14766 + return(&main'DWP(@_));
14771 +# local($addr,$reg1,$reg2,$idx)=@_;
14775 +# $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
14776 +# $reg1="$regs{$reg1}" if defined($regs{$reg1});
14777 +# $reg2="$regs{$reg2}" if defined($regs{$reg2});
14778 +# $ret.=$addr if ($addr ne "") && ($addr ne 0);
14779 +# if ($reg2 ne "")
14780 +# { $ret.="($reg1,$reg2,$idx)"; }
14782 +# { $ret.="($reg1)" }
14786 +sub main'mov { &out2("movl",@_); }
14787 +sub main'movb { &out2("movb",@_); }
14788 +sub main'and { &out2("andl",@_); }
14789 +sub main'or { &out2("orl",@_); }
14790 +sub main'shl { &out2("sall",@_); }
14791 +sub main'shr { &out2("shrl",@_); }
14792 +sub main'xor { &out2("xorl",@_); }
14793 +sub main'xorb { &out2("xorb",@_); }
14794 +sub main'add { &out2("addl",@_); }
14795 +sub main'adc { &out2("adcl",@_); }
14796 +sub main'sub { &out2("subl",@_); }
14797 +sub main'rotl { &out2("roll",@_); }
14798 +sub main'rotr { &out2("rorl",@_); }
14799 +sub main'exch { &out2("xchg",@_); }
14800 +sub main'cmp { &out2("cmpl",@_); }
14801 +sub main'lea { &out2("leal",@_); }
14802 +sub main'mul { &out1("mull",@_); }
14803 +sub main'div { &out1("divl",@_); }
14804 +sub main'jmp { &out1("jmp",@_); }
14805 +sub main'jmp_ptr { &out1p("jmp",@_); }
14806 +sub main'je { &out1("je",@_); }
14807 +sub main'jle { &out1("jle",@_); }
14808 +sub main'jne { &out1("jne",@_); }
14809 +sub main'jnz { &out1("jnz",@_); }
14810 +sub main'jz { &out1("jz",@_); }
14811 +sub main'jge { &out1("jge",@_); }
14812 +sub main'jl { &out1("jl",@_); }
14813 +sub main'jb { &out1("jb",@_); }
14814 +sub main'dec { &out1("decl",@_); }
14815 +sub main'inc { &out1("incl",@_); }
14816 +sub main'push { &out1("pushl",@_); $stack+=4; }
14817 +sub main'pop { &out1("popl",@_); $stack-=4; }
14818 +sub main'bswap { &out1("bswapl",@_); }
14819 +sub main'not { &out1("notl",@_); }
14820 +sub main'call { &out1("call",$under.$_[0]); }
14821 +sub main'ret { &out0("ret"); }
14822 +sub main'nop { &out0("nop"); }
14826 + local($name,$p1,$p2)=@_;
14827 + local($l,$ll,$t);
14828 + local(%special)=( "roll",0xD1C0,"rorl",0xD1C8,
14829 + "rcll",0xD1D0,"rcrl",0xD1D8,
14830 + "shll",0xD1E0,"shrl",0xD1E8,
14833 + if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
14835 + $op=$special{$name}|$reg_val{$p1};
14836 + $tmp1=sprintf ".byte %d\n",($op>>8)&0xff;
14837 + $tmp2=sprintf ".byte %d\t",$op &0xff;
14838 + push(@out,$tmp1);
14839 + push(@out,$tmp2);
14843 + &main'comment("$name $p2 $p1");
14847 + push(@out,"\t$name\t");
14848 + $t=&conv($p2).",";
14852 + $tmp1=sprintf "\t" x $ll;
14853 + push(@out,$tmp1);
14854 + push(@out,&conv($p1)."\n");
14859 + local($name,$p1)=@_;
14862 + push(@out,"\t$name\t".&conv($p1)."\n");
14867 + local($name,$p1)=@_;
14870 + push(@out,"\t$name\t*".&conv($p1)."\n");
14875 + push(@out,"\t$_[0]\n");
14882 +# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
14884 + $p=$regs{$p} if (defined($regs{$p}));
14886 + $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
14887 + $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
14895 + local($tmp)=<<"EOF";
14903 +sub main'function_begin
14907 + $func=$under.$func;
14909 + local($tmp)=<<"EOF";
14916 + { $tmp=push(@out,"\tTYPE($func,\@function)\n"); }
14917 + else { $tmp=push(@out,"\t.type\t$func,\@function\n"); }
14918 + push(@out,"$func:\n");
14930 +sub main'function_begin_B
14932 + local($func,$extra)=@_;
14934 + $func=$under.$func;
14936 + local($tmp)=<<"EOF";
14943 + { push(@out,"\tTYPE($func,\@function)\n"); }
14944 + else { push(@out,"\t.type $func,\@function\n"); }
14945 + push(@out,"$func:\n");
14949 +sub main'function_end
14953 + $func=$under.$func;
14955 + local($tmp)=<<"EOF";
14965 + { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
14966 + else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
14967 + push(@out,".ident \"$func\"\n");
14972 +sub main'function_end_A
14976 + local($tmp)=<<"EOF";
14986 +sub main'function_end_B
14990 + $func=$under.$func;
14992 + push(@out,".${func}_end:\n");
14994 + { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
14995 + else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
14996 + push(@out,".ident \"desasm.pl\"\n");
15005 + return(&main'DWP($stack+$num*4,"esp","",0));
15008 +sub main'stack_push
15012 + &main'sub("esp",$num*4);
15015 +sub main'stack_pop
15019 + &main'add("esp",$num*4);
15024 + return(&main'DWP($_[0]*4,"esp","",0));
15027 +# Should use swtmp, which is above esp. Linix can trash the stack above esp
15032 +# return(&main'DWP(-($num+1)*4,"esp","",0));
15040 + { push(@out,"\n"); }
15042 + { push(@out,"\t$com_start $_ $com_end\n"); }
15048 + if (!defined($label{$_[0]}))
15050 + $label{$_[0]}=".${label}${_[0]}";
15053 + return($label{$_[0]});
15056 +sub main'set_label
15058 + if (!defined($label{$_[0]}))
15060 + $label{$_[0]}=".${label}${_[0]}";
15063 + push(@out,".align $align\n") if ($_[1] != 0);
15064 + push(@out,"$label{$_[0]}:\n");
15071 +sub main'data_word
15073 + push(@out,"\t.long $_[0]\n");
15075 diff -druN linux-noipsec/net/ipsec/libdes/cbc_enc.c linux/net/ipsec/libdes/cbc_enc.c
15076 --- linux-noipsec/net/ipsec/libdes/cbc_enc.c Thu Jan 1 01:00:00 1970
15077 +++ linux/net/ipsec/libdes/cbc_enc.c Thu Feb 18 17:41:10 1999
15079 +/* crypto/des/cbc_enc.c */
15080 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
15081 + * All rights reserved.
15083 + * This package is an SSL implementation written
15084 + * by Eric Young (eay@cryptsoft.com).
15085 + * The implementation was written so as to conform with Netscapes SSL.
15087 + * This library is free for commercial and non-commercial use as long as
15088 + * the following conditions are aheared to. The following conditions
15089 + * apply to all code found in this distribution, be it the RC4, RSA,
15090 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15091 + * included with this distribution is covered by the same copyright terms
15092 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15094 + * Copyright remains Eric Young's, and as such any Copyright notices in
15095 + * the code are not to be removed.
15096 + * If this package is used in a product, Eric Young should be given attribution
15097 + * as the author of the parts of the library used.
15098 + * This can be in the form of a textual message at program startup or
15099 + * in documentation (online or textual) provided with the package.
15101 + * Redistribution and use in source and binary forms, with or without
15102 + * modification, are permitted provided that the following conditions
15104 + * 1. Redistributions of source code must retain the copyright
15105 + * notice, this list of conditions and the following disclaimer.
15106 + * 2. Redistributions in binary form must reproduce the above copyright
15107 + * notice, this list of conditions and the following disclaimer in the
15108 + * documentation and/or other materials provided with the distribution.
15109 + * 3. All advertising materials mentioning features or use of this software
15110 + * must display the following acknowledgement:
15111 + * "This product includes cryptographic software written by
15112 + * Eric Young (eay@cryptsoft.com)"
15113 + * The word 'cryptographic' can be left out if the rouines from the library
15114 + * being used are not cryptographic related :-).
15115 + * 4. If you include any Windows specific code (or a derivative thereof) from
15116 + * the apps directory (application code) you must include an acknowledgement:
15117 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
15119 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
15120 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15121 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15122 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
15123 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
15124 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
15125 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15126 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
15127 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
15128 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
15131 + * The licence and distribution terms for any publically available version or
15132 + * derivative of this code cannot be changed. i.e. this code cannot simply be
15133 + * copied and put under another distribution licence
15134 + * [including the GNU Public Licence.]
15137 +#include "des_locl.h"
15139 +void des_cbc_encrypt(input, output, length, schedule, ivec, enc)
15140 +des_cblock (*input);
15141 +des_cblock (*output);
15143 +des_key_schedule schedule;
15144 +des_cblock (*ivec);
15147 + register DES_LONG tin0,tin1;
15148 + register DES_LONG tout0,tout1,xor0,xor1;
15149 + register unsigned char *in,*out;
15150 + register long l=length;
15152 + unsigned char *iv;
15154 + in=(unsigned char *)input;
15155 + out=(unsigned char *)output;
15156 + iv=(unsigned char *)ivec;
15162 + for (l-=8; l>=0; l-=8)
15166 + tin0^=tout0; tin[0]=tin0;
15167 + tin1^=tout1; tin[1]=tin1;
15168 + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
15169 + tout0=tin[0]; l2c(tout0,out);
15170 + tout1=tin[1]; l2c(tout1,out);
15174 + c2ln(in,tin0,tin1,l+8);
15175 + tin0^=tout0; tin[0]=tin0;
15176 + tin1^=tout1; tin[1]=tin1;
15177 + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
15178 + tout0=tin[0]; l2c(tout0,out);
15179 + tout1=tin[1]; l2c(tout1,out);
15186 + for (l-=8; l>=0; l-=8)
15188 + c2l(in,tin0); tin[0]=tin0;
15189 + c2l(in,tin1); tin[1]=tin1;
15190 + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
15191 + tout0=tin[0]^xor0;
15192 + tout1=tin[1]^xor1;
15200 + c2l(in,tin0); tin[0]=tin0;
15201 + c2l(in,tin1); tin[1]=tin1;
15202 + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
15203 + tout0=tin[0]^xor0;
15204 + tout1=tin[1]^xor1;
15205 + l2cn(tout0,tout1,out,l+8);
15210 + tin0=tin1=tout0=tout1=xor0=xor1=0;
15214 diff -druN linux-noipsec/net/ipsec/libdes/des.h linux/net/ipsec/libdes/des.h
15215 --- linux-noipsec/net/ipsec/libdes/des.h Thu Jan 1 01:00:00 1970
15216 +++ linux/net/ipsec/libdes/des.h Wed Oct 4 16:54:10 2000
15218 +/* crypto/des/des.org */
15219 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
15220 + * All rights reserved.
15222 + * This package is an SSL implementation written
15223 + * by Eric Young (eay@cryptsoft.com).
15224 + * The implementation was written so as to conform with Netscapes SSL.
15226 + * This library is free for commercial and non-commercial use as long as
15227 + * the following conditions are aheared to. The following conditions
15228 + * apply to all code found in this distribution, be it the RC4, RSA,
15229 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15230 + * included with this distribution is covered by the same copyright terms
15231 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15233 + * Copyright remains Eric Young's, and as such any Copyright notices in
15234 + * the code are not to be removed.
15235 + * If this package is used in a product, Eric Young should be given attribution
15236 + * as the author of the parts of the library used.
15237 + * This can be in the form of a textual message at program startup or
15238 + * in documentation (online or textual) provided with the package.
15240 + * Redistribution and use in source and binary forms, with or without
15241 + * modification, are permitted provided that the following conditions
15243 + * 1. Redistributions of source code must retain the copyright
15244 + * notice, this list of conditions and the following disclaimer.
15245 + * 2. Redistributions in binary form must reproduce the above copyright
15246 + * notice, this list of conditions and the following disclaimer in the
15247 + * documentation and/or other materials provided with the distribution.
15248 + * 3. All advertising materials mentioning features or use of this software
15249 + * must display the following acknowledgement:
15250 + * "This product includes cryptographic software written by
15251 + * Eric Young (eay@cryptsoft.com)"
15252 + * The word 'cryptographic' can be left out if the rouines from the library
15253 + * being used are not cryptographic related :-).
15254 + * 4. If you include any Windows specific code (or a derivative thereof) from
15255 + * the apps directory (application code) you must include an acknowledgement:
15256 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
15258 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
15259 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15260 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15261 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
15262 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
15263 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
15264 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15265 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
15266 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
15267 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
15270 + * The licence and distribution terms for any publically available version or
15271 + * derivative of this code cannot be changed. i.e. this code cannot simply be
15272 + * copied and put under another distribution licence
15273 + * [including the GNU Public Licence.]
15276 +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
15278 + * Always modify des.org since des.h is automatically generated from
15279 + * it during SSLeay configuration.
15281 + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
15284 +#ifndef HEADER_DES_H
15285 +#define HEADER_DES_H
15287 +#ifdef __cplusplus
15291 +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
15292 + * %20 speed up (longs are 8 bytes, int's are 4). */
15295 +/* This conditional for FreeS/WAN project. */
15297 +#define DES_LONG unsigned int
15299 +#define DES_LONG unsigned long
15303 +typedef unsigned char des_cblock[8];
15304 +typedef struct des_ks_struct
15308 + /* make sure things are correct size on machines with
15309 + * 8 byte longs */
15314 + } des_key_schedule[16];
15316 +#define DES_KEY_SZ (sizeof(des_cblock))
15317 +#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
15319 +#define DES_ENCRYPT 1
15320 +#define DES_DECRYPT 0
15322 +#define DES_CBC_MODE 0
15323 +#define DES_PCBC_MODE 1
15325 +#define des_ecb2_encrypt(i,o,k1,k2,e) \
15326 + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
15328 +#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
15329 + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
15331 +#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
15332 + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
15334 +#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
15335 + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
15337 +#define C_Block des_cblock
15338 +#define Key_schedule des_key_schedule
15340 +#define ENCRYPT DES_ENCRYPT
15341 +#define DECRYPT DES_DECRYPT
15343 +#define KEY_SZ DES_KEY_SZ
15344 +#define string_to_key des_string_to_key
15345 +#define read_pw_string des_read_pw_string
15346 +#define random_key des_random_key
15347 +#define pcbc_encrypt des_pcbc_encrypt
15348 +#define set_key des_set_key
15349 +#define key_sched des_key_sched
15350 +#define ecb_encrypt des_ecb_encrypt
15351 +#define cbc_encrypt des_cbc_encrypt
15352 +#define ncbc_encrypt des_ncbc_encrypt
15353 +#define xcbc_encrypt des_xcbc_encrypt
15354 +#define cbc_cksum des_cbc_cksum
15355 +#define quad_cksum des_quad_cksum
15357 +/* For compatibility with the MIT lib - eay 20/05/92 */
15358 +typedef des_key_schedule bit_64;
15359 +#define des_fixup_key_parity des_set_odd_parity
15360 +#define des_check_key_parity check_parity
15362 +extern int des_check_key; /* defaults to false */
15363 +extern int des_rw_mode; /* defaults to DES_PCBC_MODE */
15365 +/* The next line is used to disable full ANSI prototypes, if your
15366 + * compiler has problems with the prototypes, make sure this line always
15367 + * evaluates to true :-) */
15368 +#if defined(MSDOS) || defined(__STDC__)
15372 +char *des_options(void);
15373 +void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
15374 + des_key_schedule ks1,des_key_schedule ks2,
15375 + des_key_schedule ks3, int enc);
15376 +DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
15377 + long length,des_key_schedule schedule,des_cblock *ivec);
15378 +void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
15379 + des_key_schedule schedule,des_cblock *ivec,int enc);
15380 +void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
15381 + des_key_schedule schedule,des_cblock *ivec,int enc);
15382 +void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
15383 + des_key_schedule schedule,des_cblock *ivec,
15384 + des_cblock *inw,des_cblock *outw,int enc);
15385 +void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
15386 + long length,des_key_schedule schedule,des_cblock *ivec,int enc);
15387 +void des_ecb_encrypt(des_cblock *input,des_cblock *output,
15388 + des_key_schedule ks,int enc);
15389 +void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
15390 +void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
15391 +void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
15392 + des_key_schedule ks2, des_key_schedule ks3);
15393 +void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
15394 + des_key_schedule ks2, des_key_schedule ks3);
15395 +void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output,
15396 + long length, des_key_schedule ks1, des_key_schedule ks2,
15397 + des_key_schedule ks3, des_cblock *ivec, int enc);
15398 +void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
15399 + long length, des_key_schedule ks1, des_key_schedule ks2,
15400 + des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
15401 +void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
15402 + long length, des_key_schedule ks1, des_key_schedule ks2,
15403 + des_key_schedule ks3, des_cblock *ivec, int *num);
15405 +void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
15406 + des_cblock (*out_white));
15408 +int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
15410 +int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
15412 +char *des_fcrypt(const char *buf,const char *salt, char *ret);
15414 +char *des_crypt(const char *buf,const char *salt);
15416 +/* some stupid compilers complain because I have declared char instead
15417 + * of const char */
15418 +#ifdef HEADER_DES_LOCL_H
15419 +char *crypt(const char *buf,const char *salt);
15424 +void des_ofb_encrypt(unsigned char *in,unsigned char *out,
15425 + int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
15426 +void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
15427 + des_key_schedule schedule,des_cblock *ivec,int enc);
15428 +DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
15429 + long length,int out_count,des_cblock *seed);
15430 +void des_random_seed(des_cblock key);
15431 +void des_random_key(des_cblock ret);
15432 +int des_read_password(des_cblock *key,char *prompt,int verify);
15433 +int des_read_2passwords(des_cblock *key1,des_cblock *key2,
15434 + char *prompt,int verify);
15435 +int des_read_pw_string(char *buf,int length,char *prompt,int verify);
15436 +void des_set_odd_parity(des_cblock *key);
15437 +int des_is_weak_key(des_cblock *key);
15438 +int des_set_key(des_cblock *key,des_key_schedule schedule);
15439 +int des_key_sched(des_cblock *key,des_key_schedule schedule);
15440 +void des_string_to_key(char *str,des_cblock *key);
15441 +void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
15442 +void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
15443 + des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
15444 +void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
15445 + des_key_schedule schedule, des_cblock *ivec, int *num);
15446 +int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
15448 +/* Extra functions from Mark Murray <mark@grondar.za> */
15449 +/* The following functions are not in the normal unix build or the
15450 + * SSLeay build. When using the SSLeay build, use RAND_seed()
15451 + * and RAND_bytes() instead. */
15452 +int des_new_random_key(des_cblock *key);
15453 +void des_init_random_number_generator(des_cblock *key);
15454 +void des_set_random_generator_seed(des_cblock *key);
15455 +void des_set_sequence_number(des_cblock new_sequence_number);
15456 +void des_generate_random_block(des_cblock *block);
15460 +char *des_options();
15461 +void des_ecb3_encrypt();
15462 +DES_LONG des_cbc_cksum();
15463 +void des_cbc_encrypt();
15464 +void des_ncbc_encrypt();
15465 +void des_xcbc_encrypt();
15466 +void des_cfb_encrypt();
15467 +void des_ede3_cfb64_encrypt();
15468 +void des_ede3_ofb64_encrypt();
15469 +void des_ecb_encrypt();
15470 +void des_encrypt();
15471 +void des_encrypt2();
15472 +void des_encrypt3();
15473 +void des_decrypt3();
15474 +void des_ede3_cbc_encrypt();
15475 +int des_enc_read();
15476 +int des_enc_write();
15477 +char *des_fcrypt();
15479 +char *des_crypt();
15483 +void des_ofb_encrypt();
15484 +void des_pcbc_encrypt();
15485 +DES_LONG des_quad_cksum();
15486 +void des_random_seed();
15487 +void des_random_key();
15488 +int des_read_password();
15489 +int des_read_2passwords();
15490 +int des_read_pw_string();
15491 +void des_set_odd_parity();
15492 +int des_is_weak_key();
15493 +int des_set_key();
15494 +int des_key_sched();
15495 +void des_string_to_key();
15496 +void des_string_to_2keys();
15497 +void des_cfb64_encrypt();
15498 +void des_ofb64_encrypt();
15499 +int des_read_pw();
15500 +void des_xwhite_in2out();
15502 +/* Extra functions from Mark Murray <mark@grondar.za> */
15503 +/* The following functions are not in the normal unix build or the
15504 + * SSLeay build. When using the SSLeay build, use RAND_seed()
15505 + * and RAND_bytes() instead. */
15507 +int des_new_random_key();
15508 +void des_init_random_number_generator();
15509 +void des_set_random_generator_seed();
15510 +void des_set_sequence_number();
15511 +void des_generate_random_block();
15516 +#ifdef __cplusplus
15521 diff -druN linux-noipsec/net/ipsec/libdes/des_enc.c linux/net/ipsec/libdes/des_enc.c
15522 --- linux-noipsec/net/ipsec/libdes/des_enc.c Thu Jan 1 01:00:00 1970
15523 +++ linux/net/ipsec/libdes/des_enc.c Thu Feb 18 17:41:12 1999
15525 +/* crypto/des/des_enc.c */
15526 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
15527 + * All rights reserved.
15529 + * This package is an SSL implementation written
15530 + * by Eric Young (eay@cryptsoft.com).
15531 + * The implementation was written so as to conform with Netscapes SSL.
15533 + * This library is free for commercial and non-commercial use as long as
15534 + * the following conditions are aheared to. The following conditions
15535 + * apply to all code found in this distribution, be it the RC4, RSA,
15536 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15537 + * included with this distribution is covered by the same copyright terms
15538 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15540 + * Copyright remains Eric Young's, and as such any Copyright notices in
15541 + * the code are not to be removed.
15542 + * If this package is used in a product, Eric Young should be given attribution
15543 + * as the author of the parts of the library used.
15544 + * This can be in the form of a textual message at program startup or
15545 + * in documentation (online or textual) provided with the package.
15547 + * Redistribution and use in source and binary forms, with or without
15548 + * modification, are permitted provided that the following conditions
15550 + * 1. Redistributions of source code must retain the copyright
15551 + * notice, this list of conditions and the following disclaimer.
15552 + * 2. Redistributions in binary form must reproduce the above copyright
15553 + * notice, this list of conditions and the following disclaimer in the
15554 + * documentation and/or other materials provided with the distribution.
15555 + * 3. All advertising materials mentioning features or use of this software
15556 + * must display the following acknowledgement:
15557 + * "This product includes cryptographic software written by
15558 + * Eric Young (eay@cryptsoft.com)"
15559 + * The word 'cryptographic' can be left out if the rouines from the library
15560 + * being used are not cryptographic related :-).
15561 + * 4. If you include any Windows specific code (or a derivative thereof) from
15562 + * the apps directory (application code) you must include an acknowledgement:
15563 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
15565 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
15566 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15567 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15568 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
15569 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
15570 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
15571 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15572 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
15573 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
15574 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
15577 + * The licence and distribution terms for any publically available version or
15578 + * derivative of this code cannot be changed. i.e. this code cannot simply be
15579 + * copied and put under another distribution licence
15580 + * [including the GNU Public Licence.]
15583 +#include "des_locl.h"
15585 +void des_encrypt(data, ks, enc)
15587 +des_key_schedule ks;
15590 + register DES_LONG l,r,t,u;
15592 + register unsigned char *des_SP=(unsigned char *)des_SPtrans;
15594 +#ifndef DES_UNROLL
15597 + register DES_LONG *s;
15603 + /* Things have been modified so that the initial rotate is
15604 + * done outside the loop. This required the
15605 + * des_SPtrans values in sp.h to be rotated 1 bit to the right.
15606 + * One perl script later and things have a 5% speed up on a sparc2.
15607 + * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
15608 + * for pointing this out. */
15609 + /* clear the top bits on machines with 8byte longs */
15610 + /* shift left by 2 */
15611 + r=ROTATE(r,29)&0xffffffffL;
15612 + l=ROTATE(l,29)&0xffffffffL;
15614 + s=(DES_LONG *)ks;
15615 + /* I don't know if it is worth the effort of loop unrolling the
15620 + D_ENCRYPT(l,r, 0); /* 1 */
15621 + D_ENCRYPT(r,l, 2); /* 2 */
15622 + D_ENCRYPT(l,r, 4); /* 3 */
15623 + D_ENCRYPT(r,l, 6); /* 4 */
15624 + D_ENCRYPT(l,r, 8); /* 5 */
15625 + D_ENCRYPT(r,l,10); /* 6 */
15626 + D_ENCRYPT(l,r,12); /* 7 */
15627 + D_ENCRYPT(r,l,14); /* 8 */
15628 + D_ENCRYPT(l,r,16); /* 9 */
15629 + D_ENCRYPT(r,l,18); /* 10 */
15630 + D_ENCRYPT(l,r,20); /* 11 */
15631 + D_ENCRYPT(r,l,22); /* 12 */
15632 + D_ENCRYPT(l,r,24); /* 13 */
15633 + D_ENCRYPT(r,l,26); /* 14 */
15634 + D_ENCRYPT(l,r,28); /* 15 */
15635 + D_ENCRYPT(r,l,30); /* 16 */
15637 + for (i=0; i<32; i+=8)
15639 + D_ENCRYPT(l,r,i+0); /* 1 */
15640 + D_ENCRYPT(r,l,i+2); /* 2 */
15641 + D_ENCRYPT(l,r,i+4); /* 3 */
15642 + D_ENCRYPT(r,l,i+6); /* 4 */
15649 + D_ENCRYPT(l,r,30); /* 16 */
15650 + D_ENCRYPT(r,l,28); /* 15 */
15651 + D_ENCRYPT(l,r,26); /* 14 */
15652 + D_ENCRYPT(r,l,24); /* 13 */
15653 + D_ENCRYPT(l,r,22); /* 12 */
15654 + D_ENCRYPT(r,l,20); /* 11 */
15655 + D_ENCRYPT(l,r,18); /* 10 */
15656 + D_ENCRYPT(r,l,16); /* 9 */
15657 + D_ENCRYPT(l,r,14); /* 8 */
15658 + D_ENCRYPT(r,l,12); /* 7 */
15659 + D_ENCRYPT(l,r,10); /* 6 */
15660 + D_ENCRYPT(r,l, 8); /* 5 */
15661 + D_ENCRYPT(l,r, 6); /* 4 */
15662 + D_ENCRYPT(r,l, 4); /* 3 */
15663 + D_ENCRYPT(l,r, 2); /* 2 */
15664 + D_ENCRYPT(r,l, 0); /* 1 */
15666 + for (i=30; i>0; i-=8)
15668 + D_ENCRYPT(l,r,i-0); /* 16 */
15669 + D_ENCRYPT(r,l,i-2); /* 15 */
15670 + D_ENCRYPT(l,r,i-4); /* 14 */
15671 + D_ENCRYPT(r,l,i-6); /* 13 */
15676 + /* rotate and clear the top bits on machines with 8byte longs */
15677 + l=ROTATE(l,3)&0xffffffffL;
15678 + r=ROTATE(r,3)&0xffffffffL;
15686 +void des_encrypt2(data, ks, enc)
15688 +des_key_schedule ks;
15691 + register DES_LONG l,r,t,u;
15693 + register unsigned char *des_SP=(unsigned char *)des_SPtrans;
15695 +#ifndef DES_UNROLL
15698 + register DES_LONG *s;
15703 + /* Things have been modified so that the initial rotate is
15704 + * done outside the loop. This required the
15705 + * des_SPtrans values in sp.h to be rotated 1 bit to the right.
15706 + * One perl script later and things have a 5% speed up on a sparc2.
15707 + * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
15708 + * for pointing this out. */
15709 + /* clear the top bits on machines with 8byte longs */
15710 + r=ROTATE(r,29)&0xffffffffL;
15711 + l=ROTATE(l,29)&0xffffffffL;
15713 + s=(DES_LONG *)ks;
15714 + /* I don't know if it is worth the effort of loop unrolling the
15719 + D_ENCRYPT(l,r, 0); /* 1 */
15720 + D_ENCRYPT(r,l, 2); /* 2 */
15721 + D_ENCRYPT(l,r, 4); /* 3 */
15722 + D_ENCRYPT(r,l, 6); /* 4 */
15723 + D_ENCRYPT(l,r, 8); /* 5 */
15724 + D_ENCRYPT(r,l,10); /* 6 */
15725 + D_ENCRYPT(l,r,12); /* 7 */
15726 + D_ENCRYPT(r,l,14); /* 8 */
15727 + D_ENCRYPT(l,r,16); /* 9 */
15728 + D_ENCRYPT(r,l,18); /* 10 */
15729 + D_ENCRYPT(l,r,20); /* 11 */
15730 + D_ENCRYPT(r,l,22); /* 12 */
15731 + D_ENCRYPT(l,r,24); /* 13 */
15732 + D_ENCRYPT(r,l,26); /* 14 */
15733 + D_ENCRYPT(l,r,28); /* 15 */
15734 + D_ENCRYPT(r,l,30); /* 16 */
15736 + for (i=0; i<32; i+=8)
15738 + D_ENCRYPT(l,r,i+0); /* 1 */
15739 + D_ENCRYPT(r,l,i+2); /* 2 */
15740 + D_ENCRYPT(l,r,i+4); /* 3 */
15741 + D_ENCRYPT(r,l,i+6); /* 4 */
15748 + D_ENCRYPT(l,r,30); /* 16 */
15749 + D_ENCRYPT(r,l,28); /* 15 */
15750 + D_ENCRYPT(l,r,26); /* 14 */
15751 + D_ENCRYPT(r,l,24); /* 13 */
15752 + D_ENCRYPT(l,r,22); /* 12 */
15753 + D_ENCRYPT(r,l,20); /* 11 */
15754 + D_ENCRYPT(l,r,18); /* 10 */
15755 + D_ENCRYPT(r,l,16); /* 9 */
15756 + D_ENCRYPT(l,r,14); /* 8 */
15757 + D_ENCRYPT(r,l,12); /* 7 */
15758 + D_ENCRYPT(l,r,10); /* 6 */
15759 + D_ENCRYPT(r,l, 8); /* 5 */
15760 + D_ENCRYPT(l,r, 6); /* 4 */
15761 + D_ENCRYPT(r,l, 4); /* 3 */
15762 + D_ENCRYPT(l,r, 2); /* 2 */
15763 + D_ENCRYPT(r,l, 0); /* 1 */
15765 + for (i=30; i>0; i-=8)
15767 + D_ENCRYPT(l,r,i-0); /* 16 */
15768 + D_ENCRYPT(r,l,i-2); /* 15 */
15769 + D_ENCRYPT(l,r,i-4); /* 14 */
15770 + D_ENCRYPT(r,l,i-6); /* 13 */
15774 + /* rotate and clear the top bits on machines with 8byte longs */
15775 + data[0]=ROTATE(l,3)&0xffffffffL;
15776 + data[1]=ROTATE(r,3)&0xffffffffL;
15780 +void des_encrypt3(data,ks1,ks2,ks3)
15782 +des_key_schedule ks1;
15783 +des_key_schedule ks2;
15784 +des_key_schedule ks3;
15786 + register DES_LONG l,r;
15793 + des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
15794 + des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
15795 + des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
15803 +void des_decrypt3(data,ks1,ks2,ks3)
15805 +des_key_schedule ks1;
15806 +des_key_schedule ks2;
15807 +des_key_schedule ks3;
15809 + register DES_LONG l,r;
15816 + des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
15817 + des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
15818 + des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
15826 +#ifndef DES_DEFAULT_OPTIONS
15828 +void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
15829 +des_cblock (*input);
15830 +des_cblock (*output);
15832 +des_key_schedule schedule;
15833 +des_cblock (*ivec);
15836 + register DES_LONG tin0,tin1;
15837 + register DES_LONG tout0,tout1,xor0,xor1;
15838 + register unsigned char *in,*out;
15839 + register long l=length;
15841 + unsigned char *iv;
15843 + in=(unsigned char *)input;
15844 + out=(unsigned char *)output;
15845 + iv=(unsigned char *)ivec;
15851 + for (l-=8; l>=0; l-=8)
15855 + tin0^=tout0; tin[0]=tin0;
15856 + tin1^=tout1; tin[1]=tin1;
15857 + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
15858 + tout0=tin[0]; l2c(tout0,out);
15859 + tout1=tin[1]; l2c(tout1,out);
15863 + c2ln(in,tin0,tin1,l+8);
15864 + tin0^=tout0; tin[0]=tin0;
15865 + tin1^=tout1; tin[1]=tin1;
15866 + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
15867 + tout0=tin[0]; l2c(tout0,out);
15868 + tout1=tin[1]; l2c(tout1,out);
15870 + iv=(unsigned char *)ivec;
15878 + for (l-=8; l>=0; l-=8)
15880 + c2l(in,tin0); tin[0]=tin0;
15881 + c2l(in,tin1); tin[1]=tin1;
15882 + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
15883 + tout0=tin[0]^xor0;
15884 + tout1=tin[1]^xor1;
15892 + c2l(in,tin0); tin[0]=tin0;
15893 + c2l(in,tin1); tin[1]=tin1;
15894 + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
15895 + tout0=tin[0]^xor0;
15896 + tout1=tin[1]^xor1;
15897 + l2cn(tout0,tout1,out,l+8);
15902 + iv=(unsigned char *)ivec;
15906 + tin0=tin1=tout0=tout1=xor0=xor1=0;
15910 +void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
15911 +des_cblock (*input);
15912 +des_cblock (*output);
15914 +des_key_schedule ks1;
15915 +des_key_schedule ks2;
15916 +des_key_schedule ks3;
15917 +des_cblock (*ivec);
15920 + register DES_LONG tin0,tin1;
15921 + register DES_LONG tout0,tout1,xor0,xor1;
15922 + register unsigned char *in,*out;
15923 + register long l=length;
15925 + unsigned char *iv;
15927 + in=(unsigned char *)input;
15928 + out=(unsigned char *)output;
15929 + iv=(unsigned char *)ivec;
15935 + for (l-=8; l>=0; l-=8)
15944 + des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
15953 + c2ln(in,tin0,tin1,l+8);
15959 + des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
15966 + iv=(unsigned char *)ivec;
15972 + register DES_LONG t0,t1;
15976 + for (l-=8; l>=0; l-=8)
15986 + des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
16007 + des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
16013 + l2cn(tout0,tout1,out,l+8);
16018 + iv=(unsigned char *)ivec;
16022 + tin0=tin1=tout0=tout1=xor0=xor1=0;
16026 +#endif /* DES_DEFAULT_OPTIONS */
16027 diff -druN linux-noipsec/net/ipsec/libdes/des_locl.h linux/net/ipsec/libdes/des_locl.h
16028 --- linux-noipsec/net/ipsec/libdes/des_locl.h Thu Jan 1 01:00:00 1970
16029 +++ linux/net/ipsec/libdes/des_locl.h Wed Oct 4 16:54:10 2000
16031 +/* crypto/des/des_locl.org */
16032 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
16033 + * All rights reserved.
16035 + * This package is an SSL implementation written
16036 + * by Eric Young (eay@cryptsoft.com).
16037 + * The implementation was written so as to conform with Netscapes SSL.
16039 + * This library is free for commercial and non-commercial use as long as
16040 + * the following conditions are aheared to. The following conditions
16041 + * apply to all code found in this distribution, be it the RC4, RSA,
16042 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
16043 + * included with this distribution is covered by the same copyright terms
16044 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16046 + * Copyright remains Eric Young's, and as such any Copyright notices in
16047 + * the code are not to be removed.
16048 + * If this package is used in a product, Eric Young should be given attribution
16049 + * as the author of the parts of the library used.
16050 + * This can be in the form of a textual message at program startup or
16051 + * in documentation (online or textual) provided with the package.
16053 + * Redistribution and use in source and binary forms, with or without
16054 + * modification, are permitted provided that the following conditions
16056 + * 1. Redistributions of source code must retain the copyright
16057 + * notice, this list of conditions and the following disclaimer.
16058 + * 2. Redistributions in binary form must reproduce the above copyright
16059 + * notice, this list of conditions and the following disclaimer in the
16060 + * documentation and/or other materials provided with the distribution.
16061 + * 3. All advertising materials mentioning features or use of this software
16062 + * must display the following acknowledgement:
16063 + * "This product includes cryptographic software written by
16064 + * Eric Young (eay@cryptsoft.com)"
16065 + * The word 'cryptographic' can be left out if the rouines from the library
16066 + * being used are not cryptographic related :-).
16067 + * 4. If you include any Windows specific code (or a derivative thereof) from
16068 + * the apps directory (application code) you must include an acknowledgement:
16069 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
16071 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
16072 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16073 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16074 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16075 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
16076 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
16077 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16078 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
16079 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
16080 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
16083 + * The licence and distribution terms for any publically available version or
16084 + * derivative of this code cannot be changed. i.e. this code cannot simply be
16085 + * copied and put under another distribution licence
16086 + * [including the GNU Public Licence.]
16089 +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
16091 + * Always modify des_locl.org since des_locl.h is automatically generated from
16092 + * it during SSLeay configuration.
16094 + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
16097 +#ifndef HEADER_DES_LOCL_H
16098 +#define HEADER_DES_LOCL_H
16100 +#if defined(WIN32) || defined(WIN16)
16108 +#ifndef DES_DEFAULT_OPTIONS
16109 +/* the following is tweaked from a config script, that is why it is a
16110 + * protected undef/define */
16115 +/* This helps C compiler generate the correct code for multiple functional
16116 + * units. It reduces register dependancies at the expense of 2 more
16126 +#if defined(DES_RISC1) && defined(DES_RISC2)
16127 +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
16130 +/* Unroll the inner loop, this sometimes helps, sometimes hinders.
16131 + * Very mucy CPU dependant */
16132 +#ifndef DES_UNROLL
16133 +#define DES_UNROLL
16136 +/* These default values were supplied by
16137 + * Peter Gutman <pgut001@cs.auckland.ac.nz>
16138 + * They are only used if nothing else has been defined */
16139 +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
16140 +/* Special defines which change the way the code is built depending on the
16141 + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
16142 + even newer MIPS CPU's, but at the moment one size fits all for
16143 + optimization options. Older Sparc's work better with only UNROLL, but
16144 + there's no way to tell at compile time what it is you're running on */
16146 +#if defined( sun ) /* Newer Sparc's */
16148 + #define DES_RISC1
16149 + #define DES_UNROLL
16150 +#elif defined( __ultrix ) /* Older MIPS */
16152 + #define DES_RISC2
16153 + #define DES_UNROLL
16154 +#elif defined( __osf1__ ) /* Alpha */
16156 + #define DES_RISC2
16157 +#elif defined ( _AIX ) /* RS6000 */
16159 +#elif defined( __hpux ) /* HP-PA */
16161 +#elif defined( __aux ) /* 68K */
16163 +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
16164 + #define DES_UNROLL
16165 +#elif defined( __sgi ) /* Newer MIPS */
16167 + #define DES_RISC2
16168 + #define DES_UNROLL
16169 +#elif defined( i386 ) /* x86 boxes, should be gcc */
16171 + #define DES_RISC1
16172 + #define DES_UNROLL
16173 +#endif /* Systems-specific speed defines */
16176 +#endif /* DES_DEFAULT_OPTIONS */
16178 +#ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */
16179 +#include <stdlib.h>
16180 +#include <errno.h>
16189 +#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
16190 +#include <string.h>
16202 +#define getpid() 2
16207 +#if defined(NOCONST)
16216 +#define srandom(s) srand(s)
16217 +#define random rand
16220 +#define ITERATIONS 16
16221 +#define HALF_ITERATIONS 8
16223 +/* used in des_read and des_write */
16224 +#define MAXWRITE (1024*16)
16225 +#define BSIZE (MAXWRITE+4)
16227 +#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
16228 + l|=((DES_LONG)(*((c)++)))<< 8L, \
16229 + l|=((DES_LONG)(*((c)++)))<<16L, \
16230 + l|=((DES_LONG)(*((c)++)))<<24L)
16232 +/* NOTE - c is not incremented as per c2l */
16233 +#define c2ln(c,l1,l2,n) { \
16237 + case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
16238 + case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
16239 + case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
16240 + case 5: l2|=((DES_LONG)(*(--(c)))); \
16241 + case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
16242 + case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
16243 + case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
16244 + case 1: l1|=((DES_LONG)(*(--(c)))); \
16248 +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
16249 + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
16250 + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
16251 + *((c)++)=(unsigned char)(((l)>>24L)&0xff))
16253 +/* replacements for htonl and ntohl since I have no idea what to do
16254 + * when faced with machines with 8 byte longs. */
16257 +#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
16258 + l|=((DES_LONG)(*((c)++)))<<16L, \
16259 + l|=((DES_LONG)(*((c)++)))<< 8L, \
16260 + l|=((DES_LONG)(*((c)++))))
16262 +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
16263 + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
16264 + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
16265 + *((c)++)=(unsigned char)(((l) )&0xff))
16267 +/* NOTE - c is not incremented as per l2c */
16268 +#define l2cn(l1,l2,c,n) { \
16271 + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
16272 + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
16273 + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
16274 + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
16275 + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
16276 + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
16277 + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
16278 + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
16282 +#if defined(WIN32)
16283 +#define ROTATE(a,n) (_lrotr(a,n))
16285 +#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
16288 +/* Don't worry about the LOAD_DATA() stuff, that is used by
16289 + * fcrypt() to add it's little bit to the front */
16293 +#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
16294 + { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
16296 +#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
16299 + tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
16300 + tmp=(t<<16); t^=R^s[S+1]; t^=tmp
16302 +#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
16303 +#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
16308 +/* The changes to this macro may help or hinder, depending on the
16309 + * compiler and the achitecture. gcc2 always seems to do well :-).
16310 + * Inspired by Dana How <how@isl.stanford.edu>
16311 + * DO NOT use the alternative version on machines with 8 byte longs.
16312 + * It does not seem to work on the Alpha, even when DES_LONG is 4
16313 + * bytes, probably an issue of accessing non-word aligned objects :-( */
16316 +/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
16317 + * is no reason to not xor all the sub items together. This potentially
16318 + * saves a register since things can be xored directly into L */
16320 +#if defined(DES_RISC1) || defined(DES_RISC2)
16322 +#define D_ENCRYPT(LL,R,S) { \
16323 + unsigned int u1,u2,u3; \
16324 + LOAD_DATA(R,S,u,t,E0,E1,u1); \
16326 + u1=(int)u&0xfc; \
16330 + LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \
16331 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
16332 + u3=(int)(u>>8L); \
16333 + u1=(int)u&0xfc; \
16335 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
16336 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
16338 + u1=(int)t&0xfc; \
16341 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
16342 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
16344 + u1=(int)t&0xfc; \
16346 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
16347 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
16350 +#define D_ENCRYPT(LL,R,S) { \
16351 + unsigned int u1,u2,s1,s2; \
16352 + LOAD_DATA(R,S,u,t,E0,E1,u1); \
16354 + u1=(int)u&0xfc; \
16357 + LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \
16358 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
16359 + s1=(int)(u>>16L); \
16360 + s2=(int)(u>>24L); \
16363 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
16364 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
16366 + u1=(int)t&0xfc; \
16368 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
16369 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
16370 + s1=(int)(t>>16L); \
16371 + s2=(int)(t>>24L); \
16374 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
16375 + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
16378 +#define D_ENCRYPT(LL,R,S) { \
16379 + LOAD_DATA_tmp(R,S,u,t,E0,E1); \
16382 + *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \
16383 + *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
16384 + *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
16385 + *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
16386 + *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \
16387 + *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
16388 + *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
16389 + *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
16392 +#else /* original version */
16394 +#if defined(DES_RISC1) || defined(DES_RISC2)
16396 +#define D_ENCRYPT(LL,R,S) {\
16397 + unsigned int u1,u2,u3; \
16398 + LOAD_DATA(R,S,u,t,E0,E1,u1); \
16402 + u1=(int)u&0x3f; \
16405 + LL^=des_SPtrans[0][u1]; \
16406 + LL^=des_SPtrans[2][u2]; \
16408 + u1=(int)u&0x3f; \
16410 + LL^=des_SPtrans[4][u1]; \
16411 + LL^=des_SPtrans[6][u3]; \
16413 + u1=(int)t&0x3f; \
16416 + LL^=des_SPtrans[1][u1]; \
16417 + LL^=des_SPtrans[3][u2]; \
16419 + u1=(int)t&0x3f; \
16421 + LL^=des_SPtrans[5][u1]; \
16422 + LL^=des_SPtrans[7][u3]; }
16425 +#define D_ENCRYPT(LL,R,S) {\
16426 + unsigned int u1,u2,s1,s2; \
16427 + LOAD_DATA(R,S,u,t,E0,E1,u1); \
16431 + u1=(int)u&0x3f; \
16433 + LL^=des_SPtrans[0][u1]; \
16434 + LL^=des_SPtrans[2][u2]; \
16435 + s1=(int)u>>16L; \
16436 + s2=(int)u>>24L; \
16439 + LL^=des_SPtrans[4][s1]; \
16440 + LL^=des_SPtrans[6][s2]; \
16442 + u1=(int)t&0x3f; \
16444 + LL^=des_SPtrans[1][u1]; \
16445 + LL^=des_SPtrans[3][u2]; \
16447 + s2=(int)t>>24L; \
16450 + LL^=des_SPtrans[5][s1]; \
16451 + LL^=des_SPtrans[7][s2]; }
16456 +#define D_ENCRYPT(LL,R,S) {\
16457 + LOAD_DATA_tmp(R,S,u,t,E0,E1); \
16460 + des_SPtrans[0][(u>> 2L)&0x3f]^ \
16461 + des_SPtrans[2][(u>>10L)&0x3f]^ \
16462 + des_SPtrans[4][(u>>18L)&0x3f]^ \
16463 + des_SPtrans[6][(u>>26L)&0x3f]^ \
16464 + des_SPtrans[1][(t>> 2L)&0x3f]^ \
16465 + des_SPtrans[3][(t>>10L)&0x3f]^ \
16466 + des_SPtrans[5][(t>>18L)&0x3f]^ \
16467 + des_SPtrans[7][(t>>26L)&0x3f]; }
16472 + * The problem is more of a geometric problem that random bit fiddling.
16473 + 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
16474 + 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
16475 + 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
16476 + 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
16478 + 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
16479 + 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
16480 + 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
16481 + 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
16483 + The output has been subject to swaps of the form
16484 + 0 1 -> 3 1 but the odd and even bits have been put into
16486 + different words. The main trick is to remember that
16487 + t=((l>>size)^r)&(mask);
16490 + can be used to swap and move bits between words.
16492 + So l = 0 1 2 3 r = 16 17 18 19
16493 + 4 5 6 7 20 21 22 23
16494 + 8 9 10 11 24 25 26 27
16495 + 12 13 14 15 28 29 30 31
16496 + becomes (for size == 2 and mask == 0x3333)
16497 + t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
16498 + 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
16499 + 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
16500 + 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
16502 + Thanks for hints from Richard Outerbridge - he told me IP&FP
16503 + could be done in 15 xor, 10 shifts and 5 ands.
16504 + When I finally started to think of the problem in 2D
16505 + I first got ~42 operations without xors. When I remembered
16506 + how to use xors :-) I got it to its final state.
16508 +#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
16514 + register DES_LONG tt; \
16515 + PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
16516 + PERM_OP(l,r,tt,16,0x0000ffffL); \
16517 + PERM_OP(r,l,tt, 2,0x33333333L); \
16518 + PERM_OP(l,r,tt, 8,0x00ff00ffL); \
16519 + PERM_OP(r,l,tt, 1,0x55555555L); \
16524 + register DES_LONG tt; \
16525 + PERM_OP(l,r,tt, 1,0x55555555L); \
16526 + PERM_OP(r,l,tt, 8,0x00ff00ffL); \
16527 + PERM_OP(l,r,tt, 2,0x33333333L); \
16528 + PERM_OP(r,l,tt,16,0x0000ffffL); \
16529 + PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
16532 +extern const DES_LONG des_SPtrans[8][64];
16535 +void fcrypt_body(DES_LONG *out,des_key_schedule ks,
16536 + DES_LONG Eswap0, DES_LONG Eswap1);
16538 +void fcrypt_body();
16542 diff -druN linux-noipsec/net/ipsec/libdes/des_opts.c linux/net/ipsec/libdes/des_opts.c
16543 --- linux-noipsec/net/ipsec/libdes/des_opts.c Thu Jan 1 01:00:00 1970
16544 +++ linux/net/ipsec/libdes/des_opts.c Thu Feb 18 17:41:13 1999
16546 +/* crypto/des/des_opts.c */
16547 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
16548 + * All rights reserved.
16550 + * This package is an SSL implementation written
16551 + * by Eric Young (eay@cryptsoft.com).
16552 + * The implementation was written so as to conform with Netscapes SSL.
16554 + * This library is free for commercial and non-commercial use as long as
16555 + * the following conditions are aheared to. The following conditions
16556 + * apply to all code found in this distribution, be it the RC4, RSA,
16557 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
16558 + * included with this distribution is covered by the same copyright terms
16559 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16561 + * Copyright remains Eric Young's, and as such any Copyright notices in
16562 + * the code are not to be removed.
16563 + * If this package is used in a product, Eric Young should be given attribution
16564 + * as the author of the parts of the library used.
16565 + * This can be in the form of a textual message at program startup or
16566 + * in documentation (online or textual) provided with the package.
16568 + * Redistribution and use in source and binary forms, with or without
16569 + * modification, are permitted provided that the following conditions
16571 + * 1. Redistributions of source code must retain the copyright
16572 + * notice, this list of conditions and the following disclaimer.
16573 + * 2. Redistributions in binary form must reproduce the above copyright
16574 + * notice, this list of conditions and the following disclaimer in the
16575 + * documentation and/or other materials provided with the distribution.
16576 + * 3. All advertising materials mentioning features or use of this software
16577 + * must display the following acknowledgement:
16578 + * "This product includes cryptographic software written by
16579 + * Eric Young (eay@cryptsoft.com)"
16580 + * The word 'cryptographic' can be left out if the rouines from the library
16581 + * being used are not cryptographic related :-).
16582 + * 4. If you include any Windows specific code (or a derivative thereof) from
16583 + * the apps directory (application code) you must include an acknowledgement:
16584 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
16586 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
16587 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16588 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16589 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16590 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
16591 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
16592 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16593 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
16594 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
16595 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
16598 + * The licence and distribution terms for any publically available version or
16599 + * derivative of this code cannot be changed. i.e. this code cannot simply be
16600 + * copied and put under another distribution licence
16601 + * [including the GNU Public Licence.]
16604 +/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
16605 + * This is for machines with 64k code segment size restrictions. */
16611 +#include <stdio.h>
16613 +#include <unistd.h>
16616 +extern void exit();
16618 +#include <signal.h>
16624 +#include <sys/types.h>
16625 +#include <sys/times.h>
16628 +#include <types.h>
16630 + time_t tms_utime;
16631 + time_t tms_stime;
16632 + time_t tms_uchild; /* I dunno... */
16633 + time_t tms_uchildsys; /* so these names are a guess :-) */
16637 +#include <sys/timeb.h>
16641 +#include <limits.h>
16642 +#include <sys/param.h>
16648 +#define DES_DEFAULT_OPTIONS
16650 +#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
16664 +#define des_encrypt des_encrypt_u4_cisc_idx
16665 +#define des_encrypt2 des_encrypt2_u4_cisc_idx
16666 +#define des_encrypt3 des_encrypt3_u4_cisc_idx
16667 +#define des_decrypt3 des_decrypt3_u4_cisc_idx
16668 +#undef HEADER_DES_LOCL_H
16669 +#include "des_enc.c"
16671 +#define DES_UNROLL
16676 +#undef des_encrypt
16677 +#undef des_encrypt2
16678 +#undef des_encrypt3
16679 +#undef des_decrypt3
16680 +#define des_encrypt des_encrypt_u16_cisc_idx
16681 +#define des_encrypt2 des_encrypt2_u16_cisc_idx
16682 +#define des_encrypt3 des_encrypt3_u16_cisc_idx
16683 +#define des_decrypt3 des_decrypt3_u16_cisc_idx
16684 +#undef HEADER_DES_LOCL_H
16685 +#include "des_enc.c"
16692 +#undef des_encrypt
16693 +#undef des_encrypt2
16694 +#undef des_encrypt3
16695 +#undef des_decrypt3
16696 +#define des_encrypt des_encrypt_u4_risc1_idx
16697 +#define des_encrypt2 des_encrypt2_u4_risc1_idx
16698 +#define des_encrypt3 des_encrypt3_u4_risc1_idx
16699 +#define des_decrypt3 des_decrypt3_u4_risc1_idx
16700 +#undef HEADER_DES_LOCL_H
16701 +#include "des_enc.c"
16712 +#undef des_encrypt
16713 +#undef des_encrypt2
16714 +#undef des_encrypt3
16715 +#undef des_decrypt3
16716 +#define des_encrypt des_encrypt_u4_risc2_idx
16717 +#define des_encrypt2 des_encrypt2_u4_risc2_idx
16718 +#define des_encrypt3 des_encrypt3_u4_risc2_idx
16719 +#define des_decrypt3 des_decrypt3_u4_risc2_idx
16720 +#undef HEADER_DES_LOCL_H
16721 +#include "des_enc.c"
16723 +#define DES_UNROLL
16728 +#undef des_encrypt
16729 +#undef des_encrypt2
16730 +#undef des_encrypt3
16731 +#undef des_decrypt3
16732 +#define des_encrypt des_encrypt_u16_risc1_idx
16733 +#define des_encrypt2 des_encrypt2_u16_risc1_idx
16734 +#define des_encrypt3 des_encrypt3_u16_risc1_idx
16735 +#define des_decrypt3 des_decrypt3_u16_risc1_idx
16736 +#undef HEADER_DES_LOCL_H
16737 +#include "des_enc.c"
16739 +#define DES_UNROLL
16744 +#undef des_encrypt
16745 +#undef des_encrypt2
16746 +#undef des_encrypt3
16747 +#undef des_decrypt3
16748 +#define des_encrypt des_encrypt_u16_risc2_idx
16749 +#define des_encrypt2 des_encrypt2_u16_risc2_idx
16750 +#define des_encrypt3 des_encrypt3_u16_risc2_idx
16751 +#define des_decrypt3 des_decrypt3_u16_risc2_idx
16752 +#undef HEADER_DES_LOCL_H
16753 +#include "des_enc.c"
16764 +#undef des_encrypt
16765 +#undef des_encrypt2
16766 +#undef des_encrypt3
16767 +#undef des_decrypt3
16768 +#define des_encrypt des_encrypt_u4_cisc_ptr
16769 +#define des_encrypt2 des_encrypt2_u4_cisc_ptr
16770 +#define des_encrypt3 des_encrypt3_u4_cisc_ptr
16771 +#define des_decrypt3 des_decrypt3_u4_cisc_ptr
16772 +#undef HEADER_DES_LOCL_H
16773 +#include "des_enc.c"
16775 +#define DES_UNROLL
16780 +#undef des_encrypt
16781 +#undef des_encrypt2
16782 +#undef des_encrypt3
16783 +#undef des_decrypt3
16784 +#define des_encrypt des_encrypt_u16_cisc_ptr
16785 +#define des_encrypt2 des_encrypt2_u16_cisc_ptr
16786 +#define des_encrypt3 des_encrypt3_u16_cisc_ptr
16787 +#define des_decrypt3 des_decrypt3_u16_cisc_ptr
16788 +#undef HEADER_DES_LOCL_H
16789 +#include "des_enc.c"
16796 +#undef des_encrypt
16797 +#undef des_encrypt2
16798 +#undef des_encrypt3
16799 +#undef des_decrypt3
16800 +#define des_encrypt des_encrypt_u4_risc1_ptr
16801 +#define des_encrypt2 des_encrypt2_u4_risc1_ptr
16802 +#define des_encrypt3 des_encrypt3_u4_risc1_ptr
16803 +#define des_decrypt3 des_decrypt3_u4_risc1_ptr
16804 +#undef HEADER_DES_LOCL_H
16805 +#include "des_enc.c"
16816 +#undef des_encrypt
16817 +#undef des_encrypt2
16818 +#undef des_encrypt3
16819 +#undef des_decrypt3
16820 +#define des_encrypt des_encrypt_u4_risc2_ptr
16821 +#define des_encrypt2 des_encrypt2_u4_risc2_ptr
16822 +#define des_encrypt3 des_encrypt3_u4_risc2_ptr
16823 +#define des_decrypt3 des_decrypt3_u4_risc2_ptr
16824 +#undef HEADER_DES_LOCL_H
16825 +#include "des_enc.c"
16827 +#define DES_UNROLL
16832 +#undef des_encrypt
16833 +#undef des_encrypt2
16834 +#undef des_encrypt3
16835 +#undef des_decrypt3
16836 +#define des_encrypt des_encrypt_u16_risc1_ptr
16837 +#define des_encrypt2 des_encrypt2_u16_risc1_ptr
16838 +#define des_encrypt3 des_encrypt3_u16_risc1_ptr
16839 +#define des_decrypt3 des_decrypt3_u16_risc1_ptr
16840 +#undef HEADER_DES_LOCL_H
16841 +#include "des_enc.c"
16843 +#define DES_UNROLL
16848 +#undef des_encrypt
16849 +#undef des_encrypt2
16850 +#undef des_encrypt3
16851 +#undef des_decrypt3
16852 +#define des_encrypt des_encrypt_u16_risc2_ptr
16853 +#define des_encrypt2 des_encrypt2_u16_risc2_ptr
16854 +#define des_encrypt3 des_encrypt3_u16_risc2_ptr
16855 +#define des_decrypt3 des_decrypt3_u16_risc2_ptr
16856 +#undef HEADER_DES_LOCL_H
16857 +#include "des_enc.c"
16861 +/* The following if from times(3) man page. It may need to be changed */
16864 +# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
16870 +# else /* _BSD_CLK_TCK_ */
16871 +# define HZ ((double)_BSD_CLK_TCK_)
16873 +# else /* CLK_TCK */
16874 +# define HZ ((double)CLK_TCK)
16878 +#define BUFSIZE ((long)1024)
16882 +double Time_F(int s);
16888 +#if defined(__STDC__) || defined(sgi)
16889 +#define SIGRETTYPE void
16891 +#define SIGRETTYPE int
16895 +SIGRETTYPE sig_done(int sig);
16897 +SIGRETTYPE sig_done();
16900 +SIGRETTYPE sig_done(sig)
16903 + signal(SIGALRM,sig_done);
16919 + static struct tms tstart,tend;
16929 + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
16930 + return((ret == 0.0)?1e-6:ret);
16932 +#else /* !times() */
16933 + static struct timeb tstart,tend;
16944 + i=(long)tend.millitm-(long)tstart.millitm;
16945 + ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
16946 + return((ret == 0.0)?1e-6:ret);
16952 +#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
16954 +#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
16957 +#define time_it(func,name,index) \
16958 + print_name(name); \
16960 + for (count=0,run=1; COND(cb); count++) \
16962 + unsigned long d[2]; \
16963 + func(d,&(sch[0]),DES_ENCRYPT); \
16965 + tm[index]=Time_F(STOP); \
16966 + fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
16967 + tm[index]=((double)COUNT(cb))/tm[index];
16969 +#define print_it(name,index) \
16970 + fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
16971 + tm[index]*8,1.0e6/tm[index]);
16973 +int main(argc,argv)
16978 + static unsigned char buf[BUFSIZE];
16979 + static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
16980 + static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
16981 + static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
16982 + des_key_schedule sch,sch2,sch3;
16983 + double d,tm[16],max=0;
16986 + int max_idx=0,i,num=0,j;
16988 + long ca,cb,cc,cd,ce;
16991 + for (i=0; i<12; i++)
16998 + fprintf(stderr,"To get the most acurate results, try to run this\n");
16999 + fprintf(stderr,"program when this computer is idle.\n");
17002 + des_set_key((C_Block *)key,sch);
17003 + des_set_key((C_Block *)key2,sch2);
17004 + des_set_key((C_Block *)key3,sch3);
17007 + fprintf(stderr,"First we calculate the approximate speed ...\n");
17008 + des_set_key((C_Block *)key,sch);
17012 + unsigned long data[2];
17016 + for (i=count; i; i--)
17017 + des_encrypt(data,&(sch[0]),DES_ENCRYPT);
17019 + } while (d < 3.0);
17022 + cc=count*3*8/BUFSIZE+1;
17023 + cd=count*8/BUFSIZE+1;
17026 +#define COND(d) (count != (d))
17027 +#define COUNT(d) (d)
17029 +#define COND(c) (run)
17030 +#define COUNT(d) (count)
17031 + signal(SIGALRM,sig_done);
17036 + time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0);
17037 + time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
17038 + time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
17042 + time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
17043 + time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
17044 + time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
17048 + time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6);
17049 + time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
17050 + time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
17054 + time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
17055 + time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
17056 + time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
17062 + print_it("des_encrypt_u4_cisc_idx ",0);
17066 + print_it("des_encrypt_u16_cisc_idx ",1);
17067 + if (max < tm[1]) { max=tm[1]; max_idx=1; }
17068 + str[2]=" 4 r1 i";
17069 + print_it("des_encrypt_u4_risc1_idx ",2);
17070 + if (max < tm[2]) { max=tm[2]; max_idx=2; }
17073 + str[3]="16 r1 i";
17074 + print_it("des_encrypt_u16_risc1_idx",3);
17075 + if (max < tm[3]) { max=tm[3]; max_idx=3; }
17076 + str[4]=" 4 r2 i";
17077 + print_it("des_encrypt_u4_risc2_idx ",4);
17078 + if (max < tm[4]) { max=tm[4]; max_idx=4; }
17079 + str[5]="16 r2 i";
17080 + print_it("des_encrypt_u16_risc2_idx",5);
17081 + if (max < tm[5]) { max=tm[5]; max_idx=5; }
17085 + print_it("des_encrypt_u4_cisc_ptr ",6);
17086 + if (max < tm[6]) { max=tm[6]; max_idx=6; }
17088 + print_it("des_encrypt_u16_cisc_ptr ",7);
17089 + if (max < tm[7]) { max=tm[7]; max_idx=7; }
17090 + str[8]=" 4 r1 p";
17091 + print_it("des_encrypt_u4_risc1_ptr ",8);
17092 + if (max < tm[8]) { max=tm[8]; max_idx=8; }
17095 + str[9]="16 r1 p";
17096 + print_it("des_encrypt_u16_risc1_ptr",9);
17097 + if (max < tm[9]) { max=tm[9]; max_idx=9; }
17098 + str[10]=" 4 r2 p";
17099 + print_it("des_encrypt_u4_risc2_ptr ",10);
17100 + if (max < tm[10]) { max=tm[10]; max_idx=10; }
17101 + str[11]="16 r2 p";
17102 + print_it("des_encrypt_u16_risc2_ptr",11);
17103 + if (max < tm[11]) { max=tm[11]; max_idx=11; }
17105 + printf("options des ecb/s\n");
17106 + printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
17108 + tm[max_idx]= -2.0;
17112 + for (i=0; i<12; i++)
17114 + if (max < tm[i]) { max=tm[i]; j=i; }
17116 + if (max < 0.0) break;
17117 + printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
17125 + printf("-DDES_DEFAULT_OPTIONS\n");
17128 + printf("-DDES_UNROLL\n");
17131 + printf("-DDES_RISC1\n");
17134 + printf("-DDES_UNROLL -DDES_RISC1\n");
17137 + printf("-DDES_RISC2\n");
17140 + printf("-DDES_UNROLL -DDES_RISC2\n");
17143 + printf("-DDES_PTR\n");
17146 + printf("-DDES_UNROLL -DDES_PTR\n");
17149 + printf("-DDES_RISC1 -DDES_PTR\n");
17152 + printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
17155 + printf("-DDES_RISC2 -DDES_PTR\n");
17158 + printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
17162 +#if defined(LINT) || defined(MSDOS)
17166 diff -druN linux-noipsec/net/ipsec/libdes/des_ver.h linux/net/ipsec/libdes/des_ver.h
17167 --- linux-noipsec/net/ipsec/libdes/des_ver.h Thu Jan 1 01:00:00 1970
17168 +++ linux/net/ipsec/libdes/des_ver.h Thu Feb 18 17:41:13 1999
17170 +/* crypto/des/des_ver.h */
17171 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
17172 + * All rights reserved.
17174 + * This package is an SSL implementation written
17175 + * by Eric Young (eay@cryptsoft.com).
17176 + * The implementation was written so as to conform with Netscapes SSL.
17178 + * This library is free for commercial and non-commercial use as long as
17179 + * the following conditions are aheared to. The following conditions
17180 + * apply to all code found in this distribution, be it the RC4, RSA,
17181 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
17182 + * included with this distribution is covered by the same copyright terms
17183 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17185 + * Copyright remains Eric Young's, and as such any Copyright notices in
17186 + * the code are not to be removed.
17187 + * If this package is used in a product, Eric Young should be given attribution
17188 + * as the author of the parts of the library used.
17189 + * This can be in the form of a textual message at program startup or
17190 + * in documentation (online or textual) provided with the package.
17192 + * Redistribution and use in source and binary forms, with or without
17193 + * modification, are permitted provided that the following conditions
17195 + * 1. Redistributions of source code must retain the copyright
17196 + * notice, this list of conditions and the following disclaimer.
17197 + * 2. Redistributions in binary form must reproduce the above copyright
17198 + * notice, this list of conditions and the following disclaimer in the
17199 + * documentation and/or other materials provided with the distribution.
17200 + * 3. All advertising materials mentioning features or use of this software
17201 + * must display the following acknowledgement:
17202 + * "This product includes cryptographic software written by
17203 + * Eric Young (eay@cryptsoft.com)"
17204 + * The word 'cryptographic' can be left out if the rouines from the library
17205 + * being used are not cryptographic related :-).
17206 + * 4. If you include any Windows specific code (or a derivative thereof) from
17207 + * the apps directory (application code) you must include an acknowledgement:
17208 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
17210 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
17211 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17212 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17213 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17214 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17215 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17216 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17217 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17218 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17219 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17222 + * The licence and distribution terms for any publically available version or
17223 + * derivative of this code cannot be changed. i.e. this code cannot simply be
17224 + * copied and put under another distribution licence
17225 + * [including the GNU Public Licence.]
17228 +extern char *DES_version; /* SSLeay version string */
17229 +extern char *libdes_version; /* old libdes version string */
17230 diff -druN linux-noipsec/net/ipsec/libdes/destest.c linux/net/ipsec/libdes/destest.c
17231 --- linux-noipsec/net/ipsec/libdes/destest.c Thu Jan 1 01:00:00 1970
17232 +++ linux/net/ipsec/libdes/destest.c Thu Feb 18 17:41:13 1999
17234 +/* crypto/des/destest.c */
17235 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
17236 + * All rights reserved.
17238 + * This package is an SSL implementation written
17239 + * by Eric Young (eay@cryptsoft.com).
17240 + * The implementation was written so as to conform with Netscapes SSL.
17242 + * This library is free for commercial and non-commercial use as long as
17243 + * the following conditions are aheared to. The following conditions
17244 + * apply to all code found in this distribution, be it the RC4, RSA,
17245 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
17246 + * included with this distribution is covered by the same copyright terms
17247 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17249 + * Copyright remains Eric Young's, and as such any Copyright notices in
17250 + * the code are not to be removed.
17251 + * If this package is used in a product, Eric Young should be given attribution
17252 + * as the author of the parts of the library used.
17253 + * This can be in the form of a textual message at program startup or
17254 + * in documentation (online or textual) provided with the package.
17256 + * Redistribution and use in source and binary forms, with or without
17257 + * modification, are permitted provided that the following conditions
17259 + * 1. Redistributions of source code must retain the copyright
17260 + * notice, this list of conditions and the following disclaimer.
17261 + * 2. Redistributions in binary form must reproduce the above copyright
17262 + * notice, this list of conditions and the following disclaimer in the
17263 + * documentation and/or other materials provided with the distribution.
17264 + * 3. All advertising materials mentioning features or use of this software
17265 + * must display the following acknowledgement:
17266 + * "This product includes cryptographic software written by
17267 + * Eric Young (eay@cryptsoft.com)"
17268 + * The word 'cryptographic' can be left out if the rouines from the library
17269 + * being used are not cryptographic related :-).
17270 + * 4. If you include any Windows specific code (or a derivative thereof) from
17271 + * the apps directory (application code) you must include an acknowledgement:
17272 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
17274 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
17275 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17276 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17277 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17278 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17279 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17280 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17281 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17282 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17283 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17286 + * The licence and distribution terms for any publically available version or
17287 + * derivative of this code cannot be changed. i.e. this code cannot simply be
17288 + * copied and put under another distribution licence
17289 + * [including the GNU Public Licence.]
17292 +#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
17298 +#include <stdio.h>
17299 +#include <stdlib.h>
17301 +#include <unistd.h>
17305 +#include <string.h>
17308 +/* tisk tisk - the test keys don't all have odd parity :-( */
17310 +#define NUM_TESTS 34
17311 +static unsigned char key_data[NUM_TESTS][8]={
17312 + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17313 + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
17314 + {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17315 + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
17316 + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
17317 + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
17318 + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17319 + {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
17320 + {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
17321 + {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
17322 + {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
17323 + {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
17324 + {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
17325 + {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
17326 + {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
17327 + {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
17328 + {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
17329 + {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
17330 + {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
17331 + {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
17332 + {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
17333 + {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
17334 + {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
17335 + {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
17336 + {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
17337 + {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
17338 + {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
17339 + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
17340 + {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
17341 + {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
17342 + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17343 + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
17344 + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
17345 + {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
17347 +static unsigned char plain_data[NUM_TESTS][8]={
17348 + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17349 + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
17350 + {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
17351 + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
17352 + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
17353 + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
17354 + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17355 + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
17356 + {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
17357 + {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
17358 + {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
17359 + {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
17360 + {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
17361 + {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
17362 + {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
17363 + {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
17364 + {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
17365 + {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
17366 + {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
17367 + {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
17368 + {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
17369 + {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
17370 + {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
17371 + {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
17372 + {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
17373 + {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
17374 + {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
17375 + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
17376 + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
17377 + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
17378 + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
17379 + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17380 + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
17381 + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
17383 +static unsigned char cipher_data[NUM_TESTS][8]={
17384 + {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
17385 + {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
17386 + {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
17387 + {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
17388 + {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
17389 + {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
17390 + {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
17391 + {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
17392 + {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
17393 + {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
17394 + {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
17395 + {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
17396 + {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
17397 + {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
17398 + {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
17399 + {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
17400 + {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
17401 + {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
17402 + {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
17403 + {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
17404 + {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
17405 + {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
17406 + {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
17407 + {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
17408 + {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
17409 + {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
17410 + {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
17411 + {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
17412 + {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
17413 + {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
17414 + {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
17415 + {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
17416 + {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
17417 + {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
17419 +static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
17420 + {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
17421 + {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
17422 + {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
17423 + {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
17424 + {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
17425 + {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
17426 + {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
17427 + {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
17428 + {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
17429 + {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
17430 + {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
17431 + {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
17432 + {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
17433 + {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
17434 + {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
17435 + {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
17436 + {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
17437 + {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
17438 + {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
17439 + {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
17440 + {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
17441 + {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
17442 + {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
17443 + {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
17444 + {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
17445 + {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
17446 + {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
17447 + {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
17448 + {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
17449 + {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
17450 + {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
17451 + {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
17452 + {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
17454 +static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
17455 +static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
17456 +static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
17457 +static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
17458 +static char cbc_data[40]="7654321 Now is the time for \0001";
17460 +static unsigned char cbc_ok[32]={
17461 + 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
17462 + 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
17463 + 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
17464 + 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
17466 +static unsigned char xcbc_ok[32]={
17467 + 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
17468 + 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
17469 + 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
17470 + 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
17473 +static unsigned char cbc3_ok[32]={
17474 + 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
17475 + 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
17476 + 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
17477 + 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
17479 +static unsigned char pcbc_ok[32]={
17480 + 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
17481 + 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
17482 + 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
17483 + 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
17485 +static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
17486 +static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
17487 +static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
17488 +static unsigned char plain[24]=
17490 + 0x4e,0x6f,0x77,0x20,0x69,0x73,
17491 + 0x20,0x74,0x68,0x65,0x20,0x74,
17492 + 0x69,0x6d,0x65,0x20,0x66,0x6f,
17493 + 0x72,0x20,0x61,0x6c,0x6c,0x20
17495 +static unsigned char cfb_cipher8[24]= {
17496 + 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
17497 + 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
17498 +static unsigned char cfb_cipher16[24]={
17499 + 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
17500 + 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
17501 +static unsigned char cfb_cipher32[24]={
17502 + 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
17503 + 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
17504 +static unsigned char cfb_cipher48[24]={
17505 + 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
17506 + 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
17507 +static unsigned char cfb_cipher64[24]={
17508 + 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
17509 + 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
17511 +static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
17512 +static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
17513 +static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
17514 +static unsigned char ofb_cipher[24]=
17516 + 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
17517 + 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
17518 + 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
17521 +DES_LONG cbc_cksum_ret=0xB462FEF7L;
17522 +unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
17525 +static char *pt(unsigned char *p);
17526 +static int cfb_test(int bits, unsigned char *cfb_cipher);
17527 +static int cfb64_test(unsigned char *cfb_cipher);
17528 +static int ede_cfb64_test(unsigned char *cfb_cipher);
17530 +static char *pt();
17531 +static int cfb_test();
17532 +static int cfb64_test();
17533 +static int ede_cfb64_test();
17536 +int main(argc,argv)
17541 + des_cblock in,out,outin,iv3;
17542 + des_key_schedule ks,ks2,ks3;
17543 + unsigned char cbc_in[40];
17544 + unsigned char cbc_out[40];
17546 + unsigned char qret[4][4],cret[8];
17547 + DES_LONG lqret[4];
17551 + printf("Doing ecb\n");
17552 + for (i=0; i<NUM_TESTS; i++)
17554 + if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
17556 + printf("Key error %2d:%d\n",i+1,j);
17559 + memcpy(in,plain_data[i],8);
17561 + memset(outin,0,8);
17562 + des_ecb_encrypt((C_Block *)in,(C_Block *)out,ks,DES_ENCRYPT);
17563 + des_ecb_encrypt((C_Block *)out,(C_Block *)outin,ks,DES_DECRYPT);
17565 + if (memcmp(out,cipher_data[i],8) != 0)
17567 + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
17568 + i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
17572 + if (memcmp(in,outin,8) != 0)
17574 + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
17575 + i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
17580 +#ifndef LIBDES_LIT
17581 + printf("Doing ede ecb\n");
17582 + for (i=0; i<(NUM_TESTS-1); i++)
17584 + if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
17587 + printf("Key error %2d:%d\n",i+1,j);
17589 + if ((j=des_key_sched((C_Block *)(key_data[i+1]),ks2)) != 0)
17591 + printf("Key error %2d:%d\n",i+2,j);
17594 + if ((j=des_key_sched((C_Block *)(key_data[i+2]),ks3)) != 0)
17596 + printf("Key error %2d:%d\n",i+3,j);
17599 + memcpy(in,plain_data[i],8);
17601 + memset(outin,0,8);
17602 + des_ecb2_encrypt((C_Block *)in,(C_Block *)out,ks,ks2,
17604 + des_ecb2_encrypt((C_Block *)out,(C_Block *)outin,ks,ks2,
17607 + if (memcmp(out,cipher_ecb2[i],8) != 0)
17609 + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
17610 + i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
17614 + if (memcmp(in,outin,8) != 0)
17616 + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
17617 + i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
17623 + printf("Doing cbc\n");
17624 + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
17626 + printf("Key error %d\n",j);
17629 + memset(cbc_out,0,40);
17630 + memset(cbc_in,0,40);
17631 + memcpy(iv3,cbc_iv,sizeof(cbc_iv));
17632 + des_ncbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
17633 + (long)strlen((char *)cbc_data)+1,ks,
17634 + (C_Block *)iv3,DES_ENCRYPT);
17635 + if (memcmp(cbc_out,cbc_ok,32) != 0)
17636 + printf("cbc_encrypt encrypt error\n");
17638 + memcpy(iv3,cbc_iv,sizeof(cbc_iv));
17639 + des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
17640 + (long)strlen((char *)cbc_data)+1,ks,
17641 + (C_Block *)iv3,DES_DECRYPT);
17642 + if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
17644 + printf("cbc_encrypt decrypt error\n");
17648 +#ifndef LIBDES_LIT
17649 + printf("Doing desx cbc\n");
17650 + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
17652 + printf("Key error %d\n",j);
17655 + memset(cbc_out,0,40);
17656 + memset(cbc_in,0,40);
17657 + memcpy(iv3,cbc_iv,sizeof(cbc_iv));
17658 + des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
17659 + (long)strlen((char *)cbc_data)+1,ks,
17661 + (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT);
17662 + if (memcmp(cbc_out,xcbc_ok,32) != 0)
17664 + printf("des_xcbc_encrypt encrypt error\n");
17666 + memcpy(iv3,cbc_iv,sizeof(cbc_iv));
17667 + des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
17668 + (long)strlen((char *)cbc_data)+1,ks,
17670 + (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
17671 + if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
17673 + printf("des_xcbc_encrypt decrypt error\n");
17678 + printf("Doing ede cbc\n");
17679 + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
17681 + printf("Key error %d\n",j);
17684 + if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0)
17686 + printf("Key error %d\n",j);
17689 + if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0)
17691 + printf("Key error %d\n",j);
17694 + memset(cbc_out,0,40);
17695 + memset(cbc_in,0,40);
17696 + i=strlen((char *)cbc_data)+1;
17697 + /* i=((i+7)/8)*8; */
17698 + memcpy(iv3,cbc_iv,sizeof(cbc_iv));
17700 + des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
17701 + 16L,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
17702 + des_ede3_cbc_encrypt((C_Block *)&(cbc_data[16]),
17703 + (C_Block *)&(cbc_out[16]),
17704 + (long)i-16,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
17705 + if (memcmp(cbc_out,cbc3_ok,
17706 + (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
17708 + printf("des_ede3_cbc_encrypt encrypt error\n");
17712 + memcpy(iv3,cbc_iv,sizeof(cbc_iv));
17713 + des_ede3_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
17714 + (long)i,ks,ks2,ks3,(C_Block *)iv3,DES_DECRYPT);
17715 + if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
17717 + printf("des_ede3_cbc_encrypt decrypt error\n");
17721 +#ifndef LIBDES_LIT
17722 + printf("Doing pcbc\n");
17723 + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
17725 + printf("Key error %d\n",j);
17728 + memset(cbc_out,0,40);
17729 + memset(cbc_in,0,40);
17730 + des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
17731 + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_ENCRYPT);
17732 + if (memcmp(cbc_out,pcbc_ok,32) != 0)
17734 + printf("pcbc_encrypt encrypt error\n");
17737 + des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
17738 + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT);
17739 + if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
17741 + printf("pcbc_encrypt decrypt error\n");
17745 + printf("Doing ");
17747 + err+=cfb_test(8,cfb_cipher8);
17748 + printf("cfb16 ");
17749 + err+=cfb_test(16,cfb_cipher16);
17750 + printf("cfb32 ");
17751 + err+=cfb_test(32,cfb_cipher32);
17752 + printf("cfb48 ");
17753 + err+=cfb_test(48,cfb_cipher48);
17754 + printf("cfb64 ");
17755 + err+=cfb_test(64,cfb_cipher64);
17757 + printf("cfb64() ");
17758 + err+=cfb64_test(cfb_cipher64);
17760 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
17761 + for (i=0; i<sizeof(plain); i++)
17762 + des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
17763 + 8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
17764 + if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
17766 + printf("cfb_encrypt small encrypt error\n");
17770 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
17771 + for (i=0; i<sizeof(plain); i++)
17772 + des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
17773 + 8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
17774 + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
17776 + printf("cfb_encrypt small decrypt error\n");
17780 + printf("ede_cfb64() ");
17781 + err+=ede_cfb64_test(cfb_cipher64);
17783 + printf("done\n");
17785 + printf("Doing ofb\n");
17786 + des_key_sched((C_Block *)ofb_key,ks);
17787 + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
17788 + des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
17789 + (C_Block *)ofb_tmp);
17790 + if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
17792 + printf("ofb_encrypt encrypt error\n");
17793 +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
17794 +ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
17795 +ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
17796 +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
17797 +ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
17798 +ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
17801 + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
17802 + des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
17803 + (C_Block *)ofb_tmp);
17804 + if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
17806 + printf("ofb_encrypt decrypt error\n");
17807 +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
17808 +ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
17809 +ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
17810 +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
17811 +plain[8+0], plain[8+1], plain[8+2], plain[8+3],
17812 +plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
17816 + printf("Doing ofb64\n");
17817 + des_key_sched((C_Block *)ofb_key,ks);
17818 + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
17819 + memset(ofb_buf1,0,sizeof(ofb_buf1));
17820 + memset(ofb_buf2,0,sizeof(ofb_buf1));
17822 + for (i=0; i<sizeof(plain); i++)
17824 + des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
17825 + (C_Block *)ofb_tmp,&num);
17827 + if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
17829 + printf("ofb64_encrypt encrypt error\n");
17832 + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
17834 + des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
17835 + (C_Block *)ofb_tmp,&num);
17836 + if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
17838 + printf("ofb64_encrypt decrypt error\n");
17842 + printf("Doing ede_ofb64\n");
17843 + des_key_sched((C_Block *)ofb_key,ks);
17844 + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
17845 + memset(ofb_buf1,0,sizeof(ofb_buf1));
17846 + memset(ofb_buf2,0,sizeof(ofb_buf1));
17848 + for (i=0; i<sizeof(plain); i++)
17850 + des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
17851 + (C_Block *)ofb_tmp,&num);
17853 + if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
17855 + printf("ede_ofb64_encrypt encrypt error\n");
17858 + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
17860 + des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
17861 + ks,ks,(C_Block *)ofb_tmp,&num);
17862 + if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
17864 + printf("ede_ofb64_encrypt decrypt error\n");
17868 + printf("Doing cbc_cksum\n");
17869 + des_key_sched((C_Block *)cbc_key,ks);
17870 + cs=des_cbc_cksum((C_Block *)cbc_data,(C_Block *)cret,
17871 + (long)strlen(cbc_data),ks,(C_Block *)cbc_iv);
17872 + if (cs != cbc_cksum_ret)
17874 + printf("bad return value (%08lX), should be %08lX\n",
17875 + (unsigned long)cs,(unsigned long)cbc_cksum_ret);
17878 + if (memcmp(cret,cbc_cksum_data,8) != 0)
17880 + printf("bad cbc_cksum block returned\n");
17884 + printf("Doing quad_cksum\n");
17885 + cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
17886 + (long)strlen(cbc_data),2,(C_Block *)cbc_iv);
17887 + for (i=0; i<4; i++)
17890 + memcpy(&(lqret[i]),&(qret[i][0]),4);
17892 + { /* Big-endian fix */
17893 + static DES_LONG l=1;
17894 + static unsigned char *c=(unsigned char *)&l;
17899 + ll=lqret[0]^lqret[3];
17902 + ll=lqret[1]^lqret[2];
17907 + if (cs != 0x70d7a63aL)
17909 + printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
17910 + (unsigned long)cs);
17913 + if (lqret[0] != 0x327eba8dL)
17915 + printf("quad_cksum error, out[0] %08lx is not %08lx\n",
17916 + (unsigned long)lqret[0],0x327eba8dL);
17919 + if (lqret[1] != 0x201a49ccL)
17921 + printf("quad_cksum error, out[1] %08lx is not %08lx\n",
17922 + (unsigned long)lqret[1],0x201a49ccL);
17925 + if (lqret[2] != 0x70d7a63aL)
17927 + printf("quad_cksum error, out[2] %08lx is not %08lx\n",
17928 + (unsigned long)lqret[2],0x70d7a63aL);
17931 + if (lqret[3] != 0x501c2c26L)
17933 + printf("quad_cksum error, out[3] %08lx is not %08lx\n",
17934 + (unsigned long)lqret[3],0x501c2c26L);
17939 + printf("input word alignment test");
17940 + for (i=0; i<4; i++)
17943 + des_ncbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
17944 + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
17947 + printf("\noutput word alignment test");
17948 + for (i=0; i<4; i++)
17951 + des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
17952 + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
17956 + printf("fast crypt test ");
17957 + str=crypt("testing","ef");
17958 + if (strcmp("efGnQx2725bI2",str) != 0)
17960 + printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
17963 + str=crypt("bca76;23","yA");
17964 + if (strcmp("yA1Rp/1hZXIJk",str) != 0)
17966 + printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
17974 +static char *pt(p)
17977 + static char bufs[10][20];
17978 + static int bnum=0;
17981 + static char *f="0123456789ABCDEF";
17983 + ret= &(bufs[bnum++][0]);
17985 + for (i=0; i<8; i++)
17987 + ret[i*2]=f[(p[i]>>4)&0xf];
17988 + ret[i*2+1]=f[p[i]&0xf];
17994 +#ifndef LIBDES_LIT
17996 +static int cfb_test(bits, cfb_cipher)
17998 +unsigned char *cfb_cipher;
18000 + des_key_schedule ks;
18003 + des_key_sched((C_Block *)cfb_key,ks);
18004 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
18005 + des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
18006 + (C_Block *)cfb_tmp,DES_ENCRYPT);
18007 + if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
18010 + printf("cfb_encrypt encrypt error\n");
18011 + for (i=0; i<24; i+=8)
18012 + printf("%s\n",pt(&(cfb_buf1[i])));
18014 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
18015 + des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
18016 + (C_Block *)cfb_tmp,DES_DECRYPT);
18017 + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
18020 + printf("cfb_encrypt decrypt error\n");
18021 + for (i=0; i<24; i+=8)
18022 + printf("%s\n",pt(&(cfb_buf1[i])));
18027 +static int cfb64_test(cfb_cipher)
18028 +unsigned char *cfb_cipher;
18030 + des_key_schedule ks;
18033 + des_key_sched((C_Block *)cfb_key,ks);
18034 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
18036 + des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
18037 + (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
18038 + des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
18039 + (long)sizeof(plain)-12,ks,
18040 + (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
18041 + if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
18044 + printf("cfb_encrypt encrypt error\n");
18045 + for (i=0; i<24; i+=8)
18046 + printf("%s\n",pt(&(cfb_buf1[i])));
18048 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
18050 + des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
18051 + (C_Block *)cfb_tmp,&n,DES_DECRYPT);
18052 + des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
18053 + (long)sizeof(plain)-17,ks,
18054 + (C_Block *)cfb_tmp,&n,DES_DECRYPT);
18055 + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
18058 + printf("cfb_encrypt decrypt error\n");
18059 + for (i=0; i<24; i+=8)
18060 + printf("%s\n",pt(&(cfb_buf2[i])));
18065 +static int ede_cfb64_test(cfb_cipher)
18066 +unsigned char *cfb_cipher;
18068 + des_key_schedule ks;
18071 + des_key_sched((C_Block *)cfb_key,ks);
18072 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
18074 + des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
18075 + (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
18076 + des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
18077 + (long)sizeof(plain)-12,ks,ks,ks,
18078 + (C_Block *)cfb_tmp,&n,DES_ENCRYPT);
18079 + if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
18082 + printf("ede_cfb_encrypt encrypt error\n");
18083 + for (i=0; i<24; i+=8)
18084 + printf("%s\n",pt(&(cfb_buf1[i])));
18086 + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
18088 + des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
18089 + (C_Block *)cfb_tmp,&n,DES_DECRYPT);
18090 + des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
18091 + (long)sizeof(plain)-17,ks,ks,ks,
18092 + (C_Block *)cfb_tmp,&n,DES_DECRYPT);
18093 + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
18096 + printf("ede_cfb_encrypt decrypt error\n");
18097 + for (i=0; i<24; i+=8)
18098 + printf("%s\n",pt(&(cfb_buf2[i])));
18105 diff -druN linux-noipsec/net/ipsec/libdes/ecb_enc.c linux/net/ipsec/libdes/ecb_enc.c
18106 --- linux-noipsec/net/ipsec/libdes/ecb_enc.c Thu Jan 1 01:00:00 1970
18107 +++ linux/net/ipsec/libdes/ecb_enc.c Tue Apr 6 00:02:01 1999
18109 +/* crypto/des/ecb_enc.c */
18110 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
18111 + * All rights reserved.
18113 + * This package is an SSL implementation written
18114 + * by Eric Young (eay@cryptsoft.com).
18115 + * The implementation was written so as to conform with Netscapes SSL.
18117 + * This library is free for commercial and non-commercial use as long as
18118 + * the following conditions are aheared to. The following conditions
18119 + * apply to all code found in this distribution, be it the RC4, RSA,
18120 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
18121 + * included with this distribution is covered by the same copyright terms
18122 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
18124 + * Copyright remains Eric Young's, and as such any Copyright notices in
18125 + * the code are not to be removed.
18126 + * If this package is used in a product, Eric Young should be given attribution
18127 + * as the author of the parts of the library used.
18128 + * This can be in the form of a textual message at program startup or
18129 + * in documentation (online or textual) provided with the package.
18131 + * Redistribution and use in source and binary forms, with or without
18132 + * modification, are permitted provided that the following conditions
18134 + * 1. Redistributions of source code must retain the copyright
18135 + * notice, this list of conditions and the following disclaimer.
18136 + * 2. Redistributions in binary form must reproduce the above copyright
18137 + * notice, this list of conditions and the following disclaimer in the
18138 + * documentation and/or other materials provided with the distribution.
18139 + * 3. All advertising materials mentioning features or use of this software
18140 + * must display the following acknowledgement:
18141 + * "This product includes cryptographic software written by
18142 + * Eric Young (eay@cryptsoft.com)"
18143 + * The word 'cryptographic' can be left out if the rouines from the library
18144 + * being used are not cryptographic related :-).
18145 + * 4. If you include any Windows specific code (or a derivative thereof) from
18146 + * the apps directory (application code) you must include an acknowledgement:
18147 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
18149 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
18150 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18151 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18152 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18153 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18154 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18155 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18156 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
18157 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
18158 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
18161 + * The licence and distribution terms for any publically available version or
18162 + * derivative of this code cannot be changed. i.e. this code cannot simply be
18163 + * copied and put under another distribution licence
18164 + * [including the GNU Public Licence.]
18167 +#include "des_locl.h"
18170 +char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay";
18171 +char *DES_version="DES part of SSLeay 0.8.2b 08-Jan-1998";
18174 +/* This function ifdef'ed out for FreeS/WAN project. */
18176 +char *des_options()
18178 + static int init=1;
18179 + static char buf[32];
18183 + char *ptr,*unroll,*risc,*size;
18191 +#if defined(DES_RISC1) || defined(DES_RISC2)
18206 + if (sizeof(DES_LONG) != sizeof(long))
18210 + sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
18217 +void des_ecb_encrypt(input, output, ks, enc)
18218 +des_cblock (*input);
18219 +des_cblock (*output);
18220 +des_key_schedule ks;
18223 + register DES_LONG l;
18224 + register unsigned char *in,*out;
18227 + in=(unsigned char *)input;
18228 + out=(unsigned char *)output;
18229 + c2l(in,l); ll[0]=l;
18230 + c2l(in,l); ll[1]=l;
18231 + des_encrypt(ll,ks,enc);
18232 + l=ll[0]; l2c(l,out);
18233 + l=ll[1]; l2c(l,out);
18237 diff -druN linux-noipsec/net/ipsec/libdes/fcrypt.c linux/net/ipsec/libdes/fcrypt.c
18238 --- linux-noipsec/net/ipsec/libdes/fcrypt.c Thu Jan 1 01:00:00 1970
18239 +++ linux/net/ipsec/libdes/fcrypt.c Wed Oct 4 16:54:11 2000
18243 +/* This version of crypt has been developed from my MIT compatable
18245 + * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
18246 + * Eric Young (eay@cryptsoft.com)
18249 +/* Modification by Jens Kupferschmidt (Cu)
18250 + * I have included directive PARA for shared memory computers.
18251 + * I have included a directive LONGCRYPT to using this routine to cipher
18252 + * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
18253 + * definition is the maximum of lenght of password and can changed. I have
18257 +#include "des_locl.h"
18259 +/* Added more values to handle illegal salt values the way normal
18260 + * crypt() implementations do. The patch was sent by
18261 + * Bjorn Gronvall <bg@sics.se>
18263 +static unsigned const char con_salt[128]={
18264 +0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
18265 +0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
18266 +0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
18267 +0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
18268 +0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
18269 +0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
18270 +0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
18271 +0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
18272 +0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
18273 +0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
18274 +0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
18275 +0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
18276 +0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
18277 +0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
18278 +0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
18279 +0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
18282 +static unsigned const char cov_2char[64]={
18283 +0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
18284 +0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
18285 +0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
18286 +0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
18287 +0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
18288 +0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
18289 +0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
18290 +0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
18294 +void fcrypt_body(DES_LONG *out,des_key_schedule ks,
18295 + DES_LONG Eswap0, DES_LONG Eswap1);
18298 +char *des_crypt(const char *buf,const char *salt);
18300 +char *crypt(const char *buf,const char *salt);
18303 +void fcrypt_body();
18305 +char *des_crypt();
18312 +char *des_crypt(buf,salt)
18314 +char *crypt(buf,salt)
18319 + static char buff[14];
18321 + return(des_fcrypt(buf,salt,buff));
18325 +char *des_fcrypt(buf,salt,ret)
18330 + unsigned int i,j,x,y;
18331 + DES_LONG Eswap0,Eswap1;
18332 + DES_LONG out[2],ll;
18334 + des_key_schedule ks;
18335 + unsigned char bb[9];
18336 + unsigned char *b=bb;
18337 + unsigned char c,u;
18340 + * If you call crypt("pwd","*") as often happens when you
18341 + * have * as the pwd field in /etc/passwd, the function
18342 + * returns *\0XXXXXXXXX
18343 + * The \0 makes the string look like * so the pwd "*" would
18344 + * crypt to "*". This was found when replacing the crypt in
18345 + * our shared libraries. People found that the disbled
18346 + * accounts effectivly had no passwd :-(. */
18347 + x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
18348 + Eswap0=con_salt[x]<<2;
18349 + x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
18350 + Eswap1=con_salt[x]<<6;
18356 + for (i=0; i<8; i++)
18365 + des_set_key((des_cblock *)(key),ks);
18366 + fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
18368 + ll=out[0]; l2c(ll,b);
18369 + ll=out[1]; l2c(ll,b);
18373 + for (i=2; i<13; i++)
18376 + for (j=0; j<6; j++)
18379 + if (bb[y] & u) c|=1;
18387 + ret[i]=cov_2char[c];
18393 diff -druN linux-noipsec/net/ipsec/libdes/fcrypt_b.c linux/net/ipsec/libdes/fcrypt_b.c
18394 --- linux-noipsec/net/ipsec/libdes/fcrypt_b.c Thu Jan 1 01:00:00 1970
18395 +++ linux/net/ipsec/libdes/fcrypt_b.c Thu Feb 18 17:41:14 1999
18397 +/* crypto/des/fcrypt_b.c */
18398 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
18399 + * All rights reserved.
18401 + * This package is an SSL implementation written
18402 + * by Eric Young (eay@cryptsoft.com).
18403 + * The implementation was written so as to conform with Netscapes SSL.
18405 + * This library is free for commercial and non-commercial use as long as
18406 + * the following conditions are aheared to. The following conditions
18407 + * apply to all code found in this distribution, be it the RC4, RSA,
18408 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
18409 + * included with this distribution is covered by the same copyright terms
18410 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
18412 + * Copyright remains Eric Young's, and as such any Copyright notices in
18413 + * the code are not to be removed.
18414 + * If this package is used in a product, Eric Young should be given attribution
18415 + * as the author of the parts of the library used.
18416 + * This can be in the form of a textual message at program startup or
18417 + * in documentation (online or textual) provided with the package.
18419 + * Redistribution and use in source and binary forms, with or without
18420 + * modification, are permitted provided that the following conditions
18422 + * 1. Redistributions of source code must retain the copyright
18423 + * notice, this list of conditions and the following disclaimer.
18424 + * 2. Redistributions in binary form must reproduce the above copyright
18425 + * notice, this list of conditions and the following disclaimer in the
18426 + * documentation and/or other materials provided with the distribution.
18427 + * 3. All advertising materials mentioning features or use of this software
18428 + * must display the following acknowledgement:
18429 + * "This product includes cryptographic software written by
18430 + * Eric Young (eay@cryptsoft.com)"
18431 + * The word 'cryptographic' can be left out if the rouines from the library
18432 + * being used are not cryptographic related :-).
18433 + * 4. If you include any Windows specific code (or a derivative thereof) from
18434 + * the apps directory (application code) you must include an acknowledgement:
18435 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
18437 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
18438 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18439 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18440 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18441 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18442 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18443 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18444 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
18445 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
18446 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
18449 + * The licence and distribution terms for any publically available version or
18450 + * derivative of this code cannot be changed. i.e. this code cannot simply be
18451 + * copied and put under another distribution licence
18452 + * [including the GNU Public Licence.]
18455 +#include <stdio.h>
18457 +/* This version of crypt has been developed from my MIT compatable
18459 + * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
18460 + * Eric Young (eay@cryptsoft.com)
18463 +#define DES_FCRYPT
18464 +#include "des_locl.h"
18468 +#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
18473 +#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
18474 + (a)=(a)^(t)^(t>>(16-(n))))\
18476 +void fcrypt_body(out, ks, Eswap0, Eswap1)
18478 +des_key_schedule ks;
18482 + register DES_LONG l,r,t,u;
18484 + register unsigned char *des_SP=(unsigned char *)des_SPtrans;
18486 + register DES_LONG *s;
18488 + register DES_LONG E0,E1;
18493 + s=(DES_LONG *)ks;
18497 + for (j=0; j<25; j++)
18502 + for (i=0; i<32; i+=8)
18504 + D_ENCRYPT(l,r,i+0); /* 1 */
18505 + D_ENCRYPT(r,l,i+2); /* 2 */
18506 + D_ENCRYPT(l,r,i+4); /* 1 */
18507 + D_ENCRYPT(r,l,i+6); /* 2 */
18510 + D_ENCRYPT(l,r, 0); /* 1 */
18511 + D_ENCRYPT(r,l, 2); /* 2 */
18512 + D_ENCRYPT(l,r, 4); /* 3 */
18513 + D_ENCRYPT(r,l, 6); /* 4 */
18514 + D_ENCRYPT(l,r, 8); /* 5 */
18515 + D_ENCRYPT(r,l,10); /* 6 */
18516 + D_ENCRYPT(l,r,12); /* 7 */
18517 + D_ENCRYPT(r,l,14); /* 8 */
18518 + D_ENCRYPT(l,r,16); /* 9 */
18519 + D_ENCRYPT(r,l,18); /* 10 */
18520 + D_ENCRYPT(l,r,20); /* 11 */
18521 + D_ENCRYPT(r,l,22); /* 12 */
18522 + D_ENCRYPT(l,r,24); /* 13 */
18523 + D_ENCRYPT(r,l,26); /* 14 */
18524 + D_ENCRYPT(l,r,28); /* 15 */
18525 + D_ENCRYPT(r,l,30); /* 16 */
18532 + l=ROTATE(l,3)&0xffffffffL;
18533 + r=ROTATE(r,3)&0xffffffffL;
18535 + PERM_OP(l,r,t, 1,0x55555555L);
18536 + PERM_OP(r,l,t, 8,0x00ff00ffL);
18537 + PERM_OP(l,r,t, 2,0x33333333L);
18538 + PERM_OP(r,l,t,16,0x0000ffffL);
18539 + PERM_OP(l,r,t, 4,0x0f0f0f0fL);
18545 diff -druN linux-noipsec/net/ipsec/libdes/podd.h linux/net/ipsec/libdes/podd.h
18546 --- linux-noipsec/net/ipsec/libdes/podd.h Thu Jan 1 01:00:00 1970
18547 +++ linux/net/ipsec/libdes/podd.h Thu Feb 18 17:41:15 1999
18549 +/* crypto/des/podd.h */
18550 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
18551 + * All rights reserved.
18553 + * This package is an SSL implementation written
18554 + * by Eric Young (eay@cryptsoft.com).
18555 + * The implementation was written so as to conform with Netscapes SSL.
18557 + * This library is free for commercial and non-commercial use as long as
18558 + * the following conditions are aheared to. The following conditions
18559 + * apply to all code found in this distribution, be it the RC4, RSA,
18560 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
18561 + * included with this distribution is covered by the same copyright terms
18562 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
18564 + * Copyright remains Eric Young's, and as such any Copyright notices in
18565 + * the code are not to be removed.
18566 + * If this package is used in a product, Eric Young should be given attribution
18567 + * as the author of the parts of the library used.
18568 + * This can be in the form of a textual message at program startup or
18569 + * in documentation (online or textual) provided with the package.
18571 + * Redistribution and use in source and binary forms, with or without
18572 + * modification, are permitted provided that the following conditions
18574 + * 1. Redistributions of source code must retain the copyright
18575 + * notice, this list of conditions and the following disclaimer.
18576 + * 2. Redistributions in binary form must reproduce the above copyright
18577 + * notice, this list of conditions and the following disclaimer in the
18578 + * documentation and/or other materials provided with the distribution.
18579 + * 3. All advertising materials mentioning features or use of this software
18580 + * must display the following acknowledgement:
18581 + * "This product includes cryptographic software written by
18582 + * Eric Young (eay@cryptsoft.com)"
18583 + * The word 'cryptographic' can be left out if the rouines from the library
18584 + * being used are not cryptographic related :-).
18585 + * 4. If you include any Windows specific code (or a derivative thereof) from
18586 + * the apps directory (application code) you must include an acknowledgement:
18587 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
18589 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
18590 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18591 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18592 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18593 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18594 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18595 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18596 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
18597 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
18598 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
18601 + * The licence and distribution terms for any publically available version or
18602 + * derivative of this code cannot be changed. i.e. this code cannot simply be
18603 + * copied and put under another distribution licence
18604 + * [including the GNU Public Licence.]
18607 +static const unsigned char odd_parity[256]={
18608 + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
18609 + 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
18610 + 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
18611 + 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
18612 + 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
18613 + 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
18614 + 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
18615 +112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
18616 +128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
18617 +145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
18618 +161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
18619 +176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
18620 +193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
18621 +208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
18622 +224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
18623 +241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
18624 diff -druN linux-noipsec/net/ipsec/libdes/set_key.c linux/net/ipsec/libdes/set_key.c
18625 --- linux-noipsec/net/ipsec/libdes/set_key.c Thu Jan 1 01:00:00 1970
18626 +++ linux/net/ipsec/libdes/set_key.c Thu Feb 18 17:41:15 1999
18628 +/* crypto/des/set_key.c */
18629 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
18630 + * All rights reserved.
18632 + * This package is an SSL implementation written
18633 + * by Eric Young (eay@cryptsoft.com).
18634 + * The implementation was written so as to conform with Netscapes SSL.
18636 + * This library is free for commercial and non-commercial use as long as
18637 + * the following conditions are aheared to. The following conditions
18638 + * apply to all code found in this distribution, be it the RC4, RSA,
18639 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
18640 + * included with this distribution is covered by the same copyright terms
18641 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
18643 + * Copyright remains Eric Young's, and as such any Copyright notices in
18644 + * the code are not to be removed.
18645 + * If this package is used in a product, Eric Young should be given attribution
18646 + * as the author of the parts of the library used.
18647 + * This can be in the form of a textual message at program startup or
18648 + * in documentation (online or textual) provided with the package.
18650 + * Redistribution and use in source and binary forms, with or without
18651 + * modification, are permitted provided that the following conditions
18653 + * 1. Redistributions of source code must retain the copyright
18654 + * notice, this list of conditions and the following disclaimer.
18655 + * 2. Redistributions in binary form must reproduce the above copyright
18656 + * notice, this list of conditions and the following disclaimer in the
18657 + * documentation and/or other materials provided with the distribution.
18658 + * 3. All advertising materials mentioning features or use of this software
18659 + * must display the following acknowledgement:
18660 + * "This product includes cryptographic software written by
18661 + * Eric Young (eay@cryptsoft.com)"
18662 + * The word 'cryptographic' can be left out if the rouines from the library
18663 + * being used are not cryptographic related :-).
18664 + * 4. If you include any Windows specific code (or a derivative thereof) from
18665 + * the apps directory (application code) you must include an acknowledgement:
18666 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
18668 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
18669 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18670 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18671 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18672 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18673 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18674 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18675 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
18676 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
18677 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
18680 + * The licence and distribution terms for any publically available version or
18681 + * derivative of this code cannot be changed. i.e. this code cannot simply be
18682 + * copied and put under another distribution licence
18683 + * [including the GNU Public Licence.]
18686 +/* set_key.c v 1.4 eay 24/9/91
18687 + * 1.4 Speed up by 400% :-)
18688 + * 1.3 added register declarations.
18689 + * 1.2 unrolled make_key_sched a bit more
18690 + * 1.1 added norm_expand_bits
18691 + * 1.0 First working version
18693 +#include "des_locl.h"
18698 +static int check_parity(des_cblock (*key));
18700 +static int check_parity();
18703 +int des_check_key=0;
18705 +void des_set_odd_parity(key)
18706 +des_cblock (*key);
18710 + for (i=0; i<DES_KEY_SZ; i++)
18711 + (*key)[i]=odd_parity[(*key)[i]];
18714 +static int check_parity(key)
18715 +des_cblock (*key);
18719 + for (i=0; i<DES_KEY_SZ; i++)
18721 + if ((*key)[i] != odd_parity[(*key)[i]])
18727 +/* Weak and semi week keys as take from
18730 + * %T Security for Computer Networks
18731 + * %I John Wiley & Sons
18733 + * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
18734 + * (and actual cblock values).
18736 +#define NUM_WEAK_KEY 16
18737 +static des_cblock weak_keys[NUM_WEAK_KEY]={
18739 + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
18740 + {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
18741 + {0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
18742 + {0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
18743 + /* semi-weak keys */
18744 + {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
18745 + {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
18746 + {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
18747 + {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
18748 + {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
18749 + {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
18750 + {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
18751 + {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
18752 + {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
18753 + {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
18754 + {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
18755 + {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
18757 +int des_is_weak_key(key)
18758 +des_cblock (*key);
18762 + for (i=0; i<NUM_WEAK_KEY; i++)
18763 + /* Added == 0 to comparision, I obviously don't run
18764 + * this section very often :-(, thanks to
18765 + * engineering@MorningStar.Com for the fix
18767 + * Another problem, I was comparing only the first 4
18768 + * bytes, 97/03/18 */
18769 + if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1);
18773 +/* NOW DEFINED IN des_local.h
18774 + * See ecb_encrypt.c for a pseudo description of these macros.
18775 + * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
18777 + * (a)=((a)^((t)<<(n))))
18780 +#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
18781 + (a)=(a)^(t)^(t>>(16-(n))))
18783 +/* return 0 if key parity is odd (correct),
18784 + * return -1 if key parity error,
18785 + * return -2 if illegal weak key.
18787 +int des_set_key(key, schedule)
18788 +des_cblock (*key);
18789 +des_key_schedule schedule;
18791 + static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
18792 + register DES_LONG c,d,t,s,t2;
18793 + register unsigned char *in;
18794 + register DES_LONG *k;
18797 + if (des_check_key)
18799 + if (!check_parity(key))
18802 + if (des_is_weak_key(key))
18806 + k=(DES_LONG *)schedule;
18807 + in=(unsigned char *)key;
18812 + /* do PC1 in 60 simple operations */
18813 +/* PERM_OP(d,c,t,4,0x0f0f0f0fL);
18814 + HPERM_OP(c,t,-2, 0xcccc0000L);
18815 + HPERM_OP(c,t,-1, 0xaaaa0000L);
18816 + HPERM_OP(c,t, 8, 0x00ff0000L);
18817 + HPERM_OP(c,t,-1, 0xaaaa0000L);
18818 + HPERM_OP(d,t,-8, 0xff000000L);
18819 + HPERM_OP(d,t, 8, 0x00ff0000L);
18820 + HPERM_OP(d,t, 2, 0x33330000L);
18821 + d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
18822 + d=(d>>8)|((c&0xf0000000L)>>4);
18823 + c&=0x0fffffffL; */
18825 + /* I now do it in 47 simple operations :-)
18826 + * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
18827 + * for the inspiration. :-) */
18828 + PERM_OP (d,c,t,4,0x0f0f0f0fL);
18829 + HPERM_OP(c,t,-2,0xcccc0000L);
18830 + HPERM_OP(d,t,-2,0xcccc0000L);
18831 + PERM_OP (d,c,t,1,0x55555555L);
18832 + PERM_OP (c,d,t,8,0x00ff00ffL);
18833 + PERM_OP (d,c,t,1,0x55555555L);
18834 + d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) |
18835 + ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
18838 + for (i=0; i<ITERATIONS; i++)
18841 + { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
18843 + { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
18846 + /* could be a few less shifts but I am to lazy at this
18847 + * point in time to investigate */
18848 + s= des_skb[0][ (c )&0x3f ]|
18849 + des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]|
18850 + des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]|
18851 + des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) |
18852 + ((c>>22L)&0x38)];
18853 + t= des_skb[4][ (d )&0x3f ]|
18854 + des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
18855 + des_skb[6][ (d>>15L)&0x3f ]|
18856 + des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
18858 + /* table contained 0213 4657 */
18859 + t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
18860 + *(k++)=ROTATE(t2,30)&0xffffffffL;
18862 + t2=((s>>16L)|(t&0xffff0000L));
18863 + *(k++)=ROTATE(t2,26)&0xffffffffL;
18868 +int des_key_sched(key, schedule)
18869 +des_cblock (*key);
18870 +des_key_schedule schedule;
18872 + return(des_set_key(key,schedule));
18874 diff -druN linux-noipsec/net/ipsec/libdes/sk.h linux/net/ipsec/libdes/sk.h
18875 --- linux-noipsec/net/ipsec/libdes/sk.h Thu Jan 1 01:00:00 1970
18876 +++ linux/net/ipsec/libdes/sk.h Thu Feb 18 17:41:16 1999
18878 +/* crypto/des/sk.h */
18879 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
18880 + * All rights reserved.
18882 + * This package is an SSL implementation written
18883 + * by Eric Young (eay@cryptsoft.com).
18884 + * The implementation was written so as to conform with Netscapes SSL.
18886 + * This library is free for commercial and non-commercial use as long as
18887 + * the following conditions are aheared to. The following conditions
18888 + * apply to all code found in this distribution, be it the RC4, RSA,
18889 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
18890 + * included with this distribution is covered by the same copyright terms
18891 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
18893 + * Copyright remains Eric Young's, and as such any Copyright notices in
18894 + * the code are not to be removed.
18895 + * If this package is used in a product, Eric Young should be given attribution
18896 + * as the author of the parts of the library used.
18897 + * This can be in the form of a textual message at program startup or
18898 + * in documentation (online or textual) provided with the package.
18900 + * Redistribution and use in source and binary forms, with or without
18901 + * modification, are permitted provided that the following conditions
18903 + * 1. Redistributions of source code must retain the copyright
18904 + * notice, this list of conditions and the following disclaimer.
18905 + * 2. Redistributions in binary form must reproduce the above copyright
18906 + * notice, this list of conditions and the following disclaimer in the
18907 + * documentation and/or other materials provided with the distribution.
18908 + * 3. All advertising materials mentioning features or use of this software
18909 + * must display the following acknowledgement:
18910 + * "This product includes cryptographic software written by
18911 + * Eric Young (eay@cryptsoft.com)"
18912 + * The word 'cryptographic' can be left out if the rouines from the library
18913 + * being used are not cryptographic related :-).
18914 + * 4. If you include any Windows specific code (or a derivative thereof) from
18915 + * the apps directory (application code) you must include an acknowledgement:
18916 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
18918 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
18919 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18920 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18921 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18922 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18923 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18924 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18925 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
18926 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
18927 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
18930 + * The licence and distribution terms for any publically available version or
18931 + * derivative of this code cannot be changed. i.e. this code cannot simply be
18932 + * copied and put under another distribution licence
18933 + * [including the GNU Public Licence.]
18936 +static const DES_LONG des_skb[8][64]={
18938 +/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
18939 +0x00000000L,0x00000010L,0x20000000L,0x20000010L,
18940 +0x00010000L,0x00010010L,0x20010000L,0x20010010L,
18941 +0x00000800L,0x00000810L,0x20000800L,0x20000810L,
18942 +0x00010800L,0x00010810L,0x20010800L,0x20010810L,
18943 +0x00000020L,0x00000030L,0x20000020L,0x20000030L,
18944 +0x00010020L,0x00010030L,0x20010020L,0x20010030L,
18945 +0x00000820L,0x00000830L,0x20000820L,0x20000830L,
18946 +0x00010820L,0x00010830L,0x20010820L,0x20010830L,
18947 +0x00080000L,0x00080010L,0x20080000L,0x20080010L,
18948 +0x00090000L,0x00090010L,0x20090000L,0x20090010L,
18949 +0x00080800L,0x00080810L,0x20080800L,0x20080810L,
18950 +0x00090800L,0x00090810L,0x20090800L,0x20090810L,
18951 +0x00080020L,0x00080030L,0x20080020L,0x20080030L,
18952 +0x00090020L,0x00090030L,0x20090020L,0x20090030L,
18953 +0x00080820L,0x00080830L,0x20080820L,0x20080830L,
18954 +0x00090820L,0x00090830L,0x20090820L,0x20090830L,
18956 +/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
18957 +0x00000000L,0x02000000L,0x00002000L,0x02002000L,
18958 +0x00200000L,0x02200000L,0x00202000L,0x02202000L,
18959 +0x00000004L,0x02000004L,0x00002004L,0x02002004L,
18960 +0x00200004L,0x02200004L,0x00202004L,0x02202004L,
18961 +0x00000400L,0x02000400L,0x00002400L,0x02002400L,
18962 +0x00200400L,0x02200400L,0x00202400L,0x02202400L,
18963 +0x00000404L,0x02000404L,0x00002404L,0x02002404L,
18964 +0x00200404L,0x02200404L,0x00202404L,0x02202404L,
18965 +0x10000000L,0x12000000L,0x10002000L,0x12002000L,
18966 +0x10200000L,0x12200000L,0x10202000L,0x12202000L,
18967 +0x10000004L,0x12000004L,0x10002004L,0x12002004L,
18968 +0x10200004L,0x12200004L,0x10202004L,0x12202004L,
18969 +0x10000400L,0x12000400L,0x10002400L,0x12002400L,
18970 +0x10200400L,0x12200400L,0x10202400L,0x12202400L,
18971 +0x10000404L,0x12000404L,0x10002404L,0x12002404L,
18972 +0x10200404L,0x12200404L,0x10202404L,0x12202404L,
18974 +/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
18975 +0x00000000L,0x00000001L,0x00040000L,0x00040001L,
18976 +0x01000000L,0x01000001L,0x01040000L,0x01040001L,
18977 +0x00000002L,0x00000003L,0x00040002L,0x00040003L,
18978 +0x01000002L,0x01000003L,0x01040002L,0x01040003L,
18979 +0x00000200L,0x00000201L,0x00040200L,0x00040201L,
18980 +0x01000200L,0x01000201L,0x01040200L,0x01040201L,
18981 +0x00000202L,0x00000203L,0x00040202L,0x00040203L,
18982 +0x01000202L,0x01000203L,0x01040202L,0x01040203L,
18983 +0x08000000L,0x08000001L,0x08040000L,0x08040001L,
18984 +0x09000000L,0x09000001L,0x09040000L,0x09040001L,
18985 +0x08000002L,0x08000003L,0x08040002L,0x08040003L,
18986 +0x09000002L,0x09000003L,0x09040002L,0x09040003L,
18987 +0x08000200L,0x08000201L,0x08040200L,0x08040201L,
18988 +0x09000200L,0x09000201L,0x09040200L,0x09040201L,
18989 +0x08000202L,0x08000203L,0x08040202L,0x08040203L,
18990 +0x09000202L,0x09000203L,0x09040202L,0x09040203L,
18992 +/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
18993 +0x00000000L,0x00100000L,0x00000100L,0x00100100L,
18994 +0x00000008L,0x00100008L,0x00000108L,0x00100108L,
18995 +0x00001000L,0x00101000L,0x00001100L,0x00101100L,
18996 +0x00001008L,0x00101008L,0x00001108L,0x00101108L,
18997 +0x04000000L,0x04100000L,0x04000100L,0x04100100L,
18998 +0x04000008L,0x04100008L,0x04000108L,0x04100108L,
18999 +0x04001000L,0x04101000L,0x04001100L,0x04101100L,
19000 +0x04001008L,0x04101008L,0x04001108L,0x04101108L,
19001 +0x00020000L,0x00120000L,0x00020100L,0x00120100L,
19002 +0x00020008L,0x00120008L,0x00020108L,0x00120108L,
19003 +0x00021000L,0x00121000L,0x00021100L,0x00121100L,
19004 +0x00021008L,0x00121008L,0x00021108L,0x00121108L,
19005 +0x04020000L,0x04120000L,0x04020100L,0x04120100L,
19006 +0x04020008L,0x04120008L,0x04020108L,0x04120108L,
19007 +0x04021000L,0x04121000L,0x04021100L,0x04121100L,
19008 +0x04021008L,0x04121008L,0x04021108L,0x04121108L,
19010 +/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
19011 +0x00000000L,0x10000000L,0x00010000L,0x10010000L,
19012 +0x00000004L,0x10000004L,0x00010004L,0x10010004L,
19013 +0x20000000L,0x30000000L,0x20010000L,0x30010000L,
19014 +0x20000004L,0x30000004L,0x20010004L,0x30010004L,
19015 +0x00100000L,0x10100000L,0x00110000L,0x10110000L,
19016 +0x00100004L,0x10100004L,0x00110004L,0x10110004L,
19017 +0x20100000L,0x30100000L,0x20110000L,0x30110000L,
19018 +0x20100004L,0x30100004L,0x20110004L,0x30110004L,
19019 +0x00001000L,0x10001000L,0x00011000L,0x10011000L,
19020 +0x00001004L,0x10001004L,0x00011004L,0x10011004L,
19021 +0x20001000L,0x30001000L,0x20011000L,0x30011000L,
19022 +0x20001004L,0x30001004L,0x20011004L,0x30011004L,
19023 +0x00101000L,0x10101000L,0x00111000L,0x10111000L,
19024 +0x00101004L,0x10101004L,0x00111004L,0x10111004L,
19025 +0x20101000L,0x30101000L,0x20111000L,0x30111000L,
19026 +0x20101004L,0x30101004L,0x20111004L,0x30111004L,
19028 +/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
19029 +0x00000000L,0x08000000L,0x00000008L,0x08000008L,
19030 +0x00000400L,0x08000400L,0x00000408L,0x08000408L,
19031 +0x00020000L,0x08020000L,0x00020008L,0x08020008L,
19032 +0x00020400L,0x08020400L,0x00020408L,0x08020408L,
19033 +0x00000001L,0x08000001L,0x00000009L,0x08000009L,
19034 +0x00000401L,0x08000401L,0x00000409L,0x08000409L,
19035 +0x00020001L,0x08020001L,0x00020009L,0x08020009L,
19036 +0x00020401L,0x08020401L,0x00020409L,0x08020409L,
19037 +0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
19038 +0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
19039 +0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
19040 +0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
19041 +0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
19042 +0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
19043 +0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
19044 +0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
19046 +/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
19047 +0x00000000L,0x00000100L,0x00080000L,0x00080100L,
19048 +0x01000000L,0x01000100L,0x01080000L,0x01080100L,
19049 +0x00000010L,0x00000110L,0x00080010L,0x00080110L,
19050 +0x01000010L,0x01000110L,0x01080010L,0x01080110L,
19051 +0x00200000L,0x00200100L,0x00280000L,0x00280100L,
19052 +0x01200000L,0x01200100L,0x01280000L,0x01280100L,
19053 +0x00200010L,0x00200110L,0x00280010L,0x00280110L,
19054 +0x01200010L,0x01200110L,0x01280010L,0x01280110L,
19055 +0x00000200L,0x00000300L,0x00080200L,0x00080300L,
19056 +0x01000200L,0x01000300L,0x01080200L,0x01080300L,
19057 +0x00000210L,0x00000310L,0x00080210L,0x00080310L,
19058 +0x01000210L,0x01000310L,0x01080210L,0x01080310L,
19059 +0x00200200L,0x00200300L,0x00280200L,0x00280300L,
19060 +0x01200200L,0x01200300L,0x01280200L,0x01280300L,
19061 +0x00200210L,0x00200310L,0x00280210L,0x00280310L,
19062 +0x01200210L,0x01200310L,0x01280210L,0x01280310L,
19064 +/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
19065 +0x00000000L,0x04000000L,0x00040000L,0x04040000L,
19066 +0x00000002L,0x04000002L,0x00040002L,0x04040002L,
19067 +0x00002000L,0x04002000L,0x00042000L,0x04042000L,
19068 +0x00002002L,0x04002002L,0x00042002L,0x04042002L,
19069 +0x00000020L,0x04000020L,0x00040020L,0x04040020L,
19070 +0x00000022L,0x04000022L,0x00040022L,0x04040022L,
19071 +0x00002020L,0x04002020L,0x00042020L,0x04042020L,
19072 +0x00002022L,0x04002022L,0x00042022L,0x04042022L,
19073 +0x00000800L,0x04000800L,0x00040800L,0x04040800L,
19074 +0x00000802L,0x04000802L,0x00040802L,0x04040802L,
19075 +0x00002800L,0x04002800L,0x00042800L,0x04042800L,
19076 +0x00002802L,0x04002802L,0x00042802L,0x04042802L,
19077 +0x00000820L,0x04000820L,0x00040820L,0x04040820L,
19078 +0x00000822L,0x04000822L,0x00040822L,0x04040822L,
19079 +0x00002820L,0x04002820L,0x00042820L,0x04042820L,
19080 +0x00002822L,0x04002822L,0x00042822L,0x04042822L,
19082 diff -druN linux-noipsec/net/ipsec/libdes/speed.c linux/net/ipsec/libdes/speed.c
19083 --- linux-noipsec/net/ipsec/libdes/speed.c Thu Jan 1 01:00:00 1970
19084 +++ linux/net/ipsec/libdes/speed.c Thu Feb 18 17:41:16 1999
19086 +/* crypto/des/speed.c */
19087 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
19088 + * All rights reserved.
19090 + * This package is an SSL implementation written
19091 + * by Eric Young (eay@cryptsoft.com).
19092 + * The implementation was written so as to conform with Netscapes SSL.
19094 + * This library is free for commercial and non-commercial use as long as
19095 + * the following conditions are aheared to. The following conditions
19096 + * apply to all code found in this distribution, be it the RC4, RSA,
19097 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
19098 + * included with this distribution is covered by the same copyright terms
19099 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
19101 + * Copyright remains Eric Young's, and as such any Copyright notices in
19102 + * the code are not to be removed.
19103 + * If this package is used in a product, Eric Young should be given attribution
19104 + * as the author of the parts of the library used.
19105 + * This can be in the form of a textual message at program startup or
19106 + * in documentation (online or textual) provided with the package.
19108 + * Redistribution and use in source and binary forms, with or without
19109 + * modification, are permitted provided that the following conditions
19111 + * 1. Redistributions of source code must retain the copyright
19112 + * notice, this list of conditions and the following disclaimer.
19113 + * 2. Redistributions in binary form must reproduce the above copyright
19114 + * notice, this list of conditions and the following disclaimer in the
19115 + * documentation and/or other materials provided with the distribution.
19116 + * 3. All advertising materials mentioning features or use of this software
19117 + * must display the following acknowledgement:
19118 + * "This product includes cryptographic software written by
19119 + * Eric Young (eay@cryptsoft.com)"
19120 + * The word 'cryptographic' can be left out if the rouines from the library
19121 + * being used are not cryptographic related :-).
19122 + * 4. If you include any Windows specific code (or a derivative thereof) from
19123 + * the apps directory (application code) you must include an acknowledgement:
19124 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
19126 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
19127 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19128 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19129 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19130 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19131 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19132 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19133 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
19134 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
19135 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
19138 + * The licence and distribution terms for any publically available version or
19139 + * derivative of this code cannot be changed. i.e. this code cannot simply be
19140 + * copied and put under another distribution licence
19141 + * [including the GNU Public Licence.]
19144 +/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
19145 +/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
19151 +#include <stdio.h>
19153 +#include <unistd.h>
19156 +extern int exit();
19158 +#include <signal.h>
19164 +#include <sys/types.h>
19165 +#include <sys/times.h>
19168 +#include <types.h>
19170 + time_t tms_utime;
19171 + time_t tms_stime;
19172 + time_t tms_uchild; /* I dunno... */
19173 + time_t tms_uchildsys; /* so these names are a guess :-) */
19177 +#include <sys/timeb.h>
19181 +#include <limits.h>
19182 +#include <sys/param.h>
19187 +/* The following if from times(3) man page. It may need to be changed */
19190 +# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
19196 +# else /* _BSD_CLK_TCK_ */
19197 +# define HZ ((double)_BSD_CLK_TCK_)
19199 +# else /* CLK_TCK */
19200 +# define HZ ((double)CLK_TCK)
19204 +#define BUFSIZE ((long)1024)
19208 +double Time_F(int s);
19214 +#if defined(__STDC__) || defined(sgi) || defined(_AIX)
19215 +#define SIGRETTYPE void
19217 +#define SIGRETTYPE int
19221 +SIGRETTYPE sig_done(int sig);
19223 +SIGRETTYPE sig_done();
19226 +SIGRETTYPE sig_done(sig)
19229 + signal(SIGALRM,sig_done);
19245 + static struct tms tstart,tend;
19255 + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
19256 + return((ret == 0.0)?1e-6:ret);
19258 +#else /* !times() */
19259 + static struct timeb tstart,tend;
19270 + i=(long)tend.millitm-(long)tstart.millitm;
19271 + ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
19272 + return((ret == 0.0)?1e-6:ret);
19277 +int main(argc,argv)
19282 + static unsigned char buf[BUFSIZE];
19283 + static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
19284 + static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
19285 + static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
19286 + des_key_schedule sch,sch2,sch3;
19287 + double a,b,c,d,e;
19289 + long ca,cb,cc,cd,ce;
19293 + printf("To get the most acurate results, try to run this\n");
19294 + printf("program when this computer is idle.\n");
19297 + des_set_key((C_Block *)key2,sch2);
19298 + des_set_key((C_Block *)key3,sch3);
19301 + printf("First we calculate the approximate speed ...\n");
19302 + des_set_key((C_Block *)key,sch);
19306 + DES_LONG data[2];
19310 + for (i=count; i; i--)
19311 + des_encrypt(data,&(sch[0]),DES_ENCRYPT);
19313 + } while (d < 3.0);
19316 + cc=count*3*8/BUFSIZE+1;
19317 + cd=count*8/BUFSIZE+1;
19319 + printf("Doing set_key %ld times\n",ca);
19320 +#define COND(d) (count != (d))
19321 +#define COUNT(d) (d)
19323 +#define COND(c) (run)
19324 +#define COUNT(d) (count)
19325 + signal(SIGALRM,sig_done);
19326 + printf("Doing set_key for 10 seconds\n");
19331 + for (count=0,run=1; COND(ca); count++)
19332 + des_set_key((C_Block *)key,sch);
19334 + printf("%ld set_key's in %.2f seconds\n",count,d);
19335 + a=((double)COUNT(ca))/d;
19338 + printf("Doing des_encrypt's for 10 seconds\n");
19341 + printf("Doing des_encrypt %ld times\n",cb);
19344 + for (count=0,run=1; COND(cb); count++)
19346 + DES_LONG data[2];
19348 + des_encrypt(data,&(sch[0]),DES_ENCRYPT);
19351 + printf("%ld des_encrypt's in %.2f second\n",count,d);
19352 + b=((double)COUNT(cb)*8)/d;
19355 + printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
19359 + printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
19363 + for (count=0,run=1; COND(cc); count++)
19364 + des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
19365 + (C_Block *)&(key[0]),DES_ENCRYPT);
19367 + printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
19368 + count,BUFSIZE,d);
19369 + c=((double)COUNT(cc)*BUFSIZE)/d;
19372 + printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
19376 + printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
19380 + for (count=0,run=1; COND(cd); count++)
19381 + des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
19385 + (C_Block *)&(key[0]),
19388 + printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
19389 + count,BUFSIZE,d);
19390 + d=((double)COUNT(cd)*BUFSIZE)/d;
19393 + printf("Doing crypt for 10 seconds\n");
19396 + printf("Doing crypt %ld times\n",ce);
19399 + for (count=0,run=1; COND(ce); count++)
19400 + crypt("testing1","ef");
19402 + printf("%ld crypts in %.2f second\n",count,e);
19403 + e=((double)COUNT(ce))/e;
19405 + printf("set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
19406 + printf("DES raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
19407 + printf("DES cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
19408 + printf("DES ede cbc bytes per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
19409 + printf("crypt per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
19411 +#if defined(LINT) || defined(MSDOS)
19415 diff -druN linux-noipsec/net/ipsec/libdes/spr.h linux/net/ipsec/libdes/spr.h
19416 --- linux-noipsec/net/ipsec/libdes/spr.h Thu Jan 1 01:00:00 1970
19417 +++ linux/net/ipsec/libdes/spr.h Thu Feb 18 17:41:16 1999
19419 +/* crypto/des/spr.h */
19420 +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
19421 + * All rights reserved.
19423 + * This package is an SSL implementation written
19424 + * by Eric Young (eay@cryptsoft.com).
19425 + * The implementation was written so as to conform with Netscapes SSL.
19427 + * This library is free for commercial and non-commercial use as long as
19428 + * the following conditions are aheared to. The following conditions
19429 + * apply to all code found in this distribution, be it the RC4, RSA,
19430 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
19431 + * included with this distribution is covered by the same copyright terms
19432 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
19434 + * Copyright remains Eric Young's, and as such any Copyright notices in
19435 + * the code are not to be removed.
19436 + * If this package is used in a product, Eric Young should be given attribution
19437 + * as the author of the parts of the library used.
19438 + * This can be in the form of a textual message at program startup or
19439 + * in documentation (online or textual) provided with the package.
19441 + * Redistribution and use in source and binary forms, with or without
19442 + * modification, are permitted provided that the following conditions
19444 + * 1. Redistributions of source code must retain the copyright
19445 + * notice, this list of conditions and the following disclaimer.
19446 + * 2. Redistributions in binary form must reproduce the above copyright
19447 + * notice, this list of conditions and the following disclaimer in the
19448 + * documentation and/or other materials provided with the distribution.
19449 + * 3. All advertising materials mentioning features or use of this software
19450 + * must display the following acknowledgement:
19451 + * "This product includes cryptographic software written by
19452 + * Eric Young (eay@cryptsoft.com)"
19453 + * The word 'cryptographic' can be left out if the rouines from the library
19454 + * being used are not cryptographic related :-).
19455 + * 4. If you include any Windows specific code (or a derivative thereof) from
19456 + * the apps directory (application code) you must include an acknowledgement:
19457 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
19459 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
19460 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19461 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19462 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19463 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19464 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19465 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19466 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
19467 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
19468 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
19471 + * The licence and distribution terms for any publically available version or
19472 + * derivative of this code cannot be changed. i.e. this code cannot simply be
19473 + * copied and put under another distribution licence
19474 + * [including the GNU Public Licence.]
19477 +const DES_LONG des_SPtrans[8][64]={
19480 +0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
19481 +0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
19482 +0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
19483 +0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
19484 +0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
19485 +0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
19486 +0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
19487 +0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
19488 +0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
19489 +0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
19490 +0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
19491 +0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
19492 +0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
19493 +0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
19494 +0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
19495 +0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
19498 +0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
19499 +0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
19500 +0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
19501 +0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
19502 +0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
19503 +0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
19504 +0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
19505 +0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
19506 +0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
19507 +0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
19508 +0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
19509 +0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
19510 +0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
19511 +0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
19512 +0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
19513 +0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
19516 +0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
19517 +0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
19518 +0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
19519 +0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
19520 +0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
19521 +0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
19522 +0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
19523 +0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
19524 +0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
19525 +0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
19526 +0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
19527 +0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
19528 +0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
19529 +0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
19530 +0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
19531 +0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
19534 +0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
19535 +0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
19536 +0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
19537 +0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
19538 +0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
19539 +0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
19540 +0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
19541 +0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
19542 +0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
19543 +0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
19544 +0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
19545 +0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
19546 +0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
19547 +0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
19548 +0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
19549 +0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
19552 +0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
19553 +0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
19554 +0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
19555 +0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
19556 +0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
19557 +0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
19558 +0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
19559 +0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
19560 +0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
19561 +0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
19562 +0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
19563 +0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
19564 +0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
19565 +0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
19566 +0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
19567 +0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
19570 +0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
19571 +0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
19572 +0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
19573 +0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
19574 +0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
19575 +0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
19576 +0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
19577 +0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
19578 +0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
19579 +0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
19580 +0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
19581 +0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
19582 +0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
19583 +0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
19584 +0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
19585 +0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
19588 +0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
19589 +0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
19590 +0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
19591 +0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
19592 +0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
19593 +0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
19594 +0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
19595 +0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
19596 +0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
19597 +0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
19598 +0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
19599 +0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
19600 +0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
19601 +0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
19602 +0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
19603 +0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
19606 +0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
19607 +0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
19608 +0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
19609 +0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
19610 +0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
19611 +0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
19612 +0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
19613 +0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
19614 +0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
19615 +0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
19616 +0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
19617 +0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
19618 +0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
19619 +0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
19620 +0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
19621 +0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
19623 diff -druN linux-noipsec/net/ipsec/libfreeswan/Makefile linux/net/ipsec/libfreeswan/Makefile
19624 --- linux-noipsec/net/ipsec/libfreeswan/Makefile Thu Jan 1 01:00:00 1970
19625 +++ linux/net/ipsec/libfreeswan/Makefile Fri Sep 8 21:12:57 2000
19627 +# FreeS/WAN library
19628 +# Copyright (C) 1998, 1999, 2000 Henry Spencer.
19630 +# This program is free software; you can redistribute it and/or modify it
19631 +# under the terms of the GNU General Public License as published by the
19632 +# Free Software Foundation; either version 2 of the License, or (at your
19633 +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
19635 +# This program is distributed in the hope that it will be useful, but
19636 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19637 +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19638 +# for more details.
19643 +TOPDIR := /usr/src/linux
19646 +L_TARGET := libkernel.a
19648 +L_OBJS := ultoa.o addrtoa.o subnettoa.o subnetof.o goodmask.o datatot.o \
19649 + rangetoa.o satoa.o pfkey_v2_parse.o pfkey_v2_build.o pfkey_v2_ext_bits.o
19651 +HDRS=freeswan.h internal.h
19653 +override CFLAGS += -I.
19655 +ifeq ($(CONFIG_IPSEC_DEBUG),y)
19656 +override CFLAGS += -g
19659 +override CFLAGS += -Wall
19660 +#override CFLAGS += -Wconversion
19661 +#override CFLAGS += -Wmissing-prototypes
19662 +override CFLAGS += -Wpointer-arith
19663 +#override CFLAGS += -Wcast-qual
19664 +#override CFLAGS += -Wmissing-declarations
19665 +override CFLAGS += -Wstrict-prototypes
19666 +#override CFLAGS += -pedantic
19667 +#override CFLAGS += -O3
19668 +#override CFLAGS += -W
19669 +#override CFLAGS += -Wwrite-strings
19670 +override CFLAGS += -Wbad-function-cast
19672 +include $(TOPDIR)/Rules.make
19674 +$(L_OBJS): $(HDRS)
19677 + rm -f $(L_TARGET) *.o try* core *.core
19678 + ( cd des && $(MAKE) clean )
19680 diff -druN linux-noipsec/net/ipsec/libfreeswan/addrtoa.c linux/net/ipsec/libfreeswan/addrtoa.c
19681 --- linux-noipsec/net/ipsec/libfreeswan/addrtoa.c Thu Jan 1 01:00:00 1970
19682 +++ linux/net/ipsec/libfreeswan/addrtoa.c Sun Apr 11 01:19:36 1999
19685 + * addresses to ASCII
19686 + * Copyright (C) 1998, 1999 Henry Spencer.
19688 + * This library is free software; you can redistribute it and/or modify it
19689 + * under the terms of the GNU Library General Public License as published by
19690 + * the Free Software Foundation; either version 2 of the License, or (at your
19691 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
19693 + * This library is distributed in the hope that it will be useful, but
19694 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19695 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
19696 + * License for more details.
19700 +#include "internal.h"
19701 +#include "freeswan.h"
19703 +#define NBYTES 4 /* bytes in an address */
19704 +#define PERBYTE 4 /* three digits plus a dot or NUL */
19705 +#define BUFLEN (NBYTES*PERBYTE)
19707 +#if BUFLEN != ADDRTOA_BUF
19708 +#error "ADDRTOA_BUF in freeswan.h inconsistent with addrtoa() code"
19712 + - addrtoa - convert binary address to ASCII dotted decimal
19714 +size_t /* space needed for full conversion */
19715 +addrtoa(addr, format, dst, dstlen)
19716 +struct in_addr addr;
19717 +int format; /* character */
19718 +char *dst; /* need not be valid if dstlen is 0 */
19721 + unsigned long a = ntohl(addr.s_addr);
19724 + unsigned long byte;
19725 + char buf[BUFLEN];
19728 + switch (format) {
19737 + for (i = NBYTES-1; i >= 0; i--) {
19738 + byte = (a >> (i*8)) & 0xff;
19739 + p += ultoa(byte, 10, p, PERBYTE);
19745 + if (dstlen > 0) {
19747 + buf[dstlen - 1] = '\0';
19748 + strcpy(dst, buf);
19752 diff -druN linux-noipsec/net/ipsec/libfreeswan/addrtot.c linux/net/ipsec/libfreeswan/addrtot.c
19753 --- linux-noipsec/net/ipsec/libfreeswan/addrtot.c Thu Jan 1 01:00:00 1970
19754 +++ linux/net/ipsec/libfreeswan/addrtot.c Tue Sep 12 06:56:39 2000
19757 + * addresses to text
19758 + * Copyright (C) 2000 Henry Spencer.
19760 + * This library is free software; you can redistribute it and/or modify it
19761 + * under the terms of the GNU Library General Public License as published by
19762 + * the Free Software Foundation; either version 2 of the License, or (at your
19763 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
19765 + * This library is distributed in the hope that it will be useful, but
19766 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19767 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
19768 + * License for more details.
19772 +#include "internal.h"
19773 +#include "freeswan.h"
19775 +#define IP4BYTES 4 /* bytes in an IPv4 address */
19776 +#define PERBYTE 4 /* three digits plus a dot or NUL */
19777 +#define IP6BYTES 16 /* bytes in an IPv6 address */
19780 +static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp);
19781 +static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp);
19782 +static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp);
19783 +static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp);
19784 +static size_t reverse62(const unsigned char *s, size_t len, char *b, char **dp);
19787 + - addrtot - convert binary address to text (dotted decimal or IPv6 string)
19789 +size_t /* space needed for full conversion */
19790 +addrtot(src, format, dst, dstlen)
19791 +const ip_address *src;
19792 +int format; /* character */
19793 +char *dst; /* need not be valid if dstlen is 0 */
19796 + const unsigned char *b;
19798 + char buf[1+ADDRTOT_BUF+1]; /* :address: */
19800 + int t = addrtypeof(src);
19801 +# define TF(t, f) (((t)<<8) | (f))
19803 + n = addrbytesptr(src, &b);
19807 + switch (TF(t, format)) {
19808 + case TF(AF_INET, 0):
19809 + n = normal4(b, n, buf, &p);
19811 + case TF(AF_INET6, 0):
19812 + n = normal6(b, n, buf, &p);
19814 + case TF(AF_INET, 'r'):
19815 + n = reverse4(b, n, buf, &p);
19817 + case TF(AF_INET6, 'r'):
19818 + n = reverse6(b, n, buf, &p);
19820 + case TF(AF_INET6, 'R'):
19821 + n = reverse62(b, n, buf, &p);
19823 + default: /* including (AF_INET, 'R') */
19828 + if (dstlen > 0) {
19830 + p[dstlen - 1] = '\0';
19837 + - normal4 - normal IPv4 address-text conversion
19839 +static size_t /* size of text, including NUL */
19840 +normal4(srcp, srclen, buf, dstp)
19841 +const unsigned char *srcp;
19843 +char *buf; /* guaranteed large enough */
19844 +char **dstp; /* where to put result pointer */
19849 + if (srclen != IP4BYTES) /* "can't happen" */
19852 + for (i = 0; i < IP4BYTES; i++) {
19853 + p += ultot(srcp[i], 10, p, PERBYTE);
19854 + if (i != IP4BYTES - 1)
19855 + *(p-1) = '.'; /* overwrites the NUL */
19862 + - normal6 - normal IPv6 address-text conversion
19864 +static size_t /* size of text, including NUL */
19865 +normal6(srcp, srclen, buf, dstp)
19866 +const unsigned char *srcp;
19868 +char *buf; /* guaranteed large enough, plus 2 */
19869 +char **dstp; /* where to put result pointer */
19872 + unsigned long piece;
19876 + if (srclen != IP6BYTES) /* "can't happen" */
19880 + for (i = 0; i < IP6BYTES/2; i++) {
19881 + piece = (srcp[2*i] << 8) + srcp[2*i + 1];
19882 + p += ultot(piece, 16, p, 5); /* 5 = abcd + NUL */
19883 + *(p-1) = ':'; /* overwrites the NUL */
19886 + q = strstr(buf, ":0:0:");
19887 + if (q != NULL) { /* zero squishing is possible */
19889 + while (*p == '0' && *(p+1) == ':')
19892 + *q++ = ':'; /* overwrite first 0 */
19893 + while (*p != '\0')
19896 + if (!(*(q-1) == ':' && *(q-2) == ':'))
19897 + *--q = '\0'; /* strip final : unless :: */
19899 + if (!(*p == ':' && *(p+1) == ':'))
19900 + p++; /* skip initial : unless :: */
19903 + *--q = '\0'; /* strip final : */
19904 + p = buf + 1; /* skip initial : */
19907 + return q - p + 1;
19911 + - reverse4 - IPv4 reverse-lookup conversion
19913 +static size_t /* size of text, including NUL */
19914 +reverse4(srcp, srclen, buf, dstp)
19915 +const unsigned char *srcp;
19917 +char *buf; /* guaranteed large enough */
19918 +char **dstp; /* where to put result pointer */
19923 + if (srclen != IP4BYTES) /* "can't happen" */
19926 + for (i = IP4BYTES-1; i >= 0; i--) {
19927 + p += ultot(srcp[i], 10, p, PERBYTE);
19928 + *(p-1) = '.'; /* overwrites the NUL */
19930 + strcpy(p, "IN-ADDR.ARPA.");
19932 + return strlen(buf) + 1;
19936 + - reverse62 - obsolete IPv6 reverse-lookup conversion (RFC 1886)
19937 + * A trifle inefficient, really shouldn't use ultot...
19939 +static size_t /* size of text, including NUL */
19940 +reverse62(srcp, srclen, buf, dstp)
19941 +const unsigned char *srcp;
19943 +char *buf; /* guaranteed large enough */
19944 +char **dstp; /* where to put result pointer */
19947 + unsigned long piece;
19950 + if (srclen != IP6BYTES) /* "can't happen" */
19953 + for (i = IP6BYTES-1; i >= 0; i--) {
19955 + p += ultot(piece&0xf, 16, p, 2);
19957 + p += ultot(piece>>4, 16, p, 2);
19960 + strcpy(p, "IP6.INT.");
19962 + return strlen(buf) + 1;
19966 + - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874)
19968 +static size_t /* size of text, including NUL */
19969 +reverse6(srcp, srclen, buf, dstp)
19970 +const unsigned char *srcp;
19972 +char *buf; /* guaranteed large enough */
19973 +char **dstp; /* where to put result pointer */
19977 + if (srclen != IP6BYTES) /* "can't happen" */
19979 + strcpy(buf, "\\[x");
19980 + p = buf + strlen(buf);
19981 + (void) datatot((const char *)srcp, srclen, 16, p, IP6BYTES*2 + 1);
19982 + strcat(buf, "].IP6.ARPA."); /* leave count implicit */
19984 + return strlen(buf) + 1;
19986 diff -druN linux-noipsec/net/ipsec/libfreeswan/addrtypeof.c linux/net/ipsec/libfreeswan/addrtypeof.c
19987 --- linux-noipsec/net/ipsec/libfreeswan/addrtypeof.c Thu Jan 1 01:00:00 1970
19988 +++ linux/net/ipsec/libfreeswan/addrtypeof.c Fri Sep 8 20:03:44 2000
19991 + * extract parts of an ip_address
19992 + * Copyright (C) 2000 Henry Spencer.
19994 + * This library is free software; you can redistribute it and/or modify it
19995 + * under the terms of the GNU Library General Public License as published by
19996 + * the Free Software Foundation; either version 2 of the License, or (at your
19997 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
19999 + * This library is distributed in the hope that it will be useful, but
20000 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20001 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
20002 + * License for more details.
20006 +#include "internal.h"
20007 +#include "freeswan.h"
20010 + - addrtypeof - get the type of an ip_address
20014 +const ip_address *src;
20016 + return src->u.v4.sin_family;
20020 + - addrbytesptr - get pointer to the address bytes of an ip_address
20022 +size_t /* 0 for error */
20023 +addrbytesptr(src, dstp)
20024 +const ip_address *src;
20025 +const unsigned char **dstp; /* NULL means just a size query */
20027 + const unsigned char *p;
20030 + switch (src->u.v4.sin_family) {
20032 + p = (const unsigned char *)&src->u.v4.sin_addr.s_addr;
20036 + p = (const unsigned char *)&src->u.v6.sin6_addr;
20044 + if (dstp != NULL)
20050 + - addrlenof - get length of the address bytes of an ip_address
20052 +size_t /* 0 for error */
20054 +const ip_address *src;
20056 + return addrbytesptr(src, NULL);
20060 + - addrbytesof - get the address bytes of an ip_address
20062 +size_t /* 0 for error */
20063 +addrbytesof(src, dst, dstlen)
20064 +const ip_address *src;
20065 +unsigned char *dst;
20068 + const unsigned char *p;
20072 + n = addrbytesptr(src, &p);
20076 + if (dstlen > 0) {
20078 + if (ncopy > dstlen)
20080 + memcpy(dst, p, ncopy);
20084 diff -druN linux-noipsec/net/ipsec/libfreeswan/anyaddr.c linux/net/ipsec/libfreeswan/anyaddr.c
20085 --- linux-noipsec/net/ipsec/libfreeswan/anyaddr.c Thu Jan 1 01:00:00 1970
20086 +++ linux/net/ipsec/libfreeswan/anyaddr.c Tue Sep 19 09:09:32 2000
20089 + * special addresses
20090 + * Copyright (C) 2000 Henry Spencer.
20092 + * This library is free software; you can redistribute it and/or modify it
20093 + * under the terms of the GNU Library General Public License as published by
20094 + * the Free Software Foundation; either version 2 of the License, or (at your
20095 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
20097 + * This library is distributed in the hope that it will be useful, but
20098 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20099 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
20100 + * License for more details.
20104 +#include "internal.h"
20105 +#include "freeswan.h"
20107 +/* these are mostly fallbacks for the no-IPv6-support-in-library case */
20108 +#ifndef IN6ADDR_ANY_INIT
20109 +#define IN6ADDR_ANY_INIT {{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}
20111 +#ifndef IN6ADDR_LOOPBACK_INIT
20112 +#define IN6ADDR_LOOPBACK_INIT {{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}
20115 +static struct in6_addr v6any = IN6ADDR_ANY_INIT;
20116 +static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT;
20119 + - anyaddr - initialize to the any-address value
20121 +err_t /* NULL for success, else string literal */
20123 +int af; /* address family */
20126 + uint32_t v4any = htonl(INADDR_ANY);
20130 + return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst);
20133 + return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst);
20136 + return "unknown address family in anyaddr/unspecaddr";
20142 + - unspecaddr - initialize to the unspecified-address value
20144 +err_t /* NULL for success, else string literal */
20145 +unspecaddr(af, dst)
20146 +int af; /* address family */
20149 + return anyaddr(af, dst);
20153 + - loopbackaddr - initialize to the loopback-address value
20155 +err_t /* NULL for success, else string literal */
20156 +loopbackaddr(af, dst)
20157 +int af; /* address family */
20160 + uint32_t v4loop = htonl(INADDR_LOOPBACK);
20164 + return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst);
20167 + return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst);
20170 + return "unknown address family in loopbackaddr";
20176 + - isanyaddr - test for the any-address value
20180 +const ip_address *src;
20182 + uint32_t v4any = htonl(INADDR_ANY);
20185 + switch (src->u.v4.sin_family) {
20187 + cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any));
20190 + cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any));
20197 + return (cmp == 0) ? 1 : 0;
20201 + - isunspecaddr - test for the unspecified-address value
20205 +const ip_address *src;
20207 + return isanyaddr(src);
20211 + - isloopbackaddr - test for the loopback-address value
20214 +isloopbackaddr(src)
20215 +const ip_address *src;
20217 + uint32_t v4loop = htonl(INADDR_LOOPBACK);
20220 + switch (src->u.v4.sin_family) {
20222 + cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop));
20225 + cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop));
20232 + return (cmp == 0) ? 1 : 0;
20234 diff -druN linux-noipsec/net/ipsec/libfreeswan/atoaddr.c linux/net/ipsec/libfreeswan/atoaddr.c
20235 --- linux-noipsec/net/ipsec/libfreeswan/atoaddr.c Thu Jan 1 01:00:00 1970
20236 +++ linux/net/ipsec/libfreeswan/atoaddr.c Sat Jan 22 03:17:22 2000
20239 + * conversion from ASCII forms of addresses to internal ones
20240 + * Copyright (C) 1998, 1999 Henry Spencer.
20242 + * This library is free software; you can redistribute it and/or modify it
20243 + * under the terms of the GNU Library General Public License as published by
20244 + * the Free Software Foundation; either version 2 of the License, or (at your
20245 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
20247 + * This library is distributed in the hope that it will be useful, but
20248 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20249 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
20250 + * License for more details.
20254 +#include "internal.h"
20255 +#include "freeswan.h"
20258 + * Define NOLEADINGZEROS to interpret 032 as an error, not as 32. There
20259 + * is deliberately no way to interpret it as 26 (i.e., as octal).
20263 + * Legal characters in a domain name. Underscore technically is not,
20264 + * but is a common misunderstanding.
20266 +static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789"
20267 + "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_.";
20269 +static const char *try8hex(const char *, size_t, struct in_addr *);
20270 +static const char *try8hosthex(const char *, size_t, struct in_addr *);
20271 +static const char *trydotted(const char *, size_t, struct in_addr *);
20272 +static const char *getbyte(const char **, const char *, int *);
20275 + - atoaddr - convert ASCII name or dotted-decimal address to binary address
20277 +const char * /* NULL for success, else string literal */
20278 +atoaddr(src, srclen, addrp)
20280 +size_t srclen; /* 0 means "apply strlen" */
20281 +struct in_addr *addrp;
20283 + struct hostent *h;
20284 + struct netent *ne = NULL;
20285 + const char *oops;
20286 +# define HEXLEN 10 /* strlen("0x11223344") */
20287 +# ifndef ATOADDRBUF
20288 +# define ATOADDRBUF 100
20290 + char namebuf[ATOADDRBUF];
20291 + char *p = namebuf;
20295 + srclen = strlen(src);
20297 + return "empty string";
20299 + /* might it be hex? */
20300 + if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'x'))
20301 + return try8hex(src+2, srclen-2, addrp);
20302 + if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'h'))
20303 + return try8hosthex(src+2, srclen-2, addrp);
20305 + /* try it as dotted decimal */
20306 + oops = trydotted(src, srclen, addrp);
20307 + if (oops == NULL)
20308 + return NULL; /* it worked */
20309 + if (*oops != '?')
20310 + return oops; /* it *was* probably meant as a d.q. */
20312 + /* try it as a name -- first, NUL-terminate it */
20313 + if (srclen > sizeof(namebuf)-1) {
20314 + p = (char *) MALLOC(srclen+1);
20316 + return "unable to allocate temporary space for name";
20319 + strncat(p, src, srclen);
20321 + /* next, check that it's a vaguely legal name */
20322 + for (q = p; *q != '\0'; q++)
20323 + if (!isprint(*q))
20324 + return "unprintable character in name";
20325 + if (strspn(p, namechars) != srclen)
20326 + return "illegal (non-DNS-name) character in name";
20328 + /* try as host name, failing that as /etc/networks network name */
20329 + h = gethostbyname(p);
20331 + ne = getnetbyname(p);
20332 + if (p != namebuf)
20334 + if (h == NULL && ne == NULL)
20335 + return "name lookup failed";
20338 + memcpy(&addrp->s_addr, h->h_addr, sizeof(addrp->s_addr));
20340 + addrp->s_addr = htonl(ne->n_net);
20345 + - try8hosthex - try conversion as an eight-digit host-order hex number
20347 +const char * /* NULL for success, else string literal */
20348 +try8hosthex(src, srclen, addrp)
20350 +size_t srclen; /* should be 8 */
20351 +struct in_addr *addrp;
20353 + const char *oops;
20354 + unsigned long addr;
20357 + return "internal error, try8hex called with bad length";
20359 + oops = atoul(src, srclen, 16, &addr);
20360 + if (oops != NULL)
20363 + addrp->s_addr = addr;
20368 + - try8hex - try conversion as an eight-digit network-order hex number
20370 +const char * /* NULL for success, else string literal */
20371 +try8hex(src, srclen, addrp)
20373 +size_t srclen; /* should be 8 */
20374 +struct in_addr *addrp;
20376 + const char *oops;
20378 + oops = try8hosthex(src, srclen, addrp);
20379 + if (oops != NULL)
20382 + addrp->s_addr = htonl(addrp->s_addr);
20387 + - trydotted - try conversion as dotted decimal
20389 + * If the first char of a complaint is '?', that means "didn't look like
20390 + * dotted decimal at all".
20392 +const char * /* NULL for success, else string literal */
20393 +trydotted(src, srclen, addrp)
20396 +struct in_addr *addrp;
20398 + const char *stop = src + srclen; /* just past end */
20400 + const char *oops;
20401 + unsigned long addr;
20407 + for (i = 0; i < NBYTES && src < stop; i++) {
20408 + oops = getbyte(&src, stop, &byte);
20409 + if (oops != NULL) {
20410 + if (*oops != '?')
20411 + return oops; /* bad number */
20413 + return oops+1; /* failed number */
20414 + return oops; /* with leading '?' */
20416 + addr = (addr << BYTE) | byte;
20417 + if (i < 3 && src < stop && *src++ != '.') {
20419 + return "?syntax error in dotted-decimal address";
20421 + return "syntax error in dotted-decimal address";
20424 + addr <<= (NBYTES - i) * BYTE;
20426 + return "extra garbage on end of dotted-decimal address";
20428 + addrp->s_addr = htonl(addr);
20433 + - getbyte - try to scan a byte in dotted decimal
20434 + * A subtlety here is that all this arithmetic on ASCII digits really is
20435 + * highly portable -- ANSI C guarantees that digits 0-9 are contiguous.
20436 + * It's easier to just do it ourselves than set up for a call to atoul().
20438 + * If the first char of a complaint is '?', that means "didn't look like a
20439 + * number at all".
20441 +const char * /* NULL for success, else string literal */
20442 +getbyte(srcp, stop, retp)
20443 +const char **srcp; /* *srcp is updated */
20444 +const char *stop; /* first untouchable char */
20445 +int *retp; /* return-value pointer */
20451 + if (*srcp >= stop)
20452 + return "?empty number in dotted-decimal address";
20454 + if (stop - *srcp >= 3 && **srcp == '0' && CIEQ(*(*srcp+1), 'x'))
20455 + return "hex numbers not supported in dotted-decimal addresses";
20456 +#ifdef NOLEADINGZEROS
20457 + if (stop - *srcp >= 2 && **srcp == '0' && isdigit(*(*srcp+1)))
20458 + return "octal numbers not supported in dotted-decimal addresses";
20459 +#endif /* NOLEADINGZEROS */
20461 + /* must be decimal, if it's numeric at all */
20464 + while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') {
20465 + no = no*10 + (c - '0');
20469 + return "?non-numeric component in dotted-decimal address";
20472 + return "byte overflow in dotted-decimal address";
20476 diff -druN linux-noipsec/net/ipsec/libfreeswan/atoasr.c linux/net/ipsec/libfreeswan/atoasr.c
20477 --- linux-noipsec/net/ipsec/libfreeswan/atoasr.c Thu Jan 1 01:00:00 1970
20478 +++ linux/net/ipsec/libfreeswan/atoasr.c Tue Dec 7 06:00:51 1999
20481 + * convert from ASCII form of address/subnet/range to binary
20482 + * Copyright (C) 1998, 1999 Henry Spencer.
20484 + * This library is free software; you can redistribute it and/or modify it
20485 + * under the terms of the GNU Library General Public License as published by
20486 + * the Free Software Foundation; either version 2 of the License, or (at your
20487 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
20489 + * This library is distributed in the hope that it will be useful, but
20490 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20491 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
20492 + * License for more details.
20496 +#include "internal.h"
20497 +#include "freeswan.h"
20500 + - atoasr - convert ASCII to address, subnet, or range
20502 +const char * /* NULL for success, else string literal */
20503 +atoasr(src, srclen, typep, addrsp)
20505 +size_t srclen; /* 0 means "apply strlen" */
20506 +char *typep; /* return type code: 'a', 's', 'r' */
20507 +struct in_addr addrsp[2];
20509 + const char *punct;
20510 + const char *stop;
20511 + const char *oops;
20514 + srclen = strlen(src);
20516 + return "empty string";
20518 + /* subnet is easy to spot */
20519 + punct = memchr(src, '/', srclen);
20520 + if (punct != NULL) {
20522 + return atosubnet(src, srclen, &addrsp[0], &addrsp[1]);
20525 + /* try for a range */
20526 + stop = src + srclen;
20527 + for (punct = src; (punct = memchr(punct, '.', stop - punct)) != NULL;
20529 + if (stop - punct > 3 && *(punct+1) == '.' && *(punct+2) == '.')
20530 + break; /* NOTE BREAK OUT */
20531 + if (punct == NULL) {
20532 + /* didn't find the range delimiter, must be plain address */
20534 + return atoaddr(src, srclen, &addrsp[0]);
20537 + /* looks like a range */
20539 + if (stop - punct > 4 && *(punct+3) == '.')
20540 + punct++; /* first dot is trailing dot of name */
20541 + oops = atoaddr(src, punct - src, &addrsp[0]);
20542 + if (oops != NULL)
20544 + oops = atoaddr(punct+3, stop - (punct+3), &addrsp[1]);
20545 + if (oops != NULL)
20547 + if (ntohl(addrsp[0].s_addr) > ntohl(addrsp[1].s_addr))
20548 + return "invalid range, begin > end";
20554 +#ifdef ATOASR_MAIN
20556 +#include <stdio.h>
20565 + struct in_addr a[2];
20567 + const char *oops;
20572 + fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n",
20577 + if (strcmp(argv[1], "-r") == 0) {
20579 + fprintf(stderr, "regress() returned?!?\n");
20583 + oops = atoasr(argv[1], 0, &type, a);
20584 + if (oops != NULL) {
20585 + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
20590 + n = addrtoa(a[0], 0, buf, sizeof(buf));
20593 + n = subnettoa(a[0], a[1], 0, buf, sizeof(buf));
20596 + n = rangetoa(a, 0, buf, sizeof(buf));
20599 + fprintf(stderr, "%s: unknown type '%c'\n", argv[0], type);
20603 + if (n > sizeof(buf)) {
20604 + fprintf(stderr, "%s: reverse conversion of ", argv[0]);
20605 + fprintf(stderr, "%s ", inet_ntoa(a[0]));
20606 + fprintf(stderr, "%s", inet_ntoa(a[1]));
20607 + fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
20608 + (long)n, (long)sizeof(buf));
20611 + printf("%s\n", buf);
20618 + char *output; /* NULL means error expected */
20620 + "1.2.3.0", "1.2.3.0",
20621 + "1.2.3.0/255.255.255.0", "1.2.3.0/24",
20622 + "1.2.3.0...1.2.3.5", "1.2.3.0...1.2.3.5",
20623 + "1.2.3.4.5", NULL,
20624 + "1.2.3.4/", NULL,
20625 + "1.2.3.4...", NULL,
20626 + "1.2.3.4....", NULL,
20627 + "localhost./32", "127.0.0.1/32",
20628 + "localhost....127.0.0.3", "127.0.0.1...127.0.0.3",
20629 + "127.0.0.0...localhost.", "127.0.0.0...127.0.0.1",
20630 + "127.0.0.3...localhost.", NULL,
20639 + struct in_addr a[2];
20640 + struct in_addr m;
20643 + const char *oops;
20647 + for (r = rtab; r->input != NULL; r++) {
20648 + strcpy(in, r->input);
20649 + oops = atoasr(in, 0, &type, a);
20650 + if (oops != NULL && r->output == NULL)
20651 + {} /* okay, error expected */
20652 + else if (oops != NULL) {
20653 + printf("`%s' atoasr failed: %s\n", r->input, oops);
20655 + } else if (r->output == NULL) {
20656 + printf("`%s' atoasr succeeded unexpectedly '%c'\n",
20662 + n = addrtoa(a[0], 0, buf, sizeof(buf));
20665 + n = subnettoa(a[0], a[1], 0, buf, sizeof(buf));
20668 + n = rangetoa(a, 0, buf, sizeof(buf));
20671 + fprintf(stderr, "`%s' unknown type '%c'\n",
20677 + if (n > sizeof(buf)) {
20678 + printf("`%s' '%c' reverse failed: need %ld\n",
20679 + r->input, type, (long)n);
20681 + } else if (n > 0 && strcmp(r->output, buf) != 0) {
20682 + printf("`%s' '%c' gave `%s', expected `%s'\n",
20683 + r->input, type, buf, r->output);
20691 +#endif /* ATOASR_MAIN */
20692 diff -druN linux-noipsec/net/ipsec/libfreeswan/atosa.c linux/net/ipsec/libfreeswan/atosa.c
20693 --- linux-noipsec/net/ipsec/libfreeswan/atosa.c Thu Jan 1 01:00:00 1970
20694 +++ linux/net/ipsec/libfreeswan/atosa.c Sun Sep 17 20:55:37 2000
20697 + * convert from ASCII form of SA ID to binary
20698 + * Copyright (C) 1998, 1999 Henry Spencer.
20700 + * This library is free software; you can redistribute it and/or modify it
20701 + * under the terms of the GNU Library General Public License as published by
20702 + * the Free Software Foundation; either version 2 of the License, or (at your
20703 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
20705 + * This library is distributed in the hope that it will be useful, but
20706 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20707 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
20708 + * License for more details.
20712 +#include "internal.h"
20713 +#include "freeswan.h"
20715 +static struct satype {
20717 + size_t prelen; /* strlen(prefix) */
20720 + { "ah", 2, SA_AH },
20721 + { "esp", 3, SA_ESP },
20722 + { "tun", 3, SA_IPIP },
20723 + { "comp", 4, SA_COMP },
20728 + - atosa - convert ASCII "ah507@10.0.0.1" to SA identifier
20730 +const char * /* NULL for success, else string literal */
20731 +atosa(src, srclen, sa)
20733 +size_t srclen; /* 0 means "apply strlen" */
20737 + const char *addr;
20738 + const char *spi = NULL;
20739 + struct satype *sat;
20740 + unsigned long ul;
20741 + const char *oops;
20742 +# define MINLEN 5 /* ah0@0 is as short as it can get */
20743 + static char ptname[] = PASSTHROUGHNAME;
20744 +# define PTNLEN (sizeof(ptname)-1) /* -1 for NUL */
20747 + srclen = strlen(src);
20749 + return "empty string";
20750 + if (srclen < MINLEN)
20751 + return "string too short to be SA specifier";
20752 + if (srclen == PTNLEN && memcmp(src, ptname, PTNLEN) == 0) {
20753 + src = PASSTHROUGHIS;
20754 + srclen = strlen(src);
20757 + at = memchr(src, '@', srclen);
20759 + return "no @ in SA specifier";
20761 + for (sat = satypes; sat->prefix != NULL; sat++)
20762 + if (sat->prelen < srclen &&
20763 + strncmp(src, sat->prefix, sat->prelen) == 0) {
20764 + sa->proto = sat->proto;
20765 + spi = src + sat->prelen;
20766 + break; /* NOTE BREAK OUT */
20768 + if (sat->prefix == NULL)
20769 + return "SA specifier lacks valid protocol prefix";
20772 + return "no SPI in SA specifier";
20773 + oops = atoul(spi, at - spi, 13, &ul);
20774 + if (oops != NULL)
20776 + sa->spi = htonl(ul);
20779 + oops = atoaddr(addr, srclen - (addr - src), &sa->dst);
20780 + if (oops != NULL)
20790 +#include <stdio.h>
20801 + const char *oops;
20805 + fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]);
20809 + if (strcmp(argv[1], "-r") == 0) {
20811 + fprintf(stderr, "regress() returned?!?\n");
20815 + oops = atosa(argv[1], 0, &sa);
20816 + if (oops != NULL) {
20817 + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
20820 + n = satoa(sa, 0, buf, sizeof(buf));
20821 + if (n > sizeof(buf)) {
20822 + fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto);
20823 + fprintf(stderr, "%lu@", sa.spi);
20824 + fprintf(stderr, "%s", inet_ntoa(sa.dst));
20825 + fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
20826 + (long)n, (long)sizeof(buf));
20829 + printf("%s\n", buf);
20836 + char *output; /* NULL means error expected */
20838 + "esp257@1.2.3.0", "esp257@1.2.3.0",
20839 + "ah0x20@1.2.3.4", "ah32@1.2.3.4",
20840 + "tun011@111.2.3.99", "tun11@111.2.3.99",
20844 + "goo2@1.2.3.4", NULL,
20845 + "esp9@1.2.3.4", "esp9@1.2.3.4",
20846 + "espp9@1.2.3.4", NULL,
20847 + "es9@1.2.3.4", NULL,
20848 + "ah@1.2.3.4", NULL,
20849 + "esp7x7@1.2.3.4", NULL,
20850 + "esp77@1.0x2.3.4", NULL,
20851 + PASSTHROUGHNAME, PASSTHROUGHNAME,
20863 + const char *oops;
20866 + for (r = rtab; r->input != NULL; r++) {
20867 + strcpy(in, r->input);
20868 + oops = atosa(in, 0, &sa);
20869 + if (oops != NULL && r->output == NULL)
20870 + {} /* okay, error expected */
20871 + else if (oops != NULL) {
20872 + printf("`%s' atosa failed: %s\n", r->input, oops);
20874 + } else if (r->output == NULL) {
20875 + printf("`%s' atosa succeeded unexpectedly\n",
20879 + n = satoa(sa, 'd', buf, sizeof(buf));
20880 + if (n > sizeof(buf)) {
20881 + printf("`%s' satoa failed: need %ld\n",
20882 + r->input, (long)n);
20884 + } else if (strcmp(r->output, buf) != 0) {
20885 + printf("`%s' gave `%s', expected `%s'\n",
20886 + r->input, buf, r->output);
20894 +#endif /* ATOSA_MAIN */
20895 diff -druN linux-noipsec/net/ipsec/libfreeswan/atosubnet.c linux/net/ipsec/libfreeswan/atosubnet.c
20896 --- linux-noipsec/net/ipsec/libfreeswan/atosubnet.c Thu Jan 1 01:00:00 1970
20897 +++ linux/net/ipsec/libfreeswan/atosubnet.c Wed Feb 16 19:59:08 2000
20900 + * convert from ASCII form of subnet specification to binary
20901 + * Copyright (C) 1998, 1999 Henry Spencer.
20903 + * This library is free software; you can redistribute it and/or modify it
20904 + * under the terms of the GNU Library General Public License as published by
20905 + * the Free Software Foundation; either version 2 of the License, or (at your
20906 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
20908 + * This library is distributed in the hope that it will be useful, but
20909 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20910 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
20911 + * License for more details.
20915 +#include "internal.h"
20916 +#include "freeswan.h"
20918 +#ifndef DEFAULTSUBNET
20919 +#define DEFAULTSUBNET "%default"
20923 + - atosubnet - convert ASCII "addr/mask" to address and mask
20924 + * Mask can be integer bit count.
20926 +const char * /* NULL for success, else string literal */
20927 +atosubnet(src, srclen, addrp, maskp)
20929 +size_t srclen; /* 0 means "apply strlen" */
20930 +struct in_addr *addrp;
20931 +struct in_addr *maskp;
20933 + const char *slash;
20934 + const char *mask;
20936 + const char *oops;
20937 + unsigned long bc;
20938 + static char def[] = DEFAULTSUBNET;
20939 +# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */
20940 + static char defis[] = "0/0";
20941 +# define DEFILEN (sizeof(defis) - 1)
20944 + srclen = strlen(src);
20946 + return "empty string";
20948 + if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) {
20950 + srclen = DEFILEN;
20953 + slash = memchr(src, '/', srclen);
20954 + if (slash == NULL)
20955 + return "no / in subnet specification";
20956 + mask = slash + 1;
20957 + mlen = srclen - (mask - src);
20959 + oops = atoaddr(src, slash-src, addrp);
20960 + if (oops != NULL)
20963 + oops = atoul(mask, mlen, 10, &bc);
20964 + if (oops == NULL) {
20965 + /* atoul succeeded, it's a bit-count mask */
20967 + return "bit-count mask too large";
20968 +#ifdef NOLEADINGZEROS
20969 + if (mlen > 1 && *mask == '0')
20970 + return "octal not allowed in mask";
20971 +#endif /* NOLEADINGZEROS */
20972 + *maskp = bitstomask((int)bc);
20974 + oops = atoaddr(mask, mlen, maskp);
20975 + if (oops != NULL)
20977 + if (!goodmask(*maskp))
20978 + return "non-contiguous mask";
20981 + addrp->s_addr &= maskp->s_addr;
20987 +#ifdef ATOSUBNET_MAIN
20989 +#include <stdio.h>
20998 + struct in_addr a;
20999 + struct in_addr m;
21001 + const char *oops;
21005 + fprintf(stderr, "Usage: %s {addr/mask|-r}\n", argv[0]);
21009 + if (strcmp(argv[1], "-r") == 0) {
21011 + fprintf(stderr, "regress() returned?!?\n");
21015 + oops = atosubnet(argv[1], 0, &a, &m);
21016 + if (oops != NULL) {
21017 + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
21020 + n = subnettoa(a, m, 0, buf, sizeof(buf));
21021 + if (n > sizeof(buf)) {
21022 + fprintf(stderr, "%s: reverse conversion of ", argv[0]);
21023 + fprintf(stderr, "%s/", inet_ntoa(a));
21024 + fprintf(stderr, "%s", inet_ntoa(m));
21025 + fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
21026 + (long)n, (long)sizeof(buf));
21029 + printf("%s\n", buf);
21036 + char *output; /* NULL means error expected */
21038 + "1.2.3.0/255.255.255.0", "1.2.3.0/24",
21039 + "1.2.3.0/24", "1.2.3.0/24",
21040 + "1.2.3.1/255.255.255.240", "1.2.3.0/28",
21041 + "1.2.3.1/32", "1.2.3.1/32",
21042 + "1.2.3.1/0", "0.0.0.0/0",
21043 +/* "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0", */
21044 + "1.2.3.1/255.255.127.0", NULL,
21045 + "128.009.000.032/32", "128.9.0.32/32",
21046 + "128.0x9.0.32/32", NULL,
21047 + "0x80090020/32", "128.9.0.32/32",
21048 + "0x800x0020/32", NULL,
21049 + "128.9.0.32/0xffFF0000", "128.9.0.0/16",
21050 + "128.9.0.32/0xff0000FF", NULL,
21051 + "128.9.0.32/0x0000ffFF", NULL,
21052 + "128.9.0.32/0x00ffFF0000", NULL,
21053 + "128.9.0.32/0xffFF", NULL,
21054 + "128.9.0.32.27/32", NULL,
21055 + "128.9.0k32/32", NULL,
21056 + "328.9.0.32/32", NULL,
21057 + "128.9..32/32", NULL,
21058 + "10/8", "10.0.0.0/8",
21059 + "10.0/8", "10.0.0.0/8",
21060 + "10.0.0/8", "10.0.0.0/8",
21061 + "10.0.1/24", "10.0.1.0/24",
21065 + "1.2.3.1/_", NULL,
21066 + "1.2.3.1/24._", NULL,
21067 + "1.2.3.1/99", NULL,
21068 + "localhost./32", "127.0.0.1/32",
21069 + "%default", "0.0.0.0/0",
21078 + struct in_addr a;
21079 + struct in_addr m;
21082 + const char *oops;
21085 + for (r = rtab; r->input != NULL; r++) {
21086 + strcpy(in, r->input);
21087 + oops = atosubnet(in, 0, &a, &m);
21088 + if (oops != NULL && r->output == NULL)
21089 + {} /* okay, error expected */
21090 + else if (oops != NULL) {
21091 + printf("`%s' atosubnet failed: %s\n", r->input, oops);
21093 + } else if (r->output == NULL) {
21094 + printf("`%s' atosubnet succeeded unexpectedly\n",
21098 + n = subnettoa(a, m, 0, buf, sizeof(buf));
21099 + if (n > sizeof(buf)) {
21100 + printf("`%s' subnettoa failed: need %ld\n",
21101 + r->input, (long)n);
21103 + } else if (strcmp(r->output, buf) != 0) {
21104 + printf("`%s' gave `%s', expected `%s'\n",
21105 + r->input, buf, r->output);
21113 +#endif /* ATOSUBNET_MAIN */
21114 diff -druN linux-noipsec/net/ipsec/libfreeswan/atoul.c linux/net/ipsec/libfreeswan/atoul.c
21115 --- linux-noipsec/net/ipsec/libfreeswan/atoul.c Thu Jan 1 01:00:00 1970
21116 +++ linux/net/ipsec/libfreeswan/atoul.c Tue Dec 7 06:00:52 1999
21119 + * convert from ASCII form of unsigned long to binary
21120 + * Copyright (C) 1998, 1999 Henry Spencer.
21122 + * This library is free software; you can redistribute it and/or modify it
21123 + * under the terms of the GNU Library General Public License as published by
21124 + * the Free Software Foundation; either version 2 of the License, or (at your
21125 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
21127 + * This library is distributed in the hope that it will be useful, but
21128 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21129 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
21130 + * License for more details.
21134 +#include "internal.h"
21135 +#include "freeswan.h"
21138 + - atoul - convert ASCII substring to unsigned long number
21140 +const char * /* NULL for success, else string literal */
21141 +atoul(src, srclen, base, resultp)
21143 +size_t srclen; /* 0 means strlen(src) */
21144 +int base; /* 0 means figure it out */
21145 +unsigned long *resultp;
21147 + const char *stop;
21148 + static char hex[] = "0123456789abcdef";
21149 + static char uchex[] = "0123456789ABCDEF";
21154 + unsigned long rlimit;
21158 + srclen = strlen(src);
21160 + return "empty string";
21162 + if (base == 0 || base == 13) {
21163 + if (srclen > 2 && *src == '0' && CIEQ(*(src+1), 'x'))
21164 + return atoul(src+2, srclen-2, 16, resultp);
21165 + if (srclen > 1 && *src == '0' && base != 13)
21166 + return atoul(src+1, srclen-1, 8, resultp);
21167 + return atoul(src, srclen, 10, resultp);
21169 + if (base != 8 && base != 10 && base != 16)
21170 + return "unsupported number base";
21173 + stop = src + srclen;
21174 + if (base == 16) {
21175 + while (src < stop) {
21177 + p = strchr(hex, c);
21181 + p = strchr(uchex, c);
21183 + return "non-hex-digit in hex number";
21186 + r = (r << 4) | d;
21188 + /* defer length check to catch invalid digits first */
21189 + if (srclen > sizeof(unsigned long) * 2)
21190 + return "hex number too long";
21192 + rlimit = ULONG_MAX / base;
21193 + dlimit = (int)(ULONG_MAX - rlimit*base);
21194 + while (src < stop) {
21197 + if (d < 0 || d >= base)
21198 + return "non-digit in number";
21199 + if (r > rlimit || (r == rlimit && d > dlimit))
21200 + return "unsigned-long overflow";
21208 diff -druN linux-noipsec/net/ipsec/libfreeswan/datatot.c linux/net/ipsec/libfreeswan/datatot.c
21209 --- linux-noipsec/net/ipsec/libfreeswan/datatot.c Thu Jan 1 01:00:00 1970
21210 +++ linux/net/ipsec/libfreeswan/datatot.c Fri Aug 18 17:09:07 2000
21213 + * convert from binary data (e.g. key) to text form
21214 + * Copyright (C) 2000 Henry Spencer.
21216 + * This library is free software; you can redistribute it and/or modify it
21217 + * under the terms of the GNU Library General Public License as published by
21218 + * the Free Software Foundation; either version 2 of the License, or (at your
21219 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
21221 + * This library is distributed in the hope that it will be useful, but
21222 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21223 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
21224 + * License for more details.
21228 +#include "internal.h"
21229 +#include "freeswan.h"
21231 +static void convert(const char *src, size_t nreal, int format, char *out);
21234 + - datatot - convert data bytes to text
21236 +size_t /* true length (with NUL) for success */
21237 +datatot(src, srclen, format, dst, dstlen)
21240 +int format; /* character indicating what format */
21241 +char *dst; /* need not be valid if dstlen is 0 */
21244 + size_t inblocksize; /* process this many bytes at a time */
21245 + size_t outblocksize; /* producing this many */
21246 + size_t breakevery; /* add a _ every this many (0 means don't) */
21247 + size_t sincebreak; /* output bytes since last _ */
21248 + char inblock[10]; /* enough for any format */
21249 + char outblock[10]; /* enough for any format */
21250 + char fake[1]; /* fake output area for dstlen == 0 */
21251 + size_t needed; /* return value */
21252 + char *stop; /* where the terminating NUL will go */
21253 + size_t ntodo; /* remaining input */
21259 + switch (format) {
21264 + /* FALLTHROUGH */
21267 + outblocksize = 2;
21272 + outblocksize = 2;
21278 + outblocksize = 4;
21281 + case 64: /* beware, equals ' ' */
21283 + outblocksize = 4;
21291 + assert(inblocksize < sizeof(inblock));
21292 + assert(outblocksize < sizeof(outblock));
21293 + assert(breakevery % outblocksize == 0);
21299 + if (dstlen == 0) { /* dispose of awkward special case */
21303 + stop = dst + dstlen - 1;
21305 + nreal = strlen(prefix);
21306 + needed = nreal; /* for starters */
21307 + if (dstlen <= nreal) { /* prefix won't fit */
21308 + strncpy(dst, prefix, dstlen - 1);
21309 + dst += dstlen - 1;
21311 + strcpy(dst, prefix);
21314 + assert(dst <= stop);
21317 + while (ntodo > 0) {
21318 + if (ntodo < inblocksize) { /* incomplete input */
21319 + memset(inblock, 0, sizeof(inblock));
21320 + memcpy(inblock, src, ntodo);
21323 + ntodo = inblocksize;
21325 + nreal = inblocksize;
21326 + out = (outblocksize > stop - dst) ? outblock : dst;
21328 + convert(src, nreal, format, out);
21329 + needed += outblocksize;
21330 + sincebreak += outblocksize;
21331 + if (dst < stop) {
21332 + if (out != dst) {
21333 + assert(outblocksize > stop - dst);
21334 + memcpy(dst, out, stop - dst);
21337 + dst += outblocksize;
21340 + src += inblocksize;
21341 + ntodo -= inblocksize;
21342 + if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) {
21350 + assert(dst <= stop);
21358 + - convert - convert one input block to one output block
21361 +convert(src, nreal, format, out)
21363 +size_t nreal; /* how much of the input block is real */
21367 + static char hex[] = "0123456789abcdef";
21368 + static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
21369 + "abcdefghijklmnopqrstuvwxyz"
21372 + unsigned char c1, c2, c3;
21374 + assert(nreal > 0);
21375 + switch (format) {
21377 + assert(nreal == 1);
21378 + c = (unsigned char)*src;
21379 + *out++ = hex[c >> 4];
21380 + *out++ = hex[c & 0xf];
21383 + c1 = (unsigned char)*src++;
21384 + c2 = (unsigned char)*src++;
21385 + c3 = (unsigned char)*src++;
21386 + *out++ = base64[c1 >> 2]; /* top 6 bits of c1 */
21387 + c = (c1 & 0x3) << 4; /* bottom 2 of c1... */
21388 + c |= c2 >> 4; /* ...top 4 of c2 */
21389 + *out++ = base64[c];
21393 + c = (c2 & 0xf) << 2; /* bottom 4 of c2... */
21394 + c |= c3 >> 6; /* ...top 2 of c3 */
21395 + *out++ = base64[c];
21400 + *out++ = base64[c3 & 0x3f]; /* bottom 6 of c3 */
21403 + assert(nreal == 0); /* unknown format */
21409 + - datatoa - convert data to ASCII
21410 + * backward-compatibility synonym for datatot
21412 +size_t /* true length (with NUL) for success */
21413 +datatoa(src, srclen, format, dst, dstlen)
21416 +int format; /* character indicating what format */
21417 +char *dst; /* need not be valid if dstlen is 0 */
21420 + return datatot(src, srclen, format, dst, dstlen);
21424 + - bytestoa - convert data bytes to ASCII
21425 + * backward-compatibility synonym for datatot
21427 +size_t /* true length (with NUL) for success */
21428 +bytestoa(src, srclen, format, dst, dstlen)
21431 +int format; /* character indicating what format */
21432 +char *dst; /* need not be valid if dstlen is 0 */
21435 + return datatot(src, srclen, format, dst, dstlen);
21437 diff -druN linux-noipsec/net/ipsec/libfreeswan/freeswan.h linux/net/ipsec/libfreeswan/freeswan.h
21438 --- linux-noipsec/net/ipsec/libfreeswan/freeswan.h Thu Jan 1 01:00:00 1970
21439 +++ linux/net/ipsec/libfreeswan/freeswan.h Mon Nov 6 05:37:12 2000
21441 +#ifndef _FREESWAN_H
21443 + * header file for FreeS/WAN library functions
21444 + * Copyright (C) 1998, 1999, 2000 Henry Spencer.
21446 + * This library is free software; you can redistribute it and/or modify it
21447 + * under the terms of the GNU Library General Public License as published by
21448 + * the Free Software Foundation; either version 2 of the License, or (at your
21449 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
21451 + * This library is distributed in the hope that it will be useful, but
21452 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21453 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
21454 + * License for more details.
21458 +#define _FREESWAN_H /* seen it, no need to see it again */
21463 + * First, assorted kernel-version-dependent trickery.
21465 +#include <linux/version.h>
21466 +#ifndef KERNEL_VERSION
21467 +#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
21470 +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0)
21471 +#define HEADER_CACHE_BIND_21
21474 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
21476 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
21477 +# define SPINLOCK_23
21481 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,25)
21482 +#define PROC_FS_2325
21484 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
21485 +# define PROC_FS_21
21489 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
21493 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
21494 +#define NETLINK_SOCK
21498 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,30)
21499 +#define PROC_NO_DUMMY
21502 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,35)
21503 +#define SKB_COPY_EXPAND
21506 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,37)
21507 +#define IP_SELECT_IDENT
21510 +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,50)) && defined(CONFIG_NETFILTER)
21511 +#define SKB_RESET_NFCT
21514 +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,19)
21515 +#define net_device_stats enet_statistics
21521 + * We've just got to have some datatypes defined... And annoyingly, just
21522 + * where we get them depends on whether we're in userland or not.
21526 +# include <linux/types.h>
21527 +# include <linux/in.h>
21530 +# include <linux/in6.h>
21532 + /* old kernel in.h has some IPv6 stuff, but not quite enough */
21533 +# define s6_addr16 s6_addr
21534 +# define AF_INET6 10
21535 +# define uint8_t __u8
21536 +# define uint16_t __u16
21537 +# define uint32_t __u32
21538 +# define uint64_t __u64
21542 +# include <linux/bios32.h>
21543 + /* simulate spin locks and read/write locks */
21545 + volatile char lock;
21549 + volatile unsigned int lock;
21552 +# define spin_lock_init(x) { (x)->lock = 0;}
21553 +# define rw_lock_init(x) { (x)->lock = 0; }
21555 +# define spin_lock(x) { while ((x)->lock) barrier(); (x)->lock=1;}
21556 +# define spin_lock_irq(x) { cli(); spin_lock(x);}
21557 +# define spin_lock_irqsave(x,flags) { save_flags(flags); spin_lock_irq(x);}
21559 +# define spin_unlock(x) { (x)->lock=0;}
21560 +# define spin_unlock_irq(x) { spin_unlock(x); sti();}
21561 +# define spin_unlock_irqrestore(x,flags) { spin_unlock(x); restore_flags(flags);}
21563 +# define read_lock(x) spin_lock(x)
21564 +# define read_lock_irq(x) spin_lock_irq(x)
21565 +# define read_lock_irqsave(x,flags) spin_lock_irqsave(x,flags)
21567 +# define read_unlock(x) spin_unlock(x)
21568 +# define read_unlock_irq(x) spin_unlock_irq(x)
21569 +# define read_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags)
21571 +# define write_lock(x) spin_lock(x)
21572 +# define write_lock_irq(x) spin_lock_irq(x)
21573 +# define write_lock_irqsave(x,flags) spin_lock_irqsave(x,flags)
21575 +# define write_unlock(x) spin_unlock(x)
21576 +# define write_unlock_irq(x) spin_unlock_irq(x)
21577 +# define write_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags)
21578 +# endif /* !SPINLOCK */
21580 +# ifndef SPINLOCK_23
21581 +# define spin_lock_bh(x) spin_lock_irq(x)
21582 +# define spin_unlock_bh(x) spin_unlock_irq(x)
21584 +# define read_lock_bh(x) read_lock_irq(x)
21585 +# define read_unlock_bh(x) read_unlock_irq(x)
21587 +# define write_lock_bh(x) write_lock_irq(x)
21588 +# define write_unlock_bh(x) write_unlock_irq(x)
21589 +# endif /* !SPINLOCK_23 */
21591 +#ifndef IPPROTO_COMP
21592 +#define IPPROTO_COMP 108
21593 +#endif /* !IPPROTO_COMP */
21595 +#ifdef CONFIG_IPSEC_DEBUG
21596 +#define DEBUG_NO_STATIC
21597 +#else /* CONFIG_IPSEC_DEBUG */
21598 +#define DEBUG_NO_STATIC static
21599 +#endif /* CONFIG_IPSEC_DEBUG */
21601 +#else /* __KERNEL__ */
21603 +# include <stdio.h>
21604 +# include <netinet/in.h>
21606 +# define uint8_t u_int8_t
21607 +# define uint16_t u_int16_t
21608 +# define uint32_t u_int32_t
21609 +# define uint64_t u_int64_t
21611 +#define DEBUG_NO_STATIC static
21613 +#endif /* __KERNEL__ */
21618 + * Basic data types for the address-handling functions.
21619 + * ip_address and ip_subnet are supposed to be opaque types; do not
21620 + * use their definitions directly, they are subject to change!
21623 +/* first, some quick fakes in case we're on an old system with no IPv6 */
21624 +#ifndef __KERNEL__
21625 +#ifndef IN6ADDR_ANY_INIT
21627 + unsigned char s6_addr16[16];
21629 +struct sockaddr_in6 {
21630 + unsigned short sin6_family;
21631 + unsigned short sin6_port;
21632 + unsigned long sin6_flowinfo;
21634 + unsigned char s6_addr16[16];
21637 +#endif /* !IN6ADDR_ANY_INIT */
21638 +#endif /* !__KERNEL__ */
21640 +/* then the main types */
21643 + struct sockaddr_in v4;
21644 + struct sockaddr_in6 v6;
21652 +/* and the SA ID stuff */
21654 +typedef __u32 ipsec_spi_t;
21656 +typedef u_int32_t ipsec_spi_t;
21658 +typedef struct { /* to identify an SA, we need: */
21659 + ip_address dst; /* A. destination host */
21660 + ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
21661 + int proto; /* C. protocol */
21662 +# define SA_ESP 50 /* IPPROTO_ESP */
21663 +# define SA_AH 51 /* IPPROTO_AH */
21664 +# define SA_IPIP 4 /* IPPROTO_IPIP */
21665 +# define SA_COMP 108 /* IPPROTO_COMP */
21667 +struct sa_id { /* old v4-only version */
21668 + struct in_addr dst;
21674 +typedef const char *err_t; /* error message, or NULL for success */
21679 + * new IPv6-compatible functions
21682 +/* text conversions */
21683 +err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
21684 +size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
21685 +#define ULTOT_BUF (22+1) /* holds 64 bits in octal */
21686 +err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
21687 +err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
21688 +size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
21689 +/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
21690 +#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
21691 +err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
21692 +size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
21693 +#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
21694 +err_t ttosa(const char *src, size_t srclen, ip_said *dst);
21695 +size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
21696 +#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
21697 +err_t ttodata(const char *src, size_t srclen, int base, char *buf,
21698 + size_t buflen, size_t *needed);
21699 +size_t datatot(const char *src, size_t srclen, int format, char *buf,
21702 +/* initializations */
21703 +void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
21704 +err_t loopbackaddr(int af, ip_address *dst);
21705 +err_t unspecaddr(int af, ip_address *dst);
21706 +err_t anyaddr(int af, ip_address *dst);
21707 +err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
21708 +err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
21710 +/* misc. conversions and related */
21711 +err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
21712 +int addrtypeof(const ip_address *src);
21713 +int subnettypeof(const ip_subnet *src);
21714 +size_t addrlenof(const ip_address *src);
21715 +size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
21716 +size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
21717 +int masktocount(const ip_address *src);
21718 +void networkof(const ip_subnet *src, ip_address *dst);
21719 +void maskof(const ip_subnet *src, ip_address *dst);
21722 +int sameaddr(const ip_address *a, const ip_address *b);
21723 +int addrcmp(const ip_address *a, const ip_address *b);
21724 +int samesubnet(const ip_subnet *a, const ip_subnet *b);
21725 +int addrinsubnet(const ip_address *a, const ip_subnet *s);
21726 +int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
21727 +int subnetishost(const ip_subnet *s);
21728 +int samesaid(const ip_said *a, const ip_said *b);
21729 +int sameaddrtype(const ip_address *a, const ip_address *b);
21730 +int samesubnettype(const ip_subnet *a, const ip_subnet *b);
21731 +int isanyaddr(const ip_address *src);
21732 +int isunspecaddr(const ip_address *src);
21733 +int isloopbackaddr(const ip_address *src);
21735 +/* low-level grot */
21736 +int portof(const ip_address *src);
21737 +void setportof(int port, ip_address *dst);
21738 +struct sockaddr *sockaddrof(ip_address *src);
21739 +size_t sockaddrlenof(const ip_address *src);
21744 + * old functions, to be deleted eventually
21747 +/* unsigned long */
21748 +const char * /* NULL for success, else string literal */
21751 + size_t srclen, /* 0 means strlen(src) */
21752 + int base, /* 0 means figure it out */
21753 + unsigned long *resultp
21755 +size_t /* space needed for full conversion */
21762 +#define ULTOA_BUF 21 /* just large enough for largest result, */
21763 + /* assuming 64-bit unsigned long! */
21765 +/* Internet addresses */
21766 +const char * /* NULL for success, else string literal */
21769 + size_t srclen, /* 0 means strlen(src) */
21770 + struct in_addr *addr
21772 +size_t /* space needed for full conversion */
21774 + struct in_addr addr,
21775 + int format, /* character; 0 means default */
21779 +#define ADDRTOA_BUF 16 /* just large enough for largest result */
21782 +const char * /* NULL for success, else string literal */
21785 + size_t srclen, /* 0 means strlen(src) */
21786 + struct in_addr *addr,
21787 + struct in_addr *mask
21789 +size_t /* space needed for full conversion */
21791 + struct in_addr addr,
21792 + struct in_addr mask,
21793 + int format, /* character; 0 means default */
21797 +#define SUBNETTOA_BUF 32 /* large enough for worst case result */
21800 +const char * /* NULL for success, else string literal */
21803 + size_t srclen, /* 0 means strlen(src) */
21804 + char *type, /* 'a', 's', 'r' */
21805 + struct in_addr *addrs /* two-element array */
21807 +size_t /* space needed for full conversion */
21809 + struct in_addr *addrs, /* two-element array */
21810 + int format, /* character; 0 means default */
21814 +#define RANGETOA_BUF 34 /* large enough for worst case result */
21816 +/* data types for SA conversion functions */
21819 +const char * /* NULL for success, else string literal */
21822 + size_t srclen, /* 0 means strlen(src) */
21825 +size_t /* space needed for full conversion */
21828 + int format, /* character; 0 means default */
21832 +#define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF)
21834 +/* generic data, e.g. keys */
21835 +const char * /* NULL for success, else string literal */
21838 + size_t srclen, /* 0 means strlen(src) */
21841 + size_t *lenp /* NULL means don't bother telling me */
21843 +size_t /* 0 failure, else true size */
21847 + int format, /* character; 0 means default */
21852 +/* old versions of generic-data functions; deprecated */
21853 +size_t /* 0 failure, else true size */
21856 + size_t srclen, /* 0 means strlen(src) */
21860 +size_t /* 0 failure, else true size */
21864 + int format, /* character; 0 means default */
21869 +/* part extraction and special addresses */
21872 + struct in_addr addr,
21873 + struct in_addr mask
21877 + struct in_addr addr,
21878 + struct in_addr mask
21882 + struct in_addr addr,
21883 + struct in_addr mask
21886 +/* mask handling */
21889 + struct in_addr mask
21893 + struct in_addr mask
21903 + * general utilities
21906 +#ifndef __KERNEL__
21907 +/* option pickup from files (userland only because of use of FILE) */
21908 +const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
21909 + int optind, FILE *errorreport);
21914 +#endif /* _FREESWAN_H */
21915 diff -druN linux-noipsec/net/ipsec/libfreeswan/goodmask.c linux/net/ipsec/libfreeswan/goodmask.c
21916 --- linux-noipsec/net/ipsec/libfreeswan/goodmask.c Thu Jan 1 01:00:00 1970
21917 +++ linux/net/ipsec/libfreeswan/goodmask.c Wed Feb 16 19:54:24 2000
21920 + * minor utilities for subnet-mask manipulation
21921 + * Copyright (C) 1998, 1999 Henry Spencer.
21923 + * This library is free software; you can redistribute it and/or modify it
21924 + * under the terms of the GNU Library General Public License as published by
21925 + * the Free Software Foundation; either version 2 of the License, or (at your
21926 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
21928 + * This library is distributed in the hope that it will be useful, but
21929 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21930 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
21931 + * License for more details.
21935 +#include "internal.h"
21936 +#include "freeswan.h"
21939 + - goodmask - is this a good (^1*0*$) subnet mask?
21940 + * You are not expected to understand this. See Henry S. Warren Jr,
21941 + * "Functions realizable with word-parallel logical and two's-complement
21942 + * addition instructions", CACM 20.6 (June 1977), p.439.
21944 +int /* predicate */
21946 +struct in_addr mask;
21948 + unsigned long x = ntohl(mask.s_addr);
21949 + /* clear rightmost contiguous string of 1-bits */
21950 +# define CRCS1B(x) (((x|(x-1))+1)&x)
21951 +# define TOPBIT (1UL << 31)
21953 + /* either zero, or has one string of 1-bits which is left-justified */
21954 + if (x == 0 || (CRCS1B(x) == 0 && (x&TOPBIT)))
21960 + - masktobits - how many bits in this mask?
21961 + * The algorithm is essentially a binary search, but highly optimized
21962 + * for this particular task.
21964 +int /* -1 means !goodmask() */
21966 +struct in_addr mask;
21968 + unsigned long m = ntohl(mask.s_addr);
21971 + if (!goodmask(mask))
21974 + if (m&0x00000001UL)
21977 + if (m&(0x0000ffffUL<<1)) { /* <<1 for 1-origin numbering */
21981 + if (m&(0x00ff0000UL<<1)) {
21985 + if (m&(0x0f000000UL<<1)) {
21989 + if (m&(0x30000000UL<<1)) {
21993 + if (m&(0x40000000UL<<1))
22000 + - bitstomask - return a mask with this many high bits on
22006 + struct in_addr result;
22008 + if (n > 0 && n <= ABITS)
22009 + result.s_addr = htonl(~((1UL << (ABITS - n)) - 1));
22011 + result.s_addr = 0;
22013 + result.s_addr = 0; /* best error report we can do */
22016 diff -druN linux-noipsec/net/ipsec/libfreeswan/initaddr.c linux/net/ipsec/libfreeswan/initaddr.c
22017 --- linux-noipsec/net/ipsec/libfreeswan/initaddr.c Thu Jan 1 01:00:00 1970
22018 +++ linux/net/ipsec/libfreeswan/initaddr.c Fri Aug 25 16:40:05 2000
22021 + * initialize address structure
22022 + * Copyright (C) 2000 Henry Spencer.
22024 + * This library is free software; you can redistribute it and/or modify it
22025 + * under the terms of the GNU Library General Public License as published by
22026 + * the Free Software Foundation; either version 2 of the License, or (at your
22027 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
22029 + * This library is distributed in the hope that it will be useful, but
22030 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22031 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
22032 + * License for more details.
22036 +#include "internal.h"
22037 +#include "freeswan.h"
22040 + - initaddr - initialize ip_address from bytes
22042 +err_t /* NULL for success, else string literal */
22043 +initaddr(src, srclen, af, dst)
22044 +const unsigned char *src;
22046 +int af; /* address family */
22052 + return "IPv4 address must be exactly 4 bytes";
22053 + dst->u.v4.sin_family = af;
22054 + dst->u.v4.sin_port = 0; /* unused */
22055 + memcpy((char *)&dst->u.v4.sin_addr.s_addr, src, srclen);
22058 + if (srclen != 16)
22059 + return "IPv6 address must be exactly 16 bytes";
22060 + dst->u.v6.sin6_family = af;
22061 + dst->u.v6.sin6_flowinfo = 0; /* unused */
22062 + dst->u.v6.sin6_port = 0; /* unused */
22063 + memcpy((char *)&dst->u.v6.sin6_addr, src, srclen);
22066 + return "unknown address family in initaddr";
22071 diff -druN linux-noipsec/net/ipsec/libfreeswan/initsaid.c linux/net/ipsec/libfreeswan/initsaid.c
22072 --- linux-noipsec/net/ipsec/libfreeswan/initsaid.c Thu Jan 1 01:00:00 1970
22073 +++ linux/net/ipsec/libfreeswan/initsaid.c Fri Sep 8 20:03:45 2000
22076 + * initialize SA ID structure
22077 + * Copyright (C) 2000 Henry Spencer.
22079 + * This library is free software; you can redistribute it and/or modify it
22080 + * under the terms of the GNU Library General Public License as published by
22081 + * the Free Software Foundation; either version 2 of the License, or (at your
22082 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
22084 + * This library is distributed in the hope that it will be useful, but
22085 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22086 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
22087 + * License for more details.
22091 +#include "internal.h"
22092 +#include "freeswan.h"
22095 + - initsaid - initialize SA ID from bits
22098 +initsaid(addr, spi, proto, dst)
22099 +const ip_address *addr;
22104 + dst->dst = *addr;
22106 + dst->proto = proto;
22108 diff -druN linux-noipsec/net/ipsec/libfreeswan/initsubnet.c linux/net/ipsec/libfreeswan/initsubnet.c
22109 --- linux-noipsec/net/ipsec/libfreeswan/initsubnet.c Thu Jan 1 01:00:00 1970
22110 +++ linux/net/ipsec/libfreeswan/initsubnet.c Fri Sep 8 20:03:45 2000
22113 + * initialize subnet structure
22114 + * Copyright (C) 2000 Henry Spencer.
22116 + * This library is free software; you can redistribute it and/or modify it
22117 + * under the terms of the GNU Library General Public License as published by
22118 + * the Free Software Foundation; either version 2 of the License, or (at your
22119 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
22121 + * This library is distributed in the hope that it will be useful, but
22122 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22123 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
22124 + * License for more details.
22128 +#include "internal.h"
22129 +#include "freeswan.h"
22132 + - initsubnet - initialize ip_subnet from address and count
22134 + * The only hard part is checking for host-part bits turned on.
22136 +err_t /* NULL for success, else string literal */
22137 +initsubnet(addr, count, clash, dst)
22138 +const ip_address *addr;
22140 +int clash; /* '0' zero host-part bits, 'x' die on them */
22143 + unsigned char *p;
22149 + dst->addr = *addr;
22150 + n = addrbytesptr(&dst->addr, (const unsigned char **)&p);
22152 + return "unknown address family";
22162 + return "unknown clash-control value in initsubnet";
22168 + return "impossible mask count";
22174 + if (n > 0 && c != 0) /* partial byte */
22176 + for (; n > 0; n--) {
22177 + if ((*p & m) != 0) {
22179 + return "improper subnet, host-part bits on";
22186 + dst->maskbits = count;
22189 diff -druN linux-noipsec/net/ipsec/libfreeswan/internal.h linux/net/ipsec/libfreeswan/internal.h
22190 --- linux-noipsec/net/ipsec/libfreeswan/internal.h Thu Jan 1 01:00:00 1970
22191 +++ linux/net/ipsec/libfreeswan/internal.h Tue Aug 8 04:34:15 2000
22194 + * internal definitions for use within the library; do not export!
22195 + * Copyright (C) 1998, 1999 Henry Spencer.
22197 + * This library is free software; you can redistribute it and/or modify it
22198 + * under the terms of the GNU Library General Public License as published by
22199 + * the Free Software Foundation; either version 2 of the License, or (at your
22200 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
22202 + * This library is distributed in the hope that it will be useful, but
22203 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22204 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
22205 + * License for more details.
22211 +#define ABITS 32 /* bits in an IPv4 address */
22214 +/* case-independent ASCII character equality comparison */
22215 +#define CIEQ(c1, c2) ( ((c1)&~040) == ((c2)&~040) )
22217 +/* syntax for passthrough SA */
22218 +#ifndef PASSTHROUGHNAME
22219 +#define PASSTHROUGHNAME "%passthrough"
22220 +#define PASSTHROUGH4NAME "%passthrough4"
22221 +#define PASSTHROUGH6NAME "%passthrough6"
22222 +#define PASSTHROUGHIS "tun0@0.0.0.0"
22223 +#define PASSTHROUGH4IS "tun0@0.0.0.0"
22224 +#define PASSTHROUGH6IS "tun0@::"
22225 +#define PASSTHROUGHTYPE "tun"
22226 +#define PASSTHROUGHSPI 0
22227 +#define PASSTHROUGHDST 0
22231 + * Headers, greatly complicated by stupid and unnecessary inconsistencies
22232 + * between the user environment and the kernel environment. These are done
22233 + * here so that this mess need exist in only one place.
22235 + * It may seem like a -I or two could avoid most of this, but on closer
22236 + * inspection it is not quite that easy.
22239 +/* things that need to come from one place or the other, depending */
22241 +#include <linux/types.h>
22242 +#include <linux/socket.h>
22243 +#include <linux/in.h>
22244 +#include <linux/string.h>
22245 +#include <linux/ctype.h>
22246 +#define assert(foo) /* nothing */
22248 +#include <sys/types.h>
22249 +#include <netinet/in.h>
22250 +#include <string.h>
22251 +#include <ctype.h>
22252 +#include <assert.h>
22255 +/* things that exist only in userland */
22256 +#ifndef __KERNEL__
22258 +/* You'd think this would be okay in the kernel too -- it's just a */
22259 +/* bunch of constants -- but no, in RH5.1 it screws up other things. */
22260 +/* (Credit: Mike Warfield tracked this problem down. Thanks Mike!) */
22261 +/* Fortunately, we don't need it in the kernel subset of the library. */
22262 +#include <limits.h>
22264 +/* header files for things that should never be called in kernel */
22265 +#include <netdb.h>
22267 +/* memory allocation, currently user-only, macro-ized just in case */
22268 +#include <stdlib.h>
22269 +#define MALLOC(n) malloc(n)
22270 +#define FREE(p) free(p)
22272 +#endif /* __KERNEL__ */
22274 diff -druN linux-noipsec/net/ipsec/libfreeswan/optionsfrom.c linux/net/ipsec/libfreeswan/optionsfrom.c
22275 --- linux-noipsec/net/ipsec/libfreeswan/optionsfrom.c Thu Jan 1 01:00:00 1970
22276 +++ linux/net/ipsec/libfreeswan/optionsfrom.c Sun Apr 11 01:24:21 1999
22279 + * pick up more options from a file, in the middle of an option scan
22280 + * Copyright (C) 1998, 1999 Henry Spencer.
22282 + * This library is free software; you can redistribute it and/or modify it
22283 + * under the terms of the GNU Library General Public License as published by
22284 + * the Free Software Foundation; either version 2 of the License, or (at your
22285 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
22287 + * This library is distributed in the hope that it will be useful, but
22288 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22289 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
22290 + * License for more details.
22294 +#include "internal.h"
22295 +#include "freeswan.h"
22297 +#include <stdio.h>
22299 +#define MAX 100 /* loop-detection limit */
22301 +/* internal work area */
22303 +# define LOTS 1024
22309 +static const char *dowork(const char *, int *, char ***, int);
22310 +static const char *getanarg(FILE *, struct work *, char **);
22311 +static char *getline(FILE *, char *, size_t);
22314 + - optionsfrom - add some options, taken from a file, to argc/argv
22315 + * If errsto is non-NULL, does not return in event of error.
22317 +const char * /* NULL for success, else string literal */
22318 +optionsfrom(filename, argcp, argvp, optind, errsto)
22319 +const char *filename;
22320 +int *argcp; /* pointer to argc */
22321 +char ***argvp; /* pointer to argv */
22322 +int optind; /* current optind, number of next argument */
22323 +FILE *errsto; /* where to report errors (NULL means return) */
22326 + static int nuses = 0;
22328 + if (errsto != NULL) {
22330 + if (nuses >= MAX) {
22332 + "%s: optionsfrom called %d times, looping?\n",
22333 + (*argvp)[0], nuses);
22339 + e = dowork(filename, argcp, argvp, optind);
22340 + if (e != NULL && errsto != NULL) {
22341 + fprintf(errsto, "%s: optionsfrom failed: %s\n", (*argvp)[0], e);
22348 + - dowork - do all the real work of optionsfrom
22349 + * Does not alter the existing arguments, but does relocate and alter
22350 + * the argv pointer vector.
22352 +static const char * /* NULL for success, else string literal */
22353 +dowork(filename, argcp, argvp, optind)
22354 +const char *filename;
22355 +int *argcp; /* pointer to argc */
22356 +char ***argvp; /* pointer to argv */
22357 +int optind; /* current optind, number of next argument */
22362 + int next; /* place for next argument */
22363 + int room; /* how many more new arguments we can hold */
22364 +# define SOME 10 /* first guess at how many we'll need */
22368 + struct work wa; /* for getanarg() */
22370 + f = fopen(filename, "r");
22372 + return "unable to open file";
22374 + newargc = *argcp + SOME;
22375 + newargv = malloc((newargc+1) * sizeof(char *));
22376 + if (newargv == NULL)
22377 + return "unable to allocate memory";
22378 + memcpy(newargv, *argvp, optind * sizeof(char *));
22382 + newargv[next] = NULL;
22383 + wa.pending = NULL;
22384 + while ((p = getanarg(f, &wa, &newargv[next])) == NULL) {
22387 + tmp = realloc(newargv, (newargc+1) * sizeof(char *));
22388 + if (tmp == NULL) {
22389 + p = "out of space for new argv";
22390 + break; /* NOTE BREAK OUT */
22398 + if (p != NULL && !feof(f)) { /* error of some kind */
22399 + for (i = optind+1; i <= next; i++)
22400 + if (newargv[i] != NULL)
22401 + free(newargv[i]);
22408 + memcpy(newargv + next, *argvp + optind,
22409 + (*argcp+1-optind) * sizeof(char *));
22410 + *argcp += next - optind;
22411 + *argvp = newargv;
22416 + - getanarg - get a malloced argument from the file
22418 +static const char * /* NULL for success, else string literal */
22419 +getanarg(f, w, linep)
22422 +char **linep; /* where to store pointer if successful */
22428 + while (w->pending == NULL) { /* no pending line */
22429 + if ((w->line = getline(f, w->buf, sizeof(w->buf))) == NULL)
22430 + return "error in line read"; /* caller checks EOF */
22431 + if (w->line[0] != '#' &&
22432 + *(w->line + strspn(w->line, " \t")) != '\0')
22433 + w->pending = w->line;
22436 + if (w->pending == w->line && w->line[0] != '-') {
22437 + /* fresh plain line */
22438 + w->pending = NULL;
22440 + endp = p + strlen(p);
22441 + if (*p == '"' && endp > p+1 && *(endp-1) == '"') {
22446 + if (w->line == w->buf) {
22447 + *linep = malloc(endp - p + 1);
22448 + if (*linep == NULL)
22449 + return "out of memory for new line";
22450 + strcpy(*linep, p);
22451 + } else /* getline already malloced it */
22456 + /* chip off a piece of a pending line */
22458 + p += strspn(p, " \t");
22459 + endp = p + strcspn(p, " \t");
22461 + if (*endp != '\0') {
22463 + endp += strspn(endp, " \t");
22465 + /* endp now points to next real character, or to line-end NUL */
22466 + *linep = malloc(len + 1);
22467 + if (*linep == NULL) {
22468 + if (w->line != w->buf)
22470 + return "out of memory for new argument";
22472 + strcpy(*linep, p);
22473 + if (*endp == '\0') {
22474 + w->pending = NULL;
22475 + if (w->line != w->buf)
22478 + w->pending = endp;
22483 + - getline - read a line from the file, trim newline off
22485 +static char * /* pointer to line, NULL for eof/error */
22486 +getline(f, buf, bufsize)
22488 +char *buf; /* buffer to use, if convenient */
22489 +size_t bufsize; /* size of buf */
22493 + if (fgets(buf, bufsize, f) == NULL)
22495 + len = strlen(buf);
22497 + if (len < bufsize-1 || buf[bufsize-1] == '\n') {
22499 + buf[len-1] = '\0';
22503 + /* oh crud, buffer overflow */
22504 + /* for now, to hell with it */
22512 +#include <getopt.h>
22514 +char usage[] = "Usage: tester [--foo] [--bar] [--optionsfrom file] arg ...";
22515 +struct option opts[] = {
22516 + "foo", 0, NULL, 'f',
22517 + "bar", 0, NULL, 'b',
22518 + "builtin", 0, NULL, 'B',
22519 + "optionsfrom", 1, NULL, '+',
22520 + "help", 0, NULL, 'h',
22521 + "version", 0, NULL, 'v',
22531 + extern char *optarg;
22532 + extern int optind;
22536 + FILE *errs = NULL;
22538 + while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
22546 + case '+': /* optionsfrom */
22547 + p = optionsfrom(optarg, &argc, &argv, optind, errs);
22549 + fprintf(stderr, "%s: optionsfrom error: %s\n",
22554 + case 'h': /* help */
22555 + printf("%s\n", usage);
22558 + case 'v': /* version */
22568 + fprintf(stderr, "%s\n", usage);
22572 + for (i = 1; i < argc; i++)
22573 + printf("%d: `%s'\n", i, argv[i]);
22579 diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey.h linux/net/ipsec/libfreeswan/pfkey.h
22580 --- linux-noipsec/net/ipsec/libfreeswan/pfkey.h Thu Jan 1 01:00:00 1970
22581 +++ linux/net/ipsec/libfreeswan/pfkey.h Tue Oct 10 22:10:19 2000
22584 + * FreeS/WAN specific PF_KEY headers
22585 + * Copyright (C) 1999 Richard Guy Briggs.
22587 + * This program is free software; you can redistribute it and/or modify it
22588 + * under the terms of the GNU General Public License as published by the
22589 + * Free Software Foundation; either version 2 of the License, or (at your
22590 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
22592 + * This program is distributed in the hope that it will be useful, but
22593 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22594 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22595 + * for more details.
22600 +#ifndef __NET_IPSEC_PF_KEY_H
22601 +#define __NET_IPSEC_PF_KEY_H
22603 +extern void pfkey_proto_init(struct net_proto *pro);
22604 +extern struct proto_ops pfkey_proto_ops;
22605 +typedef struct sock pfkey_sock;
22606 +extern int debug_pfkey;
22608 +extern /* void */ int pfkey_init(void);
22609 +extern /* void */ int pfkey_cleanup(void);
22611 +extern struct sock *pfkey_sock_list;
22612 +struct socket_list
22614 + struct socket *socketp;
22615 + struct socket_list *next;
22617 +extern int pfkey_list_insert_socket(struct socket*, struct socket_list**);
22618 +extern int pfkey_list_remove_socket(struct socket*, struct socket_list**);
22619 +extern struct socket_list *pfkey_open_sockets;
22620 +extern struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1];
22624 + uint16_t supported_alg_exttype;
22625 + uint8_t supported_alg_id;
22626 + uint8_t supported_alg_ivlen;
22627 + uint16_t supported_alg_minbits;
22628 + uint16_t supported_alg_maxbits;
22631 +extern struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
22632 +struct supported_list
22634 + struct supported *supportedp;
22635 + struct supported_list *next;
22637 +extern int pfkey_list_insert_supported(struct supported*, struct supported_list**);
22638 +extern int pfkey_list_remove_supported(struct supported*, struct supported_list**);
22640 +extern uint8_t sadb_satype2proto[];
22643 +#if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
22645 +struct sockaddr_key
22647 + uint16_t key_family; /* PF_KEY */
22648 + uint16_t key_pad; /* not used */
22649 + uint32_t key_pid; /* process ID */
22652 +#endif */ /* defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
22655 +struct pfkey_extracted_data
22658 + struct tdb* tdb2;
22659 + struct eroute *eroute;
22662 +extern int pfkey_upmsg(struct socket *, struct sadb_msg *);
22663 +extern int pfkey_expire(struct tdb *, int);
22664 +extern int pfkey_acquire(struct tdb *);
22665 +#endif /* __KERNEL__ */
22667 +extern uint8_t satype2proto(uint8_t satype);
22668 +extern uint8_t proto2satype(uint8_t proto);
22669 +extern char* proto2name(uint8_t proto);
22673 + uint32_t key_pid; /* process ID */
22677 +#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid
22679 +#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t))
22680 +#define BITS_PER_OCTET 8
22681 +#define OCTETBITS 8
22682 +#define PFKEYBITS 64
22683 +#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */
22684 +#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */
22686 +#define PFKEYv2_MAX_MSGSIZE 4096
22689 + * PF_KEYv2 permitted and required extensions in and out bitmaps
22692 +extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/];
22693 +#define EXT_BITS_IN 0
22694 +#define EXT_BITS_OUT 1
22695 +#define EXT_BITS_PERM 0
22696 +#define EXT_BITS_REQ 1
22698 +extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
22699 +extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
22700 +extern void pfkey_msg_free(struct sadb_msg **pfkey_msg);
22702 +extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg,
22703 + int (*ext_parsers[])(struct sadb_ext* ),
22704 + struct sadb_ext **extensions,
22708 + * PF_KEYv2 build function prototypes
22712 +pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext,
22713 + uint8_t msg_type,
22715 + uint8_t msg_errno,
22720 +pfkey_sa_build(struct sadb_ext ** pfkey_ext,
22721 + uint16_t exttype,
22722 + uint32_t spi, /* in network order */
22723 + uint8_t replay_window,
22724 + uint8_t sa_state,
22730 +pfkey_lifetime_build(struct sadb_ext ** pfkey_ext,
22731 + uint16_t exttype,
22732 + uint32_t allocations,
22734 + uint64_t addtime,
22735 + uint64_t usetime);
22738 +pfkey_address_build(struct sadb_ext** pfkey_ext,
22739 + uint16_t exttype,
22741 + uint8_t prefixlen,
22742 + struct sockaddr* address);
22745 +pfkey_key_build(struct sadb_ext** pfkey_ext,
22746 + uint16_t exttype,
22747 + uint16_t key_bits,
22751 +pfkey_ident_build(struct sadb_ext** pfkey_ext,
22752 + uint16_t exttype,
22753 + uint16_t ident_type,
22754 + uint64_t ident_id,
22755 + char* ident_string);
22758 +pfkey_sens_build(struct sadb_ext** pfkey_ext,
22760 + uint8_t sens_level,
22761 + uint8_t sens_len,
22762 + uint64_t* sens_bitmap,
22763 + uint8_t integ_level,
22764 + uint8_t integ_len,
22765 + uint64_t* integ_bitmap);
22768 +pfkey_prop_build(struct sadb_ext** pfkey_ext,
22770 + unsigned int comb_num,
22771 + struct sadb_comb* comb);
22774 +pfkey_supported_build(struct sadb_ext** pfkey_ext,
22775 + uint16_t exttype,
22776 + unsigned int alg_num,
22777 + struct sadb_alg* alg);
22780 +pfkey_spirange_build(struct sadb_ext** pfkey_ext,
22781 + uint16_t exttype,
22786 +pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext);
22789 +pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
22793 +pfkey_x_debug_build(struct sadb_ext** pfkey_ext,
22795 + uint32_t netlink,
22805 + uint32_t verbose);
22808 +pfkey_msg_build(struct sadb_msg** pfkey_msg,
22809 + struct sadb_ext* extensions[],
22812 +#endif /* __NET_IPSEC_PF_KEY_H */
22816 + * Revision 1.28 2000/10/10 20:10:19 rgb
22817 + * Added support for debug_ipcomp and debug_verbose to klipsdebug.
22819 + * Revision 1.27 2000/09/21 04:20:45 rgb
22820 + * Fixed array size off-by-one error. (Thanks Svenning!)
22822 + * Revision 1.26 2000/09/12 03:26:05 rgb
22823 + * Added pfkey_acquire prototype.
22825 + * Revision 1.25 2000/09/08 19:21:28 rgb
22826 + * Fix pfkey_prop_build() parameter to be only single indirection.
22828 + * Revision 1.24 2000/09/01 18:46:42 rgb
22829 + * Added a supported algorithms array lists, one per satype and registered
22830 + * existing algorithms.
22831 + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
22834 + * Revision 1.23 2000/08/27 01:55:26 rgb
22835 + * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
22837 + * Revision 1.22 2000/08/20 21:39:23 rgb
22838 + * Added kernel prototypes for kernel funcitions pfkey_upmsg() and
22839 + * pfkey_expire().
22841 + * Revision 1.21 2000/08/15 17:29:23 rgb
22842 + * Fixes from SZI to untested pfkey_prop_build().
22844 + * Revision 1.20 2000/05/10 20:14:19 rgb
22845 + * Fleshed out sensitivity, proposal and supported extensions.
22847 + * Revision 1.19 2000/03/16 14:07:23 rgb
22848 + * Renamed ALIGN macro to avoid fighting with others in kernel.
22850 + * Revision 1.18 2000/01/22 23:24:06 rgb
22851 + * Added prototypes for proto2satype(), satype2proto() and proto2name().
22853 + * Revision 1.17 2000/01/21 06:26:59 rgb
22854 + * Converted from double tdb arguments to one structure (extr)
22855 + * containing pointers to all temporary information structures.
22856 + * Added klipsdebug switching capability.
22857 + * Dropped unused argument to pfkey_x_satype_build().
22859 + * Revision 1.16 1999/12/29 21:17:41 rgb
22860 + * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
22861 + * parameter for cleaner manipulation of extensions[] and to guard
22862 + * against potential memory leaks.
22863 + * Changed the I/F to pfkey_msg_free() for the same reason.
22865 + * Revision 1.15 1999/12/09 23:12:54 rgb
22866 + * Added macro for BITS_PER_OCTET.
22867 + * Added argument to pfkey_sa_build() to do eroutes.
22869 + * Revision 1.14 1999/12/08 20:33:25 rgb
22870 + * Changed sa_family_t to uint16_t for 2.0.xx compatibility.
22872 + * Revision 1.13 1999/12/07 19:53:40 rgb
22873 + * Removed unused first argument from extension parsers.
22874 + * Changed __u* types to uint* to avoid use of asm/types.h and
22875 + * sys/types.h in userspace code.
22876 + * Added function prototypes for pfkey message and extensions
22877 + * initialisation and cleanup.
22879 + * Revision 1.12 1999/12/01 22:19:38 rgb
22880 + * Change pfkey_sa_build to accept an SPI in network byte order.
22882 + * Revision 1.11 1999/11/27 11:55:26 rgb
22883 + * Added extern sadb_satype2proto to enable moving protocol lookup table
22884 + * to lib/pfkey_v2_parse.c.
22885 + * Delete unused, moved typedefs.
22886 + * Add argument to pfkey_msg_parse() for direction.
22887 + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
22889 + * Revision 1.10 1999/11/23 22:29:21 rgb
22890 + * This file has been moved in the distribution from klips/net/ipsec to
22892 + * Add macros for dealing with alignment and rounding up more opaquely.
22893 + * The uint<n>_t type defines have been moved to freeswan.h to avoid
22894 + * chicken-and-egg problems.
22895 + * Add macros for dealing with alignment and rounding up more opaque.
22896 + * Added prototypes for using extention header bitmaps.
22897 + * Added prototypes of all the build functions.
22899 + * Revision 1.9 1999/11/20 21:59:48 rgb
22900 + * Moved socketlist type declarations and prototypes for shared use.
22901 + * Slightly modified scope of sockaddr_key declaration.
22903 + * Revision 1.8 1999/11/17 14:34:25 rgb
22904 + * Protect sa_family_t from being used in userspace with GLIBC<2.
22906 + * Revision 1.7 1999/10/27 19:40:35 rgb
22907 + * Add a maximum PFKEY packet size macro.
22909 + * Revision 1.6 1999/10/26 16:58:58 rgb
22910 + * Created a sockaddr_key and key_opt socket extension structures.
22912 + * Revision 1.5 1999/06/10 05:24:41 rgb
22913 + * Renamed variables to reduce confusion.
22915 + * Revision 1.4 1999/04/29 15:21:11 rgb
22916 + * Add pfkey support to debugging.
22917 + * Add return values to init and cleanup functions.
22919 + * Revision 1.3 1999/04/15 17:58:07 rgb
22920 + * Add RCSID labels.
22923 diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_build.c linux/net/ipsec/libfreeswan/pfkey_v2_build.c
22924 --- linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_build.c Thu Jan 1 01:00:00 1970
22925 +++ linux/net/ipsec/libfreeswan/pfkey_v2_build.c Fri Nov 17 19:10:30 2000
22928 + * RFC2367 PF_KEYv2 Key management API message parser
22929 + * Copyright (C) 1999 Richard Guy Briggs.
22931 + * This program is free software; you can redistribute it and/or modify it
22932 + * under the terms of the GNU General Public License as published by the
22933 + * Free Software Foundation; either version 2 of the License, or (at your
22934 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
22936 + * This program is distributed in the hope that it will be useful, but
22937 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22938 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22939 + * for more details.
22945 + * Template from klips/net/ipsec/ipsec/ipsec_parser.c.
22948 +char pfkey_v2_build_c_version[] = "$Id$";
22951 + * Some ugly stuff to allow consistent debugging code for use in the
22952 + * kernel and in user space
22957 +# include <linux/kernel.h> /* for printk */
22959 +# include <linux/malloc.h> /* kmalloc() */
22960 +# include <linux/errno.h> /* error codes */
22961 +# include <linux/types.h> /* size_t */
22962 +# include <linux/interrupt.h> /* mark_bh */
22964 +# include <linux/netdevice.h> /* struct device, and other headers */
22965 +# include <linux/etherdevice.h> /* eth_type_trans */
22966 +# include <linux/ip.h> /* struct iphdr */
22967 +# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
22968 +# include <linux/ipv6.h> /* struct ipv6hdr */
22969 +# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
22970 +extern int debug_pfkey;
22972 +# define MALLOC(size) kmalloc(size, GFP_ATOMIC)
22973 +# define FREE(obj) kfree(obj)
22974 +#else /* __KERNEL__ */
22976 +# include <sys/types.h>
22977 +# include <linux/types.h>
22978 +# include <linux/errno.h>
22979 +# include <malloc.h>
22980 +# include <string.h> /* memset */
22982 +# include "../pluto/constants.h"
22983 +# include "../pluto/defs.h" /* for PRINTF_LIKE */
22984 +# include "../pluto/log.h" /* for debugging and DBG_log */
22986 +extern unsigned int debugging; /* bits selecting what to report */
22987 +unsigned int pfkey_lib_debug = 0;
22989 +/* #define PLUTO */
22992 +# define DEBUGGING(args...) { DBG_log("pfkey_lib_debug:" args); }
22994 +# define DEBUGGING(args...) if(pfkey_lib_debug) { printf("pfkey_lib_debug:" args); } else { ; }
22996 +# define MALLOC(size) malloc(size)
22997 +# define FREE(obj) free(obj)
22998 +#endif /* __KERNEL__ */
23000 +#include <freeswan.h>
23001 +#include <pfkeyv2.h>
23002 +#include <pfkey.h>
23005 +# include "../radij.h" /* rd_nodes */
23006 +# include "../ipsec_encap.h" /* sockaddr_encap */
23007 +# include "../ipsec_netlink.h" /* KLIPS_PRINT */
23008 +# define DEBUGGING(args...) \
23009 + KLIPS_PRINT(debug_pfkey, "klips_debug:" args)
23010 +/* ((debug_pfkey) ? printk(KERN_INFO "klips_debug:" format , ## args) : 0) */
23011 +#endif /* __KERNEL__ */
23014 +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
23017 +pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1])
23021 + for (i = 0; i != SADB_EXT_MAX + 1; i++) {
23022 + extensions[i] = NULL;
23027 +pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1])
23031 + if(!extensions) {
23035 + if(extensions[0]) {
23036 + memset(extensions[0], 0, sizeof(struct sadb_msg));
23037 + FREE(extensions[0]);
23038 + extensions[0] = NULL;
23041 + for (i = 1; i != SADB_EXT_MAX + 1; i++) {
23042 + if(extensions[i]) {
23043 + memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
23044 + FREE(extensions[i]);
23045 + extensions[i] = NULL;
23051 +pfkey_msg_free(struct sadb_msg **pfkey_msg)
23054 + memset(*pfkey_msg, 0, (*pfkey_msg)->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
23055 + FREE(*pfkey_msg);
23056 + *pfkey_msg = NULL;
23060 +/* Default extension builders taken from the KLIPS code */
23063 +pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext,
23064 + uint8_t msg_type,
23066 + uint8_t msg_errno,
23071 + struct sadb_msg *pfkey_msg = (struct sadb_msg *)*pfkey_ext;
23074 + "pfkey_msg_hdr_build:\n");
23076 + "pfkey_msg_hdr_build: on_entry &pfkey_ext=%p pfkey_ext=%p *pfkey_ext=%p.\n",
23080 + /* sanity checks... */
23083 + "pfkey_msg_hdr_build:why is pfkey_msg already pointing to something?\n");
23089 + "pfkey_msg_hdr_build: msg type not set, must be non-zero..\n");
23093 + if(msg_type > SADB_MAX) {
23095 + "pfkey_msg_hdr_build: msg type too large:%d.\n",
23100 + if(satype > SADB_SATYPE_MAX) {
23102 + "pfkey_msg_hdr_build: satype %d > max %d\n",
23103 + satype, SADB_SATYPE_MAX);
23107 + if(!(*pfkey_ext = (struct sadb_ext*)
23108 + pfkey_msg = (struct sadb_msg*)
23109 + MALLOC(sizeof(struct sadb_msg)))) {
23111 + "pfkey_msg_hdr_build: memory allocation failed\n");
23114 + memset(pfkey_msg, 0, sizeof(struct sadb_msg));
23116 + pfkey_msg->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
23118 + pfkey_msg->sadb_msg_type = msg_type;
23119 + pfkey_msg->sadb_msg_satype = satype;
23121 + pfkey_msg->sadb_msg_version = PF_KEY_V2;
23122 + pfkey_msg->sadb_msg_errno = msg_errno;
23123 + pfkey_msg->sadb_msg_reserved = 0;
23124 + pfkey_msg->sadb_msg_seq = seq;
23125 + pfkey_msg->sadb_msg_pid = pid;
23127 + "pfkey_msg_hdr_build: on_exit &pfkey_ext=%p pfkey_ext=%p *pfkey_ext=%p.\n",
23136 +pfkey_sa_build(struct sadb_ext ** pfkey_ext,
23137 + uint16_t exttype,
23138 + uint32_t spi, /* in network order */
23139 + uint8_t replay_window,
23140 + uint8_t sa_state,
23146 + struct sadb_sa *pfkey_sa = (struct sadb_sa *)*pfkey_ext;
23149 + "pfkey_sa_build: spi=%08x replay=%d sa_state=%d auth=%d encrypt=%d flags=%d\n",
23150 + ntohl(spi), /* in network order */
23156 + /* sanity checks... */
23159 + "pfkey_sa_build:why is pfkey_sa already pointing to something?\n");
23163 + if(exttype != SADB_EXT_SA &&
23164 + exttype != SADB_X_EXT_SA2) {
23166 + "pfkey_sa_build: invalid exttype=%d.\n",
23171 + if(replay_window > 64) {
23173 + "pfkey_sa_build: replay window size: %d"
23174 + " -- must be 0 <= size <= 64\n",
23179 + if(auth > SADB_AALG_MAX) {
23181 + "pfkey_sa_build: auth=%d > SADB_AALG_MAX=%d.\n",
23187 + if(encrypt > SADB_EALG_MAX) {
23189 + "pfkey_sa_build: encrypt=%d > SADB_EALG_MAX=%d.\n",
23195 + if(sa_state > SADB_SASTATE_MAX) {
23197 + "pfkey_sa_build: sa_state=%d exceeds MAX=%d.\n",
23199 + SADB_SASTATE_MAX);
23203 + if(sa_state == SADB_SASTATE_DEAD) {
23205 + "pfkey_sa_build: sa_state=%d is DEAD=%d is not allowed.\n",
23207 + SADB_SASTATE_DEAD);
23211 + if(!(*pfkey_ext = (struct sadb_ext*)
23212 + pfkey_sa = (struct sadb_sa*)
23213 + MALLOC(sizeof(struct sadb_sa)))) {
23215 + "pfkey_sa_build: memory allocation failed\n");
23218 + memset(pfkey_sa, 0, sizeof(struct sadb_sa));
23220 + pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN;
23221 + pfkey_sa->sadb_sa_exttype = exttype;
23222 + pfkey_sa->sadb_sa_spi = spi;
23223 + pfkey_sa->sadb_sa_replay = replay_window;
23224 + pfkey_sa->sadb_sa_state = sa_state;
23225 + pfkey_sa->sadb_sa_auth = auth;
23226 + pfkey_sa->sadb_sa_encrypt = encrypt;
23227 + pfkey_sa->sadb_sa_flags = flags;
23234 +pfkey_lifetime_build(struct sadb_ext ** pfkey_ext,
23235 + uint16_t exttype,
23236 + uint32_t allocations,
23238 + uint64_t addtime,
23239 + uint64_t usetime)
23242 + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)*pfkey_ext;
23245 + "pfkey_lifetime_build:\n");
23246 + /* sanity checks... */
23247 + if(pfkey_lifetime) {
23249 + "pfkey_lifetime_build:why is pfkey_lifetime already pointing to something?\n");
23253 + if(exttype != SADB_EXT_LIFETIME_CURRENT &&
23254 + exttype != SADB_EXT_LIFETIME_HARD &&
23255 + exttype != SADB_EXT_LIFETIME_SOFT) {
23257 + "pfkey_lifetime_build: invalid exttype=%d.\n",
23262 + if(!(*pfkey_ext = (struct sadb_ext*)
23263 + pfkey_lifetime = (struct sadb_lifetime*)
23264 + MALLOC(sizeof(struct sadb_lifetime)))) {
23266 + "pfkey_lifetime_build: memory allocation failed\n");
23269 + memset(pfkey_lifetime, 0, sizeof(struct sadb_lifetime));
23271 + pfkey_lifetime->sadb_lifetime_len = sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN;
23272 + pfkey_lifetime->sadb_lifetime_exttype = exttype;
23273 + pfkey_lifetime->sadb_lifetime_allocations = allocations;
23274 + pfkey_lifetime->sadb_lifetime_bytes = bytes;
23275 + pfkey_lifetime->sadb_lifetime_addtime = addtime;
23276 + pfkey_lifetime->sadb_lifetime_usetime = usetime;
23283 +pfkey_address_build(struct sadb_ext** pfkey_ext,
23284 + uint16_t exttype,
23286 + uint8_t prefixlen,
23287 + struct sockaddr* address)
23290 + int saddr_len = 0;
23291 + char ipaddr_txt[ADDRTOT_BUF];
23292 + struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext;
23295 + "pfkey_address_build: exttype=%d proto=%d prefixlen=%d\n", exttype, proto, prefixlen);
23296 + /* sanity checks... */
23297 + if(pfkey_address) {
23299 + "pfkey_address_build:why is pfkey_address already pointing to something?\n");
23304 + DEBUGGING("pfkey_address_build: address is NULL\n");
23308 + switch(exttype) {
23309 + case SADB_EXT_ADDRESS_SRC:
23310 + case SADB_EXT_ADDRESS_DST:
23311 + case SADB_EXT_ADDRESS_PROXY:
23312 + case SADB_X_EXT_ADDRESS_DST2:
23313 + case SADB_X_EXT_ADDRESS_SRC_FLOW:
23314 + case SADB_X_EXT_ADDRESS_DST_FLOW:
23315 + case SADB_X_EXT_ADDRESS_SRC_MASK:
23316 + case SADB_X_EXT_ADDRESS_DST_MASK:
23320 + "pfkey_address_build: unrecognised ext_type=%d.\n",
23325 + switch(address->sa_family) {
23328 + "pfkey_address_build: found address family AF_INET.\n");
23329 + saddr_len = sizeof(struct sockaddr_in);
23330 + sprintf(ipaddr_txt, "%d.%d.%d.%d"
23331 + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 0) & 0xFF
23332 + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 8) & 0xFF
23333 + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 16) & 0xFF
23334 + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 24) & 0xFF);
23338 + "pfkey_address_build: found address family AF_INET6.\n");
23339 + saddr_len = sizeof(struct sockaddr_in6);
23340 + sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x"
23341 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[0])
23342 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[1])
23343 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[2])
23344 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[3])
23345 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[4])
23346 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[5])
23347 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[6])
23348 + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[7]));
23352 + "pfkey_address_build: address->sa_family=%d not supported.\n",
23353 + address->sa_family);
23354 + SENDERR(EPFNOSUPPORT);
23358 + "pfkey_address_build: found address=%s.\n",
23360 + if(prefixlen != 0) {
23362 + "pfkey_address_build: address prefixes not supported yet.\n");
23363 + SENDERR(EAFNOSUPPORT); /* not supported yet */
23366 + if(!(*pfkey_ext = (struct sadb_ext*)
23367 + pfkey_address = (struct sadb_address*)
23368 + MALLOC(ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN) ))) {
23370 + "pfkey_lifetime_build: memory allocation failed\n");
23373 + memset(pfkey_address,
23375 + ALIGN_N(sizeof(struct sadb_address) + saddr_len,
23376 + IPSEC_PFKEYv2_ALIGN));
23378 + pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len,
23379 + IPSEC_PFKEYv2_ALIGN);
23381 + pfkey_address->sadb_address_exttype = exttype;
23382 + pfkey_address->sadb_address_proto = proto;
23383 + pfkey_address->sadb_address_prefixlen = prefixlen;
23384 + pfkey_address->sadb_address_reserved = 0;
23386 + memcpy((char*)pfkey_address + sizeof(struct sadb_address),
23391 + for(i = 0; i < sizeof(struct sockaddr_in) - offsetof(struct sockaddr_in, sin_zero); i++) {
23392 + pfkey_address_s_ska.sin_zero[i] = 0;
23396 + "pfkey_address_build: successful.\n");
23403 +pfkey_key_build(struct sadb_ext** pfkey_ext,
23404 + uint16_t exttype,
23405 + uint16_t key_bits,
23409 + struct sadb_key *pfkey_key = (struct sadb_key *)*pfkey_ext;
23412 + "pfkey_key_build:\n");
23413 + /* sanity checks... */
23416 + "pfkey_key_build:why is pfkey_key already pointing to something?\n");
23422 + "pfkey_key_build: key_bits is zero, it must be non-zero.\n");
23426 + if( !((exttype == SADB_EXT_KEY_AUTH) || (exttype == SADB_EXT_KEY_ENCRYPT))) {
23428 + "pfkey_key_build: unsupported extension type=%d.\n",
23433 + if(!(*pfkey_ext = (struct sadb_ext*)
23434 + pfkey_key = (struct sadb_key*)
23435 + MALLOC(sizeof(struct sadb_key) +
23436 + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN))) {
23438 + "pfkey_key_build: memory allocation failed\n");
23441 + memset(pfkey_key,
23443 + sizeof(struct sadb_key) +
23444 + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN);
23446 + pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits,
23448 + pfkey_key->sadb_key_exttype = exttype;
23449 + pfkey_key->sadb_key_bits = key_bits;
23450 + pfkey_key->sadb_key_reserved = 0;
23451 + memcpy((char*)pfkey_key + sizeof(struct sadb_key),
23453 + DIVUP(key_bits, 8));
23460 +pfkey_ident_build(struct sadb_ext** pfkey_ext,
23461 + uint16_t exttype,
23462 + uint16_t ident_type,
23463 + uint64_t ident_id,
23464 + char* ident_string)
23467 + struct sadb_ident *pfkey_ident = (struct sadb_ident *)*pfkey_ext;
23470 + "pfkey_ident_build:\n");
23471 + /* sanity checks... */
23472 + if(pfkey_ident) {
23474 + "pfkey_ident_build:why is pfkey_ident already pointing to something?\n");
23478 + if( ! ((exttype == SADB_EXT_IDENTITY_SRC) ||
23479 + (exttype == SADB_EXT_IDENTITY_DST))) {
23481 + "pfkey_ident_build: unsupported extension type=%d.\n",
23486 + if((ident_type == SADB_IDENTTYPE_RESERVED)) {
23488 + "pfkey_ident_build: ident_type must be non-zero.\n");
23492 + if(ident_type > SADB_IDENTTYPE_MAX) {
23494 + "pfkey_ident_build: identtype=%d out of range.\n",
23499 + if(((ident_type == SADB_IDENTTYPE_PREFIX) ||
23500 + (ident_type == SADB_IDENTTYPE_FQDN)) &&
23503 + "pfkey_ident_build: string required to allocate size of extension.\n");
23508 + if((ident_type == SADB_IDENTTYPE_USERFQDN) ) {
23512 + if(!(*pfkey_ext = (struct sadb_ext*)
23513 + pfkey_ident = (struct sadb_ident*)
23514 + MALLOC(ALIGN_N(sizeof(struct sadb_key) + strlen(ident_string), IPSEC_PFKEYv2_ALIGN)))) {
23516 + "pfkey_ident_build: memory allocation failed\n");
23519 + memset(pfkey_ident,
23521 + ALIGN_N(sizeof(struct sadb_ident) + strlen(ident_string),
23522 + IPSEC_PFKEYv2_ALIGN));
23524 + pfkey_ident->sadb_ident_len = DIVUP(sizeof(struct sadb_ident) + strlen(ident_string),
23525 + IPSEC_PFKEYv2_ALIGN);
23527 + pfkey_ident->sadb_ident_exttype = exttype;
23528 + pfkey_ident->sadb_ident_type = ident_type;
23529 + pfkey_ident->sadb_ident_reserved = 0;
23530 + pfkey_ident->sadb_ident_id = ident_id;
23531 + memcpy((char*)pfkey_ident + sizeof(struct sadb_ident),
23533 + strlen(ident_string));
23535 + /* string terminator/padding must be zero */
23536 + /* Which one is better, I don't know... */
23538 + for(i = strlen(ident_string);
23539 + i < ALIGN_N(sizeof(struct sadb_ident) + strlen(ident_string), IPSEC_PFKEYv2_ALIGN);
23541 + ((char*)pfkey_ident)[i] = 0;
23544 + memset(((char*)pfkey_ident) + sizeof(struct sadb_ident) + strlen(ident_string),
23546 + ALIGN_N(sizeof(struct sadb_ident) + strlen(ident_string), IPSEC_PFKEYv2_ALIGN) -
23547 + sizeof(struct sadb_ident) + strlen(ident_string));
23555 +pfkey_sens_build(struct sadb_ext** pfkey_ext,
23557 + uint8_t sens_level,
23558 + uint8_t sens_len,
23559 + uint64_t* sens_bitmap,
23560 + uint8_t integ_level,
23561 + uint8_t integ_len,
23562 + uint64_t* integ_bitmap)
23565 + struct sadb_sens *pfkey_sens = (struct sadb_sens *)*pfkey_ext;
23567 + uint64_t* bitmap;
23570 + "pfkey_sens_build:\n");
23571 + /* sanity checks... */
23574 + "pfkey_sens_build:why is pfkey_sens already pointing to something?\n");
23579 + "pfkey_sens_build: Sorry, I can't build exttype=%d yet.\n",
23580 + (*pfkey_ext)->sadb_ext_type);
23581 + SENDERR(EINVAL); /* don't process these yet */
23583 + if(!(*pfkey_ext = (struct sadb_ext*)
23584 + pfkey_sens = (struct sadb_sens*)
23585 + MALLOC(sizeof(struct sadb_sens) +
23586 + (sens_len + integ_len) * sizeof(uint64_t)))) {
23588 + "pfkey_sens_build: memory allocation failed\n");
23591 + memset(pfkey_sens,
23593 + sizeof(struct sadb_sens) +
23594 + (sens_len + integ_len) * sizeof(uint64_t));
23596 + pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) +
23597 + (sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN;
23598 + pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY;
23599 + pfkey_sens->sadb_sens_dpd = dpd;
23600 + pfkey_sens->sadb_sens_sens_level = sens_level;
23601 + pfkey_sens->sadb_sens_sens_len = sens_len;
23602 + pfkey_sens->sadb_sens_integ_level = integ_level;
23603 + pfkey_sens->sadb_sens_integ_len = integ_len;
23604 + pfkey_sens->sadb_sens_reserved = 0;
23606 + bitmap = (uint64_t*)((char*)pfkey_ext + sizeof(struct sadb_sens));
23607 + for(i = 0; i < sens_len; i++) {
23608 + *bitmap = sens_bitmap[i];
23611 + for(i = 0; i < integ_len; i++) {
23612 + *bitmap = integ_bitmap[i];
23621 +pfkey_prop_build(struct sadb_ext** pfkey_ext,
23623 + unsigned int comb_num,
23624 + struct sadb_comb* comb)
23628 + struct sadb_prop *pfkey_prop = (struct sadb_prop *)*pfkey_ext;
23629 + struct sadb_comb *combp;
23632 + "pfkey_prop_build:\n");
23633 + /* sanity checks... */
23636 + "pfkey_prop_build:why is pfkey_prop already pointing to something?\n");
23640 + if(!(*pfkey_ext = (struct sadb_ext*)
23641 + pfkey_prop = (struct sadb_prop*)
23642 + MALLOC(sizeof(struct sadb_prop) +
23643 + comb_num * sizeof(struct sadb_comb)))) {
23645 + "pfkey_prop_build: memory allocation failed\n");
23648 + memset(pfkey_prop,
23650 + sizeof(struct sadb_prop) +
23651 + comb_num * sizeof(struct sadb_comb));
23653 + pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) +
23654 + comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN;
23656 + pfkey_prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
23657 + pfkey_prop->sadb_prop_replay = replay;
23659 + for(i=0; i<3; i++) {
23660 + pfkey_prop->sadb_prop_reserved[i] = 0;
23663 + combp = (struct sadb_comb*)((char*)*pfkey_ext + sizeof(struct sadb_prop));
23664 + for(i = 0; i < comb_num; i++) {
23665 + memcpy (combp, &(comb[i]), sizeof(struct sadb_comb));
23670 + uint8_t sadb_comb_auth;
23671 + uint8_t sadb_comb_encrypt;
23672 + uint16_t sadb_comb_flags;
23673 + uint16_t sadb_comb_auth_minbits;
23674 + uint16_t sadb_comb_auth_maxbits;
23675 + uint16_t sadb_comb_encrypt_minbits;
23676 + uint16_t sadb_comb_encrypt_maxbits;
23677 + uint32_t sadb_comb_reserved;
23678 + uint32_t sadb_comb_soft_allocations;
23679 + uint32_t sadb_comb_hard_allocations;
23680 + uint64_t sadb_comb_soft_bytes;
23681 + uint64_t sadb_comb_hard_bytes;
23682 + uint64_t sadb_comb_soft_addtime;
23683 + uint64_t sadb_comb_hard_addtime;
23684 + uint64_t sadb_comb_soft_usetime;
23685 + uint64_t sadb_comb_hard_usetime;
23692 +pfkey_supported_build(struct sadb_ext** pfkey_ext,
23693 + uint16_t exttype,
23694 + unsigned int alg_num,
23695 + struct sadb_alg* alg)
23699 + struct sadb_supported *pfkey_supported = (struct sadb_supported *)*pfkey_ext;
23700 + struct sadb_alg *pfkey_alg;
23702 + /* sanity checks... */
23703 + if(pfkey_supported) {
23705 + "pfkey_supported_build:why is pfkey_supported already pointing to something?\n");
23709 + if( !((exttype == SADB_EXT_SUPPORTED_AUTH) || (exttype == SADB_EXT_SUPPORTED_ENCRYPT))) {
23711 + "pfkey_supported_build: unsupported extension type=%d.\n",
23716 + if(!(*pfkey_ext = (struct sadb_ext*)
23717 + pfkey_supported = (struct sadb_supported*)
23718 + MALLOC(sizeof(struct sadb_supported) +
23720 + sizeof(struct sadb_alg)))) {
23722 + "pfkey_supported_build: memory allocation failed\n");
23725 + memset(pfkey_supported,
23727 + sizeof(struct sadb_supported) +
23729 + sizeof(struct sadb_alg));
23731 + pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) +
23733 + sizeof(struct sadb_alg)) /
23734 + IPSEC_PFKEYv2_ALIGN;
23735 + pfkey_supported->sadb_supported_exttype = exttype;
23736 + pfkey_supported->sadb_supported_reserved = 0;
23738 + pfkey_alg = (struct sadb_alg*)((char*)pfkey_supported + sizeof(struct sadb_supported));
23739 + for(i = 0; i < alg_num; i++) {
23740 + memcpy (pfkey_alg, &(alg[i]), sizeof(struct sadb_alg));
23741 + pfkey_alg->sadb_alg_reserved = 0;
23747 + "pfkey_supported_build: Sorry, I can't build exttype=%d yet.\n",
23748 + (*pfkey_ext)->sadb_ext_type);
23749 + SENDERR(EINVAL); /* don't process these yet */
23751 + uint8_t sadb_alg_id;
23752 + uint8_t sadb_alg_ivlen;
23753 + uint16_t sadb_alg_minbits;
23754 + uint16_t sadb_alg_maxbits;
23755 + uint16_t sadb_alg_reserved;
23762 +pfkey_spirange_build(struct sadb_ext** pfkey_ext,
23763 + uint16_t exttype,
23764 + uint32_t min, /* in network order */
23765 + uint32_t max) /* in network order */
23768 + struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext;
23770 + /* sanity checks... */
23771 + if(pfkey_spirange) {
23773 + "pfkey_spirange_build:why is pfkey_spirange already pointing to something?\n");
23777 + if(ntohl(max) < ntohl(min)) {
23779 + "pfkey_spirange_build: minspi=%08x must be < maxspi=%08x.\n",
23785 + if(ntohl(min) <= 255) {
23787 + "pfkey_spirange_build: minspi=%08x must be > 255.\n",
23792 + if(!(*pfkey_ext = (struct sadb_ext*)
23793 + pfkey_spirange = (struct sadb_spirange*)
23794 + MALLOC(sizeof(struct sadb_spirange)))) {
23796 + "pfkey_spirange_build: memory allocation failed\n");
23799 + memset(pfkey_spirange,
23801 + sizeof(struct sadb_spirange));
23803 + pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN;
23805 + pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE;
23806 + pfkey_spirange->sadb_spirange_min = min;
23807 + pfkey_spirange->sadb_spirange_max = max;
23808 + pfkey_spirange->sadb_spirange_reserved = 0;
23814 +pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext)
23817 + struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext;
23819 + /* sanity checks... */
23820 + if(pfkey_x_kmprivate) {
23822 + "pfkey_x_kmprivate_build:why is pfkey_x_kmprivate already pointing to something?\n");
23826 + pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0;
23829 + "pfkey_x_kmprivate_build: Sorry, I can't build exttype=%d yet.\n",
23830 + (*pfkey_ext)->sadb_ext_type);
23831 + SENDERR(EINVAL); /* don't process these yet */
23833 + if(!(*pfkey_ext = (struct sadb_ext*)
23834 + pfkey_x_kmprivate = (struct sadb_x_kmprivate*)
23835 + MALLOC(sizeof(struct sadb_x_kmprivate)))) {
23837 + "pfkey_x_kmprivate_build: memory allocation failed\n");
23840 + memset(pfkey_x_kmprivate,
23842 + sizeof(struct sadb_x_kmprivate));
23844 + pfkey_x_kmprivate->sadb_x_kmprivate_len =
23845 + sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN;
23847 + pfkey_x_kmprivate->sadb_x_kmprivate_exttype = SADB_X_EXT_KMPRIVATE;
23848 + pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0;
23854 +pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
23859 + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)*pfkey_ext;
23862 + "pfkey_x_satype_build:\n");
23863 + /* sanity checks... */
23864 + if(pfkey_x_satype) {
23866 + "pfkey_x_satype_build:why is pfkey_x_satype already pointing to something?\n");
23872 + "pfkey_x_satype_build: SA type not set, must be non-zero.\n");
23876 + if(satype > SADB_SATYPE_MAX) {
23878 + "pfkey_x_satype_build: satype %d > max %d\n",
23879 + satype, SADB_SATYPE_MAX);
23883 + if(!(*pfkey_ext = (struct sadb_ext*)pfkey_x_satype = (struct sadb_x_satype*)
23884 + MALLOC(sizeof(struct sadb_x_satype)))) {
23886 + "pfkey_x_satype_build: memory allocation failed\n");
23889 + memset(pfkey_x_satype,
23891 + sizeof(struct sadb_x_satype));
23893 + pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN;
23895 + pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2;
23896 + pfkey_x_satype->sadb_x_satype_satype = satype;
23897 + for(i=0; i<3; i++) {
23898 + pfkey_x_satype->sadb_x_satype_reserved[i] = 0;
23906 +pfkey_x_debug_build(struct sadb_ext** pfkey_ext,
23908 + uint32_t netlink,
23918 + uint32_t verbose)
23922 + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext;
23925 + "pfkey_x_debug_build:\n");
23926 + /* sanity checks... */
23927 + if(pfkey_x_debug) {
23929 + "pfkey_x_debug_build:why is pfkey_x_debug already pointing to something?\n");
23934 + "pfkey_x_debug_build:tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n",
23935 + tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose);
23937 + if(!(*pfkey_ext = (struct sadb_ext*)pfkey_x_debug = (struct sadb_x_debug*)
23938 + MALLOC(sizeof(struct sadb_x_debug)))) {
23940 + "pfkey_x_debug_build: memory allocation failed\n");
23944 + memset(pfkey_x_debug,
23946 + sizeof(struct sadb_x_debug));
23949 + pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN;
23950 + pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG;
23952 + pfkey_x_debug->sadb_x_debug_tunnel = tunnel;
23953 + pfkey_x_debug->sadb_x_debug_netlink = netlink;
23954 + pfkey_x_debug->sadb_x_debug_xform = xform;
23955 + pfkey_x_debug->sadb_x_debug_eroute = eroute;
23956 + pfkey_x_debug->sadb_x_debug_spi = spi;
23957 + pfkey_x_debug->sadb_x_debug_radij = radij;
23958 + pfkey_x_debug->sadb_x_debug_esp = esp;
23959 + pfkey_x_debug->sadb_x_debug_ah = ah;
23960 + pfkey_x_debug->sadb_x_debug_rcv = rcv;
23961 + pfkey_x_debug->sadb_x_debug_pfkey = pfkey;
23962 + pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp;
23963 + pfkey_x_debug->sadb_x_debug_verbose = verbose;
23965 + for(i=0; i<4; i++) {
23966 + pfkey_x_debug->sadb_x_debug_reserved[i] = 0;
23973 +#if I_DONT_THINK_THIS_WILL_BE_USEFUL
23974 +int (*ext_default_builders[SADB_EXT_MAX +1])(struct sadb_msg*, struct sadb_ext*)
23977 + NULL, /* pfkey_msg_build, */
23979 + pfkey_lifetime_build,
23980 + pfkey_lifetime_build,
23981 + pfkey_lifetime_build,
23982 + pfkey_address_build,
23983 + pfkey_address_build,
23984 + pfkey_address_build,
23987 + pfkey_ident_build,
23988 + pfkey_ident_build,
23989 + pfkey_sens_build,
23990 + pfkey_prop_build,
23991 + pfkey_supported_build,
23992 + pfkey_supported_build,
23993 + pfkey_spirange_build,
23994 + pfkey_x_kmprivate_build,
23995 + pfkey_x_satype_build,
23997 + pfkey_address_build,
23998 + pfkey_address_build,
23999 + pfkey_address_build,
24000 + pfkey_address_build,
24001 + pfkey_address_build,
24002 + pfkey_x_ext_debug_build
24007 +pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir)
24012 + struct sadb_ext *pfkey_ext;
24013 + int extensions_seen = 0;
24014 + struct sadb_ext *extensions_check[SADB_EXT_MAX + 1];
24016 + if(!extensions[0]) {
24018 + "pfkey_msg_build: extensions[0] must be specified (struct sadb_msg).\n");
24022 + total_size = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
24023 + for(ext = 1; ext <= SADB_EXT_MAX; ext++) {
24024 + if(extensions[ext]) {
24025 + total_size += (extensions[ext])->sadb_ext_len;
24029 + if(!(*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN))) {
24031 + "pfkey_msg_build: memory allocation failed\n");
24036 + "pfkey_msg_build: pfkey_msg=%p allocated %d bytes, &(extensions[0])=%p\n",
24038 + total_size * IPSEC_PFKEYv2_ALIGN,
24039 + &(extensions[0]));
24040 + memcpy(*pfkey_msg,
24042 + sizeof(struct sadb_msg));
24043 + (*pfkey_msg)->sadb_msg_len = total_size;
24044 + (*pfkey_msg)->sadb_msg_reserved = 0;
24045 + extensions_seen = 1 ;
24047 + pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg));
24049 + for(ext = 1; ext <= SADB_EXT_MAX; ext++) {
24050 + /* copy from extension[ext] to buffer */
24051 + if(extensions[ext]) {
24052 + /* Is this type of extension permitted for this type of message? */
24053 + if(!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] &
24056 + "pfkey_msg_build: "
24057 + "ext type %d not permitted, exts_perm=%08x, 1<<type=%08x\n",
24059 + extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
24064 + "pfkey_msg_build: copying %d bytes from extensions[%d]=%p to=%p\n",
24065 + (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN,
24067 + (extensions[ext]),
24069 + memcpy(pfkey_ext,
24071 + (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
24072 + ((char*)pfkey_ext) += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN;
24073 + /* Mark that we have seen this extension and remember the header location */
24074 + extensions_seen |= ( 1 << ext );
24078 + /* check required extensions */
24080 + "pfkey_msg_build: extensions "
24081 + "permitted=%08x, seen=%08x, required=%08x.\n",
24082 + extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type],
24084 + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]);
24086 + if((extensions_seen &
24087 + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) !=
24088 + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) {
24090 + "pfkey_msg_build: required extensions missing:%08x.\n",
24091 + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] -
24092 + (extensions_seen &
24093 + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) );
24097 + if((error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir))) {
24099 + "pfkey_msg_build: Trouble parsing newly built pfkey message, error=%d.\n",
24111 + * Revision 1.21 2000/11/17 18:10:30 rgb
24112 + * Fixed bugs mostly relating to spirange, to treat all spi variables as
24113 + * network byte order since this is the way PF_KEYv2 stored spis.
24115 + * Revision 1.20 2000/10/12 00:02:39 rgb
24116 + * Removed 'format, ##' nonsense from debug macros for RH7.0.
24118 + * Revision 1.19 2000/10/10 20:10:20 rgb
24119 + * Added support for debug_ipcomp and debug_verbose to klipsdebug.
24121 + * Revision 1.18 2000/09/12 18:59:54 rgb
24122 + * Added Gerhard's IPv6 support to pfkey parts of libfreeswan.
24124 + * Revision 1.17 2000/09/12 03:27:00 rgb
24125 + * Moved DEBUGGING definition to compile kernel with debug off.
24127 + * Revision 1.16 2000/09/08 19:22:12 rgb
24128 + * Fixed pfkey_prop_build() parameter to be only single indirection.
24129 + * Fixed struct alg copy.
24131 + * Revision 1.15 2000/08/20 21:40:01 rgb
24132 + * Added an address parameter sanity check to pfkey_address_build().
24134 + * Revision 1.14 2000/08/15 17:29:23 rgb
24135 + * Fixes from SZI to untested pfkey_prop_build().
24137 + * Revision 1.13 2000/06/02 22:54:14 rgb
24138 + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
24140 + * Revision 1.12 2000/05/10 19:24:01 rgb
24141 + * Fleshed out sensitivity, proposal and supported extensions.
24143 + * Revision 1.11 2000/03/16 14:07:23 rgb
24144 + * Renamed ALIGN macro to avoid fighting with others in kernel.
24146 + * Revision 1.10 2000/01/24 21:14:35 rgb
24147 + * Added disabled pluto pfkey lib debug flag.
24149 + * Revision 1.9 2000/01/21 06:27:32 rgb
24150 + * Added address cases for eroute flows.
24151 + * Removed unused code.
24152 + * Dropped unused argument to pfkey_x_satype_build().
24153 + * Indented compiler directives for readability.
24154 + * Added klipsdebug switching capability.
24155 + * Fixed SADB_EXT_MAX bug not permitting last extension access.
24157 + * Revision 1.8 1999/12/29 21:17:41 rgb
24158 + * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
24159 + * parameter for cleaner manipulation of extensions[] and to guard
24160 + * against potential memory leaks.
24161 + * Changed the I/F to pfkey_msg_free() for the same reason.
24163 + * Revision 1.7 1999/12/09 23:12:20 rgb
24164 + * Removed unused cruft.
24165 + * Added argument to pfkey_sa_build() to do eroutes.
24166 + * Fixed exttype check in as yet unused pfkey_lifetime_build().
24168 + * Revision 1.6 1999/12/07 19:54:29 rgb
24169 + * Removed static pluto debug flag.
24170 + * Added functions for pfkey message and extensions initialisation
24173 + * Revision 1.5 1999/12/01 22:20:06 rgb
24174 + * Changed pfkey_sa_build to accept an SPI in network byte order.
24175 + * Added <string.h> to quiet userspace compiler.
24176 + * Moved pfkey_lib_debug variable into the library.
24177 + * Removed SATYPE check from pfkey_msg_hdr_build so FLUSH will work.
24178 + * Added extension assembly debugging.
24179 + * Isolated assignment with brackets to be sure of scope.
24181 + * Revision 1.4 1999/11/27 11:57:35 rgb
24182 + * Added ipv6 headers.
24183 + * Remove over-zealous algorithm sanity checkers from pfkey_sa_build.
24184 + * Debugging error messages added.
24185 + * Fixed missing auth and encrypt assignment bug.
24186 + * Add argument to pfkey_msg_parse() for direction.
24187 + * Move parse-after-build check inside pfkey_msg_build().
24188 + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
24189 + * Add CVS log entry to bottom of file.
24192 diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c linux/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c
24193 --- linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c Thu Jan 1 01:00:00 1970
24194 +++ linux/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c Wed Sep 13 00:35:37 2000
24197 + * RFC2367 PF_KEYv2 Key management API message parser
24198 + * Copyright (C) 1999 Richard Guy Briggs.
24200 + * This program is free software; you can redistribute it and/or modify it
24201 + * under the terms of the GNU General Public License as published by the
24202 + * Free Software Foundation; either version 2 of the License, or (at your
24203 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
24205 + * This program is distributed in the hope that it will be useful, but
24206 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24207 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
24208 + * for more details.
24214 + * Template from klips/net/ipsec/ipsec/ipsec_parse.c.
24217 +char pfkey_v2_ext_bits_c_version[] = "$Id$";
24220 + * Some ugly stuff to allow consistent debugging code for use in the
24221 + * kernel and in user space
24226 +#include <linux/kernel.h> /* for printk */
24228 +#include <linux/malloc.h> /* kmalloc() */
24229 +#include <linux/errno.h> /* error codes */
24230 +#include <linux/types.h> /* size_t */
24231 +#include <linux/interrupt.h> /* mark_bh */
24233 +#include <linux/netdevice.h> /* struct device, and other headers */
24234 +#include <linux/etherdevice.h> /* eth_type_trans */
24235 +#include <linux/ip.h> /* struct iphdr */
24236 +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
24237 +#include <linux/ipv6.h>
24238 +#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
24240 +#else /* __KERNEL__ */
24242 +#include <sys/types.h>
24243 +#include <linux/types.h>
24244 +#include <linux/errno.h>
24247 +#include <freeswan.h>
24248 +#include <pfkeyv2.h>
24249 +#include <pfkey.h>
24251 +unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/] = {
24253 +/* INBOUND EXTENSIONS */
24256 +/* PERMITTED IN */
24258 +/* SADB_RESERVED */
24262 +1<<SADB_EXT_RESERVED
24263 +| 1<<SADB_EXT_ADDRESS_SRC
24264 +| 1<<SADB_EXT_ADDRESS_DST
24265 +| 1<<SADB_EXT_ADDRESS_PROXY
24266 +| 1<<SADB_EXT_SPIRANGE
24269 +1<<SADB_EXT_RESERVED
24271 +| 1<<SADB_EXT_LIFETIME_CURRENT
24272 +| 1<<SADB_EXT_LIFETIME_HARD
24273 +| 1<<SADB_EXT_LIFETIME_SOFT
24274 +| 1<<SADB_EXT_ADDRESS_SRC
24275 +| 1<<SADB_EXT_ADDRESS_DST
24276 +| 1<<SADB_EXT_ADDRESS_PROXY
24277 +| 1<<SADB_EXT_KEY_AUTH
24278 +| 1<<SADB_EXT_KEY_ENCRYPT
24279 +| 1<<SADB_EXT_IDENTITY_SRC
24280 +| 1<<SADB_EXT_IDENTITY_DST
24281 +| 1<<SADB_EXT_SENSITIVITY
24284 +1<<SADB_EXT_RESERVED
24286 +| 1<<SADB_EXT_LIFETIME_HARD
24287 +| 1<<SADB_EXT_LIFETIME_SOFT
24288 +| 1<<SADB_EXT_ADDRESS_SRC
24289 +| 1<<SADB_EXT_ADDRESS_DST
24290 +| 1<<SADB_EXT_ADDRESS_PROXY
24291 +| 1<<SADB_EXT_KEY_AUTH
24292 +| 1<<SADB_EXT_KEY_ENCRYPT
24293 +| 1<<SADB_EXT_IDENTITY_SRC
24294 +| 1<<SADB_EXT_IDENTITY_DST
24295 +| 1<<SADB_EXT_SENSITIVITY
24298 +1<<SADB_EXT_RESERVED
24300 +| 1<<SADB_EXT_ADDRESS_SRC
24301 +| 1<<SADB_EXT_ADDRESS_DST
24304 +1<<SADB_EXT_RESERVED
24306 +| 1<<SADB_EXT_ADDRESS_SRC
24307 +| 1<<SADB_EXT_ADDRESS_DST
24309 +/* SADB_ACQUIRE */
24310 +1<<SADB_EXT_RESERVED
24311 +| 1<<SADB_EXT_ADDRESS_SRC
24312 +| 1<<SADB_EXT_ADDRESS_DST
24313 +| 1<<SADB_EXT_ADDRESS_PROXY
24314 +| 1<<SADB_EXT_IDENTITY_SRC
24315 +| 1<<SADB_EXT_IDENTITY_DST
24316 +| 1<<SADB_EXT_SENSITIVITY
24317 +| 1<<SADB_EXT_PROPOSAL
24319 +/* SADB_REGISTER */
24320 +1<<SADB_EXT_RESERVED
24326 +1<<SADB_EXT_RESERVED
24329 +1<<SADB_EXT_RESERVED
24331 +/* SADB_X_PROMISC */
24332 +1<<SADB_EXT_RESERVED
24334 +| 1<<SADB_EXT_LIFETIME_CURRENT
24335 +| 1<<SADB_EXT_LIFETIME_HARD
24336 +| 1<<SADB_EXT_LIFETIME_SOFT
24337 +| 1<<SADB_EXT_ADDRESS_SRC
24338 +| 1<<SADB_EXT_ADDRESS_DST
24339 +| 1<<SADB_EXT_ADDRESS_PROXY
24340 +| 1<<SADB_EXT_KEY_AUTH
24341 +| 1<<SADB_EXT_KEY_ENCRYPT
24342 +| 1<<SADB_EXT_IDENTITY_SRC
24343 +| 1<<SADB_EXT_IDENTITY_DST
24344 +| 1<<SADB_EXT_SENSITIVITY
24345 +| 1<<SADB_EXT_PROPOSAL
24346 +| 1<<SADB_EXT_SUPPORTED_AUTH
24347 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24348 +| 1<<SADB_EXT_SPIRANGE
24349 +| 1<<SADB_X_EXT_KMPRIVATE
24350 +| 1<<SADB_X_EXT_SATYPE2
24351 +| 1<<SADB_X_EXT_SA2
24352 +| 1<<SADB_X_EXT_ADDRESS_DST2
24354 +/* SADB_X_PCHANGE */
24355 +1<<SADB_EXT_RESERVED
24357 +| 1<<SADB_EXT_LIFETIME_CURRENT
24358 +| 1<<SADB_EXT_LIFETIME_HARD
24359 +| 1<<SADB_EXT_LIFETIME_SOFT
24360 +| 1<<SADB_EXT_ADDRESS_SRC
24361 +| 1<<SADB_EXT_ADDRESS_DST
24362 +| 1<<SADB_EXT_ADDRESS_PROXY
24363 +| 1<<SADB_EXT_KEY_AUTH
24364 +| 1<<SADB_EXT_KEY_ENCRYPT
24365 +| 1<<SADB_EXT_IDENTITY_SRC
24366 +| 1<<SADB_EXT_IDENTITY_DST
24367 +| 1<<SADB_EXT_SENSITIVITY
24368 +| 1<<SADB_EXT_PROPOSAL
24369 +| 1<<SADB_EXT_SUPPORTED_AUTH
24370 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24371 +| 1<<SADB_EXT_SPIRANGE
24372 +| 1<<SADB_X_EXT_KMPRIVATE
24373 +| 1<<SADB_X_EXT_SATYPE2
24374 +| 1<<SADB_X_EXT_SA2
24375 +| 1<<SADB_X_EXT_ADDRESS_DST2
24377 +/* SADB_X_GRPSA */
24378 +1<<SADB_EXT_RESERVED
24380 +| 1<<SADB_EXT_ADDRESS_DST
24381 +| 1<<SADB_X_EXT_SATYPE2
24382 +| 1<<SADB_X_EXT_SA2
24383 +| 1<<SADB_X_EXT_ADDRESS_DST2
24385 +/* SADB_X_ADDFLOW */
24386 +1<<SADB_EXT_RESERVED
24388 +| 1<<SADB_EXT_ADDRESS_SRC
24389 +| 1<<SADB_EXT_ADDRESS_DST
24390 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24391 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24392 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24393 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24395 +/* SADB_X_DELFLOW */
24396 +1<<SADB_EXT_RESERVED
24398 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24399 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24400 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24401 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24403 +/* SADB_X_DEBUG */
24404 +1<<SADB_EXT_RESERVED
24405 +| 1<<SADB_X_EXT_DEBUG
24410 +/* SADB_RESERVED */
24414 +1<<SADB_EXT_RESERVED
24415 +| 1<<SADB_EXT_ADDRESS_SRC
24416 +| 1<<SADB_EXT_ADDRESS_DST
24417 +| 1<<SADB_EXT_SPIRANGE
24420 +1<<SADB_EXT_RESERVED
24422 +| 1<<SADB_EXT_ADDRESS_SRC
24423 +| 1<<SADB_EXT_ADDRESS_DST
24424 +| 1<<SADB_EXT_KEY_AUTH
24425 +| 1<<SADB_EXT_KEY_ENCRYPT
24428 +1<<SADB_EXT_RESERVED
24430 +| 1<<SADB_EXT_ADDRESS_SRC
24431 +| 1<<SADB_EXT_ADDRESS_DST
24432 +/*| 1<<SADB_EXT_KEY_AUTH*/
24433 +/*| 1<<SADB_EXT_KEY_ENCRYPT*/
24436 +1<<SADB_EXT_RESERVED
24438 +| 1<<SADB_EXT_ADDRESS_SRC
24439 +| 1<<SADB_EXT_ADDRESS_DST
24442 +1<<SADB_EXT_RESERVED
24444 +| 1<<SADB_EXT_ADDRESS_SRC
24445 +| 1<<SADB_EXT_ADDRESS_DST
24447 +/* SADB_ACQUIRE */
24448 +1<<SADB_EXT_RESERVED
24449 +| 1<<SADB_EXT_ADDRESS_SRC
24450 +| 1<<SADB_EXT_ADDRESS_DST
24451 +| 1<<SADB_EXT_PROPOSAL
24453 +/* SADB_REGISTER */
24454 +1<<SADB_EXT_RESERVED
24460 +1<<SADB_EXT_RESERVED
24463 +1<<SADB_EXT_RESERVED
24465 +/* SADB_X_PROMISC */
24466 +1<<SADB_EXT_RESERVED
24468 +| 1<<SADB_EXT_LIFETIME_CURRENT
24469 +| 1<<SADB_EXT_LIFETIME_HARD
24470 +| 1<<SADB_EXT_LIFETIME_SOFT
24471 +| 1<<SADB_EXT_ADDRESS_SRC
24472 +| 1<<SADB_EXT_ADDRESS_DST
24473 +| 1<<SADB_EXT_ADDRESS_PROXY
24474 +| 1<<SADB_EXT_KEY_AUTH
24475 +| 1<<SADB_EXT_KEY_ENCRYPT
24476 +| 1<<SADB_EXT_IDENTITY_SRC
24477 +| 1<<SADB_EXT_IDENTITY_DST
24478 +| 1<<SADB_EXT_SENSITIVITY
24479 +| 1<<SADB_EXT_PROPOSAL
24480 +| 1<<SADB_EXT_SUPPORTED_AUTH
24481 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24482 +| 1<<SADB_EXT_SPIRANGE
24483 +| 1<<SADB_X_EXT_KMPRIVATE
24484 +| 1<<SADB_X_EXT_SATYPE2
24485 +| 1<<SADB_X_EXT_SA2
24486 +| 1<<SADB_X_EXT_ADDRESS_DST2
24488 +/* SADB_X_PCHANGE */
24489 +1<<SADB_EXT_RESERVED
24491 +| 1<<SADB_EXT_LIFETIME_CURRENT
24492 +| 1<<SADB_EXT_LIFETIME_HARD
24493 +| 1<<SADB_EXT_LIFETIME_SOFT
24494 +| 1<<SADB_EXT_ADDRESS_SRC
24495 +| 1<<SADB_EXT_ADDRESS_DST
24496 +| 1<<SADB_EXT_ADDRESS_PROXY
24497 +| 1<<SADB_EXT_KEY_AUTH
24498 +| 1<<SADB_EXT_KEY_ENCRYPT
24499 +| 1<<SADB_EXT_IDENTITY_SRC
24500 +| 1<<SADB_EXT_IDENTITY_DST
24501 +| 1<<SADB_EXT_SENSITIVITY
24502 +| 1<<SADB_EXT_PROPOSAL
24503 +| 1<<SADB_EXT_SUPPORTED_AUTH
24504 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24505 +| 1<<SADB_EXT_SPIRANGE
24506 +| 1<<SADB_X_EXT_KMPRIVATE
24507 +| 1<<SADB_X_EXT_SATYPE2
24508 +| 1<<SADB_X_EXT_SA2
24509 +| 1<<SADB_X_EXT_ADDRESS_DST2
24511 +/* SADB_X_GRPSA */
24512 +1<<SADB_EXT_RESERVED
24514 +| 1<<SADB_EXT_ADDRESS_DST
24515 +/*| 1<<SADB_X_EXT_SATYPE2*/
24516 +/*| 1<<SADB_X_EXT_SA2*/
24517 +/*| 1<<SADB_X_EXT_ADDRESS_DST2*/
24519 +/* SADB_X_ADDFLOW */
24520 +1<<SADB_EXT_RESERVED
24522 +| 1<<SADB_EXT_ADDRESS_DST
24523 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24524 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24525 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24526 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24528 +/* SADB_X_DELFLOW */
24529 +1<<SADB_EXT_RESERVED
24530 +/*| 1<<SADB_EXT_SA*/
24531 +#if 0 /* SADB_X_CLREROUTE doesn't need all these... */
24532 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24533 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24534 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24535 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24538 +/* SADB_X_DEBUG */
24539 +1<<SADB_EXT_RESERVED
24540 +| 1<<SADB_X_EXT_DEBUG
24545 +/* OUTBOUND EXTENSIONS */
24548 +/* PERMITTED OUT */
24550 +/* SADB_RESERVED */
24554 +1<<SADB_EXT_RESERVED
24556 +| 1<<SADB_EXT_ADDRESS_SRC
24557 +| 1<<SADB_EXT_ADDRESS_DST
24560 +1<<SADB_EXT_RESERVED
24562 +| 1<<SADB_EXT_LIFETIME_CURRENT
24563 +| 1<<SADB_EXT_LIFETIME_HARD
24564 +| 1<<SADB_EXT_LIFETIME_SOFT
24565 +| 1<<SADB_EXT_ADDRESS_SRC
24566 +| 1<<SADB_EXT_ADDRESS_DST
24567 +| 1<<SADB_EXT_ADDRESS_PROXY
24568 +| 1<<SADB_EXT_IDENTITY_SRC
24569 +| 1<<SADB_EXT_IDENTITY_DST
24570 +| 1<<SADB_EXT_SENSITIVITY
24573 +1<<SADB_EXT_RESERVED
24575 +| 1<<SADB_EXT_LIFETIME_HARD
24576 +| 1<<SADB_EXT_LIFETIME_SOFT
24577 +| 1<<SADB_EXT_ADDRESS_SRC
24578 +| 1<<SADB_EXT_ADDRESS_DST
24579 +| 1<<SADB_EXT_IDENTITY_SRC
24580 +| 1<<SADB_EXT_IDENTITY_DST
24581 +| 1<<SADB_EXT_SENSITIVITY
24584 +1<<SADB_EXT_RESERVED
24586 +| 1<<SADB_EXT_ADDRESS_SRC
24587 +| 1<<SADB_EXT_ADDRESS_DST
24590 +1<<SADB_EXT_RESERVED
24592 +| 1<<SADB_EXT_LIFETIME_CURRENT
24593 +| 1<<SADB_EXT_LIFETIME_HARD
24594 +| 1<<SADB_EXT_LIFETIME_SOFT
24595 +| 1<<SADB_EXT_ADDRESS_SRC
24596 +| 1<<SADB_EXT_ADDRESS_DST
24597 +| 1<<SADB_EXT_ADDRESS_PROXY
24598 +| 1<<SADB_EXT_KEY_AUTH
24599 +| 1<<SADB_EXT_KEY_ENCRYPT
24600 +| 1<<SADB_EXT_IDENTITY_SRC
24601 +| 1<<SADB_EXT_IDENTITY_DST
24602 +| 1<<SADB_EXT_SENSITIVITY
24604 +/* SADB_ACQUIRE */
24605 +1<<SADB_EXT_RESERVED
24606 +| 1<<SADB_EXT_ADDRESS_SRC
24607 +| 1<<SADB_EXT_ADDRESS_DST
24608 +| 1<<SADB_EXT_ADDRESS_PROXY
24609 +| 1<<SADB_EXT_IDENTITY_SRC
24610 +| 1<<SADB_EXT_IDENTITY_DST
24611 +| 1<<SADB_EXT_SENSITIVITY
24612 +| 1<<SADB_EXT_PROPOSAL
24614 +/* SADB_REGISTER */
24615 +1<<SADB_EXT_RESERVED
24616 +| 1<<SADB_EXT_SUPPORTED_AUTH
24617 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24620 +1<<SADB_EXT_RESERVED
24622 +| 1<<SADB_EXT_LIFETIME_CURRENT
24623 +| 1<<SADB_EXT_LIFETIME_HARD
24624 +| 1<<SADB_EXT_LIFETIME_SOFT
24625 +| 1<<SADB_EXT_ADDRESS_SRC
24626 +| 1<<SADB_EXT_ADDRESS_DST
24629 +1<<SADB_EXT_RESERVED
24632 +1<<SADB_EXT_RESERVED
24634 +| 1<<SADB_EXT_LIFETIME_CURRENT
24635 +| 1<<SADB_EXT_LIFETIME_HARD
24636 +| 1<<SADB_EXT_LIFETIME_SOFT
24637 +| 1<<SADB_EXT_ADDRESS_SRC
24638 +| 1<<SADB_EXT_ADDRESS_DST
24639 +| 1<<SADB_EXT_ADDRESS_PROXY
24640 +| 1<<SADB_EXT_KEY_AUTH
24641 +| 1<<SADB_EXT_KEY_ENCRYPT
24642 +| 1<<SADB_EXT_IDENTITY_SRC
24643 +| 1<<SADB_EXT_IDENTITY_DST
24644 +| 1<<SADB_EXT_SENSITIVITY
24646 +/* SADB_X_PROMISC */
24647 +1<<SADB_EXT_RESERVED
24649 +| 1<<SADB_EXT_LIFETIME_CURRENT
24650 +| 1<<SADB_EXT_LIFETIME_HARD
24651 +| 1<<SADB_EXT_LIFETIME_SOFT
24652 +| 1<<SADB_EXT_ADDRESS_SRC
24653 +| 1<<SADB_EXT_ADDRESS_DST
24654 +| 1<<SADB_EXT_ADDRESS_PROXY
24655 +| 1<<SADB_EXT_KEY_AUTH
24656 +| 1<<SADB_EXT_KEY_ENCRYPT
24657 +| 1<<SADB_EXT_IDENTITY_SRC
24658 +| 1<<SADB_EXT_IDENTITY_DST
24659 +| 1<<SADB_EXT_SENSITIVITY
24660 +| 1<<SADB_EXT_PROPOSAL
24661 +| 1<<SADB_EXT_SUPPORTED_AUTH
24662 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24663 +| 1<<SADB_EXT_SPIRANGE
24664 +| 1<<SADB_X_EXT_KMPRIVATE
24665 +| 1<<SADB_X_EXT_SATYPE2
24666 +| 1<<SADB_X_EXT_SA2
24667 +| 1<<SADB_X_EXT_ADDRESS_DST2
24669 +/* SADB_X_PCHANGE */
24670 +1<<SADB_EXT_RESERVED
24672 +| 1<<SADB_EXT_LIFETIME_CURRENT
24673 +| 1<<SADB_EXT_LIFETIME_HARD
24674 +| 1<<SADB_EXT_LIFETIME_SOFT
24675 +| 1<<SADB_EXT_ADDRESS_SRC
24676 +| 1<<SADB_EXT_ADDRESS_DST
24677 +| 1<<SADB_EXT_ADDRESS_PROXY
24678 +| 1<<SADB_EXT_KEY_AUTH
24679 +| 1<<SADB_EXT_KEY_ENCRYPT
24680 +| 1<<SADB_EXT_IDENTITY_SRC
24681 +| 1<<SADB_EXT_IDENTITY_DST
24682 +| 1<<SADB_EXT_SENSITIVITY
24683 +| 1<<SADB_EXT_PROPOSAL
24684 +| 1<<SADB_EXT_SUPPORTED_AUTH
24685 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24686 +| 1<<SADB_EXT_SPIRANGE
24687 +| 1<<SADB_X_EXT_KMPRIVATE
24688 +| 1<<SADB_X_EXT_SATYPE2
24689 +| 1<<SADB_X_EXT_SA2
24690 +| 1<<SADB_X_EXT_ADDRESS_DST2
24692 +/* SADB_X_GRPSA */
24693 +1<<SADB_EXT_RESERVED
24695 +| 1<<SADB_EXT_ADDRESS_DST
24696 +| 1<<SADB_X_EXT_SATYPE2
24697 +| 1<<SADB_X_EXT_SA2
24698 +| 1<<SADB_X_EXT_ADDRESS_DST2
24700 +/* SADB_X_ADDFLOW */
24701 +1<<SADB_EXT_RESERVED
24703 +| 1<<SADB_EXT_ADDRESS_SRC
24704 +| 1<<SADB_EXT_ADDRESS_DST
24705 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24706 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24707 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24708 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24710 +/* SADB_X_DELFLOW */
24711 +1<<SADB_EXT_RESERVED
24713 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24714 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24715 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24716 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24718 +/* SADB_X_DEBUG */
24719 +1<<SADB_EXT_RESERVED
24720 +| 1<<SADB_X_EXT_DEBUG
24723 +/* REQUIRED OUT */
24725 +/* SADB_RESERVED */
24729 +1<<SADB_EXT_RESERVED
24731 +| 1<<SADB_EXT_ADDRESS_SRC
24732 +| 1<<SADB_EXT_ADDRESS_DST
24735 +1<<SADB_EXT_RESERVED
24737 +| 1<<SADB_EXT_ADDRESS_SRC
24738 +| 1<<SADB_EXT_ADDRESS_DST
24741 +1<<SADB_EXT_RESERVED
24743 +| 1<<SADB_EXT_ADDRESS_SRC
24744 +| 1<<SADB_EXT_ADDRESS_DST
24747 +1<<SADB_EXT_RESERVED
24749 +| 1<<SADB_EXT_ADDRESS_SRC
24750 +| 1<<SADB_EXT_ADDRESS_DST
24753 +1<<SADB_EXT_RESERVED
24755 +| 1<<SADB_EXT_ADDRESS_SRC
24756 +| 1<<SADB_EXT_ADDRESS_DST
24757 +| 1<<SADB_EXT_KEY_AUTH
24758 +| 1<<SADB_EXT_KEY_ENCRYPT
24760 +/* SADB_ACQUIRE */
24761 +1<<SADB_EXT_RESERVED
24762 +| 1<<SADB_EXT_ADDRESS_SRC
24763 +| 1<<SADB_EXT_ADDRESS_DST
24764 +| 1<<SADB_EXT_PROPOSAL
24766 +/* SADB_REGISTER */
24767 +1<<SADB_EXT_RESERVED
24768 +/* | 1<<SADB_EXT_SUPPORTED_AUTH
24769 + | 1<<SADB_EXT_SUPPORTED_ENCRYPT */
24772 +1<<SADB_EXT_RESERVED
24774 +| 1<<SADB_EXT_LIFETIME_CURRENT
24775 +/* | 1<<SADB_EXT_LIFETIME_HARD
24776 + | 1<<SADB_EXT_LIFETIME_SOFT */
24777 +| 1<<SADB_EXT_ADDRESS_SRC
24778 +| 1<<SADB_EXT_ADDRESS_DST
24781 +1<<SADB_EXT_RESERVED
24784 +1<<SADB_EXT_RESERVED
24786 +| 1<<SADB_EXT_ADDRESS_SRC
24787 +| 1<<SADB_EXT_ADDRESS_DST
24788 +| 1<<SADB_EXT_KEY_AUTH
24789 +| 1<<SADB_EXT_KEY_ENCRYPT
24791 +/* SADB_X_PROMISC */
24792 +1<<SADB_EXT_RESERVED
24794 +| 1<<SADB_EXT_LIFETIME_CURRENT
24795 +| 1<<SADB_EXT_LIFETIME_HARD
24796 +| 1<<SADB_EXT_LIFETIME_SOFT
24797 +| 1<<SADB_EXT_ADDRESS_SRC
24798 +| 1<<SADB_EXT_ADDRESS_DST
24799 +| 1<<SADB_EXT_ADDRESS_PROXY
24800 +| 1<<SADB_EXT_KEY_AUTH
24801 +| 1<<SADB_EXT_KEY_ENCRYPT
24802 +| 1<<SADB_EXT_IDENTITY_SRC
24803 +| 1<<SADB_EXT_IDENTITY_DST
24804 +| 1<<SADB_EXT_SENSITIVITY
24805 +| 1<<SADB_EXT_PROPOSAL
24806 +| 1<<SADB_EXT_SUPPORTED_AUTH
24807 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24808 +| 1<<SADB_EXT_SPIRANGE
24809 +| 1<<SADB_X_EXT_KMPRIVATE
24810 +| 1<<SADB_X_EXT_SATYPE2
24811 +| 1<<SADB_X_EXT_SA2
24812 +| 1<<SADB_X_EXT_ADDRESS_DST2
24814 +/* SADB_X_PCHANGE */
24815 +1<<SADB_EXT_RESERVED
24817 +| 1<<SADB_EXT_LIFETIME_CURRENT
24818 +| 1<<SADB_EXT_LIFETIME_HARD
24819 +| 1<<SADB_EXT_LIFETIME_SOFT
24820 +| 1<<SADB_EXT_ADDRESS_SRC
24821 +| 1<<SADB_EXT_ADDRESS_DST
24822 +| 1<<SADB_EXT_ADDRESS_PROXY
24823 +| 1<<SADB_EXT_KEY_AUTH
24824 +| 1<<SADB_EXT_KEY_ENCRYPT
24825 +| 1<<SADB_EXT_IDENTITY_SRC
24826 +| 1<<SADB_EXT_IDENTITY_DST
24827 +| 1<<SADB_EXT_SENSITIVITY
24828 +| 1<<SADB_EXT_PROPOSAL
24829 +| 1<<SADB_EXT_SUPPORTED_AUTH
24830 +| 1<<SADB_EXT_SUPPORTED_ENCRYPT
24831 +| 1<<SADB_EXT_SPIRANGE
24832 +| 1<<SADB_X_EXT_KMPRIVATE
24833 +| 1<<SADB_X_EXT_SATYPE2
24834 +| 1<<SADB_X_EXT_SA2
24835 +| 1<<SADB_X_EXT_ADDRESS_DST2
24837 +/* SADB_X_GRPSA */
24838 +1<<SADB_EXT_RESERVED
24840 +| 1<<SADB_EXT_ADDRESS_DST
24842 +/* SADB_X_ADDFLOW */
24843 +1<<SADB_EXT_RESERVED
24845 +| 1<<SADB_EXT_ADDRESS_DST
24846 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24847 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24848 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24849 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24851 +/* SADB_X_DELFLOW */
24852 +1<<SADB_EXT_RESERVED
24853 +/*| 1<<SADB_EXT_SA*/
24854 +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW
24855 +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW
24856 +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK
24857 +| 1<<SADB_X_EXT_ADDRESS_DST_MASK
24859 +/* SADB_X_DEBUG */
24860 +1<<SADB_EXT_RESERVED
24861 +| 1<<SADB_X_EXT_DEBUG
24868 + * Revision 1.7 2000/09/12 22:35:37 rgb
24869 + * Restructured to remove unused extensions from CLEARFLOW messages.
24871 + * Revision 1.6 2000/09/09 06:39:01 rgb
24872 + * Added comments for clarity.
24874 + * Revision 1.5 2000/06/02 22:54:14 rgb
24875 + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
24877 + * Revision 1.4 2000/01/21 06:27:56 rgb
24878 + * Added address cases for eroute flows.
24879 + * Added comments for each message type.
24880 + * Added klipsdebug switching capability.
24881 + * Fixed GRPSA bitfields.
24883 + * Revision 1.3 1999/12/01 22:20:27 rgb
24884 + * Remove requirement for a proxy address in an incoming getspi message.
24886 + * Revision 1.2 1999/11/27 11:57:06 rgb
24887 + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
24888 + * Add CVS log entry to bottom of file.
24889 + * Cleaned out unused bits.
24892 diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_parse.c linux/net/ipsec/libfreeswan/pfkey_v2_parse.c
24893 --- linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_parse.c Thu Jan 1 01:00:00 1970
24894 +++ linux/net/ipsec/libfreeswan/pfkey_v2_parse.c Fri Nov 17 19:10:30 2000
24897 + * RFC2367 PF_KEYv2 Key management API message parser
24898 + * Copyright (C) 1999 Richard Guy Briggs.
24900 + * This program is free software; you can redistribute it and/or modify it
24901 + * under the terms of the GNU General Public License as published by the
24902 + * Free Software Foundation; either version 2 of the License, or (at your
24903 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
24905 + * This program is distributed in the hope that it will be useful, but
24906 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24907 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
24908 + * for more details.
24914 + * Template from klips/net/ipsec/ipsec/ipsec_parser.c.
24917 +char pfkey_v2_parse_c_version[] = "$Id$";
24920 + * Some ugly stuff to allow consistent debugging code for use in the
24921 + * kernel and in user space
24926 +# include <linux/kernel.h> /* for printk */
24928 +# include <linux/malloc.h> /* kmalloc() */
24929 +# include <linux/errno.h> /* error codes */
24930 +# include <linux/types.h> /* size_t */
24931 +# include <linux/interrupt.h> /* mark_bh */
24933 +# include <linux/netdevice.h> /* struct device, and other headers */
24934 +# include <linux/etherdevice.h> /* eth_type_trans */
24935 +# include <linux/ip.h> /* struct iphdr */
24936 +# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
24937 +# include <linux/ipv6.h> /* struct ipv6hdr */
24938 +# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
24939 +extern int debug_pfkey;
24941 +#else /* __KERNEL__ */
24943 +# include <sys/types.h>
24944 +# include <linux/types.h>
24945 +# include <linux/errno.h>
24947 +# include "../pluto/constants.h"
24948 +# include "../pluto/defs.h" /* for PRINTF_LIKE */
24949 +# include "../pluto/log.h" /* for debugging and DBG_log */
24951 +extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
24953 +/* #define PLUTO */
24956 +# define DEBUGGING(args...) { DBG_log("pfkey_lib_debug:" args); }
24958 +# define DEBUGGING(args...) if(pfkey_lib_debug) { printf("pfkey_lib_debug:" args); } else { ; }
24961 +#endif /* __KERNEL__ */
24964 +#include <freeswan.h>
24965 +#include <pfkeyv2.h>
24966 +#include <pfkey.h>
24969 +# include "../radij.h" /* rd_nodes */
24970 +# include "../ipsec_encap.h" /* sockaddr_encap */
24971 +# include "../ipsec_netlink.h" /* KLIPS_PRINT */
24972 +# define DEBUGGING(args...) \
24973 + KLIPS_PRINT(debug_pfkey, "klips_debug:" args)
24974 +/* ((debug_pfkey) ? printk(KERN_INFO "klips_debug:" format , ## args) : 0) */
24975 +#endif /* __KERNEL__ */
24978 +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
24980 +struct satype_tbl {
24984 +} static satype_tbl[] = {
24986 + { IPPROTO_ESP, SADB_SATYPE_ESP, "ESP" },
24987 + { IPPROTO_AH, SADB_SATYPE_AH, "AH" },
24988 + { IPPROTO_IPIP, SADB_X_SATYPE_IPIP, "IPIP" },
24989 +#ifdef CONFIG_IPSEC_IPCOMP
24990 + { IPPROTO_COMP, SADB_X_SATYPE_COMP, "COMP" },
24991 +#endif /* CONFIG_IPSEC_IPCOMP */
24992 +#else /* __KERNEL__ */
24993 + { SA_ESP, SADB_SATYPE_ESP, "ESP" },
24994 + { SA_AH, SADB_SATYPE_AH, "AH" },
24995 + { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" },
24996 + { SA_COMP, SADB_X_SATYPE_COMP, "COMP" },
24997 +#endif /* __KERNEL__ */
25001 +uint8_t satype2proto(uint8_t satype) {
25004 + while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) {
25007 + return satype_tbl[i].proto;
25010 +uint8_t proto2satype(uint8_t proto) {
25013 + while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
25016 + return satype_tbl[i].satype;
25019 +char* proto2name(uint8_t proto) {
25022 + while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) {
25025 + return satype_tbl[i].name;
25028 +uint8_t sadb_satype2proto[] = {
25041 +#else /* __KERNEL__ */
25053 +#endif /* __KERNEL__ */
25056 +/* Default extension parsers taken from the KLIPS code */
25058 +DEBUG_NO_STATIC int
25059 +pfkey_sa_parse(struct sadb_ext *pfkey_ext)
25062 + struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
25065 + "pfkey_sa_parse:\n");
25066 + /* sanity checks... */
25069 + "pfkey_sa_parse: NULL pointer passed in.\n");
25073 + if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) {
25075 + "pfkey_sa_parse: length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n",
25076 + pfkey_sa->sadb_sa_len,
25077 + sizeof(struct sadb_sa));
25081 + if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) {
25083 + "pfkey_sa_parse: pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n",
25084 + pfkey_sa->sadb_sa_encrypt,
25089 + if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) {
25091 + "pfkey_sa_parse: pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n",
25092 + pfkey_sa->sadb_sa_auth,
25097 + if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) {
25099 + "pfkey_sa_parse: state=%d exceeds MAX=%d.\n",
25100 + pfkey_sa->sadb_sa_state,
25101 + SADB_SASTATE_MAX);
25105 + if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) {
25107 + "pfkey_sa_parse: state=%d is DEAD=%d.\n",
25108 + pfkey_sa->sadb_sa_state,
25109 + SADB_SASTATE_DEAD);
25113 + if(pfkey_sa->sadb_sa_replay > 64) {
25115 + "pfkey_sa_parse: replay window size: %d"
25116 + " -- must be 0 <= size <= 64\n",
25117 + pfkey_sa->sadb_sa_replay);
25121 + if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) ||
25122 + (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2)))
25125 + "pfkey_sa_parse: unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n",
25126 + pfkey_sa->sadb_sa_exttype,
25132 + "pfkey_sa_parse: successfully found len=%d exttype=%d spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d.\n",
25133 + pfkey_sa->sadb_sa_len,
25134 + pfkey_sa->sadb_sa_exttype,
25135 + (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi),
25136 + pfkey_sa->sadb_sa_replay,
25137 + pfkey_sa->sadb_sa_state,
25138 + pfkey_sa->sadb_sa_auth,
25139 + pfkey_sa->sadb_sa_encrypt,
25140 + pfkey_sa->sadb_sa_flags);
25146 +DEBUG_NO_STATIC int
25147 +pfkey_lifetime_parse(struct sadb_ext *pfkey_ext)
25150 + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext;
25153 + "pfkey_lifetime_parse:\n");
25154 + /* sanity checks... */
25155 + if(!pfkey_lifetime) {
25157 + "pfkey_lifetime_parse: NULL pointer passed in.\n");
25161 + if(pfkey_lifetime->sadb_lifetime_len !=
25162 + sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) {
25164 + "pfkey_lifetime_parse: length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n",
25165 + pfkey_lifetime->sadb_lifetime_len,
25166 + sizeof(struct sadb_lifetime));
25170 + if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) &&
25171 + (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) &&
25172 + (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) {
25174 + "pfkey_lifetime_parse: unexpected ext_type=%d.\n",
25175 + pfkey_lifetime->sadb_lifetime_exttype);
25183 +DEBUG_NO_STATIC int
25184 +pfkey_address_parse(struct sadb_ext *pfkey_ext)
25187 + int saddr_len = 0;
25188 + struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
25189 + struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
25190 + char ipaddr_txt[ADDRTOT_BUF];
25193 + "pfkey_address_parse:\n");
25194 + /* sanity checks... */
25195 + if(!pfkey_address) {
25197 + "pfkey_address_parse: NULL pointer passed in.\n");
25201 + if(pfkey_address->sadb_address_len <
25202 + (sizeof(struct sadb_address) + sizeof(struct sockaddr))/
25203 + IPSEC_PFKEYv2_ALIGN) {
25205 + "pfkey_address_parse: size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
25206 + pfkey_address->sadb_address_len,
25207 + sizeof(struct sadb_address),
25208 + sizeof(struct sockaddr));
25212 + if(pfkey_address->sadb_address_reserved) {
25214 + "pfkey_address_parse: res=%d, must be zero.\n",
25215 + pfkey_address->sadb_address_reserved);
25219 + switch(pfkey_address->sadb_address_exttype) {
25220 + case SADB_EXT_ADDRESS_SRC:
25221 + case SADB_EXT_ADDRESS_DST:
25222 + case SADB_EXT_ADDRESS_PROXY:
25223 + case SADB_X_EXT_ADDRESS_DST2:
25224 + case SADB_X_EXT_ADDRESS_SRC_FLOW:
25225 + case SADB_X_EXT_ADDRESS_DST_FLOW:
25226 + case SADB_X_EXT_ADDRESS_SRC_MASK:
25227 + case SADB_X_EXT_ADDRESS_DST_MASK:
25231 + "pfkey_address_parse: unexpected ext_type=%d.\n",
25232 + pfkey_address->sadb_address_exttype);
25236 + switch(s->sa_family) {
25239 + "pfkey_address_parse: found address family=%d, AF_INET.\n",
25241 + saddr_len = sizeof(struct sockaddr_in);
25242 + sprintf(ipaddr_txt, "%d.%d.%d.%d"
25243 + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF
25244 + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF
25245 + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF
25246 + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF);
25248 + "pfkey_address_parse: found address=%s.\n",
25253 + "pfkey_address_parse: found address family=%d, AF_INET6.\n",
25255 + saddr_len = sizeof(struct sockaddr_in6);
25256 + sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x"
25257 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[0])
25258 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[1])
25259 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[2])
25260 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[3])
25261 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[4])
25262 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[5])
25263 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[6])
25264 + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[7]));
25266 + "pfkey_address_parse: found address=%s.\n",
25271 + "pfkey_address_parse: s->sa_family=%d not supported.\n",
25273 + SENDERR(EPFNOSUPPORT);
25276 + if(pfkey_address->sadb_address_len !=
25277 + DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) {
25279 + "pfkey_address_parse: size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n",
25280 + pfkey_address->sadb_address_len,
25281 + sizeof(struct sadb_address),
25286 + if(pfkey_address->sadb_address_prefixlen != 0) {
25288 + "pfkey_address_parse: address prefixes not supported yet.\n");
25289 + SENDERR(EAFNOSUPPORT); /* not supported yet */
25292 + /* XXX check if port!=0 */
25295 + "pfkey_address_parse: successful.\n");
25300 +DEBUG_NO_STATIC int
25301 +pfkey_key_parse(struct sadb_ext *pfkey_ext)
25304 + struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext;
25307 + "pfkey_key_parse:\n");
25308 + /* sanity checks... */
25312 + "pfkey_key_parse: NULL pointer passed in.\n");
25316 + if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) {
25318 + "pfkey_key_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
25319 + pfkey_key->sadb_key_len,
25320 + sizeof(struct sadb_key));
25324 + if(!pfkey_key->sadb_key_bits) {
25326 + "pfkey_key_parse: key length set to zero, must be non-zero.\n");
25330 + if(pfkey_key->sadb_key_len !=
25331 + DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits,
25334 + "pfkey_key_parse: key length=%d does not agree with extension length=%d.\n",
25335 + pfkey_key->sadb_key_bits,
25336 + pfkey_key->sadb_key_len);
25340 + if(pfkey_key->sadb_key_reserved) {
25342 + "pfkey_key_parse: res=%d, must be zero.\n",
25343 + pfkey_key->sadb_key_reserved);
25347 + if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) ||
25348 + (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) {
25350 + "pfkey_key_parse: expecting extension type AUTH or ENCRYPT, got %d.\n",
25351 + pfkey_key->sadb_key_exttype);
25356 + "pfkey_key_parse: success, found len=%d exttype=%d bits=%d reserved=%d.\n",
25357 + pfkey_key->sadb_key_len,
25358 + pfkey_key->sadb_key_exttype,
25359 + pfkey_key->sadb_key_bits,
25360 + pfkey_key->sadb_key_reserved);
25366 +DEBUG_NO_STATIC int
25367 +pfkey_ident_parse(struct sadb_ext *pfkey_ext)
25370 + struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext;
25372 + /* sanity checks... */
25373 + if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
25375 + "pfkey_ident_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
25376 + pfkey_ident->sadb_ident_len,
25377 + sizeof(struct sadb_ident));
25381 + if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) {
25383 + "pfkey_ident_parse: ident_type=%d out of range, must be less than %d.\n",
25384 + pfkey_ident->sadb_ident_type,
25385 + SADB_IDENTTYPE_MAX);
25389 + if(pfkey_ident->sadb_ident_reserved) {
25391 + "pfkey_ident_parse: res=%d, must be zero.\n",
25392 + pfkey_ident->sadb_ident_reserved);
25396 + /* string terminator/padding must be zero */
25397 + if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) {
25398 + if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) {
25400 + "pfkey_ident_parse: string padding must be zero, last is 0x%02x.\n",
25401 + *((char*)pfkey_ident +
25402 + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1));
25407 + if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) ||
25408 + (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) {
25410 + "pfkey_key_parse: expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n",
25411 + pfkey_ident->sadb_ident_exttype);
25419 +DEBUG_NO_STATIC int
25420 +pfkey_sens_parse(struct sadb_ext *pfkey_ext)
25423 + struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext;
25425 + /* sanity checks... */
25426 + if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) {
25428 + "pfkey_sens_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
25429 + pfkey_sens->sadb_sens_len,
25430 + sizeof(struct sadb_sens));
25435 + "pfkey_sens_parse: Sorry, I can't parse exttype=%d yet.\n",
25436 + pfkey_ext->sadb_ext_type);
25438 + SENDERR(EINVAL); /* don't process these yet */
25445 +DEBUG_NO_STATIC int
25446 +pfkey_prop_parse(struct sadb_ext *pfkey_ext)
25450 + struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext;
25451 + struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop));
25453 + /* sanity checks... */
25454 + if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) ||
25455 + (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) {
25457 + "pfkey_prop_parse: size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n",
25458 + pfkey_prop->sadb_prop_len,
25459 + sizeof(struct sadb_prop),
25460 + sizeof(struct sadb_comb));
25464 + if(pfkey_prop->sadb_prop_replay > 64) {
25466 + "pfkey_prop_parse: replay window size: %d"
25467 + " -- must be 0 <= size <= 64\n",
25468 + pfkey_prop->sadb_prop_replay);
25472 + for(i=0; i<3; i++) {
25473 + if(pfkey_prop->sadb_prop_reserved[i]) {
25475 + "pfkey_prop_parse: res[%d]=%d, must be zero.\n",
25476 + i, pfkey_prop->sadb_prop_reserved[i]);
25481 + num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb);
25483 + for(i = 0; i < num_comb; i++) {
25484 + if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) {
25486 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n",
25488 + pfkey_comb->sadb_comb_auth,
25493 + if(pfkey_comb->sadb_comb_auth) {
25494 + if(!pfkey_comb->sadb_comb_auth_minbits) {
25496 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n",
25500 + if(!pfkey_comb->sadb_comb_auth_maxbits) {
25502 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n",
25506 + if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) {
25508 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n",
25510 + pfkey_comb->sadb_comb_auth_minbits,
25511 + pfkey_comb->sadb_comb_auth_maxbits);
25515 + if(pfkey_comb->sadb_comb_auth_minbits) {
25517 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n",
25519 + pfkey_comb->sadb_comb_auth_minbits);
25522 + if(pfkey_comb->sadb_comb_auth_maxbits) {
25524 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n",
25526 + pfkey_comb->sadb_comb_auth_maxbits);
25531 + if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) {
25533 + "pfkey_comb_parse: pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n",
25535 + pfkey_comb->sadb_comb_encrypt,
25540 + if(pfkey_comb->sadb_comb_encrypt) {
25541 + if(!pfkey_comb->sadb_comb_encrypt_minbits) {
25543 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n",
25547 + if(!pfkey_comb->sadb_comb_encrypt_maxbits) {
25549 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n",
25553 + if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) {
25555 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n",
25557 + pfkey_comb->sadb_comb_encrypt_minbits,
25558 + pfkey_comb->sadb_comb_encrypt_maxbits);
25562 + if(pfkey_comb->sadb_comb_encrypt_minbits) {
25564 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n",
25566 + pfkey_comb->sadb_comb_encrypt_minbits);
25569 + if(pfkey_comb->sadb_comb_encrypt_maxbits) {
25571 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n",
25573 + pfkey_comb->sadb_comb_encrypt_maxbits);
25578 + /* XXX do sanity check on flags */
25580 + if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) {
25582 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n",
25584 + pfkey_comb->sadb_comb_soft_allocations,
25585 + pfkey_comb->sadb_comb_hard_allocations);
25589 + if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) {
25591 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n",
25593 + pfkey_comb->sadb_comb_soft_bytes,
25594 + pfkey_comb->sadb_comb_hard_bytes);
25598 + if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) {
25600 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n",
25602 + pfkey_comb->sadb_comb_soft_addtime,
25603 + pfkey_comb->sadb_comb_hard_addtime);
25607 + if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) {
25609 + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n",
25611 + pfkey_comb->sadb_comb_soft_usetime,
25612 + pfkey_comb->sadb_comb_hard_usetime);
25616 + if(pfkey_comb->sadb_comb_reserved) {
25618 + "pfkey_prop_parse: comb[%d].res=%d, must be zero.\n",
25620 + pfkey_comb->sadb_comb_reserved);
25630 +DEBUG_NO_STATIC int
25631 +pfkey_supported_parse(struct sadb_ext *pfkey_ext)
25634 + unsigned int i, num_alg;
25635 + struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext;
25636 + struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported));
25638 + /* sanity checks... */
25639 + if((pfkey_supported->sadb_supported_len <
25640 + sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) ||
25641 + (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) -
25642 + sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) {
25645 + "pfkey_supported_parse: size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n",
25646 + pfkey_supported->sadb_supported_len,
25647 + sizeof(struct sadb_supported),
25648 + sizeof(struct sadb_alg));
25652 + if(pfkey_supported->sadb_supported_reserved) {
25654 + "pfkey_supported_parse: res=%d, must be zero.\n",
25655 + pfkey_supported->sadb_supported_reserved);
25659 + num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg);
25661 + for(i = 0; i < num_alg; i++) {
25662 + /* process algo description */
25663 + if(pfkey_alg->sadb_alg_reserved) {
25665 + "pfkey_supported_parse: alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n",
25667 + pfkey_alg->sadb_alg_id,
25668 + pfkey_alg->sadb_alg_ivlen,
25669 + pfkey_alg->sadb_alg_minbits,
25670 + pfkey_alg->sadb_alg_maxbits,
25671 + pfkey_alg->sadb_alg_reserved);
25675 + /* XXX can alg_id auth/enc be determined from info given?
25676 + Yes, but OpenBSD's method does not iteroperate with rfc2367.
25677 + rgb, 2000-04-06 */
25679 + switch(pfkey_supported->sadb_supported_exttype) {
25680 + case SADB_EXT_SUPPORTED_AUTH:
25681 + if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) {
25683 + "pfkey_supported_parse: alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n",
25685 + pfkey_alg->sadb_alg_id,
25690 + case SADB_EXT_SUPPORTED_ENCRYPT:
25691 + if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) {
25693 + "pfkey_supported_parse: alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
25695 + pfkey_alg->sadb_alg_id,
25702 + "pfkey_supported_parse: alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n",
25704 + pfkey_alg->sadb_alg_id,
25715 +DEBUG_NO_STATIC int
25716 +pfkey_spirange_parse(struct sadb_ext *pfkey_ext)
25719 + struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext;
25721 + /* sanity checks... */
25722 + if(pfkey_spirange->sadb_spirange_len !=
25723 + sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) {
25725 + "pfkey_spirange_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
25726 + pfkey_spirange->sadb_spirange_len,
25727 + sizeof(struct sadb_spirange));
25731 + if(pfkey_spirange->sadb_spirange_reserved) {
25733 + " pfkey_spirange_parse: reserved=%d must be set to zero.\n",
25734 + pfkey_spirange->sadb_spirange_reserved);
25738 + if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) {
25740 + " pfkey_spirange_parse: minspi=%08x must be < maxspi=%08x.\n",
25741 + ntohl(pfkey_spirange->sadb_spirange_min),
25742 + ntohl(pfkey_spirange->sadb_spirange_max));
25746 + if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) {
25748 + " pfkey_spirange_parse: minspi=%08x must be > 255.\n",
25749 + ntohl(pfkey_spirange->sadb_spirange_min));
25757 +DEBUG_NO_STATIC int
25758 +pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext)
25761 + struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext;
25763 + /* sanity checks... */
25764 + if(pfkey_x_kmprivate->sadb_x_kmprivate_len <
25765 + sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) {
25767 + "pfkey_x_kmprivate_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
25768 + pfkey_x_kmprivate->sadb_x_kmprivate_len,
25769 + sizeof(struct sadb_x_kmprivate));
25773 + if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) {
25775 + " pfkey_x_kmprivate_parse: reserved=%d must be set to zero.\n",
25776 + pfkey_x_kmprivate->sadb_x_kmprivate_reserved);
25781 + "pfkey_x_kmprivate_parse: Sorry, I can't parse exttype=%d yet.\n",
25782 + pfkey_ext->sadb_ext_type);
25783 + SENDERR(EINVAL); /* don't process these yet */
25789 +DEBUG_NO_STATIC int
25790 +pfkey_x_satype_parse(struct sadb_ext *pfkey_ext)
25794 + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
25797 + "pfkey_x_satype_parse:\n");
25798 + /* sanity checks... */
25799 + if(pfkey_x_satype->sadb_x_satype_len !=
25800 + sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) {
25802 + "pfkey_x_satype_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
25803 + pfkey_x_satype->sadb_x_satype_len,
25804 + sizeof(struct sadb_x_satype));
25808 + if(!pfkey_x_satype->sadb_x_satype_satype) {
25810 + "pfkey_x_satype_parse: satype is zero, must be non-zero.\n");
25814 + if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) {
25816 + "pfkey_x_satype_parse: satype %d > max %d\n",
25817 + pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX);
25821 + if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
25823 + "pfkey_x_satype_parse: proto lookup from satype=%d failed.\n",
25824 + pfkey_x_satype->sadb_x_satype_satype);
25828 + for(i = 0; i < 3; i++) {
25829 + if(pfkey_x_satype->sadb_x_satype_reserved[i]) {
25831 + " pfkey_x_satype_parse: reserved[%d]=%d must be set to zero.\n",
25832 + i, pfkey_x_satype->sadb_x_satype_reserved[i]);
25841 +DEBUG_NO_STATIC int
25842 +pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext)
25846 + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext;
25849 + "pfkey_x_debug_parse:\n");
25850 + /* sanity checks... */
25851 + if(pfkey_x_debug->sadb_x_debug_len !=
25852 + sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) {
25854 + "pfkey_x_debug_parse: size wrong ext_len=%d, key_ext_len=%d.\n",
25855 + pfkey_x_debug->sadb_x_debug_len,
25856 + sizeof(struct sadb_x_debug));
25860 + for(i = 0; i < 4; i++) {
25861 + if(pfkey_x_debug->sadb_x_debug_reserved[i]) {
25863 + " pfkey_x_debug_parse: reserved[%d]=%d must be set to zero.\n",
25864 + i, pfkey_x_debug->sadb_x_debug_reserved[i]);
25873 +int (*ext_default_parsers[SADB_EXT_MAX +1])(struct sadb_ext*) =
25875 + NULL, /* pfkey_msg_parse, */
25877 + pfkey_lifetime_parse,
25878 + pfkey_lifetime_parse,
25879 + pfkey_lifetime_parse,
25880 + pfkey_address_parse,
25881 + pfkey_address_parse,
25882 + pfkey_address_parse,
25885 + pfkey_ident_parse,
25886 + pfkey_ident_parse,
25887 + pfkey_sens_parse,
25888 + pfkey_prop_parse,
25889 + pfkey_supported_parse,
25890 + pfkey_supported_parse,
25891 + pfkey_spirange_parse,
25892 + pfkey_x_kmprivate_parse,
25893 + pfkey_x_satype_parse,
25895 + pfkey_address_parse,
25896 + pfkey_address_parse,
25897 + pfkey_address_parse,
25898 + pfkey_address_parse,
25899 + pfkey_address_parse,
25900 + pfkey_x_ext_debug_parse
25904 +pfkey_msg_parse(struct sadb_msg *pfkey_msg,
25905 + int (*ext_parsers[])(struct sadb_ext*),
25906 + struct sadb_ext *extensions[],
25911 + struct sadb_ext *pfkey_ext;
25912 + int extensions_seen = 0;
25915 + "pfkey_msg_parse: parsing message "
25916 + "ver=%d, type=%d, errno=%d, satype=%d, len=%d, res=%d, seq=%d, pid=%d.\n",
25917 + pfkey_msg->sadb_msg_version,
25918 + pfkey_msg->sadb_msg_type,
25919 + pfkey_msg->sadb_msg_errno,
25920 + pfkey_msg->sadb_msg_satype,
25921 + pfkey_msg->sadb_msg_len,
25922 + pfkey_msg->sadb_msg_reserved,
25923 + pfkey_msg->sadb_msg_seq,
25924 + pfkey_msg->sadb_msg_pid);
25926 + if(ext_parsers == NULL) ext_parsers = ext_default_parsers;
25928 + pfkey_extensions_init(extensions);
25930 + remain = pfkey_msg->sadb_msg_len;
25931 + remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
25933 + pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg +
25934 + sizeof(struct sadb_msg));
25936 + extensions[0] = (struct sadb_ext *) pfkey_msg;
25939 + if(pfkey_msg->sadb_msg_version != PF_KEY_V2) {
25941 + "pfkey_msg_parse: "
25942 + "not PF_KEY_V2 msg, found %d, should be %d.\n",
25943 + pfkey_msg->sadb_msg_version,
25948 + if(!pfkey_msg->sadb_msg_type) {
25950 + "pfkey_msg_parse: msg type not set, must be non-zero..\n");
25954 + if(pfkey_msg->sadb_msg_type > SADB_MAX) {
25956 + "pfkey_msg_parse: msg type=%d > max=%d.\n",
25957 + pfkey_msg->sadb_msg_type,
25962 + switch(pfkey_msg->sadb_msg_type) {
25963 + case SADB_GETSPI:
25964 + case SADB_UPDATE:
25966 + case SADB_DELETE:
25968 + case SADB_ACQUIRE:
25969 + case SADB_REGISTER:
25970 + case SADB_EXPIRE:
25972 + case SADB_X_PROMISC:
25973 + case SADB_X_PCHANGE:
25975 + case SADB_X_GRPSA:
25976 + if(!pfkey_msg->sadb_msg_satype) {
25978 + "pfkey_msg_parse: satype is zero, must be non-zero for msg_type %d.\n", pfkey_msg->sadb_msg_type);
25981 + switch(pfkey_msg->sadb_msg_satype) {
25982 + case SADB_SATYPE_ESP:
25983 + case SADB_SATYPE_AH:
25984 + case SADB_X_SATYPE_IPIP:
25985 + case SADB_X_SATYPE_COMP:
25989 + "pfkey_msg_parse: "
25990 + "satype=%d is not supported yet.\n",
25991 + pfkey_msg->sadb_msg_satype);
25998 + /* errno must not be set in downward messages */
25999 + /* this is not entirely true... a response to an ACQUIRE could return an error */
26000 + if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) {
26002 + "pfkey_msg_parse: "
26003 + "errno set to %d.\n",
26004 + pfkey_msg->sadb_msg_errno);
26009 + "pfkey_msg_parse: remain=%d, ext_type=%d, ext_len=%d.\n",
26010 + remain, pfkey_ext->sadb_ext_type, pfkey_ext->sadb_ext_len);
26013 + "pfkey_msg_parse: extensions "
26014 + "permitted=%08x, required=%08x.\n",
26015 + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
26016 + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
26018 + extensions_seen = 1;
26020 + while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) {
26021 + /* Is there enough message left to support another extension header? */
26022 + if(remain < pfkey_ext->sadb_ext_len) {
26024 + "pfkey_msg_parse: remain %d less than ext len %d.\n",
26025 + remain, pfkey_ext->sadb_ext_len);
26030 + "pfkey_msg_parse: parsing ext type=%d remain=%d.\n",
26031 + pfkey_ext->sadb_ext_type,
26034 + /* Is the extension header type valid? */
26035 + if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) {
26037 + "pfkey_msg_parse: ext type %d invalid, SADB_EXT_MAX=%d.\n",
26038 + pfkey_ext->sadb_ext_type, SADB_EXT_MAX);
26042 + /* Have we already seen this type of extension? */
26043 + if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0)
26046 + "pfkey_msg_parse: ext type %d already seen.\n",
26047 + pfkey_ext->sadb_ext_type);
26051 + /* Do I even know about this type of extension? */
26052 + if(!(ext_parsers[pfkey_ext->sadb_ext_type])) {
26054 + "pfkey_msg_parse: ext type %d unknown, ignoring.\n",
26055 + pfkey_ext->sadb_ext_type);
26059 + /* Is this type of extension permitted for this type of message? */
26060 + if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] &
26061 + 1<<pfkey_ext->sadb_ext_type)) {
26063 + "pfkey_msg_parse: ext type %d not permitted, exts_perm_in=%08x, 1<<type=%08x\n",
26064 + pfkey_ext->sadb_ext_type,
26065 + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
26066 + 1<<pfkey_ext->sadb_ext_type);
26071 + "pfkey_msg_parse: About to parse extension %d %p with parser %p.\n",
26072 + pfkey_ext->sadb_ext_type,
26074 + ext_parsers[pfkey_ext->sadb_ext_type]);
26075 + /* Parse the extension */
26076 + if((error = ext_parsers[pfkey_ext->sadb_ext_type](pfkey_ext))) {
26078 + "pfkey_msg_parse: extension parsing for type %d failed with error %d.\n",
26079 + pfkey_ext->sadb_ext_type, error);
26083 + "pfkey_msg_parse: Extension %d parsed.\n",
26084 + pfkey_ext->sadb_ext_type);
26086 + /* Mark that we have seen this extension and remember the header location */
26087 + extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type );
26088 + extensions[pfkey_ext->sadb_ext_type] = pfkey_ext;
26091 + /* Calculate how much message remains */
26092 + remain -= pfkey_ext->sadb_ext_len;
26097 + /* Find the next extension header */
26098 + pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext +
26099 + pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN);
26104 + "pfkey_msg_parse: unexpected remainder of %d.\n",
26106 + /* why is there still something remaining? */
26110 + /* check required extensions */
26112 + "pfkey_msg_parse: extensions "
26113 + "permitted=%08x, seen=%08x, required=%08x.\n",
26114 + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type],
26116 + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]);
26118 + /* don't check further if it is an error return message since it
26119 + may not have a body */
26120 + if(pfkey_msg->sadb_msg_errno) {
26124 + if((extensions_seen &
26125 + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) !=
26126 + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) {
26128 + "pfkey_msg_parse: required extensions missing:%08x.\n",
26129 + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] -
26130 + (extensions_seen &
26131 + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]));
26135 + if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW)
26136 + && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW)
26137 + != SADB_X_EXT_ADDRESS_DELFLOW)
26138 + && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA))
26139 + || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags
26140 + & SADB_X_SAFLAGS_CLEARFLOW)
26141 + != SADB_X_SAFLAGS_CLEARFLOW))) {
26143 + "pfkey_msg_parse: "
26144 + "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n",
26145 + SADB_X_EXT_ADDRESS_DELFLOW
26146 + - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW),
26147 + (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA)));
26151 + if((pfkey_msg->sadb_msg_type == SADB_ADD) ||
26152 + (pfkey_msg->sadb_msg_type == SADB_UPDATE)) {
26154 + /* check maturity */
26155 + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state !=
26156 + SADB_SASTATE_MATURE) {
26158 + "pfkey_msg_parse: "
26159 + "state=%d for add or update should be MATURE=%d.\n",
26160 + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state,
26161 + SADB_SASTATE_MATURE);
26165 + /* check AH and ESP */
26166 + if(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype ==
26167 + SADB_SATYPE_AH) {
26168 + if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
26169 + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth !=
26170 + SADB_AALG_NONE)) {
26172 + "pfkey_msg_parse: "
26173 + "auth alg is zero, must be non-zero for AH SAs.\n");
26176 + if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt !=
26177 + SADB_EALG_NONE) {
26179 + "pfkey_msg_parse: "
26180 + "AH handed encalg=%d, must be zero.\n",
26181 + ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt);
26186 + if(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype ==
26187 + SADB_SATYPE_ESP) {
26188 + if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) &&
26189 + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt !=
26190 + SADB_EALG_NONE)) {
26192 + "pfkey_msg_parse: "
26193 + "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n",
26194 + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt,
26195 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype);
26198 + if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt ==
26199 + SADB_EALG_NULL) &&
26200 + (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth ==
26201 + SADB_AALG_NONE) ) {
26203 + "pfkey_msg_parse: "
26204 + "ESP handed encNULL+authNONE, illegal combination.\n");
26216 + * Revision 1.30 2000/11/17 18:10:30 rgb
26217 + * Fixed bugs mostly relating to spirange, to treat all spi variables as
26218 + * network byte order since this is the way PF_KEYv2 stored spis.
26220 + * Revision 1.29 2000/10/12 00:02:39 rgb
26221 + * Removed 'format, ##' nonsense from debug macros for RH7.0.
26223 + * Revision 1.28 2000/09/20 16:23:04 rgb
26224 + * Remove over-paranoid extension check in the presence of sadb_msg_errno.
26226 + * Revision 1.27 2000/09/20 04:04:21 rgb
26227 + * Changed static functions to DEBUG_NO_STATIC to reveal function names in
26230 + * Revision 1.26 2000/09/15 11:37:02 rgb
26231 + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
26232 + * IPCOMP zlib deflate code.
26234 + * Revision 1.25 2000/09/12 22:35:37 rgb
26235 + * Restructured to remove unused extensions from CLEARFLOW messages.
26237 + * Revision 1.24 2000/09/12 18:59:54 rgb
26238 + * Added Gerhard's IPv6 support to pfkey parts of libfreeswan.
26240 + * Revision 1.23 2000/09/12 03:27:00 rgb
26241 + * Moved DEBUGGING definition to compile kernel with debug off.
26243 + * Revision 1.22 2000/09/09 06:39:27 rgb
26244 + * Restrict pfkey errno check to downward messages only.
26246 + * Revision 1.21 2000/09/08 19:22:34 rgb
26247 + * Enabled pfkey_sens_parse().
26248 + * Added check for errno on downward acquire messages only.
26250 + * Revision 1.20 2000/09/01 18:48:23 rgb
26251 + * Fixed reserved check bug and added debug output in
26252 + * pfkey_supported_parse().
26253 + * Fixed debug output label bug in pfkey_ident_parse().
26255 + * Revision 1.19 2000/08/27 01:55:26 rgb
26256 + * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
26258 + * Revision 1.18 2000/08/24 17:00:36 rgb
26259 + * Ignore unknown extensions instead of failing.
26261 + * Revision 1.17 2000/06/02 22:54:14 rgb
26262 + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support.
26264 + * Revision 1.16 2000/05/10 19:25:11 rgb
26265 + * Fleshed out proposal and supported extensions.
26267 + * Revision 1.15 2000/01/24 21:15:31 rgb
26268 + * Added disabled pluto pfkey lib debug flag.
26269 + * Added algo debugging reporting.
26271 + * Revision 1.14 2000/01/22 23:24:29 rgb
26272 + * Added new functions proto2satype() and satype2proto() and lookup
26273 + * table satype_tbl. Also added proto2name() since it was easy.
26275 + * Revision 1.13 2000/01/21 09:43:59 rgb
26276 + * Cast ntohl(spi) as (unsigned long int) to shut up compiler.
26278 + * Revision 1.12 2000/01/21 06:28:19 rgb
26279 + * Added address cases for eroute flows.
26280 + * Indented compiler directives for readability.
26281 + * Added klipsdebug switching capability.
26283 + * Revision 1.11 1999/12/29 21:14:59 rgb
26284 + * Fixed debug text cut and paste typo.
26286 + * Revision 1.10 1999/12/10 17:45:24 rgb
26287 + * Added address debugging.
26289 + * Revision 1.9 1999/12/09 23:11:42 rgb
26290 + * Ditched <string.h> include since we no longer use memset().
26291 + * Use new pfkey_extensions_init() instead of memset().
26292 + * Added check for SATYPE in pfkey_msg_build().
26293 + * Tidy up comments and debugging comments.
26295 + * Revision 1.8 1999/12/07 19:55:26 rgb
26296 + * Removed unused first argument from extension parsers.
26297 + * Removed static pluto debug flag.
26298 + * Moved message type and state checking to pfkey_msg_parse().
26299 + * Changed print[fk] type from lx to x to quiet compiler.
26300 + * Removed redundant remain check.
26301 + * Changed __u* types to uint* to avoid use of asm/types.h and
26302 + * sys/types.h in userspace code.
26304 + * Revision 1.7 1999/12/01 22:20:51 rgb
26305 + * Moved pfkey_lib_debug variable into the library.
26306 + * Added pfkey version check into header parsing.
26307 + * Added check for SATYPE only for those extensions that require a
26308 + * non-zero value.
26310 + * Revision 1.6 1999/11/27 11:58:05 rgb
26311 + * Added ipv6 headers.
26312 + * Moved sadb_satype2proto protocol lookup table from
26313 + * klips/net/ipsec/pfkey_v2_parser.c.
26314 + * Enable lifetime_current checking.
26315 + * Debugging error messages added.
26316 + * Add argument to pfkey_msg_parse() for direction.
26317 + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
26318 + * Add CVS log entry to bottom of file.
26319 + * Moved auth and enc alg check to pfkey_msg_parse().
26320 + * Enable accidentally disabled spirange parsing.
26321 + * Moved protocol/algorithm checks from klips/net/ipsec/pfkey_v2_parser.c
26324 diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkeyv2.h linux/net/ipsec/libfreeswan/pfkeyv2.h
26325 --- linux-noipsec/net/ipsec/libfreeswan/pfkeyv2.h Thu Jan 1 01:00:00 1970
26326 +++ linux/net/ipsec/libfreeswan/pfkeyv2.h Tue Oct 10 22:10:20 2000
26333 +This file defines structures and symbols for the PF_KEY Version 2
26334 +key management interface. It was written at the U.S. Naval Research
26335 +Laboratory. This file is in the public domain. The authors ask that
26336 +you leave this credit intact on any copies of this file.
26338 +#ifndef __PFKEY_V2_H
26339 +#define __PFKEY_V2_H 1
26341 +#define PF_KEY_V2 2
26342 +#define PFKEYV2_REVISION 199806L
26344 +#define SADB_RESERVED 0
26345 +#define SADB_GETSPI 1
26346 +#define SADB_UPDATE 2
26347 +#define SADB_ADD 3
26348 +#define SADB_DELETE 4
26349 +#define SADB_GET 5
26350 +#define SADB_ACQUIRE 6
26351 +#define SADB_REGISTER 7
26352 +#define SADB_EXPIRE 8
26353 +#define SADB_FLUSH 9
26354 +#define SADB_DUMP 10
26355 +#define SADB_X_PROMISC 11
26356 +#define SADB_X_PCHANGE 12
26357 +#define SADB_X_GRPSA 13
26358 +#define SADB_X_ADDFLOW 14
26359 +#define SADB_X_DELFLOW 15
26360 +#define SADB_X_DEBUG 16
26361 +#define SADB_MAX 16
26364 + uint8_t sadb_msg_version;
26365 + uint8_t sadb_msg_type;
26366 + uint8_t sadb_msg_errno;
26367 + uint8_t sadb_msg_satype;
26368 + uint16_t sadb_msg_len;
26369 + uint16_t sadb_msg_reserved;
26370 + uint32_t sadb_msg_seq;
26371 + uint32_t sadb_msg_pid;
26375 + uint16_t sadb_ext_len;
26376 + uint16_t sadb_ext_type;
26380 + uint16_t sadb_sa_len;
26381 + uint16_t sadb_sa_exttype;
26382 + uint32_t sadb_sa_spi;
26383 + uint8_t sadb_sa_replay;
26384 + uint8_t sadb_sa_state;
26385 + uint8_t sadb_sa_auth;
26386 + uint8_t sadb_sa_encrypt;
26387 + uint32_t sadb_sa_flags;
26390 +struct sadb_lifetime {
26391 + uint16_t sadb_lifetime_len;
26392 + uint16_t sadb_lifetime_exttype;
26393 + uint32_t sadb_lifetime_allocations;
26394 + uint64_t sadb_lifetime_bytes;
26395 + uint64_t sadb_lifetime_addtime;
26396 + uint64_t sadb_lifetime_usetime;
26399 +struct sadb_address {
26400 + uint16_t sadb_address_len;
26401 + uint16_t sadb_address_exttype;
26402 + uint8_t sadb_address_proto;
26403 + uint8_t sadb_address_prefixlen;
26404 + uint16_t sadb_address_reserved;
26408 + uint16_t sadb_key_len;
26409 + uint16_t sadb_key_exttype;
26410 + uint16_t sadb_key_bits;
26411 + uint16_t sadb_key_reserved;
26414 +struct sadb_ident {
26415 + uint16_t sadb_ident_len;
26416 + uint16_t sadb_ident_exttype;
26417 + uint16_t sadb_ident_type;
26418 + uint16_t sadb_ident_reserved;
26419 + uint64_t sadb_ident_id;
26422 +struct sadb_sens {
26423 + uint16_t sadb_sens_len;
26424 + uint16_t sadb_sens_exttype;
26425 + uint32_t sadb_sens_dpd;
26426 + uint8_t sadb_sens_sens_level;
26427 + uint8_t sadb_sens_sens_len;
26428 + uint8_t sadb_sens_integ_level;
26429 + uint8_t sadb_sens_integ_len;
26430 + uint32_t sadb_sens_reserved;
26433 +struct sadb_prop {
26434 + uint16_t sadb_prop_len;
26435 + uint16_t sadb_prop_exttype;
26436 + uint8_t sadb_prop_replay;
26437 + uint8_t sadb_prop_reserved[3];
26440 +struct sadb_comb {
26441 + uint8_t sadb_comb_auth;
26442 + uint8_t sadb_comb_encrypt;
26443 + uint16_t sadb_comb_flags;
26444 + uint16_t sadb_comb_auth_minbits;
26445 + uint16_t sadb_comb_auth_maxbits;
26446 + uint16_t sadb_comb_encrypt_minbits;
26447 + uint16_t sadb_comb_encrypt_maxbits;
26448 + uint32_t sadb_comb_reserved;
26449 + uint32_t sadb_comb_soft_allocations;
26450 + uint32_t sadb_comb_hard_allocations;
26451 + uint64_t sadb_comb_soft_bytes;
26452 + uint64_t sadb_comb_hard_bytes;
26453 + uint64_t sadb_comb_soft_addtime;
26454 + uint64_t sadb_comb_hard_addtime;
26455 + uint64_t sadb_comb_soft_usetime;
26456 + uint64_t sadb_comb_hard_usetime;
26459 +struct sadb_supported {
26460 + uint16_t sadb_supported_len;
26461 + uint16_t sadb_supported_exttype;
26462 + uint32_t sadb_supported_reserved;
26466 + uint8_t sadb_alg_id;
26467 + uint8_t sadb_alg_ivlen;
26468 + uint16_t sadb_alg_minbits;
26469 + uint16_t sadb_alg_maxbits;
26470 + uint16_t sadb_alg_reserved;
26473 +struct sadb_spirange {
26474 + uint16_t sadb_spirange_len;
26475 + uint16_t sadb_spirange_exttype;
26476 + uint32_t sadb_spirange_min;
26477 + uint32_t sadb_spirange_max;
26478 + uint32_t sadb_spirange_reserved;
26481 +struct sadb_x_kmprivate {
26482 + uint16_t sadb_x_kmprivate_len;
26483 + uint16_t sadb_x_kmprivate_exttype;
26484 + uint32_t sadb_x_kmprivate_reserved;
26487 +struct sadb_x_satype {
26488 + uint16_t sadb_x_satype_len;
26489 + uint16_t sadb_x_satype_exttype;
26490 + uint8_t sadb_x_satype_satype;
26491 + uint8_t sadb_x_satype_reserved[3];
26494 +struct sadb_x_debug {
26495 + uint16_t sadb_x_debug_len;
26496 + uint16_t sadb_x_debug_exttype;
26497 + uint32_t sadb_x_debug_tunnel;
26498 + uint32_t sadb_x_debug_netlink;
26499 + uint32_t sadb_x_debug_xform;
26500 + uint32_t sadb_x_debug_eroute;
26501 + uint32_t sadb_x_debug_spi;
26502 + uint32_t sadb_x_debug_radij;
26503 + uint32_t sadb_x_debug_esp;
26504 + uint32_t sadb_x_debug_ah;
26505 + uint32_t sadb_x_debug_rcv;
26506 + uint32_t sadb_x_debug_pfkey;
26507 + uint32_t sadb_x_debug_ipcomp;
26508 + uint32_t sadb_x_debug_verbose;
26509 + uint8_t sadb_x_debug_reserved[4];
26512 +#define SADB_EXT_RESERVED 0
26513 +#define SADB_EXT_SA 1
26514 +#define SADB_EXT_LIFETIME_CURRENT 2
26515 +#define SADB_EXT_LIFETIME_HARD 3
26516 +#define SADB_EXT_LIFETIME_SOFT 4
26517 +#define SADB_EXT_ADDRESS_SRC 5
26518 +#define SADB_EXT_ADDRESS_DST 6
26519 +#define SADB_EXT_ADDRESS_PROXY 7
26520 +#define SADB_EXT_KEY_AUTH 8
26521 +#define SADB_EXT_KEY_ENCRYPT 9
26522 +#define SADB_EXT_IDENTITY_SRC 10
26523 +#define SADB_EXT_IDENTITY_DST 11
26524 +#define SADB_EXT_SENSITIVITY 12
26525 +#define SADB_EXT_PROPOSAL 13
26526 +#define SADB_EXT_SUPPORTED_AUTH 14
26527 +#define SADB_EXT_SUPPORTED_ENCRYPT 15
26528 +#define SADB_EXT_SPIRANGE 16
26529 +#define SADB_X_EXT_KMPRIVATE 17
26530 +#define SADB_X_EXT_SATYPE2 18
26531 +#define SADB_X_EXT_SA2 19
26532 +#define SADB_X_EXT_ADDRESS_DST2 20
26533 +#define SADB_X_EXT_ADDRESS_SRC_FLOW 21
26534 +#define SADB_X_EXT_ADDRESS_DST_FLOW 22
26535 +#define SADB_X_EXT_ADDRESS_SRC_MASK 23
26536 +#define SADB_X_EXT_ADDRESS_DST_MASK 24
26537 +#define SADB_X_EXT_DEBUG 25
26538 +#define SADB_EXT_MAX 25
26540 +/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */
26541 +#define SADB_X_EXT_ADDRESS_DELFLOW \
26542 + ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \
26543 + | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \
26544 + | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \
26545 + | (1<<SADB_X_EXT_ADDRESS_DST_MASK))
26547 +#define SADB_SATYPE_UNSPEC 0
26548 +#define SADB_SATYPE_AH 2
26549 +#define SADB_SATYPE_ESP 3
26550 +#define SADB_SATYPE_RSVP 5
26551 +#define SADB_SATYPE_OSPFV2 6
26552 +#define SADB_SATYPE_RIPV2 7
26553 +#define SADB_SATYPE_MIP 8
26554 +#define SADB_X_SATYPE_IPIP 9
26555 +#define SADB_X_SATYPE_COMP 10
26556 +#define SADB_SATYPE_MAX 10
26558 +#define SADB_SASTATE_LARVAL 0
26559 +#define SADB_SASTATE_MATURE 1
26560 +#define SADB_SASTATE_DYING 2
26561 +#define SADB_SASTATE_DEAD 3
26562 +#define SADB_SASTATE_MAX 3
26564 +#define SADB_SAFLAGS_PFS 1
26565 +#define SADB_X_SAFLAGS_REPLACEFLOW 2
26566 +#define SADB_X_SAFLAGS_CLEARFLOW 4
26568 +#define SADB_AALG_NONE 0
26569 +#define SADB_AALG_MD5HMAC 2
26570 +#define SADB_AALG_SHA1HMAC 3
26571 +#define SADB_AALG_MAX 3
26573 +#define SADB_EALG_NONE 0
26574 +#define SADB_EALG_DESCBC 2
26575 +#define SADB_EALG_3DESCBC 3
26576 +#define SADB_EALG_NULL 11
26577 +#define SADB_EALG_MAX 11
26579 +#define SADB_X_CALG_NONE 0
26580 +#define SADB_X_CALG_OUI 1
26581 +#define SADB_X_CALG_DEFLATE 2
26582 +#define SADB_X_CALG_LZS 3
26583 +#define SADB_X_CALG_V42BIS 4
26584 +#define SADB_X_CALG_MAX 4
26586 +#define SADB_X_TALG_NONE 0
26587 +#define SADB_X_TALG_IPv4_in_IPv4 1
26588 +#define SADB_X_TALG_IPv6_in_IPv4 2
26589 +#define SADB_X_TALG_IPv4_in_IPv6 3
26590 +#define SADB_X_TALG_IPv6_in_IPv6 4
26591 +#define SADB_X_TALG_MAX 4
26594 +#define SADB_IDENTTYPE_RESERVED 0
26595 +#define SADB_IDENTTYPE_PREFIX 1
26596 +#define SADB_IDENTTYPE_FQDN 2
26597 +#define SADB_IDENTTYPE_USERFQDN 3
26598 +#define SADB_IDENTTYPE_MAX 3
26600 +#define SADB_KEY_FLAGS_MAX 0
26601 +#endif /* __PFKEY_V2_H */
26605 + * Revision 1.13 2000/10/10 20:10:20 rgb
26606 + * Added support for debug_ipcomp and debug_verbose to klipsdebug.
26608 + * Revision 1.12 2000/09/15 06:41:50 rgb
26609 + * Added V42BIS constant.
26611 + * Revision 1.11 2000/09/12 22:35:37 rgb
26612 + * Restructured to remove unused extensions from CLEARFLOW messages.
26614 + * Revision 1.10 2000/09/12 18:50:09 rgb
26615 + * Added IPIP tunnel types as algo support.
26617 + * Revision 1.9 2000/08/21 16:47:19 rgb
26618 + * Added SADB_X_CALG_* macros for IPCOMP.
26620 + * Revision 1.8 2000/08/09 20:43:34 rgb
26621 + * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE.
26623 + * Revision 1.7 2000/01/21 06:28:37 rgb
26624 + * Added flow add/delete message type macros.
26625 + * Added flow address extension type macros.
26626 + * Tidied up spacing.
26627 + * Added klipsdebug switching capability.
26629 + * Revision 1.6 1999/11/27 11:56:08 rgb
26630 + * Add SADB_X_SATYPE_COMP for compression, eventually.
26632 + * Revision 1.5 1999/11/23 22:23:16 rgb
26633 + * This file has been moved in the distribution from klips/net/ipsec to
26636 + * Revision 1.4 1999/04/29 15:23:29 rgb
26637 + * Add GRPSA support.
26638 + * Add support for a second SATYPE, SA and DST_ADDRESS.
26639 + * Add IPPROTO_IPIP support.
26641 + * Revision 1.3 1999/04/15 17:58:08 rgb
26642 + * Add RCSID labels.
26645 diff -druN linux-noipsec/net/ipsec/libfreeswan/portof.c linux/net/ipsec/libfreeswan/portof.c
26646 --- linux-noipsec/net/ipsec/libfreeswan/portof.c Thu Jan 1 01:00:00 1970
26647 +++ linux/net/ipsec/libfreeswan/portof.c Fri Sep 8 20:03:45 2000
26650 + * low-level ip_address ugliness
26651 + * Copyright (C) 2000 Henry Spencer.
26653 + * This library is free software; you can redistribute it and/or modify it
26654 + * under the terms of the GNU Library General Public License as published by
26655 + * the Free Software Foundation; either version 2 of the License, or (at your
26656 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
26658 + * This library is distributed in the hope that it will be useful, but
26659 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
26660 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
26661 + * License for more details.
26665 +#include "internal.h"
26666 +#include "freeswan.h"
26669 + - portof - get the port field of an ip_address
26671 +int /* network order */
26673 +const ip_address *src;
26675 + switch (src->u.v4.sin_family) {
26677 + return src->u.v4.sin_port;
26680 + return src->u.v6.sin6_port;
26683 + return -1; /* "can't happen" */
26689 + - setportof - set the port field of an ip_address
26692 +setportof(port, dst)
26693 +int port; /* network order */
26696 + switch (dst->u.v4.sin_family) {
26698 + dst->u.v4.sin_port = port;
26701 + dst->u.v6.sin6_port = port;
26707 + - sockaddrof - get a pointer to the sockaddr hiding inside an ip_address
26713 + switch (src->u.v4.sin_family) {
26715 + return (struct sockaddr *)&src->u.v4;
26718 + return (struct sockaddr *)&src->u.v6;
26721 + return NULL; /* "can't happen" */
26727 + - sockaddrlenof - get length of the sockaddr hiding inside an ip_address
26729 +size_t /* 0 for error */
26730 +sockaddrlenof(src)
26731 +const ip_address *src;
26733 + switch (src->u.v4.sin_family) {
26735 + return sizeof(src->u.v4);
26738 + return sizeof(src->u.v6);
26745 diff -druN linux-noipsec/net/ipsec/libfreeswan/rangetoa.c linux/net/ipsec/libfreeswan/rangetoa.c
26746 --- linux-noipsec/net/ipsec/libfreeswan/rangetoa.c Thu Jan 1 01:00:00 1970
26747 +++ linux/net/ipsec/libfreeswan/rangetoa.c Sun Apr 11 01:24:21 1999
26750 + * convert binary form of address range to ASCII
26751 + * Copyright (C) 1998, 1999 Henry Spencer.
26753 + * This library is free software; you can redistribute it and/or modify it
26754 + * under the terms of the GNU Library General Public License as published by
26755 + * the Free Software Foundation; either version 2 of the License, or (at your
26756 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
26758 + * This library is distributed in the hope that it will be useful, but
26759 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
26760 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
26761 + * License for more details.
26765 +#include "internal.h"
26766 +#include "freeswan.h"
26769 + - rangetoa - convert address range to ASCII
26771 +size_t /* space needed for full conversion */
26772 +rangetoa(addrs, format, dst, dstlen)
26773 +struct in_addr addrs[2];
26774 +int format; /* character */
26775 +char *dst; /* need not be valid if dstlen is 0 */
26783 + switch (format) {
26791 + len = addrtoa(addrs[0], 0, dst, dstlen);
26792 + if (len < dstlen)
26793 + for (p = dst + len - 1, n = 3; len < dstlen && n > 0;
26798 + if (len < dstlen)
26799 + rest = dstlen - len;
26802 + *(dst + dstlen - 1) = '\0';
26806 + len += addrtoa(addrs[1], 0, p, rest);
26810 diff -druN linux-noipsec/net/ipsec/libfreeswan/rangetosubnet.c linux/net/ipsec/libfreeswan/rangetosubnet.c
26811 --- linux-noipsec/net/ipsec/libfreeswan/rangetosubnet.c Thu Jan 1 01:00:00 1970
26812 +++ linux/net/ipsec/libfreeswan/rangetosubnet.c Fri Sep 8 20:03:45 2000
26815 + * express an address range as a subnet (if possible)
26816 + * Copyright (C) 2000 Henry Spencer.
26818 + * This library is free software; you can redistribute it and/or modify it
26819 + * under the terms of the GNU Library General Public License as published by
26820 + * the Free Software Foundation; either version 2 of the License, or (at your
26821 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
26823 + * This library is distributed in the hope that it will be useful, but
26824 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
26825 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
26826 + * License for more details.
26830 +#include "internal.h"
26831 +#include "freeswan.h"
26834 + - rangetosubnet - turn an address range into a subnet, if possible
26836 + * A range which is a valid subnet will have a network part which is the
26837 + * same in the from value and the to value, followed by a host part which
26838 + * is all 0 in the from value and all 1 in the to value.
26841 +rangetosubnet(from, to, dst)
26842 +const ip_address *from;
26843 +const ip_address *to;
26846 + unsigned const char *fp;
26847 + unsigned const char *tp;
26850 + unsigned const char *f;
26851 + unsigned const char *t;
26858 + if (addrtypeof(from) != addrtypeof(to))
26859 + return "mismatched address types";
26860 + n = addrbytesptr(from, &fp);
26862 + return "unknown address type";
26863 + n2 = addrbytesptr(to, &tp);
26865 + return "internal size mismatch in rangetosubnet";
26870 + for (i = n; i > 0 && *f == *t; i--, f++, t++)
26872 + if (i > 0 && !(*f == 0x00 && *t == 0xff)) { /* mid-byte bdry. */
26877 + while ((fb&m) == (tb&m)) {
26883 + if (fb != 0x00 || tb != 0xff)
26884 + return "not a valid subnet";
26886 + for (; i > 0 && *f == 0x00 && *t == 0xff; i--, f++, t++)
26890 + return "invalid subnet";
26892 + return initsubnet(from, nnet, 'x', dst);
26897 +#ifdef RANGETOSUBNET_MAIN
26899 +#include <stdio.h>
26908 + ip_address start;
26912 + const char *oops;
26917 + if (argc == 2 && strcmp(argv[1], "-r") == 0) {
26919 + fprintf(stderr, "regress() returned?!?\n");
26924 + fprintf(stderr, "Usage: %s [-6] start stop\n", argv[0]);
26925 + fprintf(stderr, " or: %s -r\n", argv[0]);
26931 + if (strcmp(argv[i], "-6") == 0) {
26936 + oops = ttoaddr(argv[i], 0, af, &start);
26937 + if (oops != NULL) {
26938 + fprintf(stderr, "%s: start conversion failed: %s\n", argv[0], oops);
26941 + oops = ttoaddr(argv[i+1], 0, af, &stop);
26942 + if (oops != NULL) {
26943 + fprintf(stderr, "%s: stop conversion failed: %s\n", argv[0], oops);
26946 + oops = rangetosubnet(&start, &stop, &sub);
26947 + if (oops != NULL) {
26948 + fprintf(stderr, "%s: rangetosubnet failed: %s\n", argv[0], oops);
26951 + n = subnettot(&sub, 0, buf, sizeof(buf));
26952 + if (n > sizeof(buf)) {
26953 + fprintf(stderr, "%s: reverse conversion", argv[0]);
26954 + fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
26955 + (long)n, (long)sizeof(buf));
26958 + printf("%s\n", buf);
26967 + char *output; /* NULL means error expected */
26969 + 4, "1.2.3.0", "1.2.3.255", "1.2.3.0/24",
26970 + 4, "1.2.3.0", "1.2.3.7", "1.2.3.0/29",
26971 + 4, "1.2.3.240", "1.2.3.255", "1.2.3.240/28",
26972 + 4, "0.0.0.0", "255.255.255.255", "0.0.0.0/0",
26973 + 4, "1.2.3.4", "1.2.3.4", "1.2.3.4/32",
26974 + 4, "1.2.3.0", "1.2.3.254", NULL,
26975 + 4, "1.2.3.0", "1.2.3.126", NULL,
26976 + 4, "1.2.3.0", "1.2.3.125", NULL,
26977 + 4, "1.2.0.0", "1.2.255.255", "1.2.0.0/16",
26978 + 4, "1.2.0.0", "1.2.0.255", "1.2.0.0/24",
26979 + 4, "1.2.255.0", "1.2.255.255", "1.2.255.0/24",
26980 + 4, "1.2.255.0", "1.2.254.255", NULL,
26981 + 4, "1.2.255.1", "1.2.255.255", NULL,
26982 + 4, "1.2.0.1", "1.2.255.255", NULL,
26983 + 6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:ffff", "1:2:3:4:5:6:7:0/112",
26984 + 6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:fff", "1:2:3:4:5:6:7:0/116",
26985 + 6, "1:2:3:4:5:6:7:f0", "1:2:3:4:5:6:7:ff", "1:2:3:4:5:6:7:f0/124",
26986 + 4, NULL, NULL, NULL,
26994 + ip_address start;
26998 + const char *oops;
27002 + for (r = rtab; r->start != NULL; r++) {
27003 + af = (r->family == 4) ? AF_INET : AF_INET6;
27004 + oops = ttoaddr(r->start, 0, af, &start);
27005 + if (oops != NULL) {
27006 + printf("surprise failure converting `%s'\n", r->start);
27009 + oops = ttoaddr(r->stop, 0, af, &stop);
27010 + if (oops != NULL) {
27011 + printf("surprise failure converting `%s'\n", r->stop);
27014 + oops = rangetosubnet(&start, &stop, &sub);
27015 + if (oops != NULL && r->output == NULL)
27016 + {} /* okay, error expected */
27017 + else if (oops != NULL) {
27018 + printf("`%s'-`%s' rangetosubnet failed: %s\n",
27019 + r->start, r->stop, oops);
27021 + } else if (r->output == NULL) {
27022 + printf("`%s'-`%s' rangetosubnet succeeded unexpectedly\n",
27023 + r->start, r->stop);
27026 + n = subnettot(&sub, 0, buf, sizeof(buf));
27027 + if (n > sizeof(buf)) {
27028 + printf("`%s'-`%s' subnettot failed: need %ld\n",
27029 + r->start, r->stop, (long)n);
27031 + } else if (strcmp(r->output, buf) != 0) {
27032 + printf("`%s'-`%s' gave `%s', expected `%s'\n",
27033 + r->start, r->stop, buf, r->output);
27041 +#endif /* RANGETOSUBNET_MAIN */
27042 diff -druN linux-noipsec/net/ipsec/libfreeswan/sameaddr.c linux/net/ipsec/libfreeswan/sameaddr.c
27043 --- linux-noipsec/net/ipsec/libfreeswan/sameaddr.c Thu Jan 1 01:00:00 1970
27044 +++ linux/net/ipsec/libfreeswan/sameaddr.c Wed Nov 29 17:34:01 2000
27048 + * Copyright (C) 2000 Henry Spencer.
27050 + * This library is free software; you can redistribute it and/or modify it
27051 + * under the terms of the GNU Library General Public License as published by
27052 + * the Free Software Foundation; either version 2 of the License, or (at your
27053 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27055 + * This library is distributed in the hope that it will be useful, but
27056 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27057 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27058 + * License for more details.
27062 +#include "internal.h"
27063 +#include "freeswan.h"
27065 +static int samenbits(const ip_address *a, const ip_address *b, int n);
27068 + - addrcmp - compare two addresses
27069 + * Caution, the order of the tests is subtle: doing type test before
27070 + * size test can yield cases where a<b, b<c, but a>c.
27072 +int /* like memcmp */
27074 +const ip_address *a;
27075 +const ip_address *b;
27077 + int at = addrtypeof(a);
27078 + int bt = addrtypeof(b);
27079 + const unsigned char *ap;
27080 + const unsigned char *bp;
27081 + size_t as = addrbytesptr(a, &ap);
27082 + size_t bs = addrbytesptr(b, &bp);
27083 + size_t n = (as < bs) ? as : bs; /* min(as, bs) */
27084 + int c = memcmp(ap, bp, n);
27086 + if (c != 0) /* bytes differ */
27087 + return (c < 0) ? -1 : 1;
27088 + if (as != bs) /* comparison incomplete: lexical order */
27089 + return (as < bs) ? -1 : 1;
27090 + if (at != bt) /* bytes same but not same type: break tie */
27091 + return (at < bt) ? -1 : 1;
27096 + - sameaddr - are two addresses the same?
27100 +const ip_address *a;
27101 +const ip_address *b;
27103 + return (addrcmp(a, b) == 0) ? 1 : 0;
27107 + - samesubnet - are two subnets the same?
27111 +const ip_subnet *a;
27112 +const ip_subnet *b;
27114 + if (!sameaddr(&a->addr, &b->addr)) /* also does type check */
27116 + if (a->maskbits != b->maskbits)
27122 + - subnetishost - is a subnet in fact a single host?
27126 +const ip_subnet *a;
27128 + return (a->maskbits == addrlenof(&a->addr)*8) ? 1 : 0;
27132 + - samesaid - are two SA IDs the same?
27139 + if (a->spi != b->spi) /* test first, most likely to be different */
27141 + if (!sameaddr(&a->dst, &b->dst))
27143 + if (a->proto != b->proto)
27149 + - sameaddrtype - do two addresses have the same type?
27152 +sameaddrtype(a, b)
27153 +const ip_address *a;
27154 +const ip_address *b;
27156 + return (addrtypeof(a) == addrtypeof(b)) ? 1 : 0;
27160 + - samesubnettype - do two subnets have the same type?
27163 +samesubnettype(a, b)
27164 +const ip_subnet *a;
27165 +const ip_subnet *b;
27167 + return (subnettypeof(a) == subnettypeof(b)) ? 1 : 0;
27171 + - addrinsubnet - is this address in this subnet?
27174 +addrinsubnet(a, s)
27175 +const ip_address *a;
27176 +const ip_subnet *s;
27178 + if (addrtypeof(a) != subnettypeof(s))
27180 + if (!samenbits(a, &s->addr, s->maskbits))
27186 + - subnetinsubnet - is one subnet within another?
27189 +subnetinsubnet(a, b)
27190 +const ip_subnet *a;
27191 +const ip_subnet *b;
27193 + if (subnettypeof(a) != subnettypeof(b))
27195 + if (a->maskbits < b->maskbits) /* a is bigger than b */
27197 + if (!samenbits(&a->addr, &b->addr, b->maskbits))
27203 + - samenbits - do two addresses have the same first n bits?
27206 +samenbits(a, b, nbits)
27207 +const ip_address *a;
27208 +const ip_address *b;
27211 + const unsigned char *ap;
27212 + const unsigned char *bp;
27216 + if (addrtypeof(a) != addrtypeof(b))
27217 + return 0; /* arbitrary */
27218 + n = addrbytesptr(a, &ap);
27220 + return 0; /* arbitrary */
27221 + (void) addrbytesptr(b, &bp);
27223 + return 0; /* "can't happen" */
27225 + for (; nbits >= 8 && *ap == *bp; nbits -= 8, ap++, bp++)
27229 + if (nbits > 0) { /* partial byte */
27230 + m = ~(0xff >> nbits);
27231 + if ((*ap & m) != (*bp & m))
27236 diff -druN linux-noipsec/net/ipsec/libfreeswan/satoa.c linux/net/ipsec/libfreeswan/satoa.c
27237 --- linux-noipsec/net/ipsec/libfreeswan/satoa.c Thu Jan 1 01:00:00 1970
27238 +++ linux/net/ipsec/libfreeswan/satoa.c Sat Sep 16 08:43:47 2000
27241 + * convert from binary form of SA ID to ASCII
27242 + * Copyright (C) 1998, 1999 Henry Spencer.
27244 + * This library is free software; you can redistribute it and/or modify it
27245 + * under the terms of the GNU Library General Public License as published by
27246 + * the Free Software Foundation; either version 2 of the License, or (at your
27247 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27249 + * This library is distributed in the hope that it will be useful, but
27250 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27251 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27252 + * License for more details.
27256 +#include "internal.h"
27257 +#include "freeswan.h"
27259 +static struct typename {
27264 + { SA_ESP, "esp" },
27265 + { SA_IPIP, "tun" },
27266 + { SA_COMP, "comp" },
27271 + - satoa - convert SA to ASCII "ah507@1.2.3.4"
27273 +size_t /* space needed for full conversion */
27274 +satoa(sa, format, dst, dstlen)
27276 +int format; /* character */
27277 +char *dst; /* need not be valid if dstlen is 0 */
27282 + struct typename *tn;
27283 + char buf[30+ADDRTOA_BUF];
27285 + switch (format) {
27287 + base = 16; /* temporarily at least */
27297 + for (tn = typenames; tn->name != NULL; tn++)
27298 + if (sa.proto == tn->type)
27300 + if (tn->name == NULL)
27303 + if (strcmp(tn->name, PASSTHROUGHTYPE) == 0 &&
27304 + sa.spi == PASSTHROUGHSPI &&
27305 + sa.dst.s_addr == PASSTHROUGHDST) {
27306 + strcpy(buf, PASSTHROUGHNAME);
27307 + len = strlen(buf);
27309 + strcpy(buf, tn->name);
27310 + len = strlen(buf);
27311 + len += ultoa(ntohl(sa.spi), base, buf+len, sizeof(buf)-len);
27312 + *(buf+len-1) = '@';
27313 + len += addrtoa(sa.dst, 0, buf+len, sizeof(buf)-len);
27316 + if (dst != NULL) {
27317 + if (len > dstlen)
27318 + *(buf+dstlen-1) = '\0';
27319 + strcpy(dst, buf);
27323 diff -druN linux-noipsec/net/ipsec/libfreeswan/satot.c linux/net/ipsec/libfreeswan/satot.c
27324 --- linux-noipsec/net/ipsec/libfreeswan/satot.c Thu Jan 1 01:00:00 1970
27325 +++ linux/net/ipsec/libfreeswan/satot.c Fri Sep 15 19:02:52 2000
27328 + * convert from binary form of SA ID to text
27329 + * Copyright (C) 2000 Henry Spencer.
27331 + * This library is free software; you can redistribute it and/or modify it
27332 + * under the terms of the GNU Library General Public License as published by
27333 + * the Free Software Foundation; either version 2 of the License, or (at your
27334 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27336 + * This library is distributed in the hope that it will be useful, but
27337 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27338 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27339 + * License for more details.
27343 +#include "internal.h"
27344 +#include "freeswan.h"
27346 +static struct typename {
27351 + { SA_ESP, "esp" },
27352 + { SA_IPIP, "tun" },
27353 + { SA_COMP, "comp" },
27358 + - satot - convert SA to text "ah507@1.2.3.4"
27360 +size_t /* space needed for full conversion */
27361 +satot(sa, format, dst, dstlen)
27362 +const ip_said *sa;
27363 +int format; /* character */
27364 +char *dst; /* need not be valid if dstlen is 0 */
27369 + int showversion; /* use delimiter to show IP version? */
27370 + struct typename *tn;
27371 + char buf[3+1+ULTOT_BUF+ADDRTOT_BUF];
27373 + switch (format) {
27395 + for (tn = typenames; tn->name != NULL; tn++)
27396 + if (sa->proto == tn->type)
27398 + if (tn->name == NULL)
27401 + if (strcmp(tn->name, PASSTHROUGHTYPE) == 0 &&
27402 + sa->spi == PASSTHROUGHSPI &&
27403 + isunspecaddr(&sa->dst)) {
27404 + strcpy(buf, (addrtypeof(&sa->dst) == AF_INET) ?
27405 + PASSTHROUGH4NAME :
27406 + PASSTHROUGH6NAME);
27407 + len = strlen(buf);
27409 + strcpy(buf, tn->name);
27410 + len = strlen(buf);
27411 + if (showversion) {
27412 + *(buf+len) = (addrtypeof(&sa->dst) == AF_INET) ? '.' :
27415 + *(buf+len) = '\0';
27417 + len += ultot(ntohl(sa->spi), base, buf+len, sizeof(buf)-len);
27418 + *(buf+len-1) = '@';
27419 + len += addrtot(&sa->dst, 0, buf+len, sizeof(buf)-len);
27422 + if (dst != NULL) {
27423 + if (len > dstlen)
27424 + *(buf+dstlen-1) = '\0';
27425 + strcpy(dst, buf);
27429 diff -druN linux-noipsec/net/ipsec/libfreeswan/subnetof.c linux/net/ipsec/libfreeswan/subnetof.c
27430 --- linux-noipsec/net/ipsec/libfreeswan/subnetof.c Thu Jan 1 01:00:00 1970
27431 +++ linux/net/ipsec/libfreeswan/subnetof.c Sun Apr 11 01:24:22 1999
27434 + * minor network-address manipulation utilities
27435 + * Copyright (C) 1998, 1999 Henry Spencer.
27437 + * This library is free software; you can redistribute it and/or modify it
27438 + * under the terms of the GNU Library General Public License as published by
27439 + * the Free Software Foundation; either version 2 of the License, or (at your
27440 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27442 + * This library is distributed in the hope that it will be useful, but
27443 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27444 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27445 + * License for more details.
27449 +#include "internal.h"
27450 +#include "freeswan.h"
27453 + - subnetof - given address and mask, return subnet part
27456 +subnetof(addr, mask)
27457 +struct in_addr addr;
27458 +struct in_addr mask;
27460 + struct in_addr result;
27462 + result.s_addr = addr.s_addr & mask.s_addr;
27467 + - hostof - given address and mask, return host part
27470 +hostof(addr, mask)
27471 +struct in_addr addr;
27472 +struct in_addr mask;
27474 + struct in_addr result;
27476 + result.s_addr = addr.s_addr & ~mask.s_addr;
27481 + - broadcastof - given (network) address and mask, return broadcast address
27484 +broadcastof(addr, mask)
27485 +struct in_addr addr;
27486 +struct in_addr mask;
27488 + struct in_addr result;
27490 + result.s_addr = addr.s_addr | ~mask.s_addr;
27493 diff -druN linux-noipsec/net/ipsec/libfreeswan/subnettoa.c linux/net/ipsec/libfreeswan/subnettoa.c
27494 --- linux-noipsec/net/ipsec/libfreeswan/subnettoa.c Thu Jan 1 01:00:00 1970
27495 +++ linux/net/ipsec/libfreeswan/subnettoa.c Sun Apr 11 01:24:22 1999
27498 + * convert binary form of subnet description to ASCII
27499 + * Copyright (C) 1998, 1999 Henry Spencer.
27501 + * This library is free software; you can redistribute it and/or modify it
27502 + * under the terms of the GNU Library General Public License as published by
27503 + * the Free Software Foundation; either version 2 of the License, or (at your
27504 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27506 + * This library is distributed in the hope that it will be useful, but
27507 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27508 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27509 + * License for more details.
27513 +#include "internal.h"
27514 +#include "freeswan.h"
27517 + - subnettoa - convert address and mask to ASCII "addr/mask"
27518 + * Output expresses the mask as a bit count if possible, else dotted decimal.
27520 +size_t /* space needed for full conversion */
27521 +subnettoa(addr, mask, format, dst, dstlen)
27522 +struct in_addr addr;
27523 +struct in_addr mask;
27524 +int format; /* character */
27525 +char *dst; /* need not be valid if dstlen is 0 */
27533 + switch (format) {
27541 + len = addrtoa(addr, 0, dst, dstlen);
27542 + if (len < dstlen) {
27543 + dst[len - 1] = '/';
27545 + rest = dstlen - len;
27551 + n = masktobits(mask);
27553 + len += ultoa((unsigned long)n, 10, p, rest);
27555 + len += addrtoa(mask, 0, p, rest);
27559 diff -druN linux-noipsec/net/ipsec/libfreeswan/subnettot.c linux/net/ipsec/libfreeswan/subnettot.c
27560 --- linux-noipsec/net/ipsec/libfreeswan/subnettot.c Thu Jan 1 01:00:00 1970
27561 +++ linux/net/ipsec/libfreeswan/subnettot.c Fri Sep 8 20:03:45 2000
27564 + * convert binary form of subnet description to text
27565 + * Copyright (C) 2000 Henry Spencer.
27567 + * This library is free software; you can redistribute it and/or modify it
27568 + * under the terms of the GNU Library General Public License as published by
27569 + * the Free Software Foundation; either version 2 of the License, or (at your
27570 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27572 + * This library is distributed in the hope that it will be useful, but
27573 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27574 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27575 + * License for more details.
27579 +#include "internal.h"
27580 +#include "freeswan.h"
27583 + - subnettot - convert subnet to text "addr/bitcount"
27585 +size_t /* space needed for full conversion */
27586 +subnettot(sub, format, dst, dstlen)
27587 +const ip_subnet *sub;
27588 +int format; /* character */
27589 +char *dst; /* need not be valid if dstlen is 0 */
27596 + switch (format) {
27604 + len = addrtot(&sub->addr, format, dst, dstlen);
27605 + if (len < dstlen) {
27606 + dst[len - 1] = '/';
27608 + rest = dstlen - len;
27615 + len += ultoa((unsigned long)sub->maskbits, 10, p, rest);
27619 diff -druN linux-noipsec/net/ipsec/libfreeswan/subnettypeof.c linux/net/ipsec/libfreeswan/subnettypeof.c
27620 --- linux-noipsec/net/ipsec/libfreeswan/subnettypeof.c Thu Jan 1 01:00:00 1970
27621 +++ linux/net/ipsec/libfreeswan/subnettypeof.c Fri Sep 8 20:03:45 2000
27624 + * extract parts of an ip_subnet, and related
27625 + * Copyright (C) 2000 Henry Spencer.
27627 + * This library is free software; you can redistribute it and/or modify it
27628 + * under the terms of the GNU Library General Public License as published by
27629 + * the Free Software Foundation; either version 2 of the License, or (at your
27630 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27632 + * This library is distributed in the hope that it will be useful, but
27633 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27634 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27635 + * License for more details.
27639 +#include "internal.h"
27640 +#include "freeswan.h"
27643 + - subnettypeof - get the address type of an ip_subnet
27647 +const ip_subnet *src;
27649 + return src->addr.u.v4.sin_family;
27653 + - networkof - get the network address of a subnet
27656 +networkof(src, dst)
27657 +const ip_subnet *src;
27660 + *dst = src->addr;
27664 + - maskof - get the mask of a subnet, as an address
27668 +const ip_subnet *src;
27672 + unsigned char buf[16];
27673 + size_t n = addrlenof(&src->addr);
27674 + unsigned char *p;
27676 + if (src->maskbits > n*8 || n > sizeof(buf))
27677 + return; /* "can't happen" */
27680 + for (b = src->maskbits; b >= 8; b -= 8)
27683 + *p++ = (0xff << (8 - b)) & 0xff;
27684 + while (p - buf < n)
27687 + (void) initaddr(buf, n, addrtypeof(&src->addr), dst);
27691 + - masktocount - convert a mask, expressed as an address, to a bit count
27693 +int /* -1 if not valid mask */
27695 +const ip_address *src;
27698 + unsigned const char *bp;
27700 + unsigned const char *p;
27701 + unsigned const char *stop;
27703 + n = addrbytesptr(src, &bp);
27711 + while (p < stop && *p == 0xff) {
27715 + if (p < stop && *p != 0) { /* boundary in mid-byte */
27721 + if ((b&0xff) != 0)
27722 + return -1; /* bits not contiguous */
27724 + while (p < stop && *p == 0)
27732 diff -druN linux-noipsec/net/ipsec/libfreeswan/ttoaddr.c linux/net/ipsec/libfreeswan/ttoaddr.c
27733 --- linux-noipsec/net/ipsec/libfreeswan/ttoaddr.c Thu Jan 1 01:00:00 1970
27734 +++ linux/net/ipsec/libfreeswan/ttoaddr.c Mon Oct 2 23:57:20 2000
27737 + * conversion from text forms of addresses to internal ones
27738 + * Copyright (C) 2000 Henry Spencer.
27740 + * This library is free software; you can redistribute it and/or modify it
27741 + * under the terms of the GNU Library General Public License as published by
27742 + * the Free Software Foundation; either version 2 of the License, or (at your
27743 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
27745 + * This library is distributed in the hope that it will be useful, but
27746 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
27747 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
27748 + * License for more details.
27752 +#include "internal.h"
27753 +#include "freeswan.h"
27756 + * Legal ASCII characters in a domain name. Underscore technically is not,
27757 + * but is a common misunderstanding. Non-ASCII characters are simply
27758 + * exempted from checking at the moment, to allow for UTF-8 encoded stuff;
27759 + * the purpose of this check is merely to catch blatant errors.
27761 +static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789"
27762 + "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_.";
27763 +#define ISASCII(c) (((c) & 0x80) == 0)
27765 +static err_t tryname(const char *, size_t, int, int, ip_address *);
27766 +static err_t tryhex(const char *, size_t, int, ip_address *);
27767 +static err_t trydotted(const char *, size_t, ip_address *);
27768 +static err_t getbyte(const char **, const char *, int *);
27769 +static err_t colon(const char *, size_t, ip_address *);
27770 +static err_t getpiece(const char **, const char *, unsigned *);
27773 + - ttoaddr - convert text name or dotted-decimal address to binary address
27775 +err_t /* NULL for success, else string literal */
27776 +ttoaddr(src, srclen, af, dst)
27778 +size_t srclen; /* 0 means "apply strlen" */
27779 +int af; /* address family */
27783 +# define HEXLEN 10 /* strlen("0x11223344") */
27786 + if (srclen == 0) {
27787 + srclen = strlen(src);
27789 + return "empty string";
27792 + nultermd = 0; /* at least, not *known* to be terminated */
27794 + if (af == AF_INET && srclen == HEXLEN && *src == '0') {
27795 + if (*(src+1) == 'x' || *(src+1) == 'X')
27796 + return tryhex(src+2, srclen-2, 'x', dst);
27797 + if (*(src+1) == 'h' || *(src+1) == 'H')
27798 + return tryhex(src+2, srclen-2, 'h', dst);
27801 + if (memchr(src, ':', srclen) != NULL) {
27802 + if (af != AF_INET6)
27803 + return "non-ipv6 address may not contain `:'";
27804 + return colon(src, srclen, dst);
27807 + if (af == AF_INET) {
27808 + oops = trydotted(src, srclen, dst);
27809 + if (oops == NULL)
27810 + return NULL; /* it worked */
27811 + if (*oops != '?')
27812 + return oops; /* probably meant as d-d */
27815 + return tryname(src, srclen, nultermd, af, dst);
27819 + - tnatoaddr - convert text numeric address (only) to binary address
27821 +err_t /* NULL for success, else string literal */
27822 +tnatoaddr(src, srclen, af, dst)
27824 +size_t srclen; /* 0 means "apply strlen" */
27825 +int af; /* address family */
27830 + if (srclen == 0) {
27831 + srclen = strlen(src);
27833 + return "empty string";
27838 + return colon(src, srclen, dst);
27841 + oops = trydotted(src, srclen, dst);
27842 + if (oops == NULL)
27843 + return NULL; /* it worked */
27844 + if (*oops != '?')
27845 + return oops; /* probably meant as d-d */
27846 + return "does not appear to be numeric address";
27849 + return "unknown address family in tnatoaddr";
27855 + - tryname - try it as a name
27856 + * Slightly complicated by lack of reliable NUL termination in source.
27859 +tryname(src, srclen, nultermd, af, dst)
27862 +int nultermd; /* is it known to be NUL-terminated? */
27866 + struct hostent *h;
27867 + struct netent *ne = NULL;
27868 + char namebuf[100]; /* enough for most DNS names */
27870 + char *p = namebuf;
27873 + for (cp = src, n = srclen; n > 0; cp++, n--)
27874 + if (ISASCII(*cp) && strchr(namechars, *cp) == NULL)
27875 + return "illegal (non-DNS-name) character in name";
27880 + if (srclen+1 > sizeof(namebuf)) {
27881 + p = (char *) MALLOC(srclen+1);
27883 + return "unable to get temporary space for name";
27885 + p[0] = '\0'; /* strncpy semantics are wrong */
27886 + strncat(p, src, srclen);
27887 + cp = (const char *)p;
27890 + h = gethostbyname2(cp, af);
27891 + if (h == NULL && af == AF_INET)
27892 + ne = getnetbyname(cp);
27893 + if (p != namebuf)
27895 + if (h == NULL && ne == NULL)
27896 + return "does not look numeric and name lookup failed";
27899 + if (h->h_addrtype != af)
27900 + return "address-type mismatch from gethostbyname2!!!";
27901 + return initaddr((unsigned char *)h->h_addr, h->h_length, af, dst);
27903 + if (ne->n_addrtype != af)
27904 + return "address-type mismatch from getnetbyname!!!";
27905 + ne->n_net = htonl(ne->n_net);
27906 + return initaddr((unsigned char *)&ne->n_net, sizeof(ne->n_net),
27912 + - tryhex - try conversion as an eight-digit hex number (AF_INET only)
27915 +tryhex(src, srclen, flavor, dst)
27917 +size_t srclen; /* should be 8 */
27918 +int flavor; /* 'x' for network order, 'h' for host order */
27922 + unsigned long ul;
27925 + unsigned char buf[4];
27929 + return "internal error, tryhex called with bad length";
27931 + oops = ttoul(src, srclen, 16, &ul);
27932 + if (oops != NULL)
27935 + u.addr = (flavor == 'h') ? ul : htonl(ul);
27936 + return initaddr(u.buf, sizeof(u.buf), AF_INET, dst);
27940 + - trydotted - try conversion as dotted decimal (AF_INET only)
27942 + * If the first char of a complaint is '?', that means "didn't look like
27943 + * dotted decimal at all".
27946 +trydotted(src, srclen, dst)
27951 + const char *stop = src + srclen; /* just past end */
27955 + unsigned char buf[NBYTES];
27958 + memset(buf, 0, sizeof(buf));
27959 + for (i = 0; i < NBYTES && src < stop; i++) {
27960 + oops = getbyte(&src, stop, &byte);
27961 + if (oops != NULL) {
27962 + if (*oops != '?')
27963 + return oops; /* bad number */
27965 + return oops+1; /* failed number */
27966 + return oops; /* with leading '?' */
27969 + if (i < 3 && src < stop && *src++ != '.') {
27971 + return "?syntax error in dotted-decimal address";
27973 + return "syntax error in dotted-decimal address";
27977 + return "extra garbage on end of dotted-decimal address";
27979 + return initaddr(buf, sizeof(buf), AF_INET, dst);
27983 + - getbyte - try to scan a byte in dotted decimal
27984 + * A subtlety here is that all this arithmetic on ASCII digits really is
27985 + * highly portable -- ANSI C guarantees that digits 0-9 are contiguous.
27986 + * It's easier to just do it ourselves than set up for a call to ttoul().
27988 + * If the first char of a complaint is '?', that means "didn't look like a
27989 + * number at all".
27992 +getbyte(srcp, stop, retp)
27993 +const char **srcp; /* *srcp is updated */
27994 +const char *stop; /* first untouchable char */
27995 +int *retp; /* return-value pointer */
28001 + if (*srcp >= stop)
28002 + return "?empty number in dotted-decimal address";
28006 + while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') {
28007 + no = no*10 + (c - '0');
28011 + return "?non-numeric component in dotted-decimal address";
28014 + return "byte overflow in dotted-decimal address";
28020 + - colon - convert IPv6 "numeric" address
28023 +colon(src, srclen, dst)
28025 +size_t srclen; /* known to be >0 */
28028 + const char *stop = src + srclen; /* just past end */
28030 + int gapat; /* where was empty piece seen */
28032 +# define NPIECES 8
28033 + unsigned char buf[NPIECES*2]; /* short may have wrong byte order */
28036 +# define IT "IPv6 numeric address"
28039 + /* leading or trailing :: becomes single empty field */
28040 + if (*src == ':') { /* legal only if leading :: */
28041 + if (srclen == 1 || *(src+1) != ':')
28042 + return "illegal leading `:' in " IT;
28043 + if (srclen == 2) {
28044 + unspecaddr(AF_INET6, dst);
28047 + src++; /* past first but not second */
28050 + if (*(stop-1) == ':') { /* legal only if trailing :: */
28051 + if (srclen == 1 || *(stop-2) != ':')
28052 + return "illegal trailing `:' in " IT;
28053 + srclen--; /* leave one */
28057 + for (i = 0; i < NPIECES && src < stop; i++) {
28058 + oops = getpiece(&src, stop, &piece);
28059 + if (oops != NULL && *oops == ':') { /* empty field */
28061 + return "more than one :: in " IT;
28063 + } else if (oops != NULL)
28065 + buf[2*i] = piece >> 8;
28066 + buf[2*i + 1] = piece & 0xff;
28067 + if (i < NPIECES-1) { /* there should be more input */
28068 + if (src == stop && gapat < 0)
28069 + return IT " ends prematurely";
28070 + if (src != stop && *src++ != ':')
28071 + return "syntax error in " IT;
28075 + return "extra garbage on end of " IT;
28077 + if (gapat < 0 && i < NPIECES) /* should have been caught earlier */
28078 + return "incomplete " IT " (internal error)";
28079 + if (gapat >= 0 && i == NPIECES)
28080 + return "non-abbreviating empty field in " IT;
28081 + if (gapat >= 0) {
28082 + naftergap = i - (gapat + 1);
28083 + for (i--, j = NPIECES-1; naftergap > 0; i--, j--, naftergap--) {
28084 + buf[2*j] = buf[2*i];
28085 + buf[2*j + 1] = buf[2*i + 1];
28087 + for (; j >= gapat; j--)
28088 + buf[2*j] = buf[2*j + 1] = 0;
28091 + return initaddr(buf, sizeof(buf), AF_INET6, dst);
28095 + - getpiece - try to scan one 16-bit piece of an IPv6 address
28097 +err_t /* ":" means "empty field seen" */
28098 +getpiece(srcp, stop, retp)
28099 +const char **srcp; /* *srcp is updated */
28100 +const char *stop; /* first untouchable char */
28101 +unsigned *retp; /* return-value pointer */
28106 + unsigned long ret;
28109 + if (*srcp >= stop || **srcp == ':') { /* empty field */
28116 + while (p < stop && d < NDIG && isxdigit(*p)) {
28121 + return "non-hex field in IPv6 numeric address";
28122 + if (p < stop && d == NDIG && isxdigit(*p))
28123 + return "field in IPv6 numeric address longer than 4 hex digits";
28125 + oops = ttoul(*srcp, d, 16, &ret);
28126 + if (oops != NULL) /* shouldn't happen, really... */
28133 diff -druN linux-noipsec/net/ipsec/libfreeswan/ttodata.c linux/net/ipsec/libfreeswan/ttodata.c
28134 --- linux-noipsec/net/ipsec/libfreeswan/ttodata.c Thu Jan 1 01:00:00 1970
28135 +++ linux/net/ipsec/libfreeswan/ttodata.c Fri Aug 18 17:09:07 2000
28138 + * convert from text form of arbitrary data (e.g., keys) to binary
28139 + * Copyright (C) 2000 Henry Spencer.
28141 + * This library is free software; you can redistribute it and/or modify it
28142 + * under the terms of the GNU Library General Public License as published by
28143 + * the Free Software Foundation; either version 2 of the License, or (at your
28144 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
28146 + * This library is distributed in the hope that it will be useful, but
28147 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
28148 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
28149 + * License for more details.
28153 +#include "internal.h"
28154 +#include "freeswan.h"
28157 +static int unhex(const char *, char *, size_t);
28158 +static int unb64(const char *, char *, size_t);
28159 +static int untext(const char *, char *, size_t);
28161 +/* internal error codes for converters */
28162 +#define BADCHAR (-1) /* invalid character */
28163 +#define SHORT (-2) /* string ended prematurely */
28164 +#define BADPAD (-3) /* bad base64 padding */
28167 + - ttodata - convert text to data
28168 + * If some of this looks slightly odd, it's because it has changed
28169 + * repeatedly (from the original atodata()) without a major rewrite.
28171 +const char * /* NULL for success, else string literal */
28172 +ttodata(src, srclen, base, dst, dstlen, lenp)
28174 +size_t srclen; /* 0 means apply strlen() */
28175 +int base; /* 0 means figure it out */
28176 +char *dst; /* need not be valid if dstlen is 0 */
28178 +size_t *lenp; /* where to record length (NULL is nowhere) */
28180 + size_t ingroup; /* number of input bytes converted at once */
28181 + char buf[4]; /* output from conversion */
28182 + int nbytes; /* size of output */
28183 + int (*decode)(const char *, char *, size_t);
28187 + int underscoreok;
28190 + srclen = strlen(src);
28192 + dst = buf; /* point it somewhere valid */
28193 + stop = dst + dstlen;
28197 + return "input too short to be valid";
28198 + if (*src++ != '0')
28199 + return "input does not begin with format prefix";
28200 + switch (*src++) {
28214 + return "unknown format prefix";
28223 + underscoreok = 1;
28228 + underscoreok = 0;
28233 + underscoreok = 0;
28236 + return "unknown base";
28242 + while (srclen >= ingroup) {
28243 + nbytes = (*decode)(src, buf, sizeof(buf));
28244 + switch (nbytes) {
28246 + return "unknown character in input";
28249 + return "input ends prematurely, perhaps truncated";
28252 + return "non-zero padding in base64 input";
28256 + return "unknown internal error";
28257 + for (i = 0; i < nbytes; i++) {
28263 + srclen -= ingroup;
28264 + if (underscoreok && srclen > 1 && *src == '_') {
28265 + /* srclen > 1 means not last character */
28271 + return "input ends in mid-byte, perhaps truncated";
28273 + return "no data bytes specified by input";
28274 + if (lenp != NULL)
28280 + - atodata - convert ASCII to data
28281 + * backward-compatibility interface
28283 +size_t /* 0 for failure, true length for success */
28284 +atodata(src, srclen, dst, dstlen)
28293 + err = ttodata(src, srclen, 0, dst, dstlen, &len);
28300 + - atobytes - convert ASCII to data bytes
28301 + * another backward-compatibility interface
28304 +atobytes(src, srclen, dst, dstlen, lenp)
28311 + return ttodata(src, srclen, 0, dst, dstlen, lenp);
28315 + - unhex - convert two ASCII hex digits to byte
28317 +static int /* number of result bytes, or error code */
28318 +unhex(src, dst, dstlen)
28319 +const char *src; /* known to be full length */
28321 +size_t dstlen; /* not large enough is a failure */
28325 + static char hex[] = "0123456789abcdef";
28330 + p = strchr(hex, *src);
28332 + p = strchr(hex, tolower(*src));
28335 + byte = (p - hex) << 4;
28338 + p = strchr(hex, *src);
28340 + p = strchr(hex, tolower(*src));
28343 + byte |= (p - hex);
28350 + - unb64 - convert four ASCII base64 digits to three bytes
28351 + * Note that a base64 digit group is padded out with '=' if it represents
28352 + * less than three bytes: one byte is dd==, two is ddd=, three is dddd.
28354 +static int /* number of result bytes, or error code */
28355 +unb64(src, dst, dstlen)
28356 +const char *src; /* known to be full length */
28363 + static char base64[] =
28364 + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
28369 + p = strchr(base64, *src++);
28372 + byte1 = (p - base64) << 2; /* first six bits */
28374 + p = strchr(base64, *src++);
28377 + byte2 = p - base64; /* next six: two plus four */
28378 + *dst++ = byte1 | (byte2 >> 4);
28379 + byte1 = (byte2 & 0xf) << 4;
28381 + p = strchr(base64, *src++);
28383 + if (*(src-1) == '=' && *src == '=') {
28384 + if (byte1 != 0) /* bad padding */
28390 + byte2 = p - base64; /* next six: four plus two */
28391 + *dst++ = byte1 | (byte2 >> 2);
28392 + byte1 = (byte2 & 0x3) << 6;
28394 + p = strchr(base64, *src++);
28396 + if (*(src-1) == '=') {
28397 + if (byte1 != 0) /* bad padding */
28403 + byte2 = p - base64; /* last six */
28404 + *dst++ = byte1 | byte2;
28409 + - untext - convert one ASCII character to byte
28411 +static int /* number of result bytes, or error code */
28412 +untext(src, dst, dstlen)
28413 +const char *src; /* known to be full length */
28415 +size_t dstlen; /* not large enough is a failure */
28426 +#ifdef TTODATA_MAIN
28428 +#include <stdio.h>
28434 + - main - convert first argument to hex, or run regression
28447 + char *pgm = argv[0];
28448 + const char *oops;
28451 + fprintf(stderr, "Usage: %s {0x<hex>|0s<base64>|-r}\n", pgm);
28455 + if (strcmp(argv[1], "-r") == 0) {
28456 + regress(pgm); /* should not return */
28457 + fprintf(stderr, "%s: regress() returned?!?\n", pgm);
28461 + oops = ttodata(argv[1], 0, 0, buf, sizeof(buf), &n);
28462 + if (oops != NULL) {
28463 + fprintf(stderr, "%s: ttodata error `%s' in `%s'\n", pgm,
28468 + if (n > sizeof(buf)) {
28469 + p = (char *)malloc((size_t)n);
28472 + "%s: unable to malloc %d bytes for result\n",
28476 + oops = ttodata(argv[1], 0, 0, p, n, &n);
28477 + if (oops != NULL) {
28478 + fprintf(stderr, "%s: error `%s' in ttodata retry?!?\n",
28484 + hexout(p, n, stdout);
28487 + i = datatot(buf, n, 'h', buf2, sizeof(buf2));
28489 + fprintf(stderr, "%s: datatot reports error in `%s'\n", pgm,
28494 + if (i > sizeof(buf2)) {
28495 + p2 = (char *)malloc((size_t)i);
28498 + "%s: unable to malloc %d bytes for result\n",
28502 + i = datatot(buf, n, 'h', p2, i);
28504 + fprintf(stderr, "%s: error in datatoa retry?!?\n", pgm);
28509 + printf("%s\n", p2);
28515 + - hexout - output an arbitrary-length string in hex
28525 + fprintf(f, "0x");
28526 + for (i = 0; i < len; i++)
28527 + fprintf(f, "%02x", (unsigned char)s[i]);
28532 + char *ascii; /* NULL for end */
28533 + char *data; /* NULL for error expected */
28534 +} atodatatab[] = {
28539 + 0, "0xab", "\xab",
28540 + 0, "0xabc", NULL,
28541 + 0, "0xabcd", "\xab\xcd",
28542 + 0, "0x0123456789", "\x01\x23\x45\x67\x89",
28543 + 0, "0x01x", NULL,
28544 + 0, "0xabcdef", "\xab\xcd\xef",
28545 + 0, "0xABCDEF", "\xab\xcd\xef",
28546 + 0, "0XaBc0eEd81f", "\xab\xc0\xee\xd8\x1f",
28547 + 0, "0XaBc0_eEd8", "\xab\xc0\xee\xd8",
28548 + 0, "0XaBc0_", NULL,
28549 + 0, "0X_aBc0", NULL,
28550 + 0, "0Xa_Bc0", NULL,
28551 + 16, "aBc0_eEd8", "\xab\xc0\xee\xd8",
28555 + 0, "0sCBA", NULL,
28556 + 0, "0sDCBA", "\x0c\x20\x40",
28557 + 0, "0SDCBA", "\x0c\x20\x40",
28558 + 0, "0sDA==", "\x0c",
28559 + 0, "0sDC==", NULL,
28560 + 0, "0sDCA=", "\x0c\x20",
28561 + 0, "0sDCB=", NULL,
28562 + 0, "0sDCAZ", "\x0c\x20\x19",
28563 + 0, "0sDCAa", "\x0c\x20\x1a",
28564 + 0, "0sDCAz", "\x0c\x20\x33",
28565 + 0, "0sDCA0", "\x0c\x20\x34",
28566 + 0, "0sDCA9", "\x0c\x20\x3d",
28567 + 0, "0sDCA+", "\x0c\x20\x3e",
28568 + 0, "0sDCA/", "\x0c\x20\x3f",
28569 + 0, "0sAbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe",
28570 + 64, "AbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe",
28572 + 0, "0tabc_xyz", "abc_xyz",
28573 + 256, "abc_xyz", "abc_xyz",
28578 + char *data; /* input; NULL for end */
28580 + int buflen; /* -1 means big buffer */
28581 + int outlen; /* -1 means strlen(ascii)+1 */
28582 + char *ascii; /* NULL for error expected */
28583 +} datatoatab[] = {
28584 + "", 'x', -1, -1, NULL,
28585 + "", 'X', -1, -1, NULL,
28586 + "", 'n', -1, -1, NULL,
28587 + "0", 'x', -1, -1, "0x30",
28588 + "0", 'x', 0, 5, "---",
28589 + "0", 'x', 1, 5, "",
28590 + "0", 'x', 2, 5, "0",
28591 + "0", 'x', 3, 5, "0x",
28592 + "0", 'x', 4, 5, "0x3",
28593 + "0", 'x', 5, 5, "0x30",
28594 + "0", 'x', 6, 5, "0x30",
28595 + "\xab\xcd", 'x', -1, -1, "0xabcd",
28596 + "\x01\x23\x45\x67\x89", 'x', -1, -1, "0x0123456789",
28597 + "\xab\xcd\xef", 'x', -1, -1, "0xabcdef",
28598 + "\xab\xc0\xee\xd8\x1f", 'x', -1, -1, "0xabc0eed81f",
28599 + "\x01\x02", 'h', -1, -1, "0x0102",
28600 + "\x01\x02\x03\x04\x05\x06", 'h', -1, -1, "0x01020304_0506",
28601 + "\xab\xc0\xee\xd8\x1f", 16, -1, -1, "abc0eed81f",
28602 + "\x0c\x20\x40", 's', -1, -1, "0sDCBA",
28603 + "\x0c\x20\x40", 's', 0, 7, "---",
28604 + "\x0c\x20\x40", 's', 1, 7, "",
28605 + "\x0c\x20\x40", 's', 2, 7, "0",
28606 + "\x0c\x20\x40", 's', 3, 7, "0s",
28607 + "\x0c\x20\x40", 's', 4, 7, "0sD",
28608 + "\x0c\x20\x40", 's', 5, 7, "0sDC",
28609 + "\x0c\x20\x40", 's', 6, 7, "0sDCB",
28610 + "\x0c\x20\x40", 's', 7, 7, "0sDCBA",
28611 + "\x0c\x20\x40", 's', 8, 7, "0sDCBA",
28612 + "\x0c", 's', -1, -1, "0sDA==",
28613 + "\x0c\x20", 's', -1, -1, "0sDCA=",
28614 + "\x0c\x20\x19", 's', -1, -1, "0sDCAZ",
28615 + "\x0c\x20\x1a", 's', -1, -1, "0sDCAa",
28616 + "\x0c\x20\x33", 's', -1, -1, "0sDCAz",
28617 + "\x0c\x20\x34", 's', -1, -1, "0sDCA0",
28618 + "\x0c\x20\x3d", 's', -1, -1, "0sDCA9",
28619 + "\x0c\x20\x3e", 's', -1, -1, "0sDCA+",
28620 + "\x0c\x20\x3f", 's', -1, -1, "0sDCA/",
28621 + "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 's', -1, -1, "0sAbraCadabra+",
28622 + "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 64, -1, -1, "AbraCadabra+",
28623 + NULL, 'x', -1, -1, NULL,
28627 + - regress - regression-test ttodata() and datatot()
28629 +void /* should not return at all, in fact */
28634 + struct drtab *dr;
28639 + const char *oops;
28641 + for (r = atodatatab; r->ascii != NULL; r++) {
28642 + oops = ttodata(r->ascii, 0, r->base, buf, sizeof(buf), &n);
28643 + if (oops != NULL && r->data == NULL)
28644 + {} /* error expected */
28645 + else if (oops != NULL) {
28646 + printf("`%s' gave error `%s', expecting %d `", r->ascii,
28647 + oops, strlen(r->data));
28648 + hexout(r->data, strlen(r->data), stdout);
28651 + } else if (r->data == NULL) {
28652 + printf("`%s' gave %d `", r->ascii, n);
28653 + hexout(buf, n, stdout);
28654 + printf("', expecting error\n");
28656 + } else if (n != strlen(r->data)) {
28657 + printf("length wrong in `%s': got %d `", r->ascii, n);
28658 + hexout(buf, n, stdout);
28659 + printf("', expecting %d `", strlen(r->data));
28660 + hexout(r->data, strlen(r->data), stdout);
28663 + } else if (memcmp(buf, r->data, n) != 0) {
28664 + printf("`%s' gave %d `", r->ascii, n);
28665 + hexout(buf, n, stdout);
28666 + printf("', expecting %d `", strlen(r->data));
28667 + hexout(r->data, strlen(r->data), stdout);
28673 + for (dr = datatoatab; dr->data != NULL; dr++) {
28674 + strcpy(buf, "---");
28675 + n = datatot(dr->data, strlen(dr->data), dr->format, buf,
28676 + (dr->buflen == -1) ? sizeof(buf) : dr->buflen);
28677 + should = (dr->ascii == NULL) ? 0 : strlen(dr->ascii) + 1;
28678 + if (dr->outlen != -1)
28679 + should = dr->outlen;
28680 + if (n == 0 && dr->ascii == NULL)
28681 + {} /* error expected */
28682 + else if (n == 0) {
28684 + hexout(dr->data, strlen(dr->data), stdout);
28685 + printf("' %c gave error, expecting %d `%s'\n",
28686 + dr->format, should, dr->ascii);
28688 + } else if (dr->ascii == NULL) {
28690 + hexout(dr->data, strlen(dr->data), stdout);
28691 + printf("' %c gave %d `%.*s', expecting error\n",
28692 + dr->format, n, n, buf);
28694 + } else if (n != should) {
28695 + printf("length wrong in `");
28696 + hexout(dr->data, strlen(dr->data), stdout);
28697 + printf("': got %d `%s'", n, buf);
28698 + printf(", expecting %d `%s'\n", should, dr->ascii);
28700 + } else if (strcmp(buf, dr->ascii) != 0) {
28702 + hexout(dr->data, strlen(dr->data), stdout);
28703 + printf("' gave %d `%s'", n, buf);
28704 + printf(", expecting %d `%s'\n", should, dr->ascii);
28712 +#endif /* TTODATA_MAIN */
28713 diff -druN linux-noipsec/net/ipsec/libfreeswan/ttosa.c linux/net/ipsec/libfreeswan/ttosa.c
28714 --- linux-noipsec/net/ipsec/libfreeswan/ttosa.c Thu Jan 1 01:00:00 1970
28715 +++ linux/net/ipsec/libfreeswan/ttosa.c Fri Sep 15 21:20:33 2000
28718 + * convert from text form of SA ID to binary
28719 + * Copyright (C) 2000 Henry Spencer.
28721 + * This library is free software; you can redistribute it and/or modify it
28722 + * under the terms of the GNU Library General Public License as published by
28723 + * the Free Software Foundation; either version 2 of the License, or (at your
28724 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
28726 + * This library is distributed in the hope that it will be useful, but
28727 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
28728 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
28729 + * License for more details.
28733 +#include "internal.h"
28734 +#include "freeswan.h"
28736 +static struct satype {
28738 + size_t prelen; /* strlen(prefix) */
28741 + { "ah", 2, SA_AH },
28742 + { "esp", 3, SA_ESP },
28743 + { "tun", 3, SA_IPIP },
28744 + { "comp", 4, SA_COMP },
28749 + - ttosa - convert text "ah507@10.0.0.1" to SA identifier
28751 +err_t /* NULL for success, else string literal */
28752 +ttosa(src, srclen, sa)
28754 +size_t srclen; /* 0 means "apply strlen" */
28758 + const char *addr;
28760 + const char *spi = NULL;
28761 + struct satype *sat;
28762 + unsigned long ul;
28763 + const char *oops;
28764 +# define MINLEN 5 /* ah0@0 is as short as it can get */
28765 + static char ptname[] = PASSTHROUGHNAME;
28766 +# define PTNLEN (sizeof(ptname)-1) /* -1 for NUL */
28767 + static char pt4name[] = PASSTHROUGH4NAME;
28768 +# define PT4NLEN (sizeof(pt4name)-1) /* -1 for NUL */
28769 + static char pt6name[] = PASSTHROUGH6NAME;
28770 +# define PT6NLEN (sizeof(pt6name)-1) /* -1 for NUL */
28775 + srclen = strlen(src);
28777 + return "empty string";
28778 + if (srclen < MINLEN)
28779 + return "string too short to be SA identifier";
28780 + if (srclen == PTNLEN && memcmp(src, ptname, PTNLEN) == 0) {
28781 + src = PASSTHROUGH4IS;
28782 + srclen = strlen(src);
28783 + } else if (srclen == PT4NLEN && memcmp(src, pt4name, PT4NLEN) == 0) {
28784 + src = PASSTHROUGH4IS;
28785 + srclen = strlen(src);
28786 + } else if (srclen == PT6NLEN && memcmp(src, pt6name, PT6NLEN) == 0) {
28787 + src = PASSTHROUGH6IS;
28788 + srclen = strlen(src);
28791 + at = memchr(src, '@', srclen);
28793 + return "no @ in SA specifier";
28795 + for (sat = satypes; sat->prefix != NULL; sat++)
28796 + if (sat->prelen < srclen &&
28797 + strncmp(src, sat->prefix, sat->prelen) == 0) {
28798 + sa->proto = sat->proto;
28799 + spi = src + sat->prelen;
28800 + break; /* NOTE BREAK OUT */
28802 + if (sat->prefix == NULL)
28803 + return "SA specifier lacks valid protocol prefix";
28806 + return "no SPI in SA specifier";
28819 + af = AF_UNSPEC; /* not known yet */
28824 + return "no SPI found in SA specifier";
28825 + oops = ttoul(spi, at - spi, base, &ul);
28826 + if (oops != NULL)
28828 + sa->spi = htonl(ul);
28831 + alen = srclen - (addr - src);
28832 + if (af == AF_UNSPEC)
28833 + af = (memchr(addr, ':', alen) != NULL) ? AF_INET6 : AF_INET;
28834 + oops = ttoaddr(addr, alen, af, &sa->dst);
28835 + if (oops != NULL)
28845 +#include <stdio.h>
28857 + const char *oops;
28861 + fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]);
28865 + if (strcmp(argv[1], "-r") == 0) {
28867 + fprintf(stderr, "regress() returned?!?\n");
28871 + oops = ttosa(argv[1], 0, &sa);
28872 + if (oops != NULL) {
28873 + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
28876 + n = satot(&sa, 0, buf, sizeof(buf));
28877 + if (n > sizeof(buf)) {
28878 + fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto);
28879 + fprintf(stderr, "%lx@", sa.spi);
28880 + (void) addrtot(&sa.dst, 0, buf2, sizeof(buf2));
28881 + fprintf(stderr, "%s", buf2);
28882 + fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
28883 + (long)n, (long)sizeof(buf));
28886 + printf("%s\n", buf);
28894 + char *output; /* NULL means error expected */
28896 + 0, "esp257@1.2.3.0", "esp.101@1.2.3.0",
28897 + 0, "ah0x20@1.2.3.4", "ah.20@1.2.3.4",
28898 + 0, "tun20@1.2.3.4", "tun.14@1.2.3.4",
28899 + 0, "comp20@1.2.3.4", "comp.14@1.2.3.4",
28900 + 0, "esp257@::1", "esp:101@::1",
28901 + 0, "esp257@0bc:12de::1", "esp:101@bc:12de::1",
28902 + 0, "esp78@1049:1::8007:2040", "esp:4e@1049:1::8007:2040",
28903 + 0, "esp0x78@1049:1::8007:2040", "esp:78@1049:1::8007:2040",
28904 + 0, "ah78@1049:1::8007:2040", "ah:4e@1049:1::8007:2040",
28905 + 0, "ah0x78@1049:1::8007:2040", "ah:78@1049:1::8007:2040",
28906 + 0, "tun78@1049:1::8007:2040", "tun:4e@1049:1::8007:2040",
28907 + 0, "tun0x78@1049:1::8007:2040", "tun:78@1049:1::8007:2040",
28908 + 0, "duk99@3ffe:370:400:ff::9001:3001", NULL,
28909 + 0, "esp78x@1049:1::8007:2040", NULL,
28910 + 0, "esp0x78@1049:1:0xfff::8007:2040", NULL,
28911 + 0, "es78@1049:1::8007:2040", NULL,
28914 + 0, "ah2.2", NULL,
28915 + 0, "goo2@1.2.3.4", NULL,
28916 + 0, "esp9@1.2.3.4", "esp.9@1.2.3.4",
28917 + 'f', "esp0xa9@1.2.3.4", "esp.000000a9@1.2.3.4",
28918 + 0, "espp9@1.2.3.4", NULL,
28919 + 0, "es9@1.2.3.4", NULL,
28920 + 0, "ah@1.2.3.4", NULL,
28921 + 0, "esp7x7@1.2.3.4", NULL,
28922 + 0, "esp77@1.0x2.3.4", NULL,
28923 + 0, PASSTHROUGHNAME, PASSTHROUGH4NAME,
28935 + const char *oops;
28938 + for (r = rtab; r->input != NULL; r++) {
28939 + strcpy(in, r->input);
28940 + oops = ttosa(in, 0, &sa);
28941 + if (oops != NULL && r->output == NULL)
28942 + {} /* okay, error expected */
28943 + else if (oops != NULL) {
28944 + printf("`%s' ttosa failed: %s\n", r->input, oops);
28946 + } else if (r->output == NULL) {
28947 + printf("`%s' ttosa succeeded unexpectedly\n",
28951 + n = satot(&sa, r->format, buf, sizeof(buf));
28952 + if (n > sizeof(buf)) {
28953 + printf("`%s' satot failed: need %ld\n",
28954 + r->input, (long)n);
28956 + } else if (strcmp(r->output, buf) != 0) {
28957 + printf("`%s' gave `%s', expected `%s'\n",
28958 + r->input, buf, r->output);
28966 +#endif /* TTOSA_MAIN */
28967 diff -druN linux-noipsec/net/ipsec/libfreeswan/ttosubnet.c linux/net/ipsec/libfreeswan/ttosubnet.c
28968 --- linux-noipsec/net/ipsec/libfreeswan/ttosubnet.c Thu Jan 1 01:00:00 1970
28969 +++ linux/net/ipsec/libfreeswan/ttosubnet.c Thu Aug 17 06:14:27 2000
28972 + * convert from text form of subnet specification to binary
28973 + * Copyright (C) 2000 Henry Spencer.
28975 + * This library is free software; you can redistribute it and/or modify it
28976 + * under the terms of the GNU Library General Public License as published by
28977 + * the Free Software Foundation; either version 2 of the License, or (at your
28978 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
28980 + * This library is distributed in the hope that it will be useful, but
28981 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
28982 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
28983 + * License for more details.
28987 +#include "internal.h"
28988 +#include "freeswan.h"
28990 +#ifndef DEFAULTSUBNET
28991 +#define DEFAULTSUBNET "%default"
28995 + - ttosubnet - convert text "addr/mask" to address and mask
28996 + * Mask can be integer bit count.
28999 +ttosubnet(src, srclen, af, dst)
29001 +size_t srclen; /* 0 means "apply strlen" */
29002 +int af; /* AF_INET or AF_INET6 */
29005 + const char *slash;
29006 + const char *mask;
29008 + const char *oops;
29009 + unsigned long bc;
29010 + static char def[] = DEFAULTSUBNET;
29011 +# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */
29012 + static char defis4[] = "0/0";
29013 +# define DEFIS4LEN (sizeof(defis4) - 1)
29014 + static char defis6[] = "::/0";
29015 +# define DEFIS6LEN (sizeof(defis6) - 1)
29016 + ip_address addrtmp;
29017 + ip_address masktmp;
29022 + srclen = strlen(src);
29024 + return "empty string";
29034 + return "unknown address family in ttosubnet";
29038 + if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) {
29039 + src = (af == AF_INET) ? defis4 : defis6;
29040 + srclen = (af == AF_INET) ? DEFIS4LEN : DEFIS6LEN;
29043 + slash = memchr(src, '/', srclen);
29044 + if (slash == NULL)
29045 + return "no / in subnet specification";
29046 + mask = slash + 1;
29047 + mlen = srclen - (mask - src);
29049 + oops = ttoaddr(src, slash-src, af, &addrtmp);
29050 + if (oops != NULL)
29053 + oops = ttoul(mask, mlen, 10, &bc);
29054 + if (oops == NULL) {
29055 + /* ttoul succeeded, it's a bit-count mask */
29057 + return "subnet mask bit count too large";
29060 + oops = ttoaddr(mask, mlen, af, &masktmp);
29061 + if (oops != NULL)
29063 + i = masktocount(&masktmp);
29065 + return "non-contiguous or otherwise erroneous mask";
29068 + return initsubnet(&addrtmp, i, '0', dst);
29073 +#ifdef TTOSUBNET_MAIN
29075 +#include <stdio.h>
29088 + const char *oops;
29094 + fprintf(stderr, "Usage: %s [-6] addr/mask\n", argv[0]);
29095 + fprintf(stderr, " or: %s -r\n", argv[0]);
29099 + if (strcmp(argv[1], "-r") == 0) {
29101 + fprintf(stderr, "regress() returned?!?\n");
29107 + if (strcmp(argv[1], "-6") == 0) {
29110 + } else if (strchr(argv[1], ':') != NULL)
29113 + oops = ttosubnet(p, 0, af, &s);
29114 + if (oops != NULL) {
29115 + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
29118 + n = subnettot(&s, 0, buf, sizeof(buf));
29119 + if (n > sizeof(buf)) {
29120 + fprintf(stderr, "%s: reverse conversion of ", argv[0]);
29121 + (void) addrtot(&s.addr, 0, buf2, sizeof(buf2));
29122 + fprintf(stderr, "%s/", buf2);
29123 + fprintf(stderr, "%d", s.maskbits);
29124 + fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
29125 + (long)n, (long)sizeof(buf));
29128 + printf("%s\n", buf);
29136 + char *output; /* NULL means error expected */
29138 + 4, "1.2.3.0/255.255.255.0", "1.2.3.0/24",
29139 + 4, "1.2.3.0/24", "1.2.3.0/24",
29140 + 4, "1.2.3.1/255.255.255.240", "1.2.3.0/28",
29141 + 4, "1.2.3.1/32", "1.2.3.1/32",
29142 + 4, "1.2.3.1/0", "0.0.0.0/0",
29143 +/* 4, "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0", */
29144 + 4, "1.2.3.1/255.255.127.0", NULL,
29145 + 4, "128.009.000.032/32", "128.9.0.32/32",
29146 + 4, "128.0x9.0.32/32", NULL,
29147 + 4, "0x80090020/32", "128.9.0.32/32",
29148 + 4, "0x800x0020/32", NULL,
29149 + 4, "128.9.0.32/0xffFF0000", "128.9.0.0/16",
29150 + 4, "128.9.0.32/0xff0000FF", NULL,
29151 + 4, "128.9.0.32/0x0000ffFF", NULL,
29152 + 4, "128.9.0.32/0x00ffFF0000", NULL,
29153 + 4, "128.9.0.32/0xffFF", NULL,
29154 + 4, "128.9.0.32.27/32", NULL,
29155 + 4, "128.9.0k32/32", NULL,
29156 + 4, "328.9.0.32/32", NULL,
29157 + 4, "128.9..32/32", NULL,
29158 + 4, "10/8", "10.0.0.0/8",
29159 + 4, "10.0/8", "10.0.0.0/8",
29160 + 4, "10.0.0/8", "10.0.0.0/8",
29161 + 4, "10.0.1/24", "10.0.1.0/24",
29164 + 4, "1.2.3.1", NULL,
29165 + 4, "1.2.3.1/_", NULL,
29166 + 4, "1.2.3.1/24._", NULL,
29167 + 4, "1.2.3.1/99", NULL,
29168 + 4, "localhost./32", "127.0.0.1/32",
29169 + 4, "%default", "0.0.0.0/0",
29170 + 6, "3049:1::8007:2040/0", "::/0",
29171 + 6, "3049:1::8007:2040/128", "3049:1::8007:2040/128",
29172 + 6, "3049:1::192.168.0.1/128", NULL, /*"3049:1::c0a8:1/128",*/
29173 + 6, "3049:1::8007::2040/128", NULL,
29174 + 6, "3049:1::8007:2040/ffff::0", "3049::/16",
29175 + 6, "3049:1::8007:2040/64", "3049:1::/64",
29176 + 6, "3049:1::8007:2040/ffff::", "3049::/16",
29177 + 6, "3049:1::8007:2040/0000:ffff::0", NULL,
29178 + 6, "3049:1::8007:2040/ff1f::0", NULL,
29179 + 6, "3049:1::8007:x:2040/128", NULL,
29180 + 6, "3049:1t::8007:2040/128", NULL,
29181 + 6, "3049:1::80071:2040/128", NULL,
29182 + 6, "::/21", "::/21",
29183 + 6, "::1/128", "::1/128",
29184 + 6, "1::/21", "1::/21",
29185 + 6, "1::2/128", "1::2/128",
29186 + 6, "1:0:0:0:0:0:0:2/128", "1::2/128",
29187 + 6, "1:0:0:0:3:0:0:2/128", "1::3:0:0:2/128",
29188 + 6, "1:0:0:3:0:0:0:2/128", "1::3:0:0:0:2/128",
29189 + 6, "1:0:3:0:0:0:0:2/128", "1:0:3::2/128",
29190 + 6, "abcd:ef01:2345:6789:0:00a:000:20/128", "abcd:ef01:2345:6789:0:a:0:20/128",
29191 + 6, "3049:1::8007:2040/ffff:ffff:", NULL,
29192 + 6, "3049:1::8007:2040/ffff:88::", NULL,
29193 + 6, "3049:12::9000:3200/ffff:fff0::", "3049:10::/28",
29194 + 6, "3049:12::9000:3200/28", "3049:10::/28",
29195 + 6, "3049:12::9000:3200/ff00:::", NULL,
29196 + 6, "3049:12::9000:3200/ffff:::", NULL,
29197 + 6, "3049:12::9000:3200/128_", NULL,
29198 + 6, "3049:12::9000:3200/", NULL,
29199 + 6, "%default", "::/0",
29212 + const char *oops;
29216 + for (r = rtab; r->input != NULL; r++) {
29217 + af = (r->family == 4) ? AF_INET : AF_INET6;
29218 + strcpy(in, r->input);
29219 + oops = ttosubnet(in, 0, af, &s);
29220 + if (oops != NULL && r->output == NULL)
29221 + {} /* okay, error expected */
29222 + else if (oops != NULL) {
29223 + printf("`%s' ttosubnet failed: %s\n", r->input, oops);
29225 + } else if (r->output == NULL) {
29226 + printf("`%s' ttosubnet succeeded unexpectedly\n",
29230 + n = subnettot(&s, 0, buf, sizeof(buf));
29231 + if (n > sizeof(buf)) {
29232 + printf("`%s' subnettot failed: need %ld\n",
29233 + r->input, (long)n);
29235 + } else if (strcmp(r->output, buf) != 0) {
29236 + printf("`%s' gave `%s', expected `%s'\n",
29237 + r->input, buf, r->output);
29245 +#endif /* TTOSUBNET_MAIN */
29246 diff -druN linux-noipsec/net/ipsec/libfreeswan/ttoul.c linux/net/ipsec/libfreeswan/ttoul.c
29247 --- linux-noipsec/net/ipsec/libfreeswan/ttoul.c Thu Jan 1 01:00:00 1970
29248 +++ linux/net/ipsec/libfreeswan/ttoul.c Thu Aug 17 01:07:16 2000
29251 + * convert from text form of unsigned long to binary
29252 + * Copyright (C) 2000 Henry Spencer.
29254 + * This library is free software; you can redistribute it and/or modify it
29255 + * under the terms of the GNU Library General Public License as published by
29256 + * the Free Software Foundation; either version 2 of the License, or (at your
29257 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
29259 + * This library is distributed in the hope that it will be useful, but
29260 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
29261 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
29262 + * License for more details.
29266 +#include "internal.h"
29267 +#include "freeswan.h"
29270 + - ttoul - convert text substring to unsigned long number
29272 +const char * /* NULL for success, else string literal */
29273 +ttoul(src, srclen, base, resultp)
29275 +size_t srclen; /* 0 means strlen(src) */
29276 +int base; /* 0 means figure it out */
29277 +unsigned long *resultp;
29279 + const char *stop;
29280 + static char hex[] = "0123456789abcdef";
29281 + static char uchex[] = "0123456789ABCDEF";
29286 + unsigned long rlimit;
29290 + srclen = strlen(src);
29292 + return "empty string";
29295 + if (srclen > 2 && *src == '0' &&
29296 + (*(src+1) == 'x' || *(src+1) == 'X'))
29297 + return ttoul(src+2, srclen-2, 16, resultp);
29298 + if (srclen > 1 && *src == '0')
29299 + return ttoul(src+1, srclen-1, 8, resultp);
29300 + return ttoul(src, srclen, 10, resultp);
29302 + if (base != 8 && base != 10 && base != 16)
29303 + return "unsupported number base";
29306 + stop = src + srclen;
29307 + if (base == 16) {
29308 + while (src < stop) {
29310 + p = strchr(hex, c);
29314 + p = strchr(uchex, c);
29316 + return "non-hex digit in hex number";
29319 + r = (r << 4) | d;
29321 + /* defer length check to catch invalid digits first */
29322 + if (srclen > sizeof(unsigned long) * 2)
29323 + return "hex number too long";
29325 + rlimit = ULONG_MAX / base;
29326 + dlimit = (int)(ULONG_MAX - rlimit*base);
29327 + while (src < stop) {
29330 + if (d < 0 || d >= base)
29331 + return "non-digit in number";
29332 + if (r > rlimit || (r == rlimit && d > dlimit))
29333 + return "unsigned-long overflow";
29341 diff -druN linux-noipsec/net/ipsec/libfreeswan/ultoa.c linux/net/ipsec/libfreeswan/ultoa.c
29342 --- linux-noipsec/net/ipsec/libfreeswan/ultoa.c Thu Jan 1 01:00:00 1970
29343 +++ linux/net/ipsec/libfreeswan/ultoa.c Wed Oct 13 20:09:06 1999
29346 + * convert unsigned long to ASCII
29347 + * Copyright (C) 1998, 1999 Henry Spencer.
29349 + * This library is free software; you can redistribute it and/or modify it
29350 + * under the terms of the GNU Library General Public License as published by
29351 + * the Free Software Foundation; either version 2 of the License, or (at your
29352 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
29354 + * This library is distributed in the hope that it will be useful, but
29355 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
29356 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
29357 + * License for more details.
29361 +#include "internal.h"
29362 +#include "freeswan.h"
29365 + - ultoa - convert unsigned long to decimal ASCII
29367 +size_t /* length required for full conversion */
29368 +ultoa(n, base, dst, dstlen)
29371 +char *dst; /* need not be valid if dstlen is 0 */
29374 + char buf[3*sizeof(unsigned long) + 1];
29375 + char *bufend = buf + sizeof(buf);
29378 + static char hex[] = "0123456789abcdef";
29382 + if (base == 10) {
29384 + *--p = n%10 + '0';
29386 + } while (n != 0);
29387 + } else if (base == 16) {
29389 + *--p = hex[n&0xf];
29391 + } while (n != 0);
29394 + } else if (base == 8) {
29396 + *--p = (n&07) + '0';
29398 + } while (n != 0);
29403 + len = bufend - p;
29405 + if (dstlen > 0) {
29406 + if (len > dstlen)
29407 + *(p + dstlen - 1) = '\0';
29412 diff -druN linux-noipsec/net/ipsec/libfreeswan/ultot.c linux/net/ipsec/libfreeswan/ultot.c
29413 --- linux-noipsec/net/ipsec/libfreeswan/ultot.c Thu Jan 1 01:00:00 1970
29414 +++ linux/net/ipsec/libfreeswan/ultot.c Thu Aug 17 01:07:16 2000
29417 + * convert unsigned long to text
29418 + * Copyright (C) 2000 Henry Spencer.
29420 + * This library is free software; you can redistribute it and/or modify it
29421 + * under the terms of the GNU Library General Public License as published by
29422 + * the Free Software Foundation; either version 2 of the License, or (at your
29423 + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
29425 + * This library is distributed in the hope that it will be useful, but
29426 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
29427 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
29428 + * License for more details.
29432 +#include "internal.h"
29433 +#include "freeswan.h"
29436 + - ultot - convert unsigned long to text
29438 +size_t /* length required for full conversion */
29439 +ultot(n, base, dst, dstlen)
29442 +char *dst; /* need not be valid if dstlen is 0 */
29445 + char buf[3*sizeof(unsigned long) + 1];
29446 + char *bufend = buf + sizeof(buf);
29449 + static char hex[] = "0123456789abcdef";
29450 +# define HEX32 (32/4)
29458 + *--p = n%10 + '0';
29460 + } while (n != 0);
29466 + *--p = hex[n&0xf];
29468 + } while (n != 0);
29470 + while (bufend - p < HEX32 + 1)
29472 + if (base == 'x') {
29480 + *--p = (n&07) + '0';
29482 + } while (n != 0);
29491 + len = bufend - p;
29492 + if (dstlen > 0) {
29493 + if (len > dstlen)
29494 + *(p + dstlen - 1) = '\0';
29499 diff -druN linux-noipsec/net/ipsec/pfkey_v2.c linux/net/ipsec/pfkey_v2.c
29500 --- linux-noipsec/net/ipsec/pfkey_v2.c Thu Jan 1 01:00:00 1970
29501 +++ linux/net/ipsec/pfkey_v2.c Mon Nov 6 05:33:47 2000
29504 + * RFC2367 PF_KEYv2 Key management API domain socket I/F
29505 + * Copyright (C) 1999, 2000 Richard Guy Briggs.
29507 + * This program is free software; you can redistribute it and/or modify it
29508 + * under the terms of the GNU General Public License as published by the
29509 + * Free Software Foundation; either version 2 of the License, or (at your
29510 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
29512 + * This program is distributed in the hope that it will be useful, but
29513 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
29514 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
29515 + * for more details.
29521 + * Template from /usr/src/linux-2.0.36/net/unix/af_unix.c.
29522 + * Hints from /usr/src/linux-2.0.36/net/ipv4/udp.c.
29525 +#define __NO_VERSION__
29526 +#include <linux/module.h>
29527 +#include <linux/version.h>
29529 +#include <linux/config.h>
29530 +#include <linux/kernel.h>
29531 +#include <linux/major.h>
29532 +#include <linux/signal.h>
29533 +#include <linux/sched.h>
29534 +#include <linux/errno.h>
29535 +#include <linux/string.h>
29536 +#include <linux/stat.h>
29537 +#include <linux/socket.h>
29538 +#include <linux/un.h>
29539 +#include <linux/fcntl.h>
29540 +#include <linux/termios.h>
29541 +#include <linux/socket.h>
29542 +#include <linux/sockios.h>
29543 +#include <linux/net.h> /* struct socket */
29544 +#include <linux/in.h>
29545 +#include <linux/fs.h>
29546 +#include <linux/malloc.h>
29547 +#include <asm/segment.h>
29548 +#include <linux/skbuff.h>
29549 +#include <linux/netdevice.h>
29550 +#include <net/sock.h> /* struct sock */
29551 +/* #include <net/tcp.h> */
29552 +#include <net/af_unix.h>
29553 +#ifdef CONFIG_PROC_FS
29554 +#include <linux/proc_fs.h>
29555 +#endif /* CONFIG_PROC_FS */
29557 +#include <linux/types.h>
29559 +#include <freeswan.h>
29561 +#include <asm/uaccess.h>
29562 +#include <linux/in6.h>
29563 +#endif /* NET_21 */
29564 +#include <pfkeyv2.h>
29565 +#include <pfkey.h>
29566 +#include "radij.h"
29567 +#include "ipsec_encap.h"
29568 +#include "ipsec_netlink.h"
29570 +#ifdef CONFIG_IPSEC_DEBUG
29571 +int debug_pfkey = 0;
29572 +extern int sysctl_ipsec_debug_verbose;
29573 +#endif /* CONFIG_IPSEC_DEBUG */
29575 +#define min(a,b) (((a)<(b))?(a):(b))
29577 +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
29579 +#ifndef SOCKOPS_WRAPPED
29580 +#define SOCKOPS_WRAPPED(name) name
29583 +struct proto_ops SOCKOPS_WRAPPED(pfkey_ops);
29584 +struct sock *pfkey_sock_list = NULL;
29585 +struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
29587 +struct socket_list *pfkey_open_sockets = NULL;
29588 +struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1];
29590 +int pfkey_msg_interp(struct sock *, struct sadb_msg *, struct sadb_msg **);
29593 +pfkey_list_remove_socket(struct socket *socketp, struct socket_list **sockets)
29595 + struct socket_list *socket_listp,*prev;
29598 + KLIPS_PRINT(debug_pfkey,
29599 + "klips_debug:pfkey_list_remove_socket: "
29600 + "NULL socketp handed in, failed.\n");
29605 + KLIPS_PRINT(debug_pfkey,
29606 + "klips_debug:pfkey_list_remove_socket: "
29607 + "NULL sockets list handed in, failed.\n");
29611 + socket_listp = *sockets;
29614 + KLIPS_PRINT(debug_pfkey,
29615 + "klips_debug:pfkey_list_remove_socket: "
29616 + "removing sock=%p\n",
29619 + while(socket_listp != NULL) {
29620 + if(socket_listp->socketp == socketp) {
29621 + if(prev != NULL) {
29622 + prev->next = socket_listp->next;
29624 + *sockets = socket_listp->next;
29627 + kfree((void*)socket_listp);
29631 + prev = socket_listp;
29632 + socket_listp = socket_listp->next;
29639 +pfkey_list_insert_socket(struct socket *socketp, struct socket_list **sockets)
29641 + struct socket_list *socket_listp;
29644 + KLIPS_PRINT(debug_pfkey,
29645 + "klips_debug:pfkey_list_insert_socket: "
29646 + "NULL socketp handed in, failed.\n");
29651 + KLIPS_PRINT(debug_pfkey,
29652 + "klips_debug:pfkey_list_insert_socket: "
29653 + "NULL sockets list handed in, failed.\n");
29657 + KLIPS_PRINT(debug_pfkey,
29658 + "klips_debug:pfkey_list_insert_socket: "
29659 + "socketp=%p\n",socketp);
29661 + if((socket_listp = (struct socket_list *)kmalloc(sizeof(struct socket_list), GFP_KERNEL)) == NULL) {
29662 + KLIPS_PRINT(debug_pfkey,
29663 + "klips_debug:pfkey_list_insert_socket: "
29664 + "memory allocation error.\n");
29668 + socket_listp->socketp = socketp;
29669 + socket_listp->next = *sockets;
29670 + *sockets = socket_listp;
29676 +pfkey_list_remove_supported(struct supported *supported, struct supported_list **supported_list)
29678 + struct supported_list *supported_listp = *supported_list, *prev = NULL;
29681 + KLIPS_PRINT(debug_pfkey,
29682 + "klips_debug:pfkey_list_remove_supported: "
29683 + "NULL supported handed in, failed.\n");
29687 + if(!supported_list) {
29688 + KLIPS_PRINT(debug_pfkey,
29689 + "klips_debug:pfkey_list_remove_supported: "
29690 + "NULL supported_list handed in, failed.\n");
29694 + KLIPS_PRINT(debug_pfkey,
29695 + "klips_debug:pfkey_list_remove_supported: "
29696 + "removing supported=%p\n",
29699 + while(supported_listp != NULL) {
29700 + if(supported_listp->supportedp == supported) {
29701 + if(prev != NULL) {
29702 + prev->next = supported_listp->next;
29704 + *supported_list = supported_listp->next;
29707 + kfree((void*)supported_listp);
29711 + prev = supported_listp;
29712 + supported_listp = supported_listp->next;
29719 +pfkey_list_insert_supported(struct supported *supported, struct supported_list **supported_list)
29721 + struct supported_list *supported_listp;
29724 + KLIPS_PRINT(debug_pfkey,
29725 + "klips_debug:pfkey_list_insert_supported: "
29726 + "NULL supported handed in, failed.\n");
29730 + if(!supported_list) {
29731 + KLIPS_PRINT(debug_pfkey,
29732 + "klips_debug:pfkey_list_insert_supported: "
29733 + "NULL supported_list handed in, failed.\n");
29737 + KLIPS_PRINT(debug_pfkey,
29738 + "klips_debug:pfkey_list_insert_supported: "
29739 + "incoming, supported=%p, supported_list=%p\n",
29743 + supported_listp = (struct supported_list *)kmalloc(sizeof(struct supported_list), GFP_KERNEL);
29744 + if(supported_listp == NULL) {
29745 + KLIPS_PRINT(debug_pfkey,
29746 + "klips_debug:pfkey_list_insert_supported: "
29747 + "memory allocation error.\n");
29751 + supported_listp->supportedp = supported;
29752 + supported_listp->next = *supported_list;
29753 + *supported_list = supported_listp;
29754 + KLIPS_PRINT(debug_pfkey,
29755 + "klips_debug:pfkey_list_insert_supported: "
29756 + "outgoing, supported=%p, supported_list=%p\n",
29764 +DEBUG_NO_STATIC void
29765 +pfkey_state_change(struct sock *sk)
29767 + KLIPS_PRINT(debug_pfkey,
29768 + "klips_debug:pfkey_state_change: .\n");
29770 + wake_up_interruptible(sk->sleep);
29773 +#endif /* !NET_21 */
29776 +DEBUG_NO_STATIC void
29777 +pfkey_data_ready(struct sock *sk, int len)
29779 + KLIPS_PRINT(debug_pfkey,
29780 + "klips_debug:pfkey_data_ready: .sk=%p len=%d\n", sk, len);
29782 + wake_up_interruptible(sk->sleep);
29783 + sock_wake_async(sk->socket, 1);
29787 +DEBUG_NO_STATIC void
29788 +pfkey_write_space(struct sock *sk)
29790 + KLIPS_PRINT(debug_pfkey,
29791 + "klips_debug:pfkey_write_space: .\n");
29793 + wake_up_interruptible(sk->sleep);
29794 + sock_wake_async(sk->socket, 2);
29797 +#endif /* !NET_21 */
29799 +DEBUG_NO_STATIC void
29800 +pfkey_insert_socket(struct sock *sk)
29802 + KLIPS_PRINT(debug_pfkey,
29803 + "klips_debug:pfkey_insert_socket: sk=%p\n", sk);
29805 + sk->next=pfkey_sock_list;
29806 + pfkey_sock_list=sk;
29810 +DEBUG_NO_STATIC void
29811 +pfkey_remove_socket(struct sock *sk)
29815 + KLIPS_PRINT(debug_pfkey,
29816 + "klips_debug:pfkey_remove_socket: .\n");
29818 + s=&pfkey_sock_list;
29820 + while(*s!=NULL) {
29825 + KLIPS_PRINT(debug_pfkey,
29826 + "klips_debug:pfkey_remove_socket: succeeded.\n");
29832 + KLIPS_PRINT(debug_pfkey,
29833 + "klips_debug:pfkey_remove_socket: not found.\n");
29837 +DEBUG_NO_STATIC void
29838 +pfkey_destroy_socket(struct sock *sk)
29840 + struct sk_buff *skb;
29842 + KLIPS_PRINT(debug_pfkey,
29843 + "klips_debug:pfkey_destroy_socket: .\n");
29844 + pfkey_remove_socket(sk);
29845 + KLIPS_PRINT(debug_pfkey,
29846 + "klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.\n");
29848 + KLIPS_PRINT(debug_pfkey,
29849 + "klips_debug:pfkey_destroy_socket: "
29850 + "sk(%p)->(&%p)receive_queue.{next=%p,prev=%p}.\n",
29852 + &(sk->receive_queue),
29853 + sk->receive_queue.next,
29854 + sk->receive_queue.prev);
29855 + while(sk && ((skb=skb_dequeue(&(sk->receive_queue)))!=NULL)) {
29857 +#ifdef CONFIG_IPSEC_DEBUG
29858 + if(debug_pfkey && sysctl_ipsec_debug_verbose) {
29859 + KLIPS_PRINT(debug_pfkey,
29860 + "klips_debug:pfkey_destroy_socket: skb=%p dequeued.\n", skb);
29861 + printk(KERN_INFO "klips_debug: pfkey_skb contents:");
29862 + printk(" next:%p", skb->next);
29863 + printk(" prev:%p", skb->prev);
29864 + printk(" list:%p", skb->list);
29865 + printk(" sk:%p", skb->sk);
29866 + printk(" stamp:%ld.%ld", skb->stamp.tv_sec, skb->stamp.tv_usec);
29867 + printk(" dev:%p", skb->dev);
29869 + if(skb->dev->name) {
29870 + printk(" dev->name:%s", skb->dev->name);
29872 + printk(" dev->name:NULL?");
29875 + printk(" dev:NULL");
29877 + printk(" h:%p", skb->h.raw);
29878 + printk(" nh:%p", skb->nh.raw);
29879 + printk(" mac:%p", skb->mac.raw);
29880 + printk(" dst:%p", skb->dst);
29881 + if(sysctl_ipsec_debug_verbose) {
29885 + for(i=0; i<48; i++) {
29886 + printk(":%2x", skb->cb[i]);
29889 + printk(" len:%d", skb->len);
29890 + printk(" csum:%d", skb->csum);
29891 + printk(" used:%d", skb->used);
29892 + printk(" is_clone:%d", skb->is_clone);
29893 + printk(" cloned:%d", skb->cloned);
29894 + printk(" pkt_type:%d", skb->pkt_type);
29895 + printk(" ip_summed:%d", skb->ip_summed);
29896 + printk(" priority:%d", skb->priority);
29897 + printk(" protocol:%d", skb->protocol);
29898 + printk(" security:%d", skb->security);
29899 + printk(" truesize:%d", skb->truesize);
29900 + printk(" head:%p", skb->head);
29901 + printk(" data:%p", skb->data);
29902 + printk(" tail:%p", skb->tail);
29903 + printk(" end:%p", skb->end);
29904 + if(sysctl_ipsec_debug_verbose) {
29907 + for(i=(unsigned int)(skb->head); i<(unsigned int)(skb->end); i++) {
29908 + printk(":%2x", (unsigned char)(*(char*)(i)));
29911 + printk(" destructor:%p", skb->destructor);
29914 +#endif /* CONFIG_IPSEC_DEBUG */
29915 + KLIPS_PRINT(debug_pfkey,
29916 + "klips_debug:pfkey_destroy_socket: skb=%p freed.\n", skb);
29919 +#else /* NET_21 */
29920 + KLIPS_PRINT(debug_pfkey,
29921 + "klips_debug:pfkey_destroy_socket: skb=%p dequeued and freed.\n", skb);
29922 + kfree_skb(skb, FREE_WRITE);
29924 +#endif /* NET_21 */
29930 + KLIPS_PRINT(debug_pfkey,
29931 + "klips_debug:pfkey_destroy_socket: destroyed.\n");
29935 +pfkey_upmsg(struct socket *sock, struct sadb_msg *pfkey_msg)
29938 + struct sk_buff * skb = NULL;
29941 + if(sock == NULL) {
29942 + KLIPS_PRINT(debug_pfkey,
29943 + "klips_debug:pfkey_upmsg: NULL socket passed in.\n");
29947 + if(pfkey_msg == NULL) {
29948 + KLIPS_PRINT(debug_pfkey,
29949 + "klips_debug:pfkey_upmsg: NULL pfkey_msg passed in.\n");
29955 +#else /* NET_21 */
29957 +#endif /* NET_21 */
29960 + KLIPS_PRINT(debug_pfkey,
29961 + "klips_debug:pfkey_upmsg: NULL sock passed in.\n");
29965 + KLIPS_PRINT(debug_pfkey,
29966 + "klips_debug:pfkey_upmsg: allocating %d bytes...\n",
29967 + pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
29968 + if(!(skb = alloc_skb(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, GFP_ATOMIC) )) {
29969 + KLIPS_PRINT(debug_pfkey,
29970 + "klips_debug:pfkey_upmsg: no buffers left to send up a message.\n");
29973 + KLIPS_PRINT(debug_pfkey,
29974 + "klips_debug:pfkey_upmsg: ...allocated at %p.\n", skb);
29978 + if(skb_tailroom(skb) < pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) {
29979 + printk(KERN_WARNING "klips_error:pfkey_upmsg: "
29980 + "tried to skb_put %ld, %d available. "
29981 + "This should never happen, please report.\n",
29982 + (unsigned long int)pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN,
29983 + skb_tailroom(skb));
29986 +#else /* NET_21 */
29987 + kfree_skb(skb, FREE_WRITE);
29988 +#endif /* NET_21 */
29991 + skb->h.raw = skb_put(skb, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
29992 + memcpy(skb->h.raw, pfkey_msg, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
29996 +#endif /* !NET_21 */
29998 + if((error = sock_queue_rcv_skb(sk, skb)) < 0) {
30002 +#else /* NET_21 */
30003 + kfree_skb(skb, FREE_WRITE);
30004 +#endif /* NET_21 */
30005 + KLIPS_PRINT(debug_pfkey,
30006 + "klips_debug:pfkey_upmsg: "
30007 + "error=%d calling sock_queue_rcv_skb with skb=%p.\n",
30014 +DEBUG_NO_STATIC int
30015 +pfkey_create(struct socket *sock, int protocol)
30019 + if(sock == NULL) {
30020 + KLIPS_PRINT(debug_pfkey,
30021 + "klips_debug:pfkey_create: socket NULL.\n");
30025 + KLIPS_PRINT(debug_pfkey,
30026 + "klips_debug:pfkey_create: sock=%p type:%d state:%d flags:%ld protocol:%d\n",
30029 + (unsigned int)(sock->state),
30030 + sock->flags, protocol);
30032 + if(sock->type != SOCK_RAW) {
30033 + KLIPS_PRINT(debug_pfkey,
30034 + "klips_debug:pfkey_create: only SOCK_RAW supported.\n");
30035 + return -ESOCKTNOSUPPORT;
30038 + if(protocol != PF_KEY_V2) {
30039 + KLIPS_PRINT(debug_pfkey,
30040 + "klips_debug:pfkey_create: protocol not PF_KEY_V2.\n");
30041 + return -EPROTONOSUPPORT;
30044 + if((current->uid != 0)) {
30045 + KLIPS_PRINT(debug_pfkey,
30046 + "klips_debug:pfkey_create: must be root to open pfkey sockets.\n");
30051 + sock->state = SS_UNCONNECTED;
30052 +#endif /* NET_21 */
30053 + MOD_INC_USE_COUNT;
30055 + if((sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1)) == NULL)
30056 +#else /* NET_21 */
30057 + if((sk=(struct sock *)sk_alloc(GFP_KERNEL)) == NULL)
30058 +#endif /* NET_21 */
30060 + KLIPS_PRINT(debug_pfkey,
30061 + "klips_debug:pfkey_create: Out of memory trying to allocate.\n");
30062 + MOD_DEC_USE_COUNT;
30067 + memset(sk, 0, sizeof(*sk));
30068 +#endif /* !NET_21 */
30071 + sock_init_data(sock, sk);
30073 + sk->destruct = NULL;
30075 + sock->ops = &SOCKOPS_WRAPPED(pfkey_ops);
30078 + sk->family = PF_KEY;
30079 +/* sk->num = protocol; */
30080 + sk->protocol = protocol;
30081 + key_pid(sk) = current->pid;
30082 + KLIPS_PRINT(debug_pfkey,
30083 + "klips_debug:pfkey_create: sock->fasync_list=%p sk->sleep=%p.\n",
30084 + sock->fasync_list,
30086 +#else /* NET_21 */
30087 + sk->type=sock->type;
30088 + init_timer(&sk->timer);
30089 + skb_queue_head_init(&sk->write_queue);
30090 + skb_queue_head_init(&sk->receive_queue);
30091 + skb_queue_head_init(&sk->back_log);
30092 + sk->rcvbuf=SK_RMEM_MAX;
30093 + sk->sndbuf=SK_WMEM_MAX;
30094 + sk->allocation=GFP_KERNEL;
30095 + sk->state=TCP_CLOSE;
30096 + sk->priority=SOPRI_NORMAL;
30097 + sk->state_change=pfkey_state_change;
30098 + sk->data_ready=pfkey_data_ready;
30099 + sk->write_space=pfkey_write_space;
30100 + sk->error_report=pfkey_state_change;
30103 + sock->data=(void *)sk;
30104 + sk->sleep=sock->wait;
30105 +#endif /* NET_21 */
30107 + pfkey_insert_socket(sk);
30108 + pfkey_list_insert_socket(sock, &pfkey_open_sockets);
30110 + KLIPS_PRINT(debug_pfkey,
30111 + "klips_debug:pfkey_create: Socket sock=%p sk=%p initialised.\n", sock, sk);
30116 +DEBUG_NO_STATIC int
30117 +pfkey_dup(struct socket *newsock, struct socket *oldsock)
30121 + if(newsock==NULL) {
30122 + KLIPS_PRINT(debug_pfkey,
30123 + "klips_debug:pfkey_dup: No new socket attached.\n");
30127 + if(oldsock==NULL) {
30128 + KLIPS_PRINT(debug_pfkey,
30129 + "klips_debug:pfkey_dup: No old socket attached.\n");
30135 +#else /* NET_21 */
30136 + sk=oldsock->data;
30137 +#endif /* NET_21 */
30139 + /* May not have data attached */
30141 + KLIPS_PRINT(debug_pfkey,
30142 + "klips_debug:pfkey_dup: No sock attached to old socket.\n");
30146 + KLIPS_PRINT(debug_pfkey,
30147 + "klips_debug:pfkey_dup: .\n");
30149 + return pfkey_create(newsock, sk->protocol);
30151 +#endif /* !NET_21 */
30153 +DEBUG_NO_STATIC int
30155 +pfkey_release(struct socket *sock)
30157 +pfkey_release(struct socket *sock, struct socket *peersock)
30164 + KLIPS_PRINT(debug_pfkey,
30165 + "klips_debug:pfkey_release: No socket attached.\n");
30166 + return 0; /* -EINVAL; */
30171 +#else /* NET_21 */
30173 +#endif /* NET_21 */
30175 + /* May not have data attached */
30177 + KLIPS_PRINT(debug_pfkey,
30178 + "klips_debug:pfkey_release: No sk attached to sock=%p.\n", sock);
30179 + return 0; /* -EINVAL; */
30182 + KLIPS_PRINT(debug_pfkey,
30183 + "klips_debug:pfkey_release: .sock=%p sk=%p\n", sock, sk);
30187 +#endif /* NET_21 */
30188 + if(sk->state_change) {
30189 + sk->state_change(sk);
30194 +#else /* NET_21 */
30195 + sock->data = NULL;
30196 +#endif /* NET_21 */
30198 + /* Try to flush out this socket. Throw out buffers at least */
30199 + pfkey_destroy_socket(sk);
30200 + pfkey_list_remove_socket(sock, &pfkey_open_sockets);
30201 + for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) {
30202 + pfkey_list_remove_socket(sock, &(pfkey_registered_sockets[i]));
30205 + MOD_DEC_USE_COUNT;
30206 + KLIPS_PRINT(debug_pfkey,
30207 + "klips_debug:pfkey_release: succeeded.\n");
30213 +DEBUG_NO_STATIC int
30214 +pfkey_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
30216 + KLIPS_PRINT(debug_pfkey,
30217 + "klips_debug:pfkey_bind: operation not supported.\n");
30221 +DEBUG_NO_STATIC int
30222 +pfkey_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags)
30224 + KLIPS_PRINT(debug_pfkey,
30225 + "klips_debug:pfkey_connect: operation not supported.\n");
30229 +DEBUG_NO_STATIC int
30230 +pfkey_socketpair(struct socket *a, struct socket *b)
30232 + KLIPS_PRINT(debug_pfkey,
30233 + "klips_debug:pfkey_socketpair: operation not supported.\n");
30237 +DEBUG_NO_STATIC int
30238 +pfkey_accept(struct socket *sock, struct socket *newsock, int flags)
30240 + KLIPS_PRINT(debug_pfkey,
30241 + "klips_debug:pfkey_aaccept: operation not supported.\n");
30245 +DEBUG_NO_STATIC int
30246 +pfkey_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len,
30249 + struct sockaddr *ska = (struct sockaddr*)uaddr;
30251 + KLIPS_PRINT(debug_pfkey,
30252 + "klips_debug:pfkey_getname: .\n");
30253 + ska->sa_family = PF_KEY;
30254 + *uaddr_len = sizeof(*ska);
30258 +DEBUG_NO_STATIC int
30259 +pfkey_select(struct socket *sock, int sel_type, select_table *wait)
30262 + KLIPS_PRINT(debug_pfkey,
30263 + "klips_debug:pfkey_select: .sock=%p sk=%p sel_type=%d\n",
30267 + if(sock == NULL) {
30268 + KLIPS_PRINT(debug_pfkey,
30269 + "klips_debug:pfkey_select: Null socket passed in.\n");
30272 + return datagram_select(sock->data, sel_type, wait);
30275 +DEBUG_NO_STATIC int
30276 +pfkey_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
30278 + KLIPS_PRINT(debug_pfkey,
30279 + "klips_debug:pfkey_ioctl: not supported.\n");
30283 +DEBUG_NO_STATIC int
30284 +pfkey_listen(struct socket *sock, int backlog)
30286 + KLIPS_PRINT(debug_pfkey,
30287 + "klips_debug:pfkey_listen: not supported.\n");
30290 +#endif /* !NET_21 */
30292 +DEBUG_NO_STATIC int
30293 +pfkey_shutdown(struct socket *sock, int mode)
30297 + if(sock == NULL) {
30298 + KLIPS_PRINT(debug_pfkey,
30299 + "klips_debug:pfkey_shutdown: NULL socket passed in.\n");
30305 +#else /* NET_21 */
30307 +#endif /* NET_21 */
30310 + KLIPS_PRINT(debug_pfkey,
30311 + "klips_debug:pfkey_shutdown: No sock attached to socket.\n");
30315 + KLIPS_PRINT(debug_pfkey,
30316 + "klips_debug:pfkey_shutdown: mode=%x.\n", mode);
30319 + if(mode&SEND_SHUTDOWN) {
30320 + sk->shutdown|=SEND_SHUTDOWN;
30321 + sk->state_change(sk);
30324 + if(mode&RCV_SHUTDOWN) {
30325 + sk->shutdown|=RCV_SHUTDOWN;
30326 + sk->state_change(sk);
30332 +DEBUG_NO_STATIC int
30333 +pfkey_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
30338 + if(sock == NULL) {
30339 + KLIPS_PRINT(debug_pfkey,
30340 + "klips_debug:pfkey_setsockopt: Null socket passed in.\n");
30347 + KLIPS_PRINT(debug_pfkey,
30348 + "klips_debug:pfkey_setsockopt: Null sock passed in.\n");
30351 +#endif /* !NET_21 */
30353 + KLIPS_PRINT(debug_pfkey,
30354 + "klips_debug:pfkey_setsockopt: .\n");
30355 + if(level!=SOL_SOCKET) {
30356 + return -EOPNOTSUPP;
30359 + return sock_setsockopt(sock, level, optname, optval, optlen);
30360 +#else /* NET_21 */
30361 + return sock_setsockopt(sk, level, optname, optval, optlen);
30362 +#endif /* NET_21 */
30365 +DEBUG_NO_STATIC int
30366 +pfkey_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
30371 + if(sock == NULL) {
30372 + KLIPS_PRINT(debug_pfkey,
30373 + "klips_debug:pfkey_setsockopt: Null socket passed in.\n");
30380 + KLIPS_PRINT(debug_pfkey,
30381 + "klips_debug:pfkey_setsockopt: Null sock passed in.\n");
30384 +#endif /* !NET_21 */
30386 + KLIPS_PRINT(debug_pfkey,
30387 + "klips_debug:pfkey_getsockopt: .\n");
30388 + if(level!=SOL_SOCKET) {
30389 + return -EOPNOTSUPP;
30392 + return sock_getsockopt(sock, level, optname, optval, optlen);
30393 +#else /* NET_21 */
30394 + return sock_getsockopt(sk, level, optname, optval, optlen);
30395 +#endif /* NET_21 */
30398 +DEBUG_NO_STATIC int
30399 +pfkey_fcntl(struct socket *sock, unsigned int cmd, unsigned long arg)
30401 + KLIPS_PRINT(debug_pfkey,
30402 + "klips_debug:pfkey_fcntl: "
30403 + "not supported.\n");
30406 +#endif /* !NET_21 */
30409 + * Send PF_KEY data down.
30412 +DEBUG_NO_STATIC int
30414 +pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
30415 +#else /* NET_21 */
30416 +pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, int nonblock, int flags)
30417 +#endif /* NET_21 */
30421 + struct sadb_msg *pfkey_msg = NULL, *pfkey_reply = NULL;
30423 + if(sock == NULL) {
30424 + KLIPS_PRINT(debug_pfkey,
30425 + "klips_debug:pfkey_sendmsg: "
30426 + "Null socket passed in.\n");
30432 +#else /* NET_21 */
30434 +#endif /* NET_21 */
30437 + KLIPS_PRINT(debug_pfkey,
30438 + "klips_debug:pfkey_sendmsg: "
30439 + "Null sock passed in.\n");
30443 + if(msg == NULL) {
30444 + KLIPS_PRINT(debug_pfkey,
30445 + "klips_debug:pfkey_sendmsg: "
30446 + "Null msghdr passed in.\n");
30450 + KLIPS_PRINT(debug_pfkey,
30451 + "klips_debug:pfkey_sendmsg: .\n");
30453 + error = sock_error(sk);
30454 + KLIPS_PRINT(debug_pfkey,
30455 + "klips_debug:pfkey_sendmsg: "
30456 + "sk->err is non-zero, returns %d.\n",
30461 + if((current->uid != 0)) {
30462 + KLIPS_PRINT(debug_pfkey,
30463 + "klips_debug:pfkey_sendmsg: "
30464 + "must be root to send messages to pfkey sockets.\n");
30469 + if(msg->msg_control)
30470 +#else /* NET_21 */
30471 + if(flags || msg->msg_control)
30472 +#endif /* NET_21 */
30474 + KLIPS_PRINT(debug_pfkey,
30475 + "klips_debug:pfkey_sendmsg: "
30476 + "can't set flags or set msg_control.\n");
30480 + if(sk->shutdown & SEND_SHUTDOWN) {
30481 + KLIPS_PRINT(debug_pfkey,
30482 + "klips_debug:pfkey_sendmsg: "
30484 + send_sig(SIGPIPE, current, 0);
30488 + if(len < sizeof(struct sadb_msg)) {
30489 + KLIPS_PRINT(debug_pfkey,
30490 + "klips_debug:pfkey_sendmsg: "
30491 + "bogus msg len of %d, too small.\n", len);
30492 + SENDERR(EMSGSIZE);
30495 + if((pfkey_msg = (struct sadb_msg*)kmalloc(len, GFP_KERNEL)) == NULL) {
30496 + KLIPS_PRINT(debug_pfkey,
30497 + "klips_debug:pfkey_sendmsg: "
30498 + "memory allocation error.\n");
30499 + SENDERR(ENOBUFS);
30502 + memcpy_fromiovec((void *)pfkey_msg, msg->msg_iov, len);
30504 + if(pfkey_msg->sadb_msg_version != PF_KEY_V2) {
30505 + KLIPS_PRINT(1 || debug_pfkey,
30506 + "klips_debug:pfkey_sendmsg: "
30507 + "not PF_KEY_V2 msg, found %d, should be %d.\n",
30508 + pfkey_msg->sadb_msg_version,
30510 + kfree((void*)pfkey_msg);
30514 + if(len != pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) {
30515 + KLIPS_PRINT(debug_pfkey,
30516 + "klips_debug:pfkey_sendmsg: "
30517 + "bogus msg len of %d, not %d byte aligned.\n",
30518 + len, IPSEC_PFKEYv2_ALIGN);
30519 + SENDERR(EMSGSIZE);
30523 + if(pfkey_msg->sadb_msg_pid != current->pid) {
30524 + KLIPS_PRINT(debug_pfkey,
30525 + "klips_debug:pfkey_sendmsg: "
30526 + "pid (%d) does not equal sending process pid (%d).\n",
30527 + pfkey_msg->sadb_msg_pid, current->pid);
30531 + if(pfkey_msg->sadb_msg_reserved) {
30532 + KLIPS_PRINT(debug_pfkey,
30533 + "klips_debug:pfkey_sendmsg: "
30534 + "reserved field must be zero, set to %d.\n",
30535 + pfkey_msg->sadb_msg_reserved);
30539 + if((pfkey_msg->sadb_msg_type > SADB_MAX) || (!pfkey_msg->sadb_msg_type)){
30540 + KLIPS_PRINT(debug_pfkey,
30541 + "klips_debug:pfkey_sendmsg: "
30542 + "msg type too large or small:%d.\n",
30543 + pfkey_msg->sadb_msg_type);
30547 + KLIPS_PRINT(debug_pfkey,
30548 + "klips_debug:pfkey_sendmsg: "
30549 + "msg sent for parsing.\n");
30551 + if((error = pfkey_msg_interp(sk, pfkey_msg, &pfkey_reply))) {
30552 + struct socket_list *pfkey_socketsp;
30554 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
30555 + "pfkey_msg_parse returns %d.\n",
30558 + if((pfkey_reply = (struct sadb_msg*)kmalloc(sizeof(struct sadb_msg), GFP_KERNEL)) == NULL) {
30559 + KLIPS_PRINT(debug_pfkey,
30560 + "klips_debug:pfkey_sendmsg: "
30561 + "memory allocation error.\n");
30562 + SENDERR(ENOBUFS);
30564 + memcpy((void*)pfkey_reply, (void*)pfkey_msg, sizeof(struct sadb_msg));
30565 + pfkey_reply->sadb_msg_errno = -error;
30566 + pfkey_reply->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
30568 + for(pfkey_socketsp = pfkey_open_sockets;
30570 + pfkey_socketsp = pfkey_socketsp->next) {
30571 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
30572 + "sending up error=%d message=%p to socket=%p.\n",
30575 + pfkey_socketsp->socketp);
30576 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) {
30577 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
30578 + "sending up error message to socket=%p failed with error=%d.\n",
30579 + pfkey_socketsp->socketp, error);
30580 + pfkey_msg_free(&pfkey_reply);
30583 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
30584 + "sending up error message to socket=%p succeeded.\n",
30585 + pfkey_socketsp->socketp);
30588 + pfkey_msg_free(&pfkey_reply);
30595 + kfree((void*)pfkey_msg);
30606 + * Receive PF_KEY data up.
30609 +DEBUG_NO_STATIC int
30611 +pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags, struct scm_cookie *scm)
30612 +#else /* NET_21 */
30613 +pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int noblock, int flags, int *addr_len)
30614 +#endif /* NET_21 */
30618 + int noblock = flags & MSG_DONTWAIT;
30619 +#endif /* NET_21 */
30620 + struct sk_buff *skb;
30623 + if(sock == NULL) {
30624 + KLIPS_PRINT(debug_pfkey,
30625 + "klips_debug:pfkey_recvmsg: Null socket passed in.\n");
30631 +#else /* NET_21 */
30633 +#endif /* NET_21 */
30636 + KLIPS_PRINT(debug_pfkey,
30637 + "klips_debug:pfkey_recvmsg: Null sock passed in for sock=%p.\n", sock);
30641 + if(msg == NULL) {
30642 + KLIPS_PRINT(debug_pfkey,
30643 + "klips_debug:pfkey_recvmsg: Null msghdr passed in for sock=%p, sk=%p.\n",
30648 + KLIPS_PRINT(debug_pfkey,
30649 + "klips_debug:pfkey_recvmsg: sock=%p sk=%p msg=%p size=%d.\n",
30650 + sock, sk, msg, size);
30651 + if(flags & ~MSG_PEEK) {
30652 + KLIPS_PRINT(debug_pfkey,
30653 + "klips_debug:pfkey_sendmsg: flags (%d) other than MSG_PEEK not supported.\n",
30655 + return -EOPNOTSUPP;
30659 + msg->msg_namelen = 0; /* sizeof(*ska); */
30660 +#else /* NET_21 */
30662 + *addr_len = 0; /* sizeof(*ska); */
30664 +#endif /* NET_21 */
30667 + KLIPS_PRINT(debug_pfkey,
30668 + "klips_debug:pfkey_sendmsg: sk->err=%d.\n", sk->err);
30669 + return sock_error(sk);
30672 + if((skb = skb_recv_datagram(sk, flags, noblock, &error) ) == NULL) {
30676 + if(size > skb->len) {
30680 + else if(size <skb->len) {
30681 + msg->msg_flags |= MSG_TRUNC;
30683 +#endif /* NET_21 */
30685 + skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
30686 + sk->stamp=skb->stamp;
30688 + skb_free_datagram(sk, skb);
30693 +struct net_proto_family pfkey_family_ops = {
30698 +struct proto_ops SOCKOPS_WRAPPED(pfkey_ops) = {
30701 + release: pfkey_release,
30702 + bind: sock_no_bind,
30703 + connect: sock_no_connect,
30704 + socketpair: sock_no_socketpair,
30705 + accept: sock_no_accept,
30706 + getname: sock_no_getname,
30707 + poll: datagram_poll,
30708 + ioctl: sock_no_ioctl,
30709 + listen: sock_no_listen,
30710 + shutdown: pfkey_shutdown,
30711 + setsockopt: sock_no_setsockopt,
30712 + getsockopt: sock_no_getsockopt,
30713 + sendmsg: pfkey_sendmsg,
30714 + recvmsg: pfkey_recvmsg,
30715 + mmap: sock_no_mmap,
30722 + sock_no_socketpair,
30729 + sock_no_setsockopt,
30730 + sock_no_getsockopt,
30738 +#include <linux/smp_lock.h>
30739 +SOCKOPS_WRAP(pfkey, PF_KEY);
30742 +#else /* NET_21 */
30743 +struct proto_ops pfkey_proto_ops = {
30750 + pfkey_socketpair,
30757 + pfkey_setsockopt,
30758 + pfkey_getsockopt,
30763 +#endif /* NET_21 */
30765 +#ifdef CONFIG_PROC_FS
30766 +#ifndef PROC_FS_2325
30768 +#endif /* PROC_FS_2325 */
30770 +pfkey_get_info(char *buffer, char **start, off_t offset, int length
30771 +#ifndef PROC_NO_DUMMY
30773 +#endif /* !PROC_NO_DUMMY */
30779 + struct sock *sk=pfkey_sock_list;
30781 +#ifdef CONFIG_IPSEC_DEBUG
30782 + if(!sysctl_ipsec_debug_verbose) {
30783 +#endif CONFIG_IPSEC_DEBUG
30784 + len+= sprintf(buffer," sock pid socket next prev e n p sndbf Flags Type St\n");
30785 +#ifdef CONFIG_IPSEC_DEBUG
30787 + len+= sprintf(buffer," sock pid d sleep socket next prev e r z n p sndbf stamp Flags Type St\n");
30789 +#endif CONFIG_IPSEC_DEBUG
30791 + while(sk!=NULL) {
30792 +#ifdef CONFIG_IPSEC_DEBUG
30793 + if(!sysctl_ipsec_debug_verbose) {
30794 +#endif CONFIG_IPSEC_DEBUG
30795 + len+=sprintf(buffer+len,"%8p %5d %8p %8p %8p %d %d %d %5d %08lX %8X %2X\n",
30805 + sk->socket->flags,
30806 + sk->socket->type,
30807 + sk->socket->state);
30808 +#ifdef CONFIG_IPSEC_DEBUG
30810 + len+=sprintf(buffer+len,"%8p %5d %d %8p %8p %8p %8p %d %d %d %d %d %5d %d.%06d %08lX %8X %2X\n",
30824 + (unsigned int)sk->stamp.tv_sec,
30825 + (unsigned int)sk->stamp.tv_usec,
30826 + sk->socket->flags,
30827 + sk->socket->type,
30828 + sk->socket->state);
30830 +#endif CONFIG_IPSEC_DEBUG
30838 + if(pos>offset+length)
30842 + *start=buffer+(offset-begin);
30843 + len-=(offset-begin);
30849 +#ifndef PROC_FS_2325
30851 +#endif /* PROC_FS_2325 */
30853 +pfkey_supported_get_info(char *buffer, char **start, off_t offset, int length
30854 +#ifndef PROC_NO_DUMMY
30856 +#endif /* !PROC_NO_DUMMY */
30863 + struct supported_list *pfkey_supported_p;
30865 + len+= sprintf(buffer,"satype exttype alg_id ivlen minbits maxbits\n");
30867 + for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) {
30868 + pfkey_supported_p = pfkey_supported_list[satype];
30869 + while(pfkey_supported_p) {
30870 + len+=sprintf(buffer+len," %2d %2d %2d %3d %3d %3d\n",
30872 + pfkey_supported_p->supportedp->supported_alg_exttype,
30873 + pfkey_supported_p->supportedp->supported_alg_id,
30874 + pfkey_supported_p->supportedp->supported_alg_ivlen,
30875 + pfkey_supported_p->supportedp->supported_alg_minbits,
30876 + pfkey_supported_p->supportedp->supported_alg_maxbits);
30883 + if(pos>offset+length)
30885 + pfkey_supported_p = pfkey_supported_p->next;
30888 + *start=buffer+(offset-begin);
30889 + len-=(offset-begin);
30895 +#ifndef PROC_FS_2325
30897 +#endif /* PROC_FS_2325 */
30899 +pfkey_registered_get_info(char *buffer, char **start, off_t offset, int length
30900 +#ifndef PROC_NO_DUMMY
30902 +#endif /* !PROC_NO_DUMMY */
30909 + struct socket_list *pfkey_sockets;
30911 + len+= sprintf(buffer,"satype socket pid sk\n");
30913 + for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) {
30914 + pfkey_sockets = pfkey_registered_sockets[satype];
30915 + while(pfkey_sockets) {
30917 + len+=sprintf(buffer+len," %2d %8p %5d %8p\n",
30919 + pfkey_sockets->socketp,
30920 + key_pid(pfkey_sockets->socketp->sk),
30921 + pfkey_sockets->socketp->sk);
30922 +#else /* NET_21 */
30923 + len+=sprintf(buffer+len," %2d %8p N/A %8p\n",
30925 + pfkey_sockets->socketp,
30927 + key_pid((pfkey_sockets->socketp)->data),
30929 + (pfkey_sockets->socketp)->data);
30930 +#endif /* NET_21 */
30937 + if(pos>offset+length)
30939 + pfkey_sockets = pfkey_sockets->next;
30942 + *start=buffer+(offset-begin);
30943 + len-=(offset-begin);
30949 +#ifndef PROC_FS_2325
30950 +struct proc_dir_entry proc_net_pfkey =
30954 + S_IFREG | S_IRUGO, 1, 0, 0,
30955 + 0, &proc_net_inode_operations,
30958 +struct proc_dir_entry proc_net_pfkey_supported =
30961 + 16, "pf_key_supported",
30962 + S_IFREG | S_IRUGO, 1, 0, 0,
30963 + 0, &proc_net_inode_operations,
30964 + pfkey_supported_get_info
30966 +struct proc_dir_entry proc_net_pfkey_registered =
30969 + 17, "pf_key_registered",
30970 + S_IFREG | S_IRUGO, 1, 0, 0,
30971 + 0, &proc_net_inode_operations,
30972 + pfkey_registered_get_info
30974 +#endif /* !PROC_FS_2325 */
30975 +#endif /* CONFIG_PROC_FS */
30977 +DEBUG_NO_STATIC int
30978 +supported_add_all(int satype, struct supported supported[], int size)
30983 + KLIPS_PRINT(debug_pfkey,
30984 + "klips_debug:init_pfkey: "
30985 + "sizeof(supported_init_<satype=%d>)[%d]/sizeof(struct supported)[%d]=%d.\n",
30988 + sizeof(struct supported),
30989 + size/sizeof(struct supported));
30991 + for(i = 0; i < size / sizeof(struct supported); i++) {
30993 + KLIPS_PRINT(debug_pfkey,
30994 + "klips_debug:init_pfkey: "
30995 + "i=%d inserting satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n",
30998 + supported[i].supported_alg_exttype,
30999 + supported[i].supported_alg_id,
31000 + supported[i].supported_alg_ivlen,
31001 + supported[i].supported_alg_minbits,
31002 + supported[i].supported_alg_maxbits);
31004 + error |= pfkey_list_insert_supported(&(supported[i]),
31005 + &(pfkey_supported_list[satype]));
31010 +DEBUG_NO_STATIC int
31011 +supported_remove_all(int satype)
31014 + struct supported*supportedp;
31016 + while(pfkey_supported_list[satype]) {
31017 + supportedp = pfkey_supported_list[satype]->supportedp;
31018 + KLIPS_PRINT(debug_pfkey,
31019 + "klips_debug:init_pfkey: "
31020 + "removing satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n",
31022 + supportedp->supported_alg_exttype,
31023 + supportedp->supported_alg_id,
31024 + supportedp->supported_alg_ivlen,
31025 + supportedp->supported_alg_minbits,
31026 + supportedp->supported_alg_maxbits);
31028 + error |= pfkey_list_remove_supported(supportedp,
31029 + &(pfkey_supported_list[satype]));
31040 + static struct supported supported_init_ah[] = {
31041 + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128},
31042 + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160}
31044 + static struct supported supported_init_esp[] = {
31045 + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128},
31046 + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160},
31047 + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_EALG_3DESCBC, 128, 168, 168}
31049 + static struct supported supported_init_ipip[] = {
31050 + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv4, 0, 32, 32}
31051 +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
31052 + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv4, 0, 128, 32}
31053 + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv6, 0, 32, 128}
31054 + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv6, 0, 128, 128}
31057 +#ifdef CONFIG_IPSEC_IPCOMP
31058 + static struct supported supported_init_ipcomp[] = {
31059 + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_CALG_DEFLATE, 0, 1, 1}
31061 +#endif /* CONFIG_IPSEC_IPCOMP */
31063 + printk(KERN_INFO "FreeS/WAN: initialising PF_KEY domain sockets.\n");
31065 + for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) {
31066 + pfkey_registered_sockets[i] = NULL;
31067 + pfkey_supported_list[i] = NULL;
31070 + supported_add_all(SADB_SATYPE_AH, supported_init_ah, sizeof(supported_init_ah));
31071 + supported_add_all(SADB_SATYPE_ESP, supported_init_esp, sizeof(supported_init_esp));
31072 +#ifdef CONFIG_IPSEC_IPCOMP
31073 + supported_add_all(SADB_X_SATYPE_COMP, supported_init_ipcomp, sizeof(supported_init_ipcomp));
31074 +#endif /* CONFIG_IPSEC_IPCOMP */
31075 + supported_add_all(SADB_X_SATYPE_IPIP, supported_init_ipip, sizeof(supported_init_ipip));
31078 + sock_register(&pfkey_family_ops);
31079 +#else /* NET_21 */
31080 + sock_register(pfkey_proto_ops.family, &pfkey_proto_ops);
31081 +#endif /* NET_21 */
31083 +#ifdef CONFIG_PROC_FS
31084 +# ifndef PROC_FS_2325
31085 +# ifdef PROC_FS_21
31086 + proc_register(proc_net, &proc_net_pfkey);
31087 + proc_register(proc_net, &proc_net_pfkey_supported);
31088 + proc_register(proc_net, &proc_net_pfkey_registered);
31089 +# else /* PROC_FS_21 */
31090 + proc_register_dynamic(&proc_net, &proc_net_pfkey);
31091 + proc_register_dynamic(&proc_net, &proc_net_pfkey_supported);
31092 + proc_register_dynamic(&proc_net, &proc_net_pfkey_registered);
31093 +# endif /* PROC_FS_21 */
31094 +# else /* !PROC_FS_2325 */
31095 + proc_net_create ("pf_key", 0, pfkey_get_info);
31096 + proc_net_create ("pf_key_supported", 0, pfkey_supported_get_info);
31097 + proc_net_create ("pf_key_registered", 0, pfkey_registered_get_info);
31098 +# endif /* !PROC_FS_2325 */
31099 +#endif /* CONFIG_PROC_FS */
31105 +pfkey_cleanup(void)
31109 + printk(KERN_INFO "FreeS/WAN: shutting down PF_KEY domain sockets.\n");
31111 + sock_unregister(PF_KEY);
31112 +#else /* NET_21 */
31113 + sock_unregister(pfkey_proto_ops.family);
31114 +#endif /* NET_21 */
31116 + supported_remove_all(SADB_SATYPE_AH);
31117 + supported_remove_all(SADB_SATYPE_ESP);
31118 +#ifdef CONFIG_IPSEC_IPCOMP
31119 + supported_remove_all(SADB_X_SATYPE_COMP);
31120 +#endif /* CONFIG_IPSEC_IPCOMP */
31121 + supported_remove_all(SADB_X_SATYPE_IPIP);
31123 +#ifdef CONFIG_PROC_FS
31124 +# ifndef PROC_FS_2325
31125 + if (proc_net_unregister(proc_net_pfkey.low_ino) != 0)
31126 + printk("klips_debug:pfkey_cleanup: cannot unregister /proc/net/pf_key\n");
31127 + if (proc_net_unregister(proc_net_pfkey_supported.low_ino) != 0)
31128 + printk("klips_debug:pfkey_cleanup: cannot unregister /proc/net/pf_key_supported\n");
31129 + if (proc_net_unregister(proc_net_pfkey_registered.low_ino) != 0)
31130 + printk("klips_debug:pfkey_cleanup: cannot unregister /proc/net/pf_key_registered\n");
31131 +# else /* !PROC_FS_2325 */
31132 + proc_net_remove ("pf_key");
31133 + proc_net_remove ("pf_key_supported");
31134 + proc_net_remove ("pf_key_registered");
31135 +# endif /* !PROC_FS_2325 */
31136 +#endif /* CONFIG_PROC_FS */
31138 + /* other module unloading cleanup happens here */
31152 +cleanup_module(void)
31157 +#else /* MODULE */
31159 +pfkey_proto_init(struct net_proto *pro)
31163 +#endif /* MODULE */
31167 + * Revision 1.49 2000/11/06 04:33:47 rgb
31168 + * Changed non-exported functions to DEBUG_NO_STATIC.
31170 + * Revision 1.48 2000/09/29 19:47:41 rgb
31171 + * Update copyright.
31173 + * Revision 1.47 2000/09/22 04:23:04 rgb
31174 + * Added more debugging to pfkey_upmsg() call from pfkey_sendmsg() error.
31176 + * Revision 1.46 2000/09/21 04:20:44 rgb
31177 + * Fixed array size off-by-one error. (Thanks Svenning!)
31179 + * Revision 1.45 2000/09/20 04:01:26 rgb
31180 + * Changed static functions to DEBUG_NO_STATIC for revealing function names
31183 + * Revision 1.44 2000/09/19 00:33:17 rgb
31186 + * Revision 1.43 2000/09/16 01:28:13 rgb
31187 + * Fixed use of 0 in p format warning.
31189 + * Revision 1.42 2000/09/16 01:09:41 rgb
31190 + * Fixed debug format warning for pointers that was expecting ints.
31192 + * Revision 1.41 2000/09/13 15:54:00 rgb
31193 + * Rewrote pfkey_get_info(), added pfkey_{supported,registered}_get_info().
31194 + * Moved supported algos add and remove to functions.
31196 + * Revision 1.40 2000/09/12 18:49:28 rgb
31197 + * Added IPIP tunnel and IPCOMP register support.
31199 + * Revision 1.39 2000/09/12 03:23:49 rgb
31200 + * Converted #if0 debugs to sysctl.
31201 + * Removed debug_pfkey initialisations that prevented no_debug loading or
31204 + * Revision 1.38 2000/09/09 06:38:02 rgb
31205 + * Return positive errno in pfkey_reply error message.
31207 + * Revision 1.37 2000/09/08 19:19:09 rgb
31208 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
31209 + * Clean-up of long-unused crud...
31210 + * Create pfkey error message on on failure.
31211 + * Give pfkey_list_{insert,remove}_{socket,supported}() some error
31214 + * Revision 1.36 2000/09/01 18:49:38 rgb
31215 + * Reap experimental NET_21_ bits.
31216 + * Turned registered sockets list into an array of one list per satype.
31217 + * Remove references to deprecated sklist_{insert,remove}_socket.
31218 + * Removed leaking socket debugging code.
31219 + * Removed duplicate pfkey_insert_socket in pfkey_create.
31220 + * Removed all references to pfkey msg->msg_name, since it is not used for
31222 + * Added a supported algorithms array lists, one per satype and registered
31223 + * existing algorithms.
31224 + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
31226 + * Only send pfkey_expire() messages to sockets registered for that satype.
31228 + * Revision 1.35 2000/08/24 17:03:00 rgb
31229 + * Corrected message size error return code for PF_KEYv2.
31230 + * Removed downward error prohibition.
31232 + * Revision 1.34 2000/08/21 16:32:26 rgb
31233 + * Re-formatted for cosmetic consistency and readability.
31235 + * Revision 1.33 2000/08/20 21:38:24 rgb
31236 + * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil)
31237 + * Extended the upward message initiation of pfkey_sendmsg(). (Momchil)
31239 + * Revision 1.32 2000/07/28 14:58:31 rgb
31240 + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
31242 + * Revision 1.31 2000/05/16 03:04:00 rgb
31243 + * Updates for 2.3.99pre8 from MB.
31245 + * Revision 1.30 2000/05/10 19:22:21 rgb
31246 + * Use sklist private functions for 2.3.xx compatibility.
31248 + * Revision 1.29 2000/03/22 16:17:03 rgb
31249 + * Fixed SOCKOPS_WRAPPED macro for SMP (MB).
31251 + * Revision 1.28 2000/02/21 19:30:45 rgb
31252 + * Removed references to pkt_bridged for 2.3.47 compatibility.
31254 + * Revision 1.27 2000/02/14 21:07:00 rgb
31255 + * Fixed /proc/net/pf-key legend spacing.
31257 + * Revision 1.26 2000/01/22 03:46:59 rgb
31258 + * Fixed pfkey error return mechanism so that we are able to free the
31259 + * local copy of the pfkey_msg, plugging a memory leak and silencing
31260 + * the bad object free complaints.
31262 + * Revision 1.25 2000/01/21 06:19:44 rgb
31263 + * Moved pfkey_list_remove_socket() calls to before MOD_USE_DEC_COUNT.
31264 + * Added debugging to pfkey_upmsg.
31266 + * Revision 1.24 2000/01/10 16:38:23 rgb
31267 + * MB fixups for 2.3.x.
31269 + * Revision 1.23 1999/12/09 23:22:16 rgb
31270 + * Added more instrumentation for debugging 2.0 socket
31271 + * selection/reading.
31272 + * Removed erroneous 2.0 wait==NULL check bug in select.
31274 + * Revision 1.22 1999/12/08 20:32:16 rgb
31275 + * Tidied up 2.0.xx support, after major pfkey work, eliminating
31276 + * msg->msg_name twiddling in the process, since it is not defined
31279 + * Revision 1.21 1999/12/01 22:17:19 rgb
31280 + * Set skb->dev to zero on new skb in case it is a reused skb.
31281 + * Added check for skb_put overflow and freeing to avoid upmsg on error.
31282 + * Added check for wrong pfkey version and freeing to avoid upmsg on
31284 + * Shut off content dumping in pfkey_destroy.
31285 + * Added debugging message for size of buffer allocated for upmsg.
31287 + * Revision 1.20 1999/11/27 12:11:00 rgb
31288 + * Minor clean-up, enabling quiet operation of pfkey if desired.
31290 + * Revision 1.19 1999/11/25 19:04:21 rgb
31291 + * Update proc_fs code for pfkey to use dynamic registration.
31293 + * Revision 1.18 1999/11/25 09:07:17 rgb
31294 + * Implemented SENDERR macro for propagating error codes.
31295 + * Fixed error return code bug.
31297 + * Revision 1.17 1999/11/23 23:07:20 rgb
31298 + * Change name of pfkey_msg_parser to pfkey_msg_interp since it no longer
31300 + * Sort out pfkey and freeswan headers, putting them in a library path.
31302 + * Revision 1.16 1999/11/20 22:00:22 rgb
31303 + * Moved socketlist type declarations and prototypes for shared use.
31304 + * Renamed reformatted and generically extended for use by other socket
31305 + * lists pfkey_{del,add}_open_socket to pfkey_list_{remove,insert}_socket.
31307 + * Revision 1.15 1999/11/18 04:15:09 rgb
31308 + * Make pfkey_data_ready temporarily available for 2.2.x testing.
31309 + * Clean up pfkey_destroy_socket() debugging statements.
31310 + * Add Peter Onion's code to send messages up to all listening sockets.
31311 + * Changed all occurrences of #include "../../../lib/freeswan.h"
31312 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
31313 + * klips/net/ipsec/Makefile.
31314 + * Replaced all kernel version macros to shorter, readable form.
31315 + * Added CONFIG_PROC_FS compiler directives in case it is shut off.
31317 + * Revision 1.14 1999/11/17 16:01:00 rgb
31318 + * Make pfkey_data_ready temporarily available for 2.2.x testing.
31319 + * Clean up pfkey_destroy_socket() debugging statements.
31320 + * Add Peter Onion's code to send messages up to all listening sockets.
31321 + * Changed #include "../../../lib/freeswan.h" to #include <freeswan.h>
31322 + * which works due to -Ilibfreeswan in the klips/net/ipsec/Makefile.
31324 + * Revision 1.13 1999/10/27 19:59:51 rgb
31325 + * Removed af_unix comments that are no longer relevant.
31326 + * Added debug prink statements.
31327 + * Added to the /proc output in pfkey_get_info.
31328 + * Made most functions non-static to enable oops tracing.
31329 + * Re-enable skb dequeueing and freeing.
31330 + * Fix skb_alloc() and skb_put() size bug in pfkey_upmsg().
31332 + * Revision 1.12 1999/10/26 17:05:42 rgb
31333 + * Complete re-ordering based on proto_ops structure order.
31334 + * Separated out proto_ops structures for 2.0.x and 2.2.x for clarity.
31335 + * Simplification to use built-in socket ops where possible for 2.2.x.
31336 + * Add shorter macros for compiler directives to visually clean-up.
31337 + * Add lots of sk skb dequeueing debugging statements.
31338 + * Added to the /proc output in pfkey_get_info.
31340 + * Revision 1.11 1999/09/30 02:55:10 rgb
31341 + * Bogus skb detection.
31342 + * Fix incorrect /proc/net/ipsec-eroute printk message.
31344 + * Revision 1.10 1999/09/21 15:22:13 rgb
31345 + * Temporary fix while I figure out the right way to destroy sockets.
31347 + * Revision 1.9 1999/07/08 19:19:44 rgb
31348 + * Fix pointer format warning.
31349 + * Fix missing member error under 2.0.xx kernels.
31351 + * Revision 1.8 1999/06/13 07:24:04 rgb
31352 + * Add more debugging.
31354 + * Revision 1.7 1999/06/10 05:24:17 rgb
31355 + * Clarified compiler directives.
31356 + * Renamed variables to reduce confusion.
31357 + * Used sklist_*_socket() kernel functions to simplify 2.2.x socket support.
31358 + * Added lots of sanity checking.
31360 + * Revision 1.6 1999/06/03 18:59:50 rgb
31361 + * More updates to 2.2.x socket support. Almost works, oops at end of call.
31363 + * Revision 1.5 1999/05/25 22:44:05 rgb
31364 + * Start fixing 2.2 sockets.
31366 + * Revision 1.4 1999/04/29 15:21:34 rgb
31367 + * Move log to the end of the file.
31368 + * Eliminate min/max redefinition in #include <net/tcp.h>.
31369 + * Correct path for pfkey #includes
31370 + * Standardise an error return method.
31371 + * Add debugging instrumentation.
31372 + * Move message type checking to pfkey_msg_parse().
31373 + * Add check for errno incorrectly set.
31374 + * Add check for valid PID.
31375 + * Add check for reserved illegally set.
31376 + * Add check for message out of bounds.
31378 + * Revision 1.3 1999/04/15 17:58:07 rgb
31379 + * Add RCSID labels.
31381 + * Revision 1.2 1999/04/15 15:37:26 rgb
31382 + * Forward check changes from POST1_00 branch.
31384 + * Revision 1.1.2.2 1999/04/13 20:37:12 rgb
31385 + * Header Title correction.
31387 + * Revision 1.1.2.1 1999/03/26 20:58:55 rgb
31388 + * Add pfkeyv2 support to KLIPS.
31392 + * PF_KEY_v2 Key Management API
31394 diff -druN linux-noipsec/net/ipsec/pfkey_v2_parser.c linux/net/ipsec/pfkey_v2_parser.c
31395 --- linux-noipsec/net/ipsec/pfkey_v2_parser.c Thu Jan 1 01:00:00 1970
31396 +++ linux/net/ipsec/pfkey_v2_parser.c Thu Nov 30 22:47:51 2000
31399 + * RFC2367 PF_KEYv2 Key management API message parser
31400 + * Copyright (C) 1999 Richard Guy Briggs.
31402 + * This program is free software; you can redistribute it and/or modify it
31403 + * under the terms of the GNU General Public License as published by the
31404 + * Free Software Foundation; either version 2 of the License, or (at your
31405 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
31407 + * This program is distributed in the hope that it will be useful, but
31408 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
31409 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
31410 + * for more details.
31416 + * Template from klips/net/ipsec/ipsec/ipsec_netlink.c.
31419 +char pfkey_v2_parser_c_version[] = "$Id$";
31421 +#include <linux/config.h>
31422 +#include <linux/version.h>
31424 +#include <linux/kernel.h> /* printk() */
31425 +#include <linux/malloc.h> /* kmalloc() */
31426 +#include <linux/errno.h> /* error codes */
31427 +#include <linux/types.h> /* size_t */
31428 +#include <linux/interrupt.h> /* mark_bh */
31430 +#include <linux/netdevice.h> /* struct device, and other headers */
31431 +#include <linux/etherdevice.h> /* eth_type_trans */
31432 +#include <linux/ip.h> /* struct iphdr */
31433 +#include <linux/skbuff.h>
31434 +#include <freeswan.h>
31436 +#ifdef SPINLOCK_23
31437 +#include <linux/spinlock.h> /* *lock* */
31438 +#else /* SPINLOCK_23 */
31439 +#include <asm/spinlock.h> /* *lock* */
31440 +#endif /* SPINLOCK_23 */
31441 +#endif /* SPINLOCK */
31443 +#include <asm/uaccess.h>
31444 +#include <linux/in6.h>
31445 +#define ip_chk_addr inet_addr_type
31446 +#define IS_MYADDR RTN_LOCAL
31448 +#include <asm/checksum.h>
31449 +#include <net/ip.h>
31450 +#ifdef NETLINK_SOCK
31451 +#include <linux/netlink.h>
31453 +#include <net/netlink.h>
31456 +#include <linux/random.h> /* get_random_bytes() */
31458 +#include "radij.h"
31459 +#include "ipsec_encap.h"
31460 +#include "ipsec_radij.h"
31461 +#include "ipsec_netlink.h"
31462 +#include "ipsec_xform.h"
31463 +#include "ipsec_ah.h"
31464 +#include "ipsec_esp.h"
31465 +#include "ipsec_tunnel.h"
31466 +#include "ipsec_rcv.h"
31467 +#include "ipcomp.h"
31469 +#include <pfkeyv2.h>
31470 +#include <pfkey.h>
31473 +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
31476 +#define min(a,b) (((a)<(b))?(a):(b))
31479 +extern int des_set_key(caddr_t, caddr_t);
31482 + struct socket *sk;
31483 + struct sklist_t* next;
31484 +} pfkey_sklist_head, *pfkey_sklist, *pfkey_sklist_prev;
31486 +__u32 pfkey_msg_seq = 0;
31488 +DEBUG_NO_STATIC int
31489 +pfkey_alloc_tdb(struct tdb** tdb)
31493 + KLIPS_PRINT(debug_pfkey,
31494 + "klips_debug:pfkey_alloc_tdb: tdb struct already allocated\n");
31498 + if((*tdb = kmalloc(sizeof(**tdb), GFP_ATOMIC) ) == NULL) {
31499 + KLIPS_PRINT(debug_pfkey,
31500 + "klips_debug:pfkey_alloc_tdb: memory allocation error\n");
31503 + KLIPS_PRINT(debug_pfkey,
31504 + "klips_debug:pfkey_alloc_tdb: "
31505 + "allocated tdb struct=%p.\n", tdb);
31507 + memset((caddr_t)*tdb, 0, sizeof(**tdb));
31512 +DEBUG_NO_STATIC int
31513 +pfkey_alloc_eroute(struct eroute** eroute)
31517 + KLIPS_PRINT(debug_pfkey,
31518 + "klips_debug:pfkey_alloc_eroute: eroute struct already allocated\n");
31522 + if((*eroute = kmalloc(sizeof(**eroute), GFP_ATOMIC) ) == NULL) {
31523 + KLIPS_PRINT(debug_pfkey,
31524 + "klips_debug:pfkey_alloc_eroute: memory allocation error\n");
31527 + KLIPS_PRINT(debug_pfkey,
31528 + "klips_debug:pfkey_alloc_eroute: "
31529 + "allocated eroute struct=%p.\n", eroute);
31530 + memset((caddr_t)*eroute, 0, sizeof(**eroute));
31531 + (*eroute)->er_eaddr.sen_len =
31532 + (*eroute)->er_emask.sen_len = sizeof(struct sockaddr_encap);
31533 + (*eroute)->er_eaddr.sen_family =
31534 + (*eroute)->er_emask.sen_family = AF_ENCAP;
31535 + (*eroute)->er_eaddr.sen_type = SENT_IP4;
31536 + (*eroute)->er_emask.sen_type = 255;
31542 +DEBUG_NO_STATIC int
31543 +pfkey_sa_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
31545 + struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext;
31547 + struct tdb* tdbp;
31549 + KLIPS_PRINT(debug_pfkey,
31550 + "klips_debug:pfkey_sa_process: .\n");
31552 + if(!extr || !extr->tdb) {
31553 + KLIPS_PRINT(debug_pfkey,
31554 + "klips_debug:pfkey_sa_process: "
31555 + "extr or extr->tdb is NULL, fatal\n");
31559 + switch(pfkey_ext->sadb_ext_type) {
31560 + case SADB_EXT_SA:
31561 + tdbp = extr->tdb;
31563 + case SADB_X_EXT_SA2:
31564 + if(pfkey_alloc_tdb(&(extr->tdb2)) == ENOMEM) {
31567 + tdbp = extr->tdb2;
31570 + KLIPS_PRINT(debug_pfkey,
31571 + "klips_debug:pfkey_sa_process: invalid exttype=%d.\n",
31572 + pfkey_ext->sadb_ext_type);
31576 + tdbp->tdb_said.spi = pfkey_sa->sadb_sa_spi;
31577 + tdbp->tdb_replaywin = pfkey_sa->sadb_sa_replay;
31578 + tdbp->tdb_state = pfkey_sa->sadb_sa_state;
31579 + tdbp->tdb_flags = pfkey_sa->sadb_sa_flags;
31580 + tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0;
31582 + switch(tdbp->tdb_said.proto) {
31584 + tdbp->tdb_authalg = pfkey_sa->sadb_sa_auth;
31585 + tdbp->tdb_encalg = SADB_EALG_NONE;
31587 + case IPPROTO_ESP:
31588 + tdbp->tdb_authalg = pfkey_sa->sadb_sa_auth;
31589 + tdbp->tdb_encalg = pfkey_sa->sadb_sa_encrypt;
31591 + case IPPROTO_IPIP:
31592 + tdbp->tdb_authalg = AH_NONE;
31593 + tdbp->tdb_encalg = ESP_NONE;
31595 +#ifdef CONFIG_IPSEC_IPCOMP
31596 + case IPPROTO_COMP:
31597 + tdbp->tdb_authalg = AH_NONE;
31598 + tdbp->tdb_encalg = pfkey_sa->sadb_sa_encrypt;
31600 +#endif /* CONFIG_IPSEC_IPCOMP */
31604 + KLIPS_PRINT(debug_pfkey,
31605 + "klips_debug:pfkey_sa_process: "
31606 + "unknown proto=%d.\n",
31607 + tdbp->tdb_said.proto);
31615 +DEBUG_NO_STATIC int
31616 +pfkey_lifetime_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
31619 + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext;
31621 + KLIPS_PRINT(debug_pfkey,
31622 + "klips_debug:pfkey_lifetime_process: .\n");
31624 + if(!extr || !extr->tdb) {
31625 + KLIPS_PRINT(debug_pfkey,
31626 + "klips_debug:pfkey_lifetime_process: "
31627 + "extr or extr->tdb is NULL, fatal\n");
31631 + switch(pfkey_lifetime->sadb_lifetime_exttype) {
31632 + case SADB_EXT_LIFETIME_CURRENT:
31633 + KLIPS_PRINT(debug_pfkey,
31634 + "klips_debug:pfkey_lifetime_process: "
31635 + "lifetime_current not supported yet.\n");
31638 + case SADB_EXT_LIFETIME_HARD:
31639 + if(pfkey_lifetime->sadb_lifetime_allocations &&
31640 + (!extr->tdb->tdb_lifetime_allocations_h ||
31641 + (pfkey_lifetime->sadb_lifetime_allocations < extr->tdb->tdb_lifetime_allocations_h))) {
31642 + extr->tdb->tdb_lifetime_allocations_h =
31643 + pfkey_lifetime->sadb_lifetime_allocations;
31644 + if(!extr->tdb->tdb_lifetime_allocations_s &&
31645 + (extr->tdb->tdb_lifetime_allocations_h < extr->tdb->tdb_lifetime_allocations_s)) {
31646 + extr->tdb->tdb_lifetime_allocations_s = extr->tdb->tdb_lifetime_allocations_h;
31649 + if(pfkey_lifetime->sadb_lifetime_bytes &&
31650 + (!extr->tdb->tdb_lifetime_bytes_h ||
31651 + (pfkey_lifetime->sadb_lifetime_bytes < extr->tdb->tdb_lifetime_bytes_h))) {
31652 + extr->tdb->tdb_lifetime_bytes_h =
31653 + pfkey_lifetime->sadb_lifetime_bytes;
31654 + if(!extr->tdb->tdb_lifetime_bytes_s &&
31655 + (extr->tdb->tdb_lifetime_bytes_h < extr->tdb->tdb_lifetime_bytes_s)) {
31656 + extr->tdb->tdb_lifetime_bytes_s = extr->tdb->tdb_lifetime_bytes_h;
31659 + if(pfkey_lifetime->sadb_lifetime_addtime &&
31660 + (!extr->tdb->tdb_lifetime_addtime_h ||
31661 + (pfkey_lifetime->sadb_lifetime_addtime < extr->tdb->tdb_lifetime_addtime_h))) {
31662 + extr->tdb->tdb_lifetime_addtime_h =
31663 + pfkey_lifetime->sadb_lifetime_addtime;
31664 + if(extr->tdb->tdb_lifetime_addtime_s &&
31665 + (extr->tdb->tdb_lifetime_addtime_h < extr->tdb->tdb_lifetime_addtime_s)) {
31666 + extr->tdb->tdb_lifetime_addtime_s = extr->tdb->tdb_lifetime_addtime_h;
31669 + if(pfkey_lifetime->sadb_lifetime_usetime &&
31670 + (!extr->tdb->tdb_lifetime_usetime_h ||
31671 + (pfkey_lifetime->sadb_lifetime_usetime < extr->tdb->tdb_lifetime_usetime_h))) {
31672 + extr->tdb->tdb_lifetime_usetime_h =
31673 + pfkey_lifetime->sadb_lifetime_usetime;
31674 + if(extr->tdb->tdb_lifetime_usetime_s &&
31675 + (extr->tdb->tdb_lifetime_usetime_h < extr->tdb->tdb_lifetime_usetime_s)) {
31676 + extr->tdb->tdb_lifetime_usetime_s = extr->tdb->tdb_lifetime_usetime_h;
31680 + case SADB_EXT_LIFETIME_SOFT:
31681 + if(pfkey_lifetime->sadb_lifetime_allocations &&
31682 + (!extr->tdb->tdb_lifetime_allocations_s ||
31683 + (pfkey_lifetime->sadb_lifetime_allocations < extr->tdb->tdb_lifetime_allocations_s))) {
31684 + extr->tdb->tdb_lifetime_allocations_s =
31685 + pfkey_lifetime->sadb_lifetime_allocations;
31686 + if(extr->tdb->tdb_lifetime_allocations_h &&
31687 + (extr->tdb->tdb_lifetime_allocations_h < extr->tdb->tdb_lifetime_allocations_s)) {
31688 + extr->tdb->tdb_lifetime_allocations_s = extr->tdb->tdb_lifetime_allocations_h;
31691 + if(pfkey_lifetime->sadb_lifetime_bytes &&
31692 + (!extr->tdb->tdb_lifetime_bytes_s ||
31693 + (pfkey_lifetime->sadb_lifetime_bytes < extr->tdb->tdb_lifetime_bytes_s))) {
31694 + extr->tdb->tdb_lifetime_bytes_s =
31695 + pfkey_lifetime->sadb_lifetime_bytes;
31696 + if(extr->tdb->tdb_lifetime_bytes_h &&
31697 + (extr->tdb->tdb_lifetime_bytes_h < extr->tdb->tdb_lifetime_bytes_s)) {
31698 + extr->tdb->tdb_lifetime_bytes_s = extr->tdb->tdb_lifetime_bytes_h;
31701 + if(pfkey_lifetime->sadb_lifetime_addtime &&
31702 + (!extr->tdb->tdb_lifetime_addtime_s ||
31703 + (pfkey_lifetime->sadb_lifetime_addtime < extr->tdb->tdb_lifetime_addtime_s))) {
31704 + extr->tdb->tdb_lifetime_addtime_s =
31705 + pfkey_lifetime->sadb_lifetime_addtime;
31706 + if(extr->tdb->tdb_lifetime_addtime_h &&
31707 + (extr->tdb->tdb_lifetime_addtime_h < extr->tdb->tdb_lifetime_addtime_s)) {
31708 + extr->tdb->tdb_lifetime_addtime_s = extr->tdb->tdb_lifetime_addtime_h;
31711 + if(pfkey_lifetime->sadb_lifetime_usetime &&
31712 + (!extr->tdb->tdb_lifetime_usetime_s ||
31713 + (pfkey_lifetime->sadb_lifetime_usetime < extr->tdb->tdb_lifetime_usetime_s))) {
31714 + extr->tdb->tdb_lifetime_usetime_s =
31715 + pfkey_lifetime->sadb_lifetime_usetime;
31716 + if(extr->tdb->tdb_lifetime_usetime_h &&
31717 + (extr->tdb->tdb_lifetime_usetime_h < extr->tdb->tdb_lifetime_usetime_s)) {
31718 + extr->tdb->tdb_lifetime_usetime_s = extr->tdb->tdb_lifetime_usetime_h;
31723 + KLIPS_PRINT(debug_pfkey,
31724 + "klips_debug: pfkey_lifetime_process: invalid exttype=%d.\n",
31725 + pfkey_ext->sadb_ext_type);
31733 +DEBUG_NO_STATIC int
31734 +pfkey_address_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
31737 + int saddr_len = 0;
31738 + char ipaddr_txt[ADDRTOA_BUF];
31739 + unsigned char **sap;
31740 + struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext;
31741 + struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address));
31742 + struct tdb* tdbp;
31744 + KLIPS_PRINT(debug_pfkey,
31745 + "klips_debug:pfkey_address_process:\n");
31747 + if(!extr || !extr->tdb) {
31748 + KLIPS_PRINT(debug_pfkey,
31749 + "klips_debug:pfkey_address_process:\n"
31750 + "extr or extr->tdb is NULL, fatal\n");
31754 + switch(s->sa_family) {
31756 + saddr_len = sizeof(struct sockaddr_in);
31757 + addrtoa(((struct sockaddr_in*)s)->sin_addr, 0, ipaddr_txt, sizeof(ipaddr_txt));
31758 + KLIPS_PRINT(debug_pfkey,
31759 + "klips_debug:pfkey_address_process: found address family=%d, AF_INET, %s.\n",
31760 + s->sa_family, ipaddr_txt);
31762 +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
31764 + saddr_len = sizeof(struct sockaddr_in6);
31766 +#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
31768 + KLIPS_PRINT(debug_pfkey,
31769 + "klips_debug:pfkey_address_process: s->sa_family=%d not supported.\n",
31771 + SENDERR(EPFNOSUPPORT);
31774 + switch(pfkey_address->sadb_address_exttype) {
31775 + case SADB_EXT_ADDRESS_SRC:
31776 + KLIPS_PRINT(debug_pfkey,
31777 + "klips_debug:pfkey_address_process: found src address.\n");
31778 + sap = (unsigned char **)&(extr->tdb->tdb_addr_s);
31779 + extr->tdb->tdb_addr_s_size = saddr_len;
31781 + case SADB_EXT_ADDRESS_DST:
31782 + KLIPS_PRINT(debug_pfkey,
31783 + "klips_debug:pfkey_address_process: found dst address.\n");
31784 + sap = (unsigned char **)&(extr->tdb->tdb_addr_d);
31785 + extr->tdb->tdb_addr_d_size = saddr_len;
31787 + case SADB_EXT_ADDRESS_PROXY:
31788 + KLIPS_PRINT(debug_pfkey,
31789 + "klips_debug:pfkey_address_process: found proxy address.\n");
31790 + sap = (unsigned char **)&(extr->tdb->tdb_addr_p);
31791 + extr->tdb->tdb_addr_p_size = saddr_len;
31793 + case SADB_X_EXT_ADDRESS_DST2:
31794 + KLIPS_PRINT(debug_pfkey,
31795 + "klips_debug:pfkey_address_process: found 2nd dst address.\n");
31796 + if(pfkey_alloc_tdb(&(extr->tdb2)) == ENOMEM) {
31799 + sap = (unsigned char **)&(extr->tdb2->tdb_addr_d);
31800 + extr->tdb2->tdb_addr_d_size = saddr_len;
31802 + case SADB_X_EXT_ADDRESS_SRC_FLOW:
31803 + KLIPS_PRINT(debug_pfkey,
31804 + "klips_debug:pfkey_address_process: found src flow address.\n");
31805 + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
31808 + sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_src);
31810 + case SADB_X_EXT_ADDRESS_DST_FLOW:
31811 + KLIPS_PRINT(debug_pfkey,
31812 + "klips_debug:pfkey_address_process: found dst flow address.\n");
31813 + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
31816 + sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_dst);
31818 + case SADB_X_EXT_ADDRESS_SRC_MASK:
31819 + KLIPS_PRINT(debug_pfkey,
31820 + "klips_debug:pfkey_address_process: found src mask address.\n");
31821 + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
31824 + sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_src);
31826 + case SADB_X_EXT_ADDRESS_DST_MASK:
31827 + KLIPS_PRINT(debug_pfkey,
31828 + "klips_debug:pfkey_address_process: found dst mask address.\n");
31829 + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) {
31832 + sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_dst);
31835 + KLIPS_PRINT(debug_pfkey,
31836 + "klips_debug:pfkey_address_process: unrecognised ext_type=%d.\n",
31837 + pfkey_address->sadb_address_exttype);
31841 + switch(pfkey_address->sadb_address_exttype) {
31842 + case SADB_EXT_ADDRESS_SRC:
31843 + case SADB_EXT_ADDRESS_DST:
31844 + case SADB_EXT_ADDRESS_PROXY:
31845 + case SADB_X_EXT_ADDRESS_DST2:
31846 + if(!(*sap = kmalloc(saddr_len, GFP_KERNEL))) {
31849 + memcpy(*sap, s, saddr_len);
31852 + if(s->sa_family != AF_INET) {
31853 + KLIPS_PRINT(debug_pfkey,
31854 + "klips_debug:pfkey_address_process: s->sa_family=%d not supported.\n",
31856 + SENDERR(EPFNOSUPPORT);
31858 + (unsigned int)(*sap) = ((struct sockaddr_in*)s)->sin_addr.s_addr;
31859 +#ifdef CONFIG_IPSEC_DEBUG
31860 + if(extr->eroute) {
31861 + char buf1[64], buf2[64];
31862 + if (debug_pfkey) {
31863 + subnettoa(extr->eroute->er_eaddr.sen_ip_src,
31864 + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1));
31865 + subnettoa(extr->eroute->er_eaddr.sen_ip_dst,
31866 + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2));
31867 + KLIPS_PRINT(debug_pfkey,
31868 + "klips_debug:pfkey_address_parse: "
31869 + "extr->eroute set to %s->%s\n",
31873 +#endif /* CONFIG_IPSEC_DEBUG */
31876 + tdbp = extr->tdb;
31877 + switch(pfkey_address->sadb_address_exttype) {
31878 + case SADB_X_EXT_ADDRESS_DST2:
31879 + tdbp = extr->tdb2;
31880 + case SADB_EXT_ADDRESS_DST:
31881 + if(s->sa_family == AF_INET) {
31882 + tdbp->tdb_said.dst.s_addr = ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr;
31883 + KLIPS_PRINT(debug_pfkey,
31884 + "klips_debug:pfkey_address_process: tdbp->tdb_said.dst.s_addr=%08x,\n"
31885 + "klips_debug: ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr=%08x,\n",
31886 + tdbp->tdb_said.dst.s_addr,
31887 + ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr
31889 + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr,
31892 + sizeof(ipaddr_txt));
31893 + KLIPS_PRINT(debug_pfkey,
31894 + "klips_debug:pfkey_address_process: tdb_said.dst set to %s.\n",
31897 + KLIPS_PRINT(debug_pfkey,
31898 + "klips_debug:pfkey_address_process: "
31899 + "uh, tdb_said.dst doesn't do address family=%d yet, "
31900 + "said will be invalid.\n",
31906 + /* XXX check if port!=0 */
31908 + KLIPS_PRINT(debug_pfkey,
31909 + "klips_debug:pfkey_address_process: successful.\n");
31914 +DEBUG_NO_STATIC int
31915 +pfkey_key_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
31918 + struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext;
31920 + KLIPS_PRINT(debug_pfkey,
31921 + "klips_debug:pfkey_key_process: .\n");
31923 + if(!extr || !extr->tdb) {
31924 + KLIPS_PRINT(debug_pfkey,
31925 + "klips_debug:pfkey_key_process: "
31926 + "extr or extr->tdb is NULL, fatal\n");
31930 + switch(pfkey_key->sadb_key_exttype) {
31931 + case SADB_EXT_KEY_AUTH:
31932 + extr->tdb->tdb_key_bits_a = pfkey_key->sadb_key_bits;
31933 + if(!(extr->tdb->tdb_key_a = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) {
31934 + KLIPS_PRINT(debug_pfkey,
31935 + "klips_debug:pfkey_key_process: memory allocation error.\n");
31938 + memcpy(extr->tdb->tdb_key_a,
31939 + (char*)pfkey_key + sizeof(struct sadb_key),
31940 + DIVUP(pfkey_key->sadb_key_bits, 8));
31942 + case SADB_EXT_KEY_ENCRYPT: /* Key(s) */
31943 + extr->tdb->tdb_key_bits_e = pfkey_key->sadb_key_bits;
31944 + if(!(extr->tdb->tdb_key_e = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) {
31945 + KLIPS_PRINT(debug_pfkey,
31946 + "klips_debug:pfkey_key_process: memory allocation error.\n");
31949 + memcpy(extr->tdb->tdb_key_e,
31950 + (char*)pfkey_key + sizeof(struct sadb_key),
31951 + DIVUP(pfkey_key->sadb_key_bits, 8));
31957 + KLIPS_PRINT(debug_pfkey,
31958 + "klips_debug:pfkey_key_process: success.\n");
31963 +DEBUG_NO_STATIC int
31964 +pfkey_ident_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
31967 + struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext;
31969 + KLIPS_PRINT(debug_pfkey,
31970 + "klips_debug:pfkey_ident_process: .\n");
31972 + if(!extr || !extr->tdb) {
31973 + KLIPS_PRINT(debug_pfkey,
31974 + "klips_debug:pfkey_ident_process: "
31975 + "extr or extr->tdb is NULL, fatal\n");
31979 + switch(pfkey_ident->sadb_ident_exttype) {
31980 + case SADB_EXT_IDENTITY_SRC:
31981 + extr->tdb->tdb_ident_type_s = pfkey_ident->sadb_ident_type;
31982 + extr->tdb->tdb_ident_id_s = pfkey_ident->sadb_ident_id;
31983 + extr->tdb->tdb_ident_len_s = pfkey_ident->sadb_ident_len -
31984 + (sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN);
31985 + if(extr->tdb->tdb_ident_len_s) {
31986 + if(!(extr->tdb->tdb_ident_data_s
31987 + = kmalloc(pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN,
31991 + memcpy(extr->tdb->tdb_ident_data_s,
31992 + (char*)pfkey_ident + sizeof(struct sadb_ident),
31993 + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN);
31995 + extr->tdb->tdb_ident_data_s = NULL;
31998 + case SADB_EXT_IDENTITY_DST: /* Identity(ies) */
31999 + extr->tdb->tdb_ident_type_d = pfkey_ident->sadb_ident_type;
32000 + extr->tdb->tdb_ident_id_d = pfkey_ident->sadb_ident_id;
32001 + extr->tdb->tdb_ident_len_d = pfkey_ident->sadb_ident_len -
32002 + sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN;
32003 + if(extr->tdb->tdb_ident_len_d) {
32004 + if(!(extr->tdb->tdb_ident_data_d
32005 + = kmalloc(pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN,
32009 + memcpy(extr->tdb->tdb_ident_data_d,
32010 + (char*)pfkey_ident + sizeof(struct sadb_ident),
32011 + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN);
32013 + extr->tdb->tdb_ident_data_d = NULL;
32023 +DEBUG_NO_STATIC int
32024 +pfkey_sens_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
32028 + KLIPS_PRINT(debug_pfkey,
32029 + "klips_debug: pfkey_sens_process: Sorry, I can't process exttype=%d yet.\n",
32030 + pfkey_ext->sadb_ext_type);
32031 + SENDERR(EINVAL); /* don't process these yet */
32036 +DEBUG_NO_STATIC int
32037 +pfkey_prop_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
32041 + KLIPS_PRINT(debug_pfkey,
32042 + "klips_debug: pfkey_prop_process: Sorry, I can't process exttype=%d yet.\n",
32043 + pfkey_ext->sadb_ext_type);
32044 + SENDERR(EINVAL); /* don't process these yet */
32050 +DEBUG_NO_STATIC int
32051 +pfkey_supported_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
32055 + KLIPS_PRINT(debug_pfkey,
32056 + "klips_debug: pfkey_supported_process: Sorry, I can't process exttype=%d yet.\n",
32057 + pfkey_ext->sadb_ext_type);
32058 + SENDERR(EINVAL); /* don't process these yet */
32064 +DEBUG_NO_STATIC int
32065 +pfkey_spirange_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
32069 + KLIPS_PRINT(debug_pfkey,
32070 + "klips_debug: pfkey_spirange_process: .\n");
32075 +DEBUG_NO_STATIC int
32076 +pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
32080 + KLIPS_PRINT(debug_pfkey,
32081 + "klips_debug: pfkey_x_kmprivate_process: Sorry, I can't process exttype=%d yet.\n",
32082 + pfkey_ext->sadb_ext_type);
32083 + SENDERR(EINVAL); /* don't process these yet */
32089 +DEBUG_NO_STATIC int
32090 +pfkey_x_satype_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
32093 + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext;
32095 + KLIPS_PRINT(debug_pfkey,
32096 + "klips_debug: pfkey_x_satype_process: .\n");
32098 + if(!extr || !extr->tdb) {
32099 + KLIPS_PRINT(debug_pfkey,
32100 + "klips_debug: pfkey_x_satype_process: "
32101 + "extr or extr->tdb is NULL, fatal\n");
32105 + if(pfkey_alloc_tdb(&(extr->tdb2)) == ENOMEM) {
32108 + if(!(extr->tdb2->tdb_said.proto = satype2proto(pfkey_x_satype->sadb_x_satype_satype))) {
32109 + KLIPS_PRINT(debug_pfkey,
32110 + "klips_debug: pfkey_x_satype_process: proto lookup from satype=%d failed.\n",
32111 + pfkey_x_satype->sadb_x_satype_satype);
32119 +DEBUG_NO_STATIC int
32120 +pfkey_x_debug_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr)
32123 + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext;
32125 + if(!pfkey_x_debug) {
32126 + printk("klips_debug:pfkey_x_debug_process: null pointer passed in\n");
32130 + KLIPS_PRINT(debug_pfkey,
32131 + "klips_debug:pfkey_x_debug_process: .\n");
32133 +#ifdef CONFIG_IPSEC_DEBUG
32134 + if(pfkey_x_debug->sadb_x_debug_netlink >>
32135 + (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 - 1)) {
32136 + pfkey_x_debug->sadb_x_debug_netlink &=
32137 + ~(1 << (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 -1));
32138 + debug_tunnel |= pfkey_x_debug->sadb_x_debug_tunnel;
32139 + debug_netlink |= pfkey_x_debug->sadb_x_debug_netlink;
32140 + debug_xform |= pfkey_x_debug->sadb_x_debug_xform;
32141 + debug_eroute |= pfkey_x_debug->sadb_x_debug_eroute;
32142 + debug_spi |= pfkey_x_debug->sadb_x_debug_spi;
32143 + debug_radij |= pfkey_x_debug->sadb_x_debug_radij;
32144 + debug_esp |= pfkey_x_debug->sadb_x_debug_esp;
32145 + debug_ah |= pfkey_x_debug->sadb_x_debug_ah;
32146 + debug_rcv |= pfkey_x_debug->sadb_x_debug_rcv;
32147 + debug_pfkey |= pfkey_x_debug->sadb_x_debug_pfkey;
32148 +#ifdef CONFIG_IPSEC_IPCOMP
32149 + sysctl_ipsec_debug_ipcomp |= pfkey_x_debug->sadb_x_debug_ipcomp;
32150 +#endif /* CONFIG_IPSEC_IPCOMP */
32151 + sysctl_ipsec_debug_verbose |= pfkey_x_debug->sadb_x_debug_verbose;
32152 + if(debug_netlink)
32153 + printk("klips_debug:pfkey_x_debug_process: set\n");
32155 + if(debug_netlink)
32156 + printk("klips_debug:pfkey_x_debug_process: unset\n");
32157 + debug_tunnel &= pfkey_x_debug->sadb_x_debug_tunnel;
32158 + debug_netlink &= pfkey_x_debug->sadb_x_debug_netlink;
32159 + debug_xform &= pfkey_x_debug->sadb_x_debug_xform;
32160 + debug_eroute &= pfkey_x_debug->sadb_x_debug_eroute;
32161 + debug_spi &= pfkey_x_debug->sadb_x_debug_spi;
32162 + debug_radij &= pfkey_x_debug->sadb_x_debug_radij;
32163 + debug_esp &= pfkey_x_debug->sadb_x_debug_esp;
32164 + debug_ah &= pfkey_x_debug->sadb_x_debug_ah;
32165 + debug_rcv &= pfkey_x_debug->sadb_x_debug_rcv;
32166 + debug_pfkey &= pfkey_x_debug->sadb_x_debug_pfkey;
32167 +#ifdef CONFIG_IPSEC_IPCOMP
32168 + sysctl_ipsec_debug_ipcomp &= pfkey_x_debug->sadb_x_debug_ipcomp;
32169 +#endif /* CONFIG_IPSEC_IPCOMP */
32170 + sysctl_ipsec_debug_verbose &= pfkey_x_debug->sadb_x_debug_verbose;
32172 +#else /* CONFIG_IPSEC_DEBUG */
32173 + printk("klips_debug:pfkey_x_debug_process: debugging not enabled\n");
32175 +#endif /* CONFIG_IPSEC_DEBUG */
32182 +DEBUG_NO_STATIC int
32183 +pfkey_tdb_init(struct tdb *tdbp, struct sadb_ext **extensions)
32187 + char sa[SATOA_BUF];
32188 + char ipaddr_txt[ADDRTOA_BUF];
32189 + char ipaddr2_txt[ADDRTOA_BUF];
32190 + unsigned char kb[AHMD596_BLKLEN];
32193 + KLIPS_PRINT(debug_pfkey,
32194 + "klips_debug:pfkey_tdb_init: "
32195 + "tdbp is NULL, fatal\n");
32199 + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
32201 + KLIPS_PRINT(debug_pfkey,
32202 + "klips_debug:pfkey_tdb_init: (pfkey defined) called for SA:%s\n", sa);
32204 + KLIPS_PRINT(debug_pfkey,
32205 + "klips_debug:pfkey_tdb_init: calling init routine of %s%s%s\n",
32206 + TDB_XFORM_NAME(tdbp));
32208 + switch(tdbp->tdb_said.proto) {
32210 +#ifdef CONFIG_IPSEC_IPIP
32211 + case IPPROTO_IPIP: {
32212 + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr,
32214 + ipaddr_txt, sizeof(ipaddr_txt));
32215 + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr,
32217 + ipaddr2_txt, sizeof(ipaddr_txt));
32218 + KLIPS_PRINT(debug_pfkey,
32219 + "klips_debug:pfkey_tdb_init: "
32220 + "(pfkey defined) IPIP tdb set for %s->%s.\n",
32225 +#endif /* !CONFIG_IPSEC_IPIP */
32226 +#ifdef CONFIG_IPSEC_AH
32228 + switch(tdbp->tdb_authalg) {
32229 +# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
32231 + unsigned char *akp;
32235 + if(tdbp->tdb_key_bits_a != (AHMD596_KLEN * 8)) {
32236 + KLIPS_PRINT(debug_pfkey,
32237 + "klips_debug:pfkey_tdb_init: incorrect key size: %d bits"
32238 + "-- must be %d bits\n"/*octets (bytes)\n"*/,
32239 + tdbp->tdb_key_bits_a, AHMD596_KLEN * 8);
32243 +# if 0 /* we don't really want to print these unless there are really big problems */
32244 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32245 + "klips_debug:pfkey_tdb_init: hmac md5-96 key is 0x%08lx %08lx %08lx %08lx\n",
32246 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)),
32247 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)),
32248 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)),
32249 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+3)));
32252 + tdbp->tdb_auth_bits = AHMD596_ALEN * 8;
32254 + /* save the pointer to the key material */
32255 + akp = tdbp->tdb_key_a;
32257 + if((tdbp->tdb_key_a = (caddr_t)
32258 + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)),
32259 + GFP_ATOMIC)) == NULL) {
32263 + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) {
32264 + kb[i] = akp[i] ^ HMAC_IPAD;
32266 + for (; i < AHMD596_BLKLEN; i++) {
32267 + kb[i] = HMAC_IPAD;
32270 + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx);
32272 + MD5Update(ictx, kb, AHMD596_BLKLEN);
32274 + for (i = 0; i < AHMD596_BLKLEN; i++) {
32275 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
32278 + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx);
32280 + MD5Update(octx, kb, AHMD596_BLKLEN);
32282 +# if 0 /* we don't really want to print these unless there are really big problems */
32283 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32284 + "klips_debug:pfkey_tdb_init: MD5 ictx=0x%08x %08x %08x %08x"
32285 + " octx=0x%08x %08x %08x %08x\n",
32286 + ((__u32*)ictx)[0],
32287 + ((__u32*)ictx)[1],
32288 + ((__u32*)ictx)[2],
32289 + ((__u32*)ictx)[3],
32290 + ((__u32*)octx)[0],
32291 + ((__u32*)octx)[1],
32292 + ((__u32*)octx)[2],
32293 + ((__u32*)octx)[3] );
32296 + /* zero key buffer -- paranoid */
32297 + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET));
32300 +# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
32301 +# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
32304 + unsigned char *akp;
32308 + if(tdbp->tdb_key_bits_a != (AHSHA196_KLEN * 8)) {
32309 + KLIPS_PRINT(debug_pfkey,
32310 + "klips_debug:pfkey_tdb_init: incorrect key size: %d bits"
32311 + "-- must be %d bits\n"/*octets (bytes)\n"*/,
32312 + tdbp->tdb_key_bits_a, AHSHA196_KLEN * 8);
32316 +# if 0 /* we don't really want to print these unless there are really big problems */
32317 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32318 + "klips_debug:pfkey_tdb_init: hmac sha1-96 key is 0x%08lx %08lx %08lx %08lx\n",
32319 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)),
32320 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)),
32321 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)),
32322 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+3)));
32325 + tdbp->tdb_auth_bits = AHSHA196_ALEN * 8;
32327 + /* save the pointer to the key material */
32328 + akp = tdbp->tdb_key_a;
32330 + if((tdbp->tdb_key_a = (caddr_t)
32331 + kmalloc((tdbp->tdb_key_a_size = sizeof(struct sha1_ctx)),
32332 + GFP_ATOMIC)) == NULL) {
32336 + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) {
32337 + kb[i] = akp[i] ^ HMAC_IPAD;
32339 + for (; i < AHMD596_BLKLEN; i++) {
32340 + kb[i] = HMAC_IPAD;
32343 + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx);
32345 + SHA1Update(ictx, kb, AHSHA196_BLKLEN);
32347 + for (i = 0; i < AHSHA196_BLKLEN; i++) {
32348 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
32351 + octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx);
32353 + SHA1Update(octx, kb, AHSHA196_BLKLEN);
32355 +# if 0 /* we don't really want to print these unless there are really big problems */
32356 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32357 + "klips_debug:pfkey_tdb_init: SHA1 ictx=0x%08x %08x %08x %08x"
32358 + " octx=0x%08x %08x %08x %08x\n",
32359 + ((__u32*)ictx)[0],
32360 + ((__u32*)ictx)[1],
32361 + ((__u32*)ictx)[2],
32362 + ((__u32*)ictx)[3],
32363 + ((__u32*)octx)[0],
32364 + ((__u32*)octx)[1],
32365 + ((__u32*)octx)[2],
32366 + ((__u32*)octx)[3] );
32368 + /* zero key buffer -- paranoid */
32369 + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET));
32372 +# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
32374 + KLIPS_PRINT(debug_pfkey,
32375 + "klips_debug:pfkey_tdb_init: "
32376 + "authalg=%d support not available in the kernel",
32377 + tdbp->tdb_authalg);
32381 +#endif /* CONFIG_IPSEC_AH */
32382 +#ifdef CONFIG_IPSEC_ESP
32383 + case IPPROTO_ESP: {
32384 + unsigned char *akp, *ekp;
32386 + switch(tdbp->tdb_encalg) {
32387 +# ifdef CONFIG_IPSEC_ENC_3DES
32389 +# endif /* CONFIG_IPSEC_ENC_3DES */
32390 +# if defined(CONFIG_IPSEC_ENC_3DES)
32391 + if((tdbp->tdb_iv = (caddr_t)
32392 + kmalloc((tdbp->tdb_iv_size = EMT_ESPDES_IV_SZ), GFP_ATOMIC)) == NULL) {
32395 + get_random_bytes((void *)tdbp->tdb_iv, EMT_ESPDES_IV_SZ);
32396 + tdbp->tdb_iv_bits = tdbp->tdb_iv_size * 8;
32398 +# endif /* defined(CONFIG_IPSEC_ENC_3DES) */
32400 +# ifdef CONFIG_IPSEC_ENC_NULL
32402 +# endif /* CONFIG_IPSEC_ENC_NULL */
32405 + KLIPS_PRINT(debug_pfkey,
32406 + "klips_debug:pfkey_tdb_init: "
32407 + "encalg=%d support not available in the kernel",
32408 + tdbp->tdb_encalg);
32412 + switch(tdbp->tdb_encalg) {
32413 +# ifdef CONFIG_IPSEC_ENC_3DES
32415 + if(tdbp->tdb_key_bits_e != (EMT_ESP3DES_KEY_SZ * 8)) {
32416 + KLIPS_PRINT(debug_pfkey,
32417 + "klips_debug:pfkey_tdb_init: incorrect encryption"
32418 + "key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/,
32419 + tdbp->tdb_key_bits_e, EMT_ESP3DES_KEY_SZ * 8);
32423 + /* save encryption key pointer */
32424 + ekp = tdbp->tdb_key_e;
32426 + if((tdbp->tdb_key_e = (caddr_t)
32427 + kmalloc((tdbp->tdb_key_e_size = 3 * sizeof(struct des_eks)),
32428 + GFP_ATOMIC)) == NULL) {
32432 + for(i = 0; i < 3; i++) {
32433 +# if 0 /* we don't really want to print these unless there are really big problems */
32434 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32435 + "klips_debug:pfkey_tdb_init: 3des key %d/3 is 0x%08lx%08lx\n",
32437 + ntohl(*((__u32 *)tdbp->tdb_key_e + i * 2)),
32438 + ntohl(*((__u32 *)tdbp->tdb_key_e + i * 2 + 1)));
32440 + error = des_set_key((caddr_t)ekp + EMT_ESPDES_KEY_SZ * i,
32441 + (caddr_t)&((struct des_eks*)(tdbp->tdb_key_e))[i]);
32443 + printk("klips_debug:pfkey_tdb_init: parity error in des key %d/3\n", i + 1);
32444 + else if (error == -2)
32445 + printk("klips_debug:pfkey_tdb_init: illegal weak des key %d/3\n", i + 1);
32447 + memset(tdbp->tdb_key_e, 0, 3 * sizeof(struct des_eks));
32448 + kfree(tdbp->tdb_key_e);
32449 + memset(ekp, 0, DIVUP(tdbp->tdb_key_bits_e, BITS_PER_OCTET));
32455 + memset(ekp, 0, DIVUP(tdbp->tdb_key_bits_e, BITS_PER_OCTET));
32458 +# endif /* CONFIG_IPSEC_ENC_3DES */
32459 +# ifdef CONFIG_IPSEC_ENC_NULL
32461 +# endif /* CONFIG_IPSEC_ENC_NULL */
32465 + KLIPS_PRINT(debug_pfkey,
32466 + "klips_debug:pfkey_tdb_init: "
32467 + "encalg=%d support not available in the kernel",
32468 + tdbp->tdb_encalg);
32472 + switch(tdbp->tdb_authalg) {
32473 +# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
32478 + if(tdbp->tdb_key_bits_a != (AHMD596_KLEN * 8)) {
32479 + KLIPS_PRINT(debug_pfkey,
32480 + "klips_debug:pfkey_tdb_init: incorrect authorisation"
32481 + " key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/,
32482 + tdbp->tdb_key_bits_a, AHMD596_KLEN * 8);
32486 +# if 0 /* we don't really want to print these unless there are really big problems */
32487 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32488 + "klips_debug:pfkey_tdb_init: hmac md5-96 key is 0x%08lx %08lx %08lx %08lx\n",
32489 + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+0)),
32490 + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+1)),
32491 + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+2)),
32492 + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+3)));
32494 + tdbp->tdb_auth_bits = AHMD596_ALEN * 8;
32496 + /* save the pointer to the key material */
32497 + akp = tdbp->tdb_key_a;
32499 + if((tdbp->tdb_key_a = (caddr_t)
32500 + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)),
32501 + GFP_ATOMIC)) == NULL) {
32505 + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) {
32506 + kb[i] = akp[i] ^ HMAC_IPAD;
32508 + for (; i < AHMD596_BLKLEN; i++) {
32509 + kb[i] = HMAC_IPAD;
32512 + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx);
32514 + MD5Update(ictx, kb, AHMD596_BLKLEN);
32516 + for (i = 0; i < AHMD596_BLKLEN; i++) {
32517 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
32520 + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx);
32522 + MD5Update(octx, kb, AHMD596_BLKLEN);
32524 +# if 0 /* we don't really want to print these unless there are really big problems */
32525 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32526 + "klips_debug:pfkey_tdb_init: MD5 ictx=0x%08x %08x %08x %08x"
32527 + " octx=0x%08x %08x %08x %08x\n",
32528 + ((__u32*)ictx)[0],
32529 + ((__u32*)ictx)[1],
32530 + ((__u32*)ictx)[2],
32531 + ((__u32*)ictx)[3],
32532 + ((__u32*)octx)[0],
32533 + ((__u32*)octx)[1],
32534 + ((__u32*)octx)[2],
32535 + ((__u32*)octx)[3] );
32538 + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET));
32541 +# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
32542 +# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
32547 + if(tdbp->tdb_key_bits_a != (AHSHA196_KLEN * 8)) {
32548 + KLIPS_PRINT(debug_pfkey,
32549 + "klips_debug:pfkey_tdb_init: incorrect authorisation"
32550 + " key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/,
32551 + tdbp->tdb_key_bits_a, AHSHA196_KLEN * 8);
32555 +# if 0 /* we don't really want to print these unless there are really big problems */
32556 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32557 + "klips_debug:pfkey_tdb_init: hmac sha1-96 key is 0x%08lx %08lx %08lx %08lx\n",
32558 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)),
32559 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)),
32560 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)),
32561 + ntohl(*(((__u32 *)tdbp->tdb_key_a)+3)));
32563 + tdbp->tdb_auth_bits = AHSHA196_ALEN * 8;
32565 + /* save the pointer to the key material */
32566 + akp = tdbp->tdb_key_a;
32568 + if((tdbp->tdb_key_a = (caddr_t)
32569 + kmalloc((tdbp->tdb_key_a_size = sizeof(struct sha1_ctx)),
32570 + GFP_ATOMIC)) == NULL) {
32574 + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) {
32575 + kb[i] = akp[i] ^ HMAC_IPAD;
32577 + for (; i < AHMD596_BLKLEN; i++) {
32578 + kb[i] = HMAC_IPAD;
32581 + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx);
32583 + SHA1Update(ictx, kb, AHSHA196_BLKLEN);
32585 + for (i = 0; i < AHSHA196_BLKLEN; i++) {
32586 + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD);
32589 + octx = &((struct sha1_ctx*)(tdbp->tdb_key_a))->octx;
32591 + SHA1Update(octx, kb, AHSHA196_BLKLEN);
32593 +# if 0 /* we don't really want to print these unless there are really big problems */
32594 + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
32595 + "klips_debug:pfkey_tdb_init: SHA1 ictx=0x%08x %08x %08x %08x"
32596 + " octx=0x%08x %08x %08x %08x\n",
32597 + ((__u32*)ictx)[0],
32598 + ((__u32*)ictx)[1],
32599 + ((__u32*)ictx)[2],
32600 + ((__u32*)ictx)[3],
32601 + ((__u32*)octx)[0],
32602 + ((__u32*)octx)[1],
32603 + ((__u32*)octx)[2],
32604 + ((__u32*)octx)[3] );
32606 + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET));
32609 +# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
32613 + KLIPS_PRINT(debug_pfkey,
32614 + "klips_debug:pfkey_tdb_init: "
32615 + "authalg=%d support not available in the kernel.\n",
32616 + tdbp->tdb_authalg);
32621 +#endif /* !CONFIG_IPSEC_ESP */
32622 +#ifdef CONFIG_IPSEC_IPCOMP
32623 + case IPPROTO_COMP:
32624 + tdbp->tdb_comp_adapt_tries = 0;
32625 + tdbp->tdb_comp_adapt_skip = 0;
32626 + tdbp->tdb_comp_ratio_cbytes = 0;
32627 + tdbp->tdb_comp_ratio_dbytes = 0;
32629 +#endif /* CONFIG_IPSEC_IPCOMP */
32631 + KLIPS_PRINT(debug_pfkey,
32632 + "klips_debug:pfkey_tdb_init: "
32633 + "proto=%d unknown.\n",
32634 + tdbp->tdb_said.proto);
32644 +pfkey_safe_build(int error, struct sadb_ext *extensions[SADB_MAX+1])
32646 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build: error=%d\n", error);
32648 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:"
32652 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:"
32653 + "caught error %d\n", error);
32654 + pfkey_extensions_free(extensions);
32660 +DEBUG_NO_STATIC int
32661 +pfkey_getspi_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
32664 + ipsec_spi_t minspi = htonl(256), maxspi = htonl(-1L);
32665 + int found_avail = 0;
32666 + struct tdb *tdbq;
32667 + char sa[SATOA_BUF];
32668 + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1];
32669 + struct sadb_msg *pfkey_reply = NULL;
32670 + struct socket_list *pfkey_socketsp;
32671 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
32673 + KLIPS_PRINT(debug_pfkey,
32674 + "klips_debug:pfkey_getspi_parse: .\n");
32676 + pfkey_extensions_init(extensions_reply);
32678 + if(!extr || !extr->tdb) {
32679 + KLIPS_PRINT(debug_pfkey,
32680 + "klips_debug:pfkey_getspi_parse: error, extr or extr->tdb pointer NULL\n");
32684 + if(extensions[SADB_EXT_SPIRANGE]) {
32685 + minspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_min;
32686 + maxspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_max;
32689 + if(maxspi == minspi) {
32690 + extr->tdb->tdb_said.spi = maxspi;
32691 + if((tdbq = gettdb(&(extr->tdb->tdb_said)))) {
32692 + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF);
32693 + KLIPS_PRINT(debug_pfkey,
32694 + "klips_debug: pfkey_getspi_parse: EMT_GETSPI found an old Tunnel Descriptor Block\n"
32695 + "klips_debug: for SA: %s, delete it first.\n", sa);
32704 + while( ( i < (spi_diff = (ntohl(maxspi) - ntohl(minspi)))) && !found_avail ) {
32705 + get_random_bytes((void*) &(rand_val),
32706 + /* sizeof(extr->tdb->tdb_said.spi) */
32707 + ( (spi_diff < (2^8)) ? 1 :
32708 + ( (spi_diff < (2^16)) ? 2 :
32709 + ( (spi_diff < (2^24)) ? 3 :
32711 + extr->tdb->tdb_said.spi = htonl(ntohl(minspi) +
32713 + (spi_diff + 1)));
32715 + tdbq = gettdb(&(extr->tdb->tdb_said));
32722 + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF);
32724 + if (!found_avail) {
32725 + KLIPS_PRINT(debug_pfkey,
32726 + "klips_debug: pfkey_getspi_parse: found an old Tunnel Descriptor Block\n"
32727 + "klips_debug: for SA: %s, delete it first.\n", sa);
32731 + if(ip_chk_addr((unsigned long)extr->tdb->tdb_said.dst.s_addr) == IS_MYADDR) {
32732 + extr->tdb->tdb_flags |= EMT_INBOUND;
32735 + KLIPS_PRINT(debug_pfkey,
32736 + "klips_debug: pfkey_getspi_parse: existing Tunnel Descriptor Block not found (this\n"
32737 + "klips_debug: is good) for SA: %s, %s-bound, allocating.\n",
32738 + sa, extr->tdb->tdb_flags & EMT_INBOUND ? "in" : "out");
32740 + /* XXX extr->tdb->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/
32741 + extr->tdb->tdb_rcvif = NULL;
32742 + extr->tdb->tdb_lifetime_addtime_c = jiffies/HZ;
32744 + extr->tdb->tdb_state = SADB_SASTATE_LARVAL;
32746 + if(!extr->tdb->tdb_lifetime_allocations_c) {
32747 + extr->tdb->tdb_lifetime_allocations_c += 1;
32750 + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0],
32754 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq,
32755 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid),
32756 + extensions_reply) &&
32757 + pfkey_safe_build(pfkey_sa_build(&extensions_reply[SADB_EXT_SA],
32759 + extr->tdb->tdb_said.spi,
32761 + SADB_SASTATE_LARVAL,
32765 + extensions_reply) &&
32766 + pfkey_safe_build(pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC],
32767 + SADB_EXT_ADDRESS_SRC,
32768 + 0, /*extr->tdb->tdb_said.proto,*/
32770 + extr->tdb->tdb_addr_s),
32771 + extensions_reply) &&
32772 + pfkey_safe_build(pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST],
32773 + SADB_EXT_ADDRESS_DST,
32774 + 0, /*extr->tdb->tdb_said.proto,*/
32776 + extr->tdb->tdb_addr_d),
32777 + extensions_reply) )) {
32778 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: "
32779 + "failed to build the getspi reply message extensions\n");
32783 + if((error = puttdb(extr->tdb))) {
32784 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: "
32785 + "failed to add the larval SA with error=%d.\n",
32790 + KLIPS_PRINT(debug_pfkey,
32791 + "klips_debug:pfkey_getspi_parse: successful for SA: %s\n", sa);
32793 + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) {
32794 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: "
32795 + "failed to build the getspi reply message\n");
32798 + for(pfkey_socketsp = pfkey_open_sockets;
32800 + pfkey_socketsp = pfkey_socketsp->next) {
32801 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) {
32802 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: "
32803 + "sending up getspi reply message for satype=%d to socket=%p failed with error=%d.\n",
32804 + satype, pfkey_socketsp->socketp, error);
32807 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: "
32808 + "sending up getspi reply message for satype=%d to socket=%p succeeded.\n",
32809 + satype, pfkey_socketsp->socketp);
32813 + if (pfkey_reply) {
32814 + pfkey_msg_free(&pfkey_reply);
32816 + pfkey_extensions_free(extensions_reply);
32820 +DEBUG_NO_STATIC int
32821 +pfkey_update_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
32824 + struct tdb* tdbq;
32825 + char sa[SATOA_BUF];
32826 + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1];
32827 + struct sadb_msg *pfkey_reply = NULL;
32828 + struct socket_list *pfkey_socketsp;
32829 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
32831 + KLIPS_PRINT(debug_pfkey,
32832 + "klips_debug:pfkey_update_parse: .\n");
32834 + pfkey_extensions_init(extensions_reply);
32836 + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) {
32837 + KLIPS_PRINT(debug_pfkey,
32838 + "klips_debug:pfkey_update_parse: "
32839 + "error, sa_state=%d must be MATURE=%d\n",
32840 + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state,
32841 + SADB_SASTATE_MATURE);
32845 + if(!extr || !extr->tdb) {
32846 + KLIPS_PRINT(debug_pfkey,
32847 + "klips_debug:pfkey_update_parse: error, extr or extr->tdb pointer NULL\n");
32851 + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF);
32853 + spin_lock_bh(&tdb_lock);
32855 + tdbq = gettdb(&(extr->tdb->tdb_said));
32857 + spin_unlock_bh(&tdb_lock);
32858 + KLIPS_PRINT(debug_pfkey,
32859 + "klips_debug: pfkey_update_parse: reserved Tunnel Descriptor Block\n"
32860 + "klips_debug: for SA: %s not found. Call SADB_GETSPI first or call SADB_ADD instead.\n", sa);
32864 + if(ip_chk_addr((unsigned long)extr->tdb->tdb_said.dst.s_addr) == IS_MYADDR) {
32865 + extr->tdb->tdb_flags |= EMT_INBOUND;
32868 + KLIPS_PRINT(debug_pfkey,
32869 + "klips_debug: pfkey_update_parse: existing Tunnel Descriptor Block found (this\n"
32870 + "klips_debug: is good) for SA: %s, %s-bound, updating.\n",
32871 + sa, extr->tdb->tdb_flags & EMT_INBOUND ? "in" : "out");
32873 + /* XXX extr->tdb->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/
32874 + extr->tdb->tdb_rcvif = NULL;
32875 + if ((error = pfkey_tdb_init(extr->tdb, extensions))) {
32876 + spin_unlock_bh(&tdb_lock);
32877 + KLIPS_PRINT(debug_pfkey,
32878 + "klips_debug:pfkey_update_parse: "
32879 + "not successful for SA: %s, deleting.\n", sa);
32880 + ipsec_tdbwipe(extr->tdb);
32884 + extr->tdb->tdb_lifetime_addtime_c = tdbq->tdb_lifetime_addtime_c;
32885 + if((error = deltdbchain(tdbq))) {
32886 + spin_unlock_bh(&tdb_lock);
32887 + KLIPS_PRINT(debug_pfkey,
32888 + "klips_debug:pfkey_update_parse: "
32889 + "error=%d, trouble deleting intermediate tdb for SA=%s.\n",
32894 + spin_unlock_bh(&tdb_lock);
32896 + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0],
32900 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq,
32901 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid),
32902 + extensions_reply)
32903 + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA],
32905 + extr->tdb->tdb_said.spi,
32906 + extr->tdb->tdb_replaywin,
32907 + extr->tdb->tdb_state,
32908 + extr->tdb->tdb_authalg,
32909 + extr->tdb->tdb_encalg,
32910 + extr->tdb->tdb_flags),
32911 + extensions_reply)
32912 + /* FIXME: The 3 lifetime extentions should only be sent if
32914 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT],
32915 + SADB_EXT_LIFETIME_CURRENT,
32916 + extr->tdb->tdb_lifetime_allocations_c,
32917 + extr->tdb->tdb_lifetime_bytes_c,
32918 + extr->tdb->tdb_lifetime_addtime_c,
32919 + extr->tdb->tdb_lifetime_usetime_c),
32921 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD],
32922 + SADB_EXT_LIFETIME_HARD,
32923 + extr->tdb->tdb_lifetime_allocations_h,
32924 + extr->tdb->tdb_lifetime_bytes_h,
32925 + extr->tdb->tdb_lifetime_addtime_h,
32926 + extr->tdb->tdb_lifetime_usetime_h),
32928 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC],
32929 + SADB_EXT_ADDRESS_SRC,
32930 + 0, /*extr->tdb->tdb_said.proto,*/
32932 + extr->tdb->tdb_addr_s),
32933 + extensions_reply)
32934 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST],
32935 + SADB_EXT_ADDRESS_DST,
32936 + 0, /*extr->tdb->tdb_said.proto,*/
32938 + extr->tdb->tdb_addr_d),
32939 + extensions_reply)
32941 + /* FIXME: This won't work yet because I have not finished
32943 + && extr->tdb->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC],
32944 + SADB_EXT_IDENTITY_SRC,
32945 + SADB_IDENTTYPE_PREFIX,
32947 + extr->tdb->tdb_ident_data_s),
32948 + extensions_reply) : 1
32949 + /* FIXME: This won't work yet because I have not finished
32951 + && extr->tdb->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST],
32952 + SADB_EXT_IDENTITY_DST,
32953 + SADB_IDENTTYPE_PREFIX,
32955 + extr->tdb->tdb_ident_data_d),
32956 + extensions_reply) : 1
32957 + /* FIXME: This won't work yet because I have not finished
32959 + && extr->tdb->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY],
32960 + extr->tdb->tdb_sens_dpd,
32961 + extr->tdb->tdb_sens_sens_level,
32962 + extr->tdb->tdb_sens_sens_len,
32963 + extr->tdb->tdb_sens_sens_bitmap,
32964 + extr->tdb->tdb_sens_integ_level,
32965 + extr->tdb->tdb_sens_integ_len,
32966 + extr->tdb->tdb_sens_integ_bitmap),
32967 + extensions_reply) : 1
32970 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: "
32971 + "failed to build the update reply message extensions\n");
32975 + if((error = puttdb(extr->tdb))) {
32976 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: "
32977 + "failed to add the mature SA with error=%d.\n",
32982 + KLIPS_PRINT(debug_pfkey,
32983 + "klips_debug:pfkey_update_parse: successful for SA: %s\n", sa);
32985 + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) {
32986 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: "
32987 + "failed to build the update reply message\n");
32990 + for(pfkey_socketsp = pfkey_open_sockets;
32992 + pfkey_socketsp = pfkey_socketsp->next) {
32993 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) {
32994 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: "
32995 + "sending up update reply message for satype=%d to socket=%p failed with error=%d.\n",
32996 + satype, pfkey_socketsp->socketp, error);
32999 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: "
33000 + "sending up update reply message for satype=%d to socket=%p succeeded.\n",
33001 + satype, pfkey_socketsp->socketp);
33005 + if (pfkey_reply) {
33006 + pfkey_msg_free(&pfkey_reply);
33008 + pfkey_extensions_free(extensions_reply);
33012 +DEBUG_NO_STATIC int
33013 +pfkey_add_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33016 + struct tdb* tdbq;
33017 + char sa[SATOA_BUF];
33018 + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1];
33019 + struct sadb_msg *pfkey_reply = NULL;
33020 + struct socket_list *pfkey_socketsp;
33021 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
33023 + KLIPS_PRINT(debug_pfkey,
33024 + "klips_debug:pfkey_add_parse: parsing add message\n");
33026 + pfkey_extensions_init(extensions_reply);
33028 + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) {
33029 + KLIPS_PRINT(debug_pfkey,
33030 + "klips_debug:pfkey_add_parse: "
33031 + "error, sa_state=%d must be MATURE=%d\n",
33032 + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state,
33033 + SADB_SASTATE_MATURE);
33037 + if(!extr || !extr->tdb) {
33038 + KLIPS_PRINT(debug_pfkey,
33039 + "klips_debug:pfkey_add_parse: extr or extr->tdb pointer NULL\n");
33043 + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF);
33045 + tdbq = gettdb(&(extr->tdb->tdb_said));
33047 + KLIPS_PRINT(debug_pfkey,
33048 + "klips_debug:pfkey_add_parse: found an old Tunnel Descriptor Block\n"
33049 + "klips_debug: for SA: %s, delete it first.\n", sa);
33053 + if(ip_chk_addr((unsigned long)extr->tdb->tdb_said.dst.s_addr) == IS_MYADDR) {
33054 + extr->tdb->tdb_flags |= EMT_INBOUND;
33057 + KLIPS_PRINT(debug_pfkey,
33058 + "klips_debug:pfkey_add_parse: existing Tunnel Descriptor Block not found (this\n"
33059 + "klips_debug: is good) for SA: %s, %s-bound, allocating.\n",
33060 + sa, extr->tdb->tdb_flags & EMT_INBOUND ? "in" : "out");
33062 + /* XXX extr->tdb->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/
33063 + extr->tdb->tdb_rcvif = NULL;
33065 + if ((error = pfkey_tdb_init(extr->tdb, extensions))) {
33066 + KLIPS_PRINT(debug_pfkey,
33067 + "klips_debug:pfkey_add_parse: not successful for SA: %s, deleting.\n", sa);
33068 + ipsec_tdbwipe(extr->tdb);
33072 + extr->tdb->tdb_lifetime_addtime_c = jiffies / HZ;
33073 + if(!extr->tdb->tdb_lifetime_allocations_c) {
33074 + extr->tdb->tdb_lifetime_allocations_c += 1;
33077 + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0],
33081 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq,
33082 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid),
33083 + extensions_reply)
33084 + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA],
33086 + extr->tdb->tdb_said.spi,
33087 + extr->tdb->tdb_replaywin,
33088 + extr->tdb->tdb_state,
33089 + extr->tdb->tdb_authalg,
33090 + extr->tdb->tdb_encalg,
33091 + extr->tdb->tdb_flags),
33092 + extensions_reply)
33093 + /* FIXME: The 3 lifetime extentions should only be sent if
33095 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT],
33096 + SADB_EXT_LIFETIME_CURRENT,
33097 + extr->tdb->tdb_lifetime_allocations_c,
33098 + extr->tdb->tdb_lifetime_bytes_c,
33099 + extr->tdb->tdb_lifetime_addtime_c,
33100 + extr->tdb->tdb_lifetime_usetime_c),
33102 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD],
33103 + SADB_EXT_LIFETIME_HARD,
33104 + extr->tdb->tdb_lifetime_allocations_h,
33105 + extr->tdb->tdb_lifetime_bytes_h,
33106 + extr->tdb->tdb_lifetime_addtime_h,
33107 + extr->tdb->tdb_lifetime_usetime_h),
33109 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC],
33110 + SADB_EXT_ADDRESS_SRC,
33111 + 0, /*extr->tdb->tdb_said.proto,*/
33113 + extr->tdb->tdb_addr_s),
33114 + extensions_reply)
33115 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST],
33116 + SADB_EXT_ADDRESS_DST,
33117 + 0, /*extr->tdb->tdb_said.proto,*/
33119 + extr->tdb->tdb_addr_d),
33120 + extensions_reply)
33122 + /* FIXME: This won't work yet because I have not finished
33124 + && extr->tdb->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC],
33125 + SADB_EXT_IDENTITY_SRC,
33126 + SADB_IDENTTYPE_PREFIX,
33128 + extr->tdb->tdb_ident_data_s),
33129 + extensions_reply) : 1
33130 + /* FIXME: This won't work yet because I have not finished
33132 + && extr->tdb->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST],
33133 + SADB_EXT_IDENTITY_DST,
33134 + SADB_IDENTTYPE_PREFIX,
33136 + extr->tdb->tdb_ident_data_d),
33137 + extensions_reply) : 1
33138 + /* FIXME: This won't work yet because I have not finished
33140 + && extr->tdb->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY],
33141 + extr->tdb->tdb_sens_dpd,
33142 + extr->tdb->tdb_sens_sens_level,
33143 + extr->tdb->tdb_sens_sens_len,
33144 + extr->tdb->tdb_sens_sens_bitmap,
33145 + extr->tdb->tdb_sens_integ_level,
33146 + extr->tdb->tdb_sens_integ_len,
33147 + extr->tdb->tdb_sens_integ_bitmap),
33148 + extensions_reply) : 1
33151 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: "
33152 + "failed to build the add reply message extensions\n");
33156 + if((error = puttdb(extr->tdb))) {
33157 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: "
33158 + "failed to add the mature SA with error=%d.\n",
33163 + KLIPS_PRINT(debug_pfkey,
33164 + "klips_debug:pfkey_add_parse: successful for SA: %s\n", sa);
33166 + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) {
33167 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: "
33168 + "failed to build the add reply message\n");
33171 + for(pfkey_socketsp = pfkey_open_sockets;
33173 + pfkey_socketsp = pfkey_socketsp->next) {
33174 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) {
33175 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: "
33176 + "sending up add reply message for satype=%d to socket=%p failed with error=%d.\n",
33177 + satype, pfkey_socketsp->socketp, error);
33180 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: "
33181 + "sending up add reply message for satype=%d to socket=%p succeeded.\n",
33182 + satype, pfkey_socketsp->socketp);
33186 + if (pfkey_reply) {
33187 + pfkey_msg_free(&pfkey_reply);
33189 + pfkey_extensions_free(extensions_reply);
33193 +DEBUG_NO_STATIC int
33194 +pfkey_delete_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33196 + struct tdb *tdbp;
33197 + char sa[SATOA_BUF];
33199 + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1];
33200 + struct sadb_msg *pfkey_reply = NULL;
33201 + struct socket_list *pfkey_socketsp;
33202 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
33204 + KLIPS_PRINT(debug_pfkey,
33205 + "klips_debug:pfkey_delete_parse: .\n");
33207 + pfkey_extensions_init(extensions_reply);
33209 + if(!extr || !extr->tdb) {
33210 + KLIPS_PRINT(debug_pfkey,
33211 + "klips_debug:pfkey_delete_parse: "
33212 + "extr or extr->tdb pointer NULL, fatal\n");
33216 + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF);
33218 + spin_lock_bh(&tdb_lock);
33220 + tdbp = gettdb(&(extr->tdb->tdb_said));
33221 + if (tdbp == NULL) {
33222 + spin_unlock_bh(&tdb_lock);
33223 + KLIPS_PRINT(debug_pfkey,
33224 + "klips_debug:pfkey_delete_parse: "
33225 + "Tunnel Descriptor Block not found for SA:%s, could not delete.\n",
33230 + if((error = deltdbchain(tdbp))) {
33231 + spin_unlock_bh(&tdb_lock);
33232 + KLIPS_PRINT(debug_pfkey,
33233 + "klips_debug:pfkey_delete_parse: "
33234 + "error=%d returned trying to delete Tunnel Descriptor Block for SA:%s.\n",
33238 + spin_unlock_bh(&tdb_lock);
33240 + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0],
33244 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq,
33245 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid),
33246 + extensions_reply)
33247 + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA],
33249 + extr->tdb->tdb_said.spi,
33255 + extensions_reply)
33256 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC],
33257 + SADB_EXT_ADDRESS_SRC,
33258 + 0, /*extr->tdb->tdb_said.proto,*/
33260 + extr->tdb->tdb_addr_s),
33261 + extensions_reply)
33262 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST],
33263 + SADB_EXT_ADDRESS_DST,
33264 + 0, /*extr->tdb->tdb_said.proto,*/
33266 + extr->tdb->tdb_addr_d),
33267 + extensions_reply)
33269 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: "
33270 + "failed to build the delete reply message extensions\n");
33274 + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) {
33275 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: "
33276 + "failed to build the delete reply message\n");
33279 + for(pfkey_socketsp = pfkey_open_sockets;
33281 + pfkey_socketsp = pfkey_socketsp->next) {
33282 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) {
33283 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: "
33284 + "sending up delete reply message for satype=%d to socket=%p failed with error=%d.\n",
33285 + satype, pfkey_socketsp->socketp, error);
33288 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: "
33289 + "sending up delete reply message for satype=%d to socket=%p succeeded.\n",
33290 + satype, pfkey_socketsp->socketp);
33294 + ipsec_tdbwipe(extr->tdb);
33296 + if (pfkey_reply) {
33297 + pfkey_msg_free(&pfkey_reply);
33299 + pfkey_extensions_free(extensions_reply);
33303 +DEBUG_NO_STATIC int
33304 +pfkey_get_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33307 + struct tdb *tdbp;
33308 + char sa[SATOA_BUF];
33309 + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1];
33310 + struct sadb_msg *pfkey_reply = NULL;
33312 + KLIPS_PRINT(debug_pfkey,
33313 + "klips_debug:pfkey_get_parse: .\n");
33315 + pfkey_extensions_init(extensions_reply);
33317 + if(!extr || !extr->tdb) {
33318 + KLIPS_PRINT(debug_pfkey,
33319 + "klips_debug:pfkey_get_parse: "
33320 + "extr or extr->tdb pointer NULL, fatal\n");
33324 + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF);
33326 + spin_lock_bh(&tdb_lock);
33328 + tdbp = gettdb(&(extr->tdb->tdb_said));
33329 + if (tdbp == NULL) {
33330 + spin_unlock_bh(&tdb_lock);
33331 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: "
33332 + "Tunnel Descriptor Block not found for SA=%s, could not get.\n",
33337 + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0],
33339 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype,
33341 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq,
33342 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid),
33343 + extensions_reply)
33344 + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA],
33346 + extr->tdb->tdb_said.spi,
33347 + extr->tdb->tdb_replaywin,
33348 + extr->tdb->tdb_state,
33349 + extr->tdb->tdb_authalg,
33350 + extr->tdb->tdb_encalg,
33351 + extr->tdb->tdb_flags),
33352 + extensions_reply)
33353 + /* FIXME: The 3 lifetime extentions should only be sent if
33355 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT],
33356 + SADB_EXT_LIFETIME_CURRENT,
33357 + tdbp->tdb_lifetime_allocations_c,
33358 + tdbp->tdb_lifetime_bytes_c,
33359 + tdbp->tdb_lifetime_addtime_c,
33360 + tdbp->tdb_lifetime_usetime_c),
33362 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD],
33363 + SADB_EXT_LIFETIME_HARD,
33364 + tdbp->tdb_lifetime_allocations_h,
33365 + tdbp->tdb_lifetime_bytes_h,
33366 + tdbp->tdb_lifetime_addtime_h,
33367 + tdbp->tdb_lifetime_usetime_h),
33369 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_SOFT],
33370 + SADB_EXT_LIFETIME_SOFT,
33371 + tdbp->tdb_lifetime_allocations_s,
33372 + tdbp->tdb_lifetime_bytes_s,
33373 + tdbp->tdb_lifetime_addtime_s,
33374 + tdbp->tdb_lifetime_usetime_s),
33376 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC],
33377 + SADB_EXT_ADDRESS_SRC,
33378 + 0, /*extr->tdb->tdb_said.proto,*/
33380 + extr->tdb->tdb_addr_s),
33381 + extensions_reply)
33382 + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST],
33383 + SADB_EXT_ADDRESS_DST,
33384 + 0, /*extr->tdb->tdb_said.proto,*/
33386 + extr->tdb->tdb_addr_d),
33387 + extensions_reply)
33388 + && extr->tdb->tdb_addr_d ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_PROXY],
33389 + SADB_EXT_ADDRESS_PROXY,
33390 + 0, /*extr->tdb->tdb_said.proto,*/
33392 + extr->tdb->tdb_addr_p),
33393 + extensions_reply) : 1
33395 + /* FIXME: This won't work yet because the keys are not
33396 + stored directly in the tdb. They are stored as
33398 + && extr->tdb->tdb_key_a_size ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_AUTH],
33399 + SADB_EXT_KEY_AUTH,
33400 + extr->tdb->tdb_key_a_size * 8,
33401 + extr->tdb->tdb_key_a),
33402 + extensions_reply)
33403 + /* FIXME: This won't work yet because the keys are not
33404 + stored directly in the tdb. They are stored as
33405 + key schedules. */
33406 + && extr->tdb->tdb_key_e_size ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_ENCRYPT],
33407 + SADB_EXT_KEY_ENCRYPT,
33408 + extr->tdb->tdb_key_e_size * 8,
33409 + extr->tdb->tdb_key_e),
33410 + extensions_reply) : 1
33411 + /* FIXME: This won't work yet because I have not finished
33413 + && extr->tdb->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC],
33414 + SADB_EXT_IDENTITY_SRC,
33415 + SADB_IDENTTYPE_PREFIX,
33417 + extr->tdb->tdb_ident_data_s),
33418 + extensions_reply) : 1
33419 + /* FIXME: This won't work yet because I have not finished
33421 + && extr->tdb->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST],
33422 + SADB_EXT_IDENTITY_DST,
33423 + SADB_IDENTTYPE_PREFIX,
33425 + extr->tdb->tdb_ident_data_d),
33426 + extensions_reply) : 1
33427 + /* FIXME: This won't work yet because I have not finished
33429 + && extr->tdb->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY],
33430 + extr->tdb->tdb_sens_dpd,
33431 + extr->tdb->tdb_sens_sens_level,
33432 + extr->tdb->tdb_sens_sens_len,
33433 + extr->tdb->tdb_sens_sens_bitmap,
33434 + extr->tdb->tdb_sens_integ_level,
33435 + extr->tdb->tdb_sens_integ_len,
33436 + extr->tdb->tdb_sens_integ_bitmap),
33437 + extensions_reply) : 1
33440 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: "
33441 + "failed to build the get reply message extensions\n");
33442 + spin_unlock_bh(&tdb_lock);
33446 + spin_unlock_bh(&tdb_lock);
33448 + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) {
33449 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: "
33450 + "failed to build the get reply message\n");
33454 + if((error = pfkey_upmsg(sk->socket, pfkey_reply))) {
33455 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: "
33456 + "failed to send the get reply message\n");
33460 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: "
33461 + "succeeded in sending get reply message.\n");
33464 + if (pfkey_reply) {
33465 + pfkey_msg_free(&pfkey_reply);
33467 + pfkey_extensions_free(extensions_reply);
33471 +DEBUG_NO_STATIC int
33472 +pfkey_acquire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33475 + struct socket_list *pfkey_socketsp;
33476 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
33478 + KLIPS_PRINT(debug_pfkey,
33479 + "klips_debug:pfkey_acquire_parse: .\n");
33481 + /* I don't know if we want an upper bound, since userspace may
33482 + want to register itself for an satype > SADB_SATYPE_MAX. */
33483 + if((satype == 0) || (satype > SADB_SATYPE_MAX)) {
33484 + KLIPS_PRINT(debug_pfkey,
33485 + "klips_debug:pfkey_acquire_parse: "
33486 + "SATYPE=%d invalid.\n",
33491 + if(!(pfkey_registered_sockets[satype])) {
33492 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: "
33493 + "no sockets registered for SAtype=%d.\n",
33495 + SENDERR(EPROTONOSUPPORT);
33498 + for(pfkey_socketsp = pfkey_registered_sockets[satype];
33500 + pfkey_socketsp = pfkey_socketsp->next) {
33501 + if((error = pfkey_upmsg(pfkey_socketsp->socketp,
33502 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) {
33503 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: "
33504 + "sending up acquire reply message for satype=%d to socket=%p failed with error=%d.\n",
33505 + satype, pfkey_socketsp->socketp, error);
33508 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: "
33509 + "sending up acquire reply message for satype=%d to socket=%p succeeded.\n",
33510 + satype, pfkey_socketsp->socketp);
33517 +DEBUG_NO_STATIC int
33518 +pfkey_register_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33520 + unsigned int alg_num_a = 0, alg_num_e = 0;
33521 + struct sadb_alg *alg_a = NULL, *alg_e = NULL, *alg_ap = NULL, *alg_ep = NULL;
33522 + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1];
33523 + struct sadb_msg *pfkey_reply = NULL;
33524 + struct supported_list *pfkey_supported_listp;
33525 + struct socket_list *pfkey_socketsp;
33527 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
33529 + KLIPS_PRINT(debug_pfkey,
33530 + "klips_debug:pfkey_register_parse: .\n");
33532 + pfkey_extensions_init(extensions_reply);
33534 + /* I don't know if we want an upper bound, since userspace may
33535 + want to register itself for an satype > SADB_SATYPE_MAX. */
33536 + if((satype == 0) || (satype > SADB_SATYPE_MAX)) {
33537 + KLIPS_PRINT(debug_pfkey,
33538 + "klips_debug:pfkey_register_parse: "
33539 + "SATYPE=%d invalid.\n",
33544 + if(!pfkey_list_insert_socket(sk->socket,
33545 + &(pfkey_registered_sockets[satype]))) {
33546 + KLIPS_PRINT(1 || debug_pfkey,
33547 + "klips_debug:pfkey_register_parse: "
33548 + "SATYPE=%02d successfully registered by KMd on pid=%d.\n",
33549 + satype, key_pid(sk));
33552 + /* send up register msg with supported SATYPE algos */
33553 + pfkey_supported_listp = pfkey_supported_list[satype];
33554 + KLIPS_PRINT(debug_pfkey,
33555 + "klips_debug:pfkey_register_parse: "
33556 + "pfkey_supported_list[%d]=%p\n",
33558 + pfkey_supported_list[satype]);
33559 + while(pfkey_supported_listp) {
33560 + KLIPS_PRINT(debug_pfkey,
33561 + "klips_debug:pfkey_register_parse: "
33562 + "checking supported=%p\n",
33563 + pfkey_supported_listp);
33564 + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_AUTH) {
33565 + KLIPS_PRINT(debug_pfkey,
33566 + "klips_debug:pfkey_register_parse: "
33567 + "adding auth alg.\n");
33570 + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_ENCRYPT) {
33571 + KLIPS_PRINT(debug_pfkey,
33572 + "klips_debug:pfkey_register_parse: "
33573 + "adding encrypt alg.\n");
33576 + pfkey_supported_listp = pfkey_supported_listp->next;
33580 + if((alg_a = kmalloc(alg_num_a * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) {
33581 + KLIPS_PRINT(debug_pfkey,
33582 + "klips_debug:pfkey_register_parse: auth alg memory allocation error\n");
33589 + if((alg_e = kmalloc(alg_num_e * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) {
33590 + KLIPS_PRINT(debug_pfkey,
33591 + "klips_debug:pfkey_register_parse: enc alg memory allocation error\n");
33597 + pfkey_supported_listp = pfkey_supported_list[satype];
33598 + while(pfkey_supported_listp) {
33600 + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_AUTH) {
33601 + alg_ap->sadb_alg_id = pfkey_supported_listp->supportedp->supported_alg_id;
33602 + alg_ap->sadb_alg_ivlen = pfkey_supported_listp->supportedp->supported_alg_ivlen;
33603 + alg_ap->sadb_alg_minbits = pfkey_supported_listp->supportedp->supported_alg_minbits;
33604 + alg_ap->sadb_alg_maxbits = pfkey_supported_listp->supportedp->supported_alg_maxbits;
33605 + alg_ap->sadb_alg_reserved = 0;
33606 + KLIPS_PRINT(debug_pfkey,
33607 + "klips_debug:pfkey_register_parse: "
33608 + "adding auth=%p\n",
33614 + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_ENCRYPT) {
33615 + alg_ep->sadb_alg_id = pfkey_supported_listp->supportedp->supported_alg_id;
33616 + alg_ep->sadb_alg_ivlen = pfkey_supported_listp->supportedp->supported_alg_ivlen;
33617 + alg_ep->sadb_alg_minbits = pfkey_supported_listp->supportedp->supported_alg_minbits;
33618 + alg_ep->sadb_alg_maxbits = pfkey_supported_listp->supportedp->supported_alg_maxbits;
33619 + alg_ep->sadb_alg_reserved = 0;
33620 + KLIPS_PRINT(debug_pfkey,
33621 + "klips_debug:pfkey_register_parse: "
33622 + "adding encrypt=%p\n",
33627 + KLIPS_PRINT(debug_pfkey,
33628 + "klips_debug:pfkey_register_parse: "
33629 + "found satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n",
33631 + pfkey_supported_listp->supportedp->supported_alg_exttype,
33632 + pfkey_supported_listp->supportedp->supported_alg_id,
33633 + pfkey_supported_listp->supportedp->supported_alg_ivlen,
33634 + pfkey_supported_listp->supportedp->supported_alg_minbits,
33635 + pfkey_supported_listp->supportedp->supported_alg_maxbits);
33636 + pfkey_supported_listp = pfkey_supported_listp->next;
33639 + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0],
33643 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq,
33644 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid),
33645 + extensions_reply) &&
33646 + (alg_num_a ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_AUTH],
33647 + SADB_EXT_SUPPORTED_AUTH,
33650 + extensions_reply) : 1) &&
33651 + (alg_num_e ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_ENCRYPT],
33652 + SADB_EXT_SUPPORTED_ENCRYPT,
33655 + extensions_reply) : 1))) {
33656 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: "
33657 + "failed to build the register message extensions\n");
33661 + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) {
33662 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: "
33663 + "failed to build the register message\n");
33666 + for(pfkey_socketsp = pfkey_registered_sockets[satype];
33668 + pfkey_socketsp = pfkey_socketsp->next) {
33669 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) {
33670 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: "
33671 + "sending up register reply message for satype=%d to socket=%p failed with error=%d.\n",
33672 + satype, pfkey_socketsp->socketp, error);
33675 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: "
33676 + "sending up register reply message for satype=%d to socket=%p succeeded.\n",
33677 + satype, pfkey_socketsp->socketp);
33681 + if (pfkey_reply) {
33682 + pfkey_msg_free(&pfkey_reply);
33684 + pfkey_extensions_free(extensions_reply);
33688 +DEBUG_NO_STATIC int
33689 +pfkey_expire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33692 + struct socket_list *pfkey_socketsp;
33693 +#ifdef CONFIG_IPSEC_DEBUG
33694 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
33695 +#endif /* CONFIG_IPSEC_DEBUG */
33697 + KLIPS_PRINT(debug_pfkey,
33698 + "klips_debug:pfkey_expire_parse: .\n");
33700 + if(pfkey_open_sockets) {
33701 + for(pfkey_socketsp = pfkey_open_sockets;
33703 + pfkey_socketsp = pfkey_socketsp->next) {
33704 + if((error = pfkey_upmsg(pfkey_socketsp->socketp,
33705 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) {
33706 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: "
33707 + "sending up expire reply message for satype=%d to socket=%p failed with error=%d.\n",
33708 + satype, pfkey_socketsp->socketp, error);
33711 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: "
33712 + "sending up expire reply message for satype=%d to socket=%p succeeded.\n",
33713 + satype, pfkey_socketsp->socketp);
33721 +DEBUG_NO_STATIC int
33722 +pfkey_flush_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33725 + struct socket_list *pfkey_socketsp;
33726 + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype;
33728 + KLIPS_PRINT(debug_pfkey,
33729 + "klips_debug:pfkey_flush_parse: "
33730 + "flushing type %d SAs\n",
33733 + if ((error = ipsec_tdbcleanup(satype)))
33736 + if(pfkey_open_sockets) {
33737 + for(pfkey_socketsp = pfkey_open_sockets;
33739 + pfkey_socketsp = pfkey_socketsp->next) {
33740 + if((error = pfkey_upmsg(pfkey_socketsp->socketp,
33741 + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) {
33742 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: "
33743 + "sending up flush reply message for satype=%d to socket=%p failed with error=%d.\n",
33745 + pfkey_socketsp->socketp,
33749 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: "
33750 + "sending up flush reply message for satype=%d to socket=%p succeeded.\n",
33752 + pfkey_socketsp->socketp);
33760 +DEBUG_NO_STATIC int
33761 +pfkey_dump_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33765 + KLIPS_PRINT(debug_pfkey,
33766 + "klips_debug:pfkey_dump_parse: .\n");
33773 +DEBUG_NO_STATIC int
33774 +pfkey_x_promisc_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33778 + KLIPS_PRINT(debug_pfkey,
33779 + "klips_debug:pfkey_promisc_parse: .\n");
33786 +DEBUG_NO_STATIC int
33787 +pfkey_x_pchange_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33791 + KLIPS_PRINT(debug_pfkey,
33792 + "klips_debug:pfkey_x_pchange_parse: .\n");
33799 +DEBUG_NO_STATIC int
33800 +pfkey_x_grpsa_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33802 + struct tdb *tdb1p, *tdb2p, *tdbp;
33803 + char sa1[SATOA_BUF], sa2[SATOA_BUF];
33806 + KLIPS_PRINT(debug_pfkey,
33807 + "klips_debug:pfkey_x_grpsa_parse: .\n");
33809 + spin_lock_bh(&tdb_lock);
33811 + if(!extr || !extr->tdb) {
33812 + KLIPS_PRINT(debug_pfkey,
33813 + "klips_debug:pfkey_x_grpsa_parse: "
33814 + "extr or extr->tdb is NULL, fatal.\n");
33818 + satoa(extr->tdb->tdb_said, 0, sa1, SATOA_BUF);
33820 + satoa(extr->tdb2->tdb_said, 0, sa2, SATOA_BUF);
33823 + if(!(tdb1p = gettdb(&(extr->tdb->tdb_said)))) {
33824 + KLIPS_PRINT(debug_pfkey,
33825 + "klips_debug: pfkey_x_grpsa_parse: reserved Tunnel Descriptor Block\n"
33826 + "klips_debug: for SA: %s not found. Call SADB_ADD/UPDATE first.\n", sa1);
33829 + if(extr->tdb2) { /* GRPSA */
33830 + if(!(tdb2p = gettdb(&(extr->tdb2->tdb_said)))) {
33831 + KLIPS_PRINT(debug_pfkey,
33832 + "klips_debug: pfkey_x_grpsa_parse: reserved Tunnel Descriptor Block\n"
33833 + "klips_debug: for SA: %s not found. Call SADB_ADD/UPDATE first.\n", sa2);
33837 + /* Is either one already linked? */
33838 + if(tdb1p->tdb_onext) {
33839 + KLIPS_PRINT(debug_pfkey,
33840 + "klips_debug: pfkey_x_grpsa_parse: Tunnel Descriptor Block\n"
33841 + "klips_debug: for SA: %s is already linked.\n", sa1);
33844 + if(tdb2p->tdb_inext) {
33845 + KLIPS_PRINT(debug_pfkey,
33846 + "klips_debug: pfkey_x_grpsa_parse: Tunnel Descriptor Block\n"
33847 + "klips_debug: for SA: %s is already linked.\n", sa2);
33851 + /* Is extr->tdb already linked to extr->tdb2? */
33854 + if(tdbp == tdb1p) {
33857 + tdbp = tdb2p->tdb_onext;
33861 + tdb1p->tdb_onext = tdb2p;
33862 + tdb2p->tdb_inext = tdb1p;
33863 + } else { /* UNGRPSA */
33864 + while(tdb1p->tdb_onext) {
33865 + tdb1p = tdb1p->tdb_onext;
33867 + while(tdb1p->tdb_inext) {
33869 + tdb1p = tdb1p->tdb_inext;
33870 + tdbp->tdb_inext = NULL;
33871 + tdb1p->tdb_onext = NULL;
33876 + spin_unlock_bh(&tdb_lock);
33878 + ipsec_tdbwipe(extr->tdb);
33880 + ipsec_tdbwipe(extr->tdb2);
33886 +DEBUG_NO_STATIC int
33887 +pfkey_x_addflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33890 +#ifdef CONFIG_IPSEC_DEBUG
33891 + char buf1[64], buf2[64];
33892 +#endif /* CONFIG_IPSEC_DEBUG */
33894 + KLIPS_PRINT(debug_pfkey,
33895 + "klips_debug:pfkey_x_addflow_parse: .\n");
33897 + if(!extr || !(extr->tdb) || !(extr->eroute)) {
33898 + KLIPS_PRINT(debug_pfkey,
33899 + "klips_debug:pfkey_x_addflow_parse: "
33900 + "missing extr, tdb or eroute data.\n");
33904 +#ifdef CONFIG_IPSEC_DEBUG
33905 + if (debug_pfkey) {
33906 + subnettoa(extr->eroute->er_eaddr.sen_ip_src,
33907 + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1));
33908 + subnettoa(extr->eroute->er_eaddr.sen_ip_dst,
33909 + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2));
33910 + KLIPS_PRINT(debug_pfkey,
33911 + "klips_debug:pfkey_x_addflow_parse: "
33912 + "calling breakeroute and/or makeroute for %s->%s\n",
33915 +#endif /* CONFIG_IPSEC_DEBUG */
33916 + if(extr->tdb->tdb_flags & SADB_X_SAFLAGS_REPLACEFLOW) {
33917 + KLIPS_PRINT(debug_pfkey,
33918 + "klips_debug:pfkey_x_addflow_parse: "
33919 + "REPLACEFLOW flag set, calling breakeroute.\n");
33920 + if ((error = ipsec_breakroute(&(extr->eroute->er_eaddr),
33921 + &(extr->eroute->er_emask))) == EINVAL) {
33922 + KLIPS_PRINT(debug_pfkey,
33923 + "klips_debug:pfkey_x_addflow_parse: "
33924 + "breakeroute returned %d.\n", error);
33929 + KLIPS_PRINT(debug_pfkey,
33930 + "klips_debug:pfkey_x_addflow_parse: "
33931 + "calling makeroute.\n");
33933 + if ((error = ipsec_makeroute(&(extr->eroute->er_eaddr),
33934 + &(extr->eroute->er_emask),
33935 + extr->tdb->tdb_said))) {
33936 + KLIPS_PRINT(debug_pfkey,
33937 + "klips_debug:pfkey_x_addflow_parse: "
33938 + "makeroute returned %d.\n", error);
33942 + KLIPS_PRINT(debug_pfkey,
33943 + "klips_debug:pfkey_x_addflow_parse: "
33944 + "makeroute call successful.\n");
33946 + ipsec_tdbwipe(extr->tdb);
33948 + KLIPS_PRINT(debug_pfkey,
33949 + "klips_debug:pfkey_x_addflow_parse: "
33950 + "extr->tdb cleaned up and freed.\n");
33956 +DEBUG_NO_STATIC int
33957 +pfkey_x_delflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
33960 +#ifdef CONFIG_IPSEC_DEBUG
33961 + char buf1[64], buf2[64];
33962 +#endif /* CONFIG_IPSEC_DEBUG */
33964 + KLIPS_PRINT(debug_pfkey,
33965 + "klips_debug:pfkey_x_delflow_parse: .\n");
33967 + if(!extr || !(extr->tdb)) {
33968 + KLIPS_PRINT(debug_pfkey,
33969 + "klips_debug:pfkey_x_delflow_parse: "
33970 + "extr, or extr->tdb is NULL, fatal\n");
33974 + if(extr->tdb->tdb_flags & SADB_X_SAFLAGS_CLEARFLOW) {
33975 + KLIPS_PRINT(debug_pfkey,
33976 + "klips_debug:pfkey_x_delflow_parse: "
33977 + "CLEARFLOW flag set, calling cleareroutes.\n");
33978 + if ((error = ipsec_cleareroutes()))
33979 + KLIPS_PRINT(debug_pfkey,
33980 + "klips_debug:pfkey_x_delflow_parse: "
33981 + "cleareroutes returned %d.\n", error);
33984 + if(!(extr->eroute)) {
33985 + KLIPS_PRINT(debug_pfkey,
33986 + "klips_debug:pfkey_x_delflow_parse: "
33987 + "extr->eroute is NULL, fatal.\n");
33991 +#ifdef CONFIG_IPSEC_DEBUG
33992 + if (debug_pfkey) {
33993 + subnettoa(extr->eroute->er_eaddr.sen_ip_src,
33994 + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1));
33995 + subnettoa(extr->eroute->er_eaddr.sen_ip_dst,
33996 + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2));
33997 + KLIPS_PRINT(debug_pfkey,
33998 + "klips_debug:pfkey_x_delflow_parse: "
33999 + "calling breakeroute for %s->%s\n",
34002 +#endif /* CONFIG_IPSEC_DEBUG */
34003 + if((error = ipsec_breakroute(&(extr->eroute->er_eaddr),
34004 + &(extr->eroute->er_emask)))) {
34005 + KLIPS_PRINT(debug_pfkey,
34006 + "klips_debug:pfkey_x_delflow_parse: "
34007 + "breakeroute returned %d.\n", error);
34012 + ipsec_tdbwipe(extr->tdb);
34014 + KLIPS_PRINT(debug_pfkey,
34015 + "klips_debug:pfkey_x_delflow_parse: "
34016 + "extr->tdb cleaned up and freed.\n");
34022 +DEBUG_NO_STATIC int
34023 +pfkey_x_msg_debug_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr)
34027 + KLIPS_PRINT(debug_pfkey,
34028 + "klips_debug:pfkey_x_msg_debug_parse: .\n");
34036 +pfkey_expire(struct tdb *tdbp, int hard)
34038 + struct sadb_ext *extensions[SADB_EXT_MAX+1];
34039 + struct sadb_msg *pfkey_msg = NULL;
34040 + struct socket_list *pfkey_socketsp;
34042 + uint8_t satype = proto2satype(tdbp->tdb_said.proto);
34044 + pfkey_extensions_init(extensions);
34046 + if(!pfkey_open_sockets) {
34047 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: "
34048 + "no sockets listening.\n");
34049 + SENDERR(EPROTONOSUPPORT);
34052 + spin_lock(&tdb_lock);
34053 + if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0],
34060 + && pfkey_safe_build(error = pfkey_sa_build(&extensions[SADB_EXT_SA],
34062 + tdbp->tdb_said.spi,
34063 + tdbp->tdb_replaywin,
34065 + tdbp->tdb_authalg,
34066 + tdbp->tdb_encalg,
34067 + tdbp->tdb_flags),
34069 + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT],
34070 + SADB_EXT_LIFETIME_CURRENT,
34071 + tdbp->tdb_lifetime_allocations_c,
34072 + tdbp->tdb_lifetime_bytes_c,
34073 + tdbp->tdb_lifetime_addtime_c,
34074 + tdbp->tdb_lifetime_usetime_c),
34077 + pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD],
34078 + SADB_EXT_LIFETIME_HARD,
34079 + tdbp->tdb_lifetime_allocations_h,
34080 + tdbp->tdb_lifetime_bytes_h,
34081 + tdbp->tdb_lifetime_addtime_h,
34082 + tdbp->tdb_lifetime_usetime_h),
34084 + : pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_SOFT],
34085 + SADB_EXT_LIFETIME_SOFT,
34086 + tdbp->tdb_lifetime_allocations_s,
34087 + tdbp->tdb_lifetime_bytes_s,
34088 + tdbp->tdb_lifetime_addtime_s,
34089 + tdbp->tdb_lifetime_usetime_s),
34091 + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC],
34092 + SADB_EXT_ADDRESS_SRC,
34093 + 0, /* tdbp->tdb_said.proto, */
34095 + tdbp->tdb_addr_s),
34097 + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST],
34098 + SADB_EXT_ADDRESS_DST,
34099 + 0, /* tdbp->tdb_said.proto, */
34101 + tdbp->tdb_addr_d),
34103 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: failed to "
34104 + "build the expire message extensions\n");
34105 + spin_unlock(&tdb_lock);
34109 + spin_unlock(&tdb_lock);
34111 + if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) {
34112 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: failed to "
34113 + "build the expire message\n");
34117 + for(pfkey_socketsp = pfkey_open_sockets;
34119 + pfkey_socketsp = pfkey_socketsp->next) {
34120 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) {
34121 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: "
34122 + "sending up expire message for satype=%d to socket=%p failed with error=%d.\n",
34123 + satype, pfkey_socketsp->socketp, error);
34126 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: "
34127 + "sending up expire message for satype=%d to socket=%p succeeded.\n",
34128 + satype, pfkey_socketsp->socketp);
34133 + pfkey_msg_free(&pfkey_msg);
34135 + pfkey_extensions_free(extensions);
34140 +pfkey_acquire(struct tdb *tdbp)
34142 + struct sadb_ext *extensions[SADB_EXT_MAX+1];
34143 + struct sadb_msg *pfkey_msg = NULL;
34144 + struct socket_list *pfkey_socketsp;
34146 + struct sadb_comb comb[] = {
34147 + /* auth; encrypt; flags; */
34148 + /* auth_minbits; auth_maxbits; encrypt_minbits; encrypt_maxbits; */
34149 + /* reserved; soft_allocations; hard_allocations; soft_bytes; hard_bytes; */
34150 + /* soft_addtime; hard_addtime; soft_usetime; hard_usetime; */
34151 + { SADB_AALG_MD5HMAC, SADB_EALG_3DESCBC, SADB_SAFLAGS_PFS,
34152 + 128, 128, 168, 168,
34154 + 57600, 86400, 57600, 86400 },
34155 + { SADB_AALG_SHA1HMAC, SADB_EALG_3DESCBC, SADB_SAFLAGS_PFS,
34156 + 160, 160, 168, 168,
34158 + 57600, 86400, 57600, 86400 }
34161 + /* This should not be hard-coded. It should be taken from the spdb */
34162 + uint8_t satype = SADB_SATYPE_ESP;
34164 + pfkey_extensions_init(extensions);
34166 + if((satype == 0) || (satype > SADB_SATYPE_MAX)) {
34167 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: "
34168 + "SAtype=%d unspecified or unknown.\n",
34173 + if(!(pfkey_registered_sockets[satype])) {
34174 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: "
34175 + "no sockets registered for SAtype=%d.\n",
34177 + SENDERR(EPROTONOSUPPORT);
34180 + if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0],
34187 + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC],
34188 + SADB_EXT_ADDRESS_SRC,
34189 + tdbp->tdb_said.proto,
34191 + tdbp->tdb_addr_s),
34193 + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST],
34194 + SADB_EXT_ADDRESS_DST,
34195 + tdbp->tdb_said.proto,
34197 + tdbp->tdb_addr_d),
34200 + && tdbp->tdb_addr_p ? pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_PROXY],
34201 + SADB_EXT_ADDRESS_PROXY,
34202 + tdbp->tdb_said.proto,
34204 + tdbp->tdb_addr_p),
34206 + /* FIXME: This won't work yet because I have not finished
34208 + && tdbp->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_SRC],
34209 + SADB_EXT_IDENTITY_SRC,
34210 + SADB_IDENTTYPE_PREFIX,
34212 + tdbp->tdb_ident_data_s),
34214 + /* FIXME: This won't work yet because I have not finished
34216 + && tdbp->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_DST],
34217 + SADB_EXT_IDENTITY_DST,
34218 + SADB_IDENTTYPE_PREFIX,
34220 + tdbp->tdb_ident_data_d),
34222 + /* FIXME: This won't work yet because I have not finished
34224 + && tdbp->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions[SADB_EXT_SENSITIVITY],
34225 + tdbp->tdb_sens_dpd,
34226 + tdbp->tdb_sens_sens_level,
34227 + tdbp->tdb_sens_sens_len,
34228 + tdbp->tdb_sens_sens_bitmap,
34229 + tdbp->tdb_sens_integ_level,
34230 + tdbp->tdb_sens_integ_len,
34231 + tdbp->tdb_sens_integ_bitmap),
34234 + && pfkey_safe_build(error = pfkey_prop_build(&extensions[SADB_EXT_PROPOSAL],
34236 + sizeof(comb)/sizeof(struct sadb_comb),
34240 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: failed to "
34241 + "build the acquire message extensions\n");
34245 + if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) {
34246 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: failed to "
34247 + "build the acquire message\n");
34251 + /* this should go to all registered sockets for that satype only */
34252 + for(pfkey_socketsp = pfkey_registered_sockets[satype];
34254 + pfkey_socketsp = pfkey_socketsp->next) {
34255 + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) {
34256 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: "
34257 + "sending up acquire message for satype=%d to socket=%p failed with error=%d.\n",
34258 + satype, pfkey_socketsp->socketp, error);
34261 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: "
34262 + "sending up acquire message for satype=%d to socket=%p succeeded.\n",
34263 + satype, pfkey_socketsp->socketp);
34268 + pfkey_msg_free(&pfkey_msg);
34270 + pfkey_extensions_free(extensions);
34275 +DEBUG_NO_STATIC int (*ext_processors[SADB_EXT_MAX+1])(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) =
34277 + NULL, /* pfkey_msg_process, */
34278 + pfkey_sa_process,
34279 + pfkey_lifetime_process,
34280 + pfkey_lifetime_process,
34281 + pfkey_lifetime_process,
34282 + pfkey_address_process,
34283 + pfkey_address_process,
34284 + pfkey_address_process,
34285 + pfkey_key_process,
34286 + pfkey_key_process,
34287 + pfkey_ident_process,
34288 + pfkey_ident_process,
34289 + pfkey_sens_process,
34290 + pfkey_prop_process,
34291 + pfkey_supported_process,
34292 + pfkey_supported_process,
34293 + pfkey_spirange_process,
34294 + pfkey_x_kmprivate_process,
34295 + pfkey_x_satype_process,
34296 + pfkey_sa_process,
34297 + pfkey_address_process,
34298 + pfkey_address_process,
34299 + pfkey_address_process,
34300 + pfkey_address_process,
34301 + pfkey_address_process,
34302 + pfkey_x_debug_process
34306 +DEBUG_NO_STATIC int (*msg_parsers[SADB_MAX +1])(struct sock *sk, struct sadb_ext *extensions[], struct pfkey_extracted_data* extr)
34309 + NULL, /* RESERVED */
34310 + pfkey_getspi_parse,
34311 + pfkey_update_parse,
34313 + pfkey_delete_parse,
34315 + pfkey_acquire_parse,
34316 + pfkey_register_parse,
34317 + pfkey_expire_parse,
34318 + pfkey_flush_parse,
34319 + pfkey_dump_parse,
34320 + pfkey_x_promisc_parse,
34321 + pfkey_x_pchange_parse,
34322 + pfkey_x_grpsa_parse,
34323 + pfkey_x_addflow_parse,
34324 + pfkey_x_delflow_parse,
34325 + pfkey_x_msg_debug_parse
34329 +pfkey_build_reply(struct sadb_msg *pfkey_msg, struct pfkey_extracted_data *extr,
34330 + struct sadb_msg **pfkey_reply)
34332 + struct sadb_ext *extensions[SADB_EXT_MAX+1];
34334 + int msg_type = pfkey_msg->sadb_msg_type;
34335 + int seq = pfkey_msg->sadb_msg_seq;
34337 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: building reply"
34338 + " with type: %d\n", msg_type);
34339 + pfkey_extensions_init(extensions);
34340 + if (!extr || !extr->tdb) {
34341 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: bad TDB"
34345 + error = pfkey_safe_build(pfkey_msg_hdr_build(&extensions[0],
34347 + proto2satype(extr->tdb->tdb_said.proto),
34350 + pfkey_msg->sadb_msg_pid),
34352 + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] &
34353 + 1 << SADB_EXT_SA)
34354 + || pfkey_safe_build(pfkey_sa_build(&extensions[SADB_EXT_SA],
34356 + extr->tdb->tdb_said.spi,
34357 + extr->tdb->tdb_replaywin,
34358 + extr->tdb->tdb_state,
34359 + extr->tdb->tdb_authalg,
34360 + extr->tdb->tdb_encalg,
34361 + extr->tdb->tdb_flags),
34363 + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] &
34364 + 1 << SADB_EXT_LIFETIME_CURRENT)
34365 + || pfkey_safe_build(pfkey_lifetime_build(&extensions
34366 + [SADB_EXT_LIFETIME_CURRENT],
34367 + SADB_EXT_LIFETIME_CURRENT,
34368 + extr->tdb->tdb_lifetime_allocations_c,
34369 + extr->tdb->tdb_lifetime_bytes_c,
34370 + extr->tdb->tdb_lifetime_addtime_c,
34371 + extr->tdb->tdb_lifetime_usetime_c),
34373 + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] &
34374 + 1 << SADB_EXT_ADDRESS_SRC)
34375 + || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC],
34376 + SADB_EXT_ADDRESS_SRC,
34377 + extr->tdb->tdb_said.proto,
34379 + extr->tdb->tdb_addr_s),
34381 + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] &
34382 + 1 << SADB_EXT_ADDRESS_DST)
34383 + || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST],
34384 + SADB_EXT_ADDRESS_DST,
34385 + extr->tdb->tdb_said.proto,
34387 + extr->tdb->tdb_addr_d),
34390 + if (error == 0) {
34391 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: "
34392 + "building extensions failed\n");
34396 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: built extensions"
34397 + ", proceed to build the message\n");
34398 + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: extensions[1]="
34399 + " %p\n", extensions[1]);
34400 + error = pfkey_msg_build(pfkey_reply, extensions, EXT_BITS_OUT);
34401 + pfkey_extensions_free(extensions);
34407 +pfkey_msg_interp(struct sock *sk, struct sadb_msg *pfkey_msg,
34408 + struct sadb_msg **pfkey_reply)
34412 + struct sadb_ext *extensions[SADB_EXT_MAX+1];
34413 + struct pfkey_extracted_data extr = {NULL, NULL, NULL};
34415 + pfkey_extensions_init(extensions);
34416 + KLIPS_PRINT(debug_pfkey,
34417 + "klips_debug:pfkey_msg_interp: parsing message "
34418 + "ver=%d, type=%d, errno=%d, satype=%d, len=%d, res=%d, seq=%d, pid=%d.\n",
34419 + pfkey_msg->sadb_msg_version,
34420 + pfkey_msg->sadb_msg_type,
34421 + pfkey_msg->sadb_msg_errno,
34422 + pfkey_msg->sadb_msg_satype,
34423 + pfkey_msg->sadb_msg_len,
34424 + pfkey_msg->sadb_msg_reserved,
34425 + pfkey_msg->sadb_msg_seq,
34426 + pfkey_msg->sadb_msg_pid);
34428 + if((error = pfkey_alloc_tdb(&(extr.tdb)))) {
34429 + KLIPS_PRINT(debug_pfkey,
34430 + "klips_debug:pfkey_msg_interp: "
34431 + "something's really wrong, extr.tdb=%p should be NULL.\n", extr.tdb);
34435 + KLIPS_PRINT(debug_pfkey,
34436 + "klips_debug:pfkey_msg_interp: "
34437 + "allocated extr->tdb=%p.\n", extr.tdb);
34439 + if(pfkey_msg->sadb_msg_satype > SADB_SATYPE_MAX) {
34440 + KLIPS_PRINT(debug_pfkey,
34441 + "klips_debug:pfkey_msg_interp: satype %d > max %d\n",
34442 + pfkey_msg->sadb_msg_satype, SADB_SATYPE_MAX);
34446 + switch(pfkey_msg->sadb_msg_type) {
34447 + case SADB_GETSPI:
34448 + case SADB_UPDATE:
34450 + case SADB_DELETE:
34451 + case SADB_X_GRPSA:
34452 + if(!(extr.tdb->tdb_said.proto = satype2proto(pfkey_msg->sadb_msg_satype))) {
34453 + KLIPS_PRINT(debug_pfkey,
34454 + "klips_debug:pfkey_msg_interp: satype %d lookup failed.\n",
34455 + pfkey_msg->sadb_msg_satype);
34459 + case SADB_X_ADDFLOW:
34460 + extr.tdb->tdb_said.proto = satype2proto(pfkey_msg->sadb_msg_satype);
34465 + /* The NULL below causes the default extension parsers to be used */
34466 + /* Parse the extensions */
34467 + if((error = pfkey_msg_parse(pfkey_msg, NULL, extensions, EXT_BITS_IN)))
34469 + KLIPS_PRINT(debug_pfkey,
34470 + "klips_debug:pfkey_msg_interp: message parsing failed with error %d.\n",
34475 + /* Process the extensions */
34476 + for(i=1; i <= SADB_EXT_MAX;i++) {
34477 + if(extensions[i] != NULL) {
34478 + KLIPS_PRINT(debug_pfkey,
34479 + "klips_debug:pfkey_msg_interp: "
34480 + "processing ext %d %p with processor %p.\n",
34481 + i, extensions[i], ext_processors[i]);
34482 + if((error = ext_processors[i](extensions[i], &extr))) {
34483 + KLIPS_PRINT(debug_pfkey,
34484 + "klips_debug:pfkey_msg_interp: extension processing for type %d failed with error %d.\n",
34493 + /* Parse the message types */
34494 + KLIPS_PRINT(debug_pfkey,
34495 + "klips_debug:pfkey_msg_interp: "
34496 + "parsing message type %d with msg_parser %p.\n",
34497 + pfkey_msg->sadb_msg_type,
34498 + msg_parsers[pfkey_msg->sadb_msg_type]);
34499 + if((error = msg_parsers[pfkey_msg->sadb_msg_type](sk, extensions, &extr))) {
34500 + KLIPS_PRINT(debug_pfkey,
34501 + "klips_debug:pfkey_msg_interp: message parsing failed with error %d.\n",
34507 + error = pfkey_build_reply(pfkey_msg, &extr, pfkey_reply);
34509 + *pfkey_reply = NULL;
34518 + * Revision 1.62 2000/11/30 21:47:51 rgb
34519 + * Fix error return bug after returning from pfkey_tdb_init().
34521 + * Revision 1.61 2000/11/17 18:10:29 rgb
34522 + * Fixed bugs mostly relating to spirange, to treat all spi variables as
34523 + * network byte order since this is the way PF_KEYv2 stored spis.
34525 + * Revision 1.60 2000/11/06 04:34:53 rgb
34526 + * Changed non-exported functions to DEBUG_NO_STATIC.
34527 + * Add Svenning's adaptive content compression.
34528 + * Ditched spin_lock_irqsave in favour of spin_lock/_bh.
34529 + * Fixed double unlock bug (Svenning).
34530 + * Fixed pfkey_msg uninitialized bug in pfkey_{expire,acquire}().
34531 + * Fixed incorrect extension type (prop) in pfkey)acquire().
34533 + * Revision 1.59 2000/10/11 15:25:12 rgb
34534 + * Fixed IPCOMP disabled compile bug.
34536 + * Revision 1.58 2000/10/11 14:54:03 rgb
34537 + * Fixed pfkey_acquire() satype to SADB_SATYPE_ESP and removed pfkey
34538 + * protocol violations of setting pfkey_address_build() protocol parameter
34539 + * to non-zero except in the case of pfkey_acquire().
34541 + * Revision 1.57 2000/10/10 20:10:18 rgb
34542 + * Added support for debug_ipcomp and debug_verbose to klipsdebug.
34544 + * Revision 1.56 2000/10/06 20:24:36 rgb
34545 + * Fixes to pfkey_acquire to initialize extensions[] and use correct
34548 + * Revision 1.55 2000/10/03 03:20:57 rgb
34549 + * Added brackets to get a?b:c scope right for pfkey_register reply.
34551 + * Revision 1.54 2000/09/29 19:49:30 rgb
34552 + * As-yet-unused-bits cleanup.
34554 + * Revision 1.53 2000/09/28 00:35:45 rgb
34555 + * Padded SATYPE printout in pfkey_register for vertical alignment.
34557 + * Revision 1.52 2000/09/20 16:21:58 rgb
34558 + * Cleaned up ident string alloc/free.
34560 + * Revision 1.51 2000/09/20 04:04:20 rgb
34561 + * Changed static functions to DEBUG_NO_STATIC to reveal function names in
34564 + * Revision 1.50 2000/09/16 01:10:53 rgb
34565 + * Fixed unused var warning with debug off.
34567 + * Revision 1.49 2000/09/15 11:37:02 rgb
34568 + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
34569 + * IPCOMP zlib deflate code.
34571 + * Revision 1.48 2000/09/15 04:57:57 rgb
34572 + * Cleaned up existing IPCOMP code before svenning addition.
34573 + * Initialize pfkey_reply and extensions_reply in case of early error in
34574 + * message parsing functions (thanks Kai!).
34576 + * Revision 1.47 2000/09/13 08:02:56 rgb
34577 + * Added KMd registration notification.
34579 + * Revision 1.46 2000/09/12 22:35:36 rgb
34580 + * Restructured to remove unused extensions from CLEARFLOW messages.
34582 + * Revision 1.45 2000/09/12 03:24:23 rgb
34583 + * Converted #if0 debugs to sysctl.
34585 + * Revision 1.44 2000/09/09 06:38:39 rgb
34586 + * Correct SADB message type for update, add and delete.
34588 + * Revision 1.43 2000/09/08 19:19:56 rgb
34589 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
34590 + * Removed all references to CONFIG_IPSEC_PFKEYv2.
34591 + * Put in sanity checks in most msg type parsers to catch invalid satypes
34592 + * and empty socket lists.
34593 + * Moved spin-locks in pfkey_get_parse() to simplify.
34594 + * Added pfkey_acquire().
34595 + * Added upwards messages to update, add, delete, acquire_parse,
34596 + * expire_parse and flush.
34597 + * Fix pfkey_prop_build() parameter to be only single indirection.
34598 + * Changed all replies to use pfkey_reply.
34599 + * Check return code on puttdb() and deltdbchain() in getspi, update,
34601 + * Fixed up all pfkey replies to open and registered sockets.
34603 + * Revision 1.42 2000/09/01 18:50:26 rgb
34604 + * Added a supported algorithms array lists, one per satype and registered
34605 + * existing algorithms.
34606 + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
34608 + * Only send pfkey_expire() messages to sockets registered for that satype.
34609 + * Added reply to pfkey_getspi_parse().
34610 + * Added reply to pfkey_get_parse().
34611 + * Fixed debug output label bug in pfkey_lifetime_process().
34612 + * Cleaned up pfkey_sa_process a little.
34613 + * Moved pfkey_safe_build() above message type parsers to make it available
34614 + * for creating replies.
34615 + * Added comments for future work in pfkey_acquire_parse().
34616 + * Fleshed out guts of pfkey_register_parse().
34618 + * Revision 1.41 2000/08/24 16:58:11 rgb
34619 + * Fixed key debugging variables.
34620 + * Fixed error return code for a failed search.
34621 + * Changed order of pfkey_get operations.
34623 + * Revision 1.40 2000/08/21 16:32:27 rgb
34624 + * Re-formatted for cosmetic consistency and readability.
34626 + * Revision 1.39 2000/08/20 21:38:57 rgb
34627 + * Bugfixes to as-yet-unused pfkey_update_parse() and
34628 + * pfkey_register_parse(). (Momchil)
34629 + * Added functions pfkey_safe_build(), pfkey_expire() and
34630 + * pfkey_build_reply(). (Momchil)
34631 + * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil)
34633 + * Revision 1.38 2000/08/18 21:30:41 rgb
34634 + * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear.
34636 + * Revision 1.37 2000/08/18 18:18:02 rgb
34637 + * Cosmetic and descriptive changes made to debug test.
34638 + * getspi and update fixes from Momchil.
34640 + * Revision 1.36 2000/08/15 15:41:55 rgb
34641 + * Fixed the (as yet unused and untested) pfkey_getspi() routine.
34643 + * Revision 1.35 2000/08/01 14:51:52 rgb
34644 + * Removed _all_ remaining traces of DES.
34646 + * Revision 1.34 2000/07/28 14:58:32 rgb
34647 + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
34649 + * Revision 1.33 2000/06/28 05:50:11 rgb
34650 + * Actually set iv_bits.
34652 + * Revision 1.32 2000/05/30 18:36:56 rgb
34653 + * Fix AH auth hash setup bug. This breaks interop with previous PF_KEY
34654 + * FreeS/WAN, but fixes interop with other implementations.
34656 + * Revision 1.31 2000/03/16 14:05:48 rgb
34657 + * Fixed brace scope preventing non-debug compile.
34658 + * Added null parameter check for pfkey_x_debug().
34660 + * Revision 1.30 2000/01/22 23:21:13 rgb
34661 + * Use new function satype2proto().
34663 + * Revision 1.29 2000/01/22 08:40:21 rgb
34664 + * Invert condition to known value to avoid AF_INET6 in 2.0.36.
34666 + * Revision 1.28 2000/01/22 07:58:57 rgb
34667 + * Fixed REPLACEFLOW bug, missing braces around KLIPS_PRINT *and* SENDERR.
34669 + * Revision 1.27 2000/01/22 03:48:01 rgb
34670 + * Added extr pointer component debugging.
34672 + * Revision 1.26 2000/01/21 09:41:25 rgb
34673 + * Changed a (void*) to (char*) cast to do proper pointer math.
34674 + * Don't call tdbwipe if tdb2 is NULL.
34676 + * Revision 1.25 2000/01/21 06:21:01 rgb
34677 + * Added address cases for eroute flows.
34678 + * Tidied up compiler directive indentation for readability.
34679 + * Added ictx,octx vars for simplification.
34680 + * Added macros for HMAC padding magic numbers.
34681 + * Converted from double tdb arguments to one structure (extr)
34682 + * containing pointers to all temporary information structures
34683 + * and checking for valid arguments to all ext processors and
34684 + * msg type parsers.
34685 + * Added spiungrp'ing.
34686 + * Added klipsdebug switching capability.
34687 + * Removed sa_process() check for zero protocol.
34688 + * Added address case for DST2 for grouping.
34689 + * Added/changed minor debugging instrumentation.
34690 + * Fixed spigrp for single said, ungrouping case.
34691 + * Added code to parse addflow and delflow messages.
34692 + * Removed redundant statements duplicating tdbwipe() functionality
34693 + * and causing double kfrees.
34694 + * Permit addflow to have a protocol of 0.
34696 + * Revision 1.24 1999/12/09 23:23:00 rgb
34697 + * Added check to pfkey_sa_process() to do eroutes.
34698 + * Converted to DIVUP() macro.
34699 + * Converted if() to switch() in pfkey_register_parse().
34700 + * Use new pfkey_extensions_init() instead of memset().
34702 + * Revision 1.23 1999/12/01 22:18:13 rgb
34703 + * Preset minspi and maxspi values in case and spirange extension is not
34704 + * included and check for the presence of an spirange extension before
34705 + * using it. Initialise tdb_sastate to LARVAL.
34706 + * Fixed debugging output typo.
34707 + * Fixed authentication context initialisation bugs (4 places).
34709 + * Revision 1.22 1999/11/27 11:53:08 rgb
34710 + * Moved pfkey_msg_parse prototype to pfkey.h
34711 + * Moved exts_permitted/required prototype to pfkey.h.
34712 + * Moved sadb_satype2proto protocol lookup table to lib/pfkey_v2_parse.c.
34713 + * Deleted SADB_X_EXT_SA2 code from pfkey_sa_process() since it will never
34715 + * Moved protocol/algorithm checks to lib/pfkey_v2_parse.c
34716 + * Debugging error messages added.
34717 + * Enable lifetime_current checking.
34718 + * Remove illegal requirement for SA extension to be present in an
34719 + * originating GETSPI call.
34720 + * Re-instate requirement for UPDATE or ADD message to be MATURE.
34721 + * Add argument to pfkey_msg_parse() for direction.
34722 + * Fixed IPIP dst address bug and purged redundant, leaky code.
34724 + * Revision 1.21 1999/11/24 05:24:20 rgb
34725 + * hanged 'void*extensions' to 'struct sadb_ext*extensions'.
34726 + * Fixed indention.
34727 + * Ditched redundant replay check.
34728 + * Fixed debug message text from 'parse' to 'process'.
34729 + * Added more debug output.
34730 + * Forgot to zero extensions array causing bug, fixed.
34732 + * Revision 1.20 1999/11/23 23:08:13 rgb
34733 + * Move all common parsing code to lib/pfkey_v2_parse.c and rename
34734 + * remaining bits to *_process. (PJO)
34735 + * Add macros for dealing with alignment and rounding up more opaquely.
34736 + * Use provided macro ADDRTOA_BUF instead of hardcoded value.
34737 + * Sort out pfkey and freeswan headers, putting them in a library path.
34738 + * Corrected a couple of bugs in as-yet-inactive code.
34740 + * Revision 1.19 1999/11/20 22:01:10 rgb
34741 + * Add more descriptive error messages for non-zero reserved fields.
34742 + * Add more descriptive error message for spirange parsing.
34743 + * Start on supported extension parsing.
34744 + * Start on register and get message parsing.
34746 + * Revision 1.18 1999/11/18 04:09:20 rgb
34747 + * Replaced all kernel version macros to shorter, readable form.
34749 + * Revision 1.17 1999/11/17 15:53:41 rgb
34750 + * Changed all occurrences of #include "../../../lib/freeswan.h"
34751 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
34752 + * klips/net/ipsec/Makefile.
34754 + * Revision 1.16 1999/10/26 16:57:43 rgb
34755 + * Add shorter macros for compiler directives to visually clean-up.
34756 + * Give ipv6 code meaningful compiler directive.
34757 + * Add comments to other #if 0 debug code.
34758 + * Remove unused *_bh_atomic() calls.
34759 + * Fix mis-placed spinlock.
34761 + * Revision 1.15 1999/10/16 18:27:10 rgb
34762 + * Clean-up unused cruft.
34763 + * Fix-up lifetime_allocations_c and lifetime_addtime_c initialisations.
34765 + * Revision 1.14 1999/10/08 18:37:34 rgb
34766 + * Fix end-of-line spacing to sate whining PHMs.
34768 + * Revision 1.13 1999/10/03 18:49:12 rgb
34769 + * Spinlock fixes for 2.0.xx and 2.3.xx.
34771 + * Revision 1.12 1999/10/01 15:44:54 rgb
34772 + * Move spinlock header include to 2.1> scope.
34774 + * Revision 1.11 1999/10/01 00:05:45 rgb
34775 + * Added tdb structure locking.
34776 + * Use 'jiffies' instead of do_get_timeofday().
34777 + * Fix lifetime assignments.
34779 + * Revision 1.10 1999/09/21 15:24:45 rgb
34780 + * Rework spirange code to save entropy and prevent endless loops.
34782 + * Revision 1.9 1999/09/16 12:10:21 rgb
34783 + * Minor fixes to random spi selection for correctness and entropy conservation.
34785 + * Revision 1.8 1999/05/25 22:54:46 rgb
34786 + * Fix comparison that should be an assignment in an if.
34788 + * Revision 1.7 1999/05/09 03:25:37 rgb
34789 + * Fix bug introduced by 2.2 quick-and-dirty patch.
34791 + * Revision 1.6 1999/05/08 21:32:30 rgb
34792 + * Fix error return reporting.
34794 + * Revision 1.5 1999/05/05 22:02:33 rgb
34795 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
34797 + * Revision 1.4 1999/04/29 15:22:40 rgb
34798 + * Standardise an error return method.
34799 + * Add debugging instrumentation.
34800 + * Add check for existence of macros min/max.
34801 + * Add extensions permitted/required in/out filters.
34802 + * Add satype-to-protocol table.
34803 + * Add a second tdb pointer to each parser to accomodate GRPSA.
34804 + * Move AH & no_algo_set to GETSPI, UPDATE and ADD.
34805 + * Add OOO window check.
34806 + * Add support for IPPROTO_IPIP and hooks for IPPROTO_COMP.
34807 + * Add timestamp to lifetime parse.
34808 + * Fix address structure length checking bug.
34809 + * Fix address structure allocation bug (forgot to kmalloc!).
34810 + * Add checks for extension lengths.
34811 + * Add checks for extension reserved illegal values.
34812 + * Add check for spirange legal values.
34813 + * Add an extension type for parsing a second satype, SA and
34815 + * Make changes to tdb_init() template to get pfkey_tdb_init(),
34816 + * eliminating any mention of xformsw.
34817 + * Implement getspi, update and grpsa (not tested).
34818 + * Add stubs for as yet unimplemented message types.
34819 + * Add table of message parsers to substitute for msg_parse switch.
34821 + * Revision 1.3 1999/04/15 17:58:07 rgb
34822 + * Add RCSID labels.
34824 + * Revision 1.2 1999/04/15 15:37:26 rgb
34825 + * Forward check changes from POST1_00 branch.
34827 + * Revision 1.1.2.1 1999/03/26 20:58:56 rgb
34828 + * Add pfkeyv2 support to KLIPS.
34831 diff -druN linux-noipsec/net/ipsec/radij.c linux/net/ipsec/radij.c
34832 --- linux-noipsec/net/ipsec/radij.c Thu Jan 1 01:00:00 1970
34833 +++ linux/net/ipsec/radij.c Mon Nov 6 05:35:21 2000
34835 +char radij_c_version[] = "RCSID $Id$";
34838 + * This file is defived from ${SRC}/sys/net/radix.c of BSD 4.4lite
34840 + * Variable and procedure names have been modified so that they don't
34841 + * conflict with the original BSD code, as a small number of modifications
34842 + * have been introduced and we may want to reuse this code in BSD.
34844 + * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek
34845 + * chi or a German ch sound (as `doch', not as in `milch'), or even a
34846 + * spanish j as in Juan. It is not as far back in the throat like
34847 + * the corresponding Hebrew sound, nor is it a soft breath like the English h.
34848 + * It has nothing to do with the Dutch ij sound.
34850 + * Here is the appropriate copyright notice:
34854 + * Copyright (c) 1988, 1989, 1993
34855 + * The Regents of the University of California. All rights reserved.
34857 + * Redistribution and use in source and binary forms, with or without
34858 + * modification, are permitted provided that the following conditions
34860 + * 1. Redistributions of source code must retain the above copyright
34861 + * notice, this list of conditions and the following disclaimer.
34862 + * 2. Redistributions in binary form must reproduce the above copyright
34863 + * notice, this list of conditions and the following disclaimer in the
34864 + * documentation and/or other materials provided with the distribution.
34865 + * 3. All advertising materials mentioning features or use of this software
34866 + * must display the following acknowledgement:
34867 + * This product includes software developed by the University of
34868 + * California, Berkeley and its contributors.
34869 + * 4. Neither the name of the University nor the names of its contributors
34870 + * may be used to endorse or promote products derived from this software
34871 + * without specific prior written permission.
34873 + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
34874 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
34875 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
34876 + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
34877 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34878 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34879 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34880 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34881 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34882 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34885 + * @(#)radix.c 8.2 (Berkeley) 1/4/94
34889 + * Routines to build and maintain radix trees for routing lookups.
34892 +#include <linux/config.h>
34893 +#include <linux/version.h>
34895 +#include <linux/kernel.h> /* printk() */
34896 +#include <linux/malloc.h> /* kmalloc() */
34897 +#include <linux/errno.h> /* error codes */
34898 +#include <linux/types.h> /* size_t */
34899 +#include <linux/interrupt.h> /* mark_bh */
34901 +#include <linux/netdevice.h> /* struct device, and other headers */
34902 +#include <linux/etherdevice.h> /* eth_type_trans */
34903 +#include <linux/ip.h> /* struct iphdr */
34904 +#include <linux/skbuff.h>
34905 +#include <freeswan.h>
34907 +#include <asm/uaccess.h>
34908 +#include <linux/in6.h>
34909 +#endif /* NET_21 */
34910 +#include <asm/checksum.h>
34911 +#include <net/ip.h>
34913 +#include "radij.h"
34914 +#include "ipsec_encap.h"
34915 +#include "ipsec_radij.h"
34916 +#include "ipsec_netlink.h"
34919 +struct radij_mask *rj_mkfreelist;
34920 +struct radij_node_head *mask_rjhead;
34921 +static int gotOddMasks;
34922 +static char *maskedKey;
34923 +static char *rj_zeroes, *rj_ones;
34925 +#define rj_masktop (mask_rjhead->rnh_treetop)
34929 +#define Bcmp(a, b, l) (l == 0 ? 0 : memcmp((caddr_t)(b), (caddr_t)(a), (size_t)l))
34931 + * The data structure for the keys is a radix tree with one way
34932 + * branching removed. The index rj_b at an internal node n represents a bit
34933 + * position to be tested. The tree is arranged so that all descendants
34934 + * of a node n have keys whose bits all agree up to position rj_b - 1.
34935 + * (We say the index of n is rj_b.)
34937 + * There is at least one descendant which has a one bit at position rj_b,
34938 + * and at least one with a zero there.
34940 + * A route is determined by a pair of key and mask. We require that the
34941 + * bit-wise logical and of the key and mask to be the key.
34942 + * We define the index of a route to associated with the mask to be
34943 + * the first bit number in the mask where 0 occurs (with bit number 0
34944 + * representing the highest order bit).
34946 + * We say a mask is normal if every bit is 0, past the index of the mask.
34947 + * If a node n has a descendant (k, m) with index(m) == index(n) == rj_b,
34948 + * and m is a normal mask, then the route applies to every descendant of n.
34949 + * If the index(m) < rj_b, this implies the trailing last few bits of k
34950 + * before bit b are all 0, (and hence consequently true of every descendant
34951 + * of n), so the route applies to all descendants of the node as well.
34953 + * The present version of the code makes no use of normal routes,
34954 + * but similar logic shows that a non-normal mask m such that
34955 + * index(m) <= index(n) could potentially apply to many children of n.
34956 + * Thus, for each non-host route, we attach its mask to a list at an internal
34957 + * node as high in the tree as we can go.
34960 +struct radij_node *
34961 +rj_search(v_arg, head)
34963 + struct radij_node *head;
34965 + register struct radij_node *x;
34966 + register caddr_t v;
34968 + for (x = head, v = v_arg; x->rj_b >= 0;) {
34969 + if (x->rj_bmask & v[x->rj_off])
34977 +struct radij_node *
34978 +rj_search_m(v_arg, head, m_arg)
34979 + struct radij_node *head;
34980 + void *v_arg, *m_arg;
34982 + register struct radij_node *x;
34983 + register caddr_t v = v_arg, m = m_arg;
34985 + for (x = head; x->rj_b >= 0;) {
34986 + if ((x->rj_bmask & m[x->rj_off]) &&
34987 + (x->rj_bmask & v[x->rj_off]))
34996 +rj_refines(m_arg, n_arg)
34997 + void *m_arg, *n_arg;
34999 + register caddr_t m = m_arg, n = n_arg;
35000 + register caddr_t lim, lim2 = lim = n + *(u_char *)n;
35001 + int longer = (*(u_char *)n++) - (int)(*(u_char *)m++);
35002 + int masks_are_equal = 1;
35006 + while (n < lim) {
35009 + if (*n++ != *m++)
35010 + masks_are_equal = 0;
35016 + if (masks_are_equal && (longer < 0))
35017 + for (lim2 = m - longer; m < lim2; )
35020 + return (!masks_are_equal);
35024 +struct radij_node *
35025 +rj_match(v_arg, head)
35027 + struct radij_node_head *head;
35029 + caddr_t v = v_arg;
35030 + register struct radij_node *t = head->rnh_treetop, *x;
35031 + register caddr_t cp = v, cp2, cp3;
35032 + caddr_t cplim, mstart;
35033 + struct radij_node *saved_t, *top = t;
35034 + int off = t->rj_off, vlen = *(u_char *)cp, matched_off;
35037 + * Open code rj_search(v, top) to avoid overhead of extra
35038 + * subroutine call.
35040 + for (; t->rj_b >= 0; ) {
35041 + if (t->rj_bmask & cp[t->rj_off])
35047 + * See if we match exactly as a host destination
35049 + KLIPS_PRINT(debug_radij,
35050 + "klips_debug:rj_match: * See if we match exactly as a host destination\n");
35052 + cp += off; cp2 = t->rj_key + off; cplim = v + vlen;
35053 + for (; cp < cplim; cp++, cp2++)
35057 + * This extra grot is in case we are explicitly asked
35058 + * to look up the default. Ugh!
35060 + if ((t->rj_flags & RJF_ROOT) && t->rj_dupedkey)
35061 + t = t->rj_dupedkey;
35064 + matched_off = cp - v;
35066 + KLIPS_PRINT(debug_radij,
35067 + "klips_debug:rj_match: ** try to match a leaf, t=0x%p\n", t);
35069 + if (t->rj_mask) {
35071 + * Even if we don't match exactly as a hosts;
35072 + * we may match if the leaf we wound up at is
35073 + * a route to a net.
35075 + cp3 = matched_off + t->rj_mask;
35076 + cp2 = matched_off + t->rj_key;
35077 + for (; cp < cplim; cp++)
35078 + if ((*cp2++ ^ *cp) & *cp3++)
35082 + cp = matched_off + v;
35084 + } while ((t = t->rj_dupedkey));
35086 + /* start searching up the tree */
35087 + KLIPS_PRINT(debug_radij,
35088 + "klips_debug:rj_match: *** start searching up the tree, t=0x%p\n", t);
35090 + register struct radij_mask *m;
35093 + KLIPS_PRINT(debug_radij,
35094 + "klips_debug:rj_match: **** t=0x%p\n", t);
35095 + if ((m = t->rj_mklist)) {
35097 + * After doing measurements here, it may
35098 + * turn out to be faster to open code
35099 + * rj_search_m here instead of always
35100 + * copying and masking.
35102 + off = min(t->rj_off, matched_off);
35103 + mstart = maskedKey + off;
35106 + cp3 = m->rm_mask + off;
35107 + KLIPS_PRINT(debug_radij,
35108 + "klips_debug:rj_match: ***** cp2=0x%p cp3=0x%p\n", cp2, cp3);
35109 + for (cp = v + off; cp < cplim;)
35110 + *cp2++ = *cp++ & *cp3++;
35111 + x = rj_search(maskedKey, t);
35112 + while (x && x->rj_mask != m->rm_mask)
35113 + x = x->rj_dupedkey;
35115 + (Bcmp(mstart, x->rj_key + off,
35116 + vlen - off) == 0))
35118 + } while ((m = m->rm_mklist));
35120 + } while (t != top);
35121 + KLIPS_PRINT(debug_radij,
35122 + "klips_debug:rj_match: ***** not found.\n");
35128 +struct radij_node *rj_clist;
35130 +DEBUG_NO_STATIC void traverse(struct radij_node *);
35135 +#endif /* RJ_DEBUG2 */
35136 +#endif /* RJ_DEBUG */
35138 +struct radij_node *
35139 +rj_newpair(v, b, nodes)
35142 + struct radij_node nodes[2];
35144 + register struct radij_node *tt = nodes, *t = tt + 1;
35145 + t->rj_b = b; t->rj_bmask = 0x80 >> (b & 7);
35146 + t->rj_l = tt; t->rj_off = b >> 3;
35147 + tt->rj_b = -1; tt->rj_key = (caddr_t)v; tt->rj_p = t;
35148 + tt->rj_flags = t->rj_flags = RJF_ACTIVE;
35150 + tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++;
35151 + tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt;
35152 +#endif /* RJ_DEBUG */
35156 +struct radij_node *
35157 +rj_insert(v_arg, head, dupentry, nodes)
35159 + struct radij_node_head *head;
35161 + struct radij_node nodes[2];
35163 + caddr_t v = v_arg;
35164 + struct radij_node *top = head->rnh_treetop;
35165 + int head_off = top->rj_off, vlen = (int)*((u_char *)v);
35166 + register struct radij_node *t = rj_search(v_arg, top);
35167 + register caddr_t cp = v + head_off;
35169 + struct radij_node *tt;
35171 + *find first bit at which v and t->rj_key differ
35174 + register caddr_t cp2 = t->rj_key + head_off;
35175 + register int cmp_res;
35176 + caddr_t cplim = v + vlen;
35178 + while (cp < cplim)
35179 + if (*cp2++ != *cp++)
35185 + cmp_res = (cp[-1] ^ cp2[-1]) & 0xff;
35186 + for (b = (cp - v) << 3; cmp_res; b--)
35190 + register struct radij_node *p, *x = top;
35194 + if (cp[x->rj_off] & x->rj_bmask)
35196 + else x = x->rj_l;
35197 + } while (b > (unsigned) x->rj_b); /* x->rj_b < b && x->rj_b >= 0 */
35200 + printk("klips_debug:Going In:\n"), traverse(p);
35201 +#endif /* RJ_DEBUG */
35202 + t = rj_newpair(v_arg, b, nodes); tt = t->rj_l;
35203 + if ((cp[p->rj_off] & p->rj_bmask) == 0)
35207 + x->rj_p = t; t->rj_p = p; /* frees x, p as temp vars below */
35208 + if ((cp[t->rj_off] & t->rj_bmask) == 0) {
35211 + t->rj_r = tt; t->rj_l = x;
35215 + printk("klips_debug:Coming out:\n"), traverse(p);
35216 +#endif /* RJ_DEBUG */
35221 +struct radij_node *
35222 +rj_addmask(n_arg, search, skip)
35223 + int search, skip;
35226 + caddr_t netmask = (caddr_t)n_arg;
35227 + register struct radij_node *x;
35228 + register caddr_t cp, cplim;
35229 + register int b, mlen, j;
35230 + int maskduplicated;
35232 + mlen = *(u_char *)netmask;
35234 + x = rj_search(netmask, rj_masktop);
35235 + mlen = *(u_char *)netmask;
35236 + if (Bcmp(netmask, x->rj_key, mlen) == 0)
35239 + R_Malloc(x, struct radij_node *, maj_keylen + 2 * sizeof (*x));
35242 + Bzero(x, maj_keylen + 2 * sizeof (*x));
35243 + cp = (caddr_t)(x + 2);
35244 + Bcopy(netmask, cp, mlen);
35246 + x = rj_insert(netmask, mask_rjhead, &maskduplicated, x);
35248 + * Calculate index of mask.
35250 + cplim = netmask + mlen;
35251 + for (cp = netmask + skip; cp < cplim; cp++)
35252 + if (*(u_char *)cp != 0xff)
35254 + b = (cp - netmask) << 3;
35255 + if (cp != cplim) {
35258 + for (j = 0x80; j; b++, j >>= 1)
35259 + if ((j & *cp) == 0)
35263 + x->rj_b = -1 - b;
35268 +struct radij_node *
35271 +rj_addroute(v_arg, n_arg, head, treenodes)
35272 + void *v_arg, *n_arg;
35273 + struct radij_node_head *head;
35274 + struct radij_node treenodes[2];
35276 + caddr_t v = (caddr_t)v_arg, netmask = (caddr_t)n_arg;
35277 + register struct radij_node *t, *x=NULL, *tt;
35278 + struct radij_node *saved_tt, *top = head->rnh_treetop;
35279 + short b = 0, b_leaf;
35280 + int mlen, keyduplicated;
35282 + struct radij_mask *m, **mp;
35285 + * In dealing with non-contiguous masks, there may be
35286 + * many different routes which have the same mask.
35287 + * We will find it useful to have a unique pointer to
35288 + * the mask to speed avoiding duplicate references at
35289 + * nodes and possibly save time in calculating indices.
35292 + x = rj_search(netmask, rj_masktop);
35293 + mlen = *(u_char *)netmask;
35294 + if (Bcmp(netmask, x->rj_key, mlen) != 0) {
35295 + x = rj_addmask(netmask, 0, top->rj_off);
35297 + return /* (0) rgb */ ENOMEM;
35299 + netmask = x->rj_key;
35300 + b = -1 - x->rj_b;
35303 + * Deal with duplicated keys: attach node to previous instance
35305 + saved_tt = tt = rj_insert(v, head, &keyduplicated, treenodes);
35306 + if (keyduplicated) {
35308 + if (tt->rj_mask == netmask)
35309 + return /* (0) rgb */ ENXIO;
35311 + if (netmask == 0 ||
35312 + (tt->rj_mask && rj_refines(netmask, tt->rj_mask)))
35314 + } while ((tt = tt->rj_dupedkey));
35316 + * If the mask is not duplicated, we wouldn't
35317 + * find it among possible duplicate key entries
35318 + * anyway, so the above test doesn't hurt.
35320 + * We sort the masks for a duplicated key the same way as
35321 + * in a masklist -- most specific to least specific.
35322 + * This may require the unfortunate nuisance of relocating
35323 + * the head of the list.
35325 + if (tt && t == saved_tt) {
35326 + struct radij_node *xx = x;
35327 + /* link in at head of list */
35328 + (tt = treenodes)->rj_dupedkey = t;
35329 + tt->rj_flags = t->rj_flags;
35330 + tt->rj_p = x = t->rj_p;
35331 + if (x->rj_l == t) x->rj_l = tt; else x->rj_r = tt;
35332 + saved_tt = tt; x = xx;
35334 + (tt = treenodes)->rj_dupedkey = t->rj_dupedkey;
35335 + t->rj_dupedkey = tt;
35338 + t=tt+1; tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++;
35339 + tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt;
35340 +#endif /* RJ_DEBUG */
35342 + tt->rj_key = (caddr_t) v;
35344 + tt->rj_flags = t->rj_flags & ~RJF_ROOT;
35347 + * Put mask in tree.
35350 + tt->rj_mask = netmask;
35351 + tt->rj_b = x->rj_b;
35353 + t = saved_tt->rj_p;
35354 + b_leaf = -1 - t->rj_b;
35355 + if (t->rj_r == saved_tt) x = t->rj_l; else x = t->rj_r;
35356 + /* Promote general routes from below */
35357 + if (x->rj_b < 0) {
35358 + if (x->rj_mask && (x->rj_b >= b_leaf) && x->rj_mklist == 0) {
35361 + Bzero(m, sizeof *m);
35362 + m->rm_b = x->rj_b;
35363 + m->rm_mask = x->rj_mask;
35364 + x->rj_mklist = t->rj_mklist = m;
35367 + } else if (x->rj_mklist) {
35369 + * Skip over masks whose index is > that of new node
35371 + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist)
35372 + if (m->rm_b >= b_leaf)
35374 + t->rj_mklist = m; *mp = 0;
35376 + /* Add new route to highest possible ancestor's list */
35377 + if ((netmask == 0) || (b > t->rj_b ))
35378 + return /* tt rgb */ 0; /* can't lift at all */
35379 + b_leaf = tt->rj_b;
35383 + } while (b <= t->rj_b && x != top);
35385 + * Search through routes associated with node to
35386 + * insert new route according to index.
35387 + * For nodes of equal index, place more specific
35390 + cplim = netmask + mlen;
35391 + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) {
35392 + if (m->rm_b < b_leaf)
35394 + if (m->rm_b > b_leaf)
35396 + if (m->rm_mask == netmask) {
35398 + tt->rj_mklist = m;
35399 + return /* tt rgb */ 0;
35401 + if (rj_refines(netmask, m->rm_mask))
35406 + printk("klips_debug:Mask for route not entered\n");
35407 + return /* (tt) rgb */ 0;
35409 + Bzero(m, sizeof *m);
35410 + m->rm_b = b_leaf;
35411 + m->rm_mask = netmask;
35412 + m->rm_mklist = *mp;
35414 + tt->rj_mklist = m;
35415 + return /* tt rgb */ 0;
35419 +rj_delete(v_arg, netmask_arg, head, node)
35420 + void *v_arg, *netmask_arg;
35421 + struct radij_node_head *head;
35422 + struct radij_node **node;
35424 + register struct radij_node *t, *p, *x, *tt;
35425 + struct radij_mask *m, *saved_m, **mp;
35426 + struct radij_node *dupedkey, *saved_tt, *top;
35427 + caddr_t v, netmask;
35428 + int b, head_off, vlen;
35431 + netmask = netmask_arg;
35432 + x = head->rnh_treetop;
35433 + tt = rj_search(v, x);
35434 + head_off = x->rj_off;
35435 + vlen = *(u_char *)v;
35439 + Bcmp(v + head_off, tt->rj_key + head_off, vlen - head_off))
35440 + return /* (0) rgb */ -EFAULT;
35442 + * Delete our route from mask lists.
35444 + if ((dupedkey = tt->rj_dupedkey)) {
35446 + netmask = rj_search(netmask, rj_masktop)->rj_key;
35447 + while (tt->rj_mask != netmask)
35448 + if ((tt = tt->rj_dupedkey) == 0)
35449 + return /* (0) rgb */ -ENXIO;
35451 + if (tt->rj_mask == 0 || (saved_m = m = tt->rj_mklist) == 0)
35453 + if (m->rm_mask != tt->rj_mask) {
35454 + printk("klips_debug:rj_delete: inconsistent annotation\n");
35457 + if (--m->rm_refs >= 0)
35459 + b = -1 - tt->rj_b;
35460 + t = saved_tt->rj_p;
35462 + goto on1; /* Wasn't lifted at all */
35466 + } while (b <= t->rj_b && x != top);
35467 + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist)
35468 + if (m == saved_m) {
35469 + *mp = m->rm_mklist;
35474 + printk("klips_debug:rj_delete: couldn't find our annotation\n");
35477 + * Eliminate us from tree
35479 + if (tt->rj_flags & RJF_ROOT)
35480 + return /* (0) rgb */ -EFAULT;
35482 + /* Get us out of the creation list */
35483 + for (t = rj_clist; t && t->rj_ybro != tt; t = t->rj_ybro) {}
35484 + if (t) t->rj_ybro = tt->rj_ybro;
35485 +#endif /* RJ_DEBUG */
35488 + if (tt == saved_tt) {
35489 + x = dupedkey; x->rj_p = t;
35490 + if (t->rj_l == tt) t->rj_l = x; else t->rj_r = x;
35492 + for (x = p = saved_tt; p && p->rj_dupedkey != tt;)
35493 + p = p->rj_dupedkey;
35494 + if (p) p->rj_dupedkey = tt->rj_dupedkey;
35495 + else printk("klips_debug:rj_delete: couldn't find us\n");
35498 + if (t->rj_flags & RJF_ACTIVE) {
35500 + *++x = *t; p = t->rj_p;
35502 + b = t->rj_info; *++x = *t; t->rj_info = b; p = t->rj_p;
35503 +#endif /* RJ_DEBUG */
35504 + if (p->rj_l == t) p->rj_l = x; else p->rj_r = x;
35505 + x->rj_l->rj_p = x; x->rj_r->rj_p = x;
35509 + if (t->rj_l == tt) x = t->rj_r; else x = t->rj_l;
35511 + if (p->rj_r == t) p->rj_r = x; else p->rj_l = x;
35514 + * Demote routes attached to us.
35516 + if (t->rj_mklist) {
35517 + if (x->rj_b >= 0) {
35518 + for (mp = &x->rj_mklist; (m = *mp);)
35519 + mp = &m->rm_mklist;
35520 + *mp = t->rj_mklist;
35522 + for (m = t->rj_mklist; m;) {
35523 + struct radij_mask *mm = m->rm_mklist;
35524 + if (m == x->rj_mklist && (--(m->rm_refs) < 0)) {
35525 + x->rj_mklist = 0;
35528 + printk("klips_debug:%s %p at %p\n",
35529 + "rj_delete: Orphaned Mask", m, x);
35535 + * We may be holding an active internal node in the tree.
35542 + b = t->rj_info; *t = *x; t->rj_info = b;
35543 +#endif /* RJ_DEBUG */
35544 + t->rj_l->rj_p = t; t->rj_r->rj_p = t;
35546 + if (p->rj_l == x) p->rj_l = t; else p->rj_r = t;
35549 + tt->rj_flags &= ~RJF_ACTIVE;
35550 + tt[1].rj_flags &= ~RJF_ACTIVE;
35552 + return /* (tt) rgb */ 0;
35556 +rj_walktree(h, f, w)
35557 + struct radij_node_head *h;
35558 + register int (*f)(struct radij_node *,void *);
35562 + struct radij_node *base, *next;
35563 + register struct radij_node *rn;
35565 + if(!h || !f /* || !w */) {
35569 + rn = h->rnh_treetop;
35571 + * This gets complicated because we may delete the node
35572 + * while applying the function f to it, so we need to calculate
35573 + * the successor node in advance.
35575 + /* First time through node, go left */
35576 + while (rn->rj_b >= 0)
35579 +#ifdef CONFIG_IPSEC_DEBUG
35580 + if(debug_radij) {
35581 + printk("klips_debug:RN_WALKTREE: for: rn=%p rj_b=%d rj_flags=%x", rn, rn->rj_b, rn->rj_flags);
35583 + printk(" node off=%x\n", rn->rj_off) :
35584 + printk(" leaf key = %08x->%08x\n",
35585 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr),
35586 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr))
35589 +#endif /* CONFIG_IPSEC_DEBUG */
35591 + /* If at right child go back up, otherwise, go right */
35592 + while (rn->rj_p->rj_r == rn && (rn->rj_flags & RJF_ROOT) == 0)
35594 + /* Find the next *leaf* since next node might vanish, too */
35595 + for (rn = rn->rj_p->rj_r; rn->rj_b >= 0;)
35598 +#ifdef CONFIG_IPSEC_DEBUG
35599 + if(debug_radij) {
35600 + printk("klips_debug:RN_WALKTREE: processing leaves, rn=%p rj_b=%d rj_flags=%x", rn, rn->rj_b, rn->rj_flags);
35602 + printk(" node off=%x\n", rn->rj_off) :
35603 + printk(" leaf key = %08x->%08x\n",
35604 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr),
35605 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr))
35608 +#endif /* CONFIG_IPSEC_DEBUG */
35609 + /* Process leaves */
35610 + while ((rn = base)) {
35611 + base = rn->rj_dupedkey;
35612 +#ifdef CONFIG_IPSEC_DEBUG
35613 + if(debug_radij) {
35614 + printk("klips_debug:RN_WALKTREE: while: base=%p rn=%p rj_b=%d rj_flags=%x",
35615 + base, rn, rn->rj_b, rn->rj_flags);
35617 + printk(" node off=%x\n", rn->rj_off) :
35618 + printk(" leaf key = %08x->%08x\n",
35619 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr),
35620 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr))
35623 +#endif /* CONFIG_IPSEC_DEBUG */
35624 + if (!(rn->rj_flags & RJF_ROOT) && (error = (*f)(rn, w)))
35628 + if (rn->rj_flags & RJF_ROOT)
35635 +rj_inithead(head, off)
35639 + register struct radij_node_head *rnh;
35640 + register struct radij_node *t, *tt, *ttt;
35643 + R_Malloc(rnh, struct radij_node_head *, sizeof (*rnh));
35646 + Bzero(rnh, sizeof (*rnh));
35648 + t = rj_newpair(rj_zeroes, off, rnh->rnh_nodes);
35649 + ttt = rnh->rnh_nodes + 2;
35653 + tt->rj_flags = t->rj_flags = RJF_ROOT | RJF_ACTIVE;
35654 + tt->rj_b = -1 - off;
35656 + ttt->rj_key = rj_ones;
35657 + rnh->rnh_addaddr = rj_addroute;
35658 + rnh->rnh_deladdr = rj_delete;
35659 + rnh->rnh_matchaddr = rj_match;
35660 + rnh->rnh_walktree = rj_walktree;
35661 + rnh->rnh_treetop = t;
35668 + char *cp, *cplim;
35670 + if (maj_keylen == 0) {
35671 + printk("klips_debug:rj_init: radij functions require maj_keylen be set\n");
35674 + R_Malloc(rj_zeroes, char *, 3 * maj_keylen);
35675 + if (rj_zeroes == NULL)
35676 + panic("rj_init");
35677 + Bzero(rj_zeroes, 3 * maj_keylen);
35678 + rj_ones = cp = rj_zeroes + maj_keylen;
35679 + maskedKey = cplim = rj_ones + maj_keylen;
35680 + while (cp < cplim)
35682 + if (rj_inithead((void **)&mask_rjhead, 0) == 0)
35683 + panic("rj_init 2");
35687 +rj_preorder(struct radij_node *rn, int l)
35692 + printk("klips_debug:rj_preorder: NULL pointer\n");
35696 + if (rn->rj_b >= 0){
35697 + rj_preorder(rn->rj_l, l+1);
35698 + rj_preorder(rn->rj_r, l+1);
35699 + printk("klips_debug:");
35700 + for (i=0; i<l; i++)
35702 + printk(" off = %d\n", rn->rj_off);
35704 + printk("klips_debug:");
35705 + for (i=0; i<l; i++)
35707 + printk(" flags = %x", (u_int)rn->rj_flags);
35708 + if (rn->rj_flags & RJF_ACTIVE) {
35709 + printk(" @key = %p", rn->rj_key);
35711 + printk(" key = %08x->%08x",
35712 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr),
35713 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr));
35715 + printk(" @mask = %p", rn->rj_mask);
35717 + printk(" mask = %08x->%08x",
35718 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_src.s_addr),
35719 + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_dst.s_addr));
35721 + if (rn->rj_dupedkey)
35722 + printk(" dupedkey = %08x", (u_int)rn->rj_dupedkey);
35729 +DEBUG_NO_STATIC void traverse(struct radij_node *p)
35731 + rj_preorder(p, 0);
35733 +#endif /* RJ_DEBUG */
35736 +rj_dumptrees(void)
35738 + rj_preorder(rnh->rnh_treetop, 0);
35742 +rj_free_mkfreelist(void)
35744 + struct radij_mask *mknp, *mknp2;
35746 + mknp = rj_mkfreelist;
35750 + mknp = mknp->rm_mklist;
35756 +radijcleartree(void)
35758 + return rj_walktree(rnh, ipsec_rj_walker_delete, NULL);
35762 +radijcleanup(void)
35766 + error = radijcleartree();
35768 + rj_free_mkfreelist();
35770 +/* rj_walktree(mask_rjhead, ipsec_rj_walker_delete, NULL); */
35771 + if(mask_rjhead) {
35772 + kfree(mask_rjhead);
35776 + kfree(rj_zeroes);
35788 + * Revision 1.31 2000/11/06 04:35:21 rgb
35789 + * Clear table *before* releasing other items in radijcleanup.
35791 + * Revision 1.30 2000/09/20 04:07:40 rgb
35792 + * Changed static functions to DEBUG_NO_STATIC to reveal function names in
35795 + * Revision 1.29 2000/09/12 03:25:02 rgb
35796 + * Moved radij_c_version printing to ipsec_version_get_info().
35798 + * Revision 1.28 2000/09/08 19:12:56 rgb
35799 + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
35801 + * Revision 1.27 2000/07/28 14:58:32 rgb
35802 + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
35804 + * Revision 1.26 2000/05/10 23:11:37 rgb
35805 + * Comment out most of the startup version information.
35807 + * Revision 1.25 2000/01/21 06:21:47 rgb
35808 + * Change return codes to negative on error.
35810 + * Revision 1.24 1999/11/18 04:09:20 rgb
35811 + * Replaced all kernel version macros to shorter, readable form.
35813 + * Revision 1.23 1999/11/17 15:53:41 rgb
35814 + * Changed all occurrences of #include "../../../lib/freeswan.h"
35815 + * to #include <freeswan.h> which works due to -Ilibfreeswan in the
35816 + * klips/net/ipsec/Makefile.
35818 + * Revision 1.22 1999/10/15 22:17:28 rgb
35819 + * Modify radijcleanup() to call radijcleartree().
35821 + * Revision 1.21 1999/10/08 18:37:34 rgb
35822 + * Fix end-of-line spacing to sate whining PHMs.
35824 + * Revision 1.20 1999/10/01 15:44:54 rgb
35825 + * Move spinlock header include to 2.1> scope.
35827 + * Revision 1.19 1999/10/01 08:35:52 rgb
35828 + * Add spinlock include to shut up compiler for 2.0.38.
35830 + * Revision 1.18 1999/09/23 18:02:52 rgb
35831 + * De-alarm the search failure message so it doesn't sound so grave.
35833 + * Revision 1.17 1999/05/25 21:26:01 rgb
35834 + * Fix rj_walktree() sanity checking bug.
35836 + * Revision 1.16 1999/05/09 03:25:38 rgb
35837 + * Fix bug introduced by 2.2 quick-and-dirty patch.
35839 + * Revision 1.15 1999/05/05 22:02:33 rgb
35840 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
35842 + * Revision 1.14 1999/04/29 15:24:15 rgb
35843 + * Add sanity checking for null pointer arguments.
35844 + * Standardise an error return method.
35846 + * Revision 1.13 1999/04/11 00:29:02 henry
35847 + * GPL boilerplate
35849 + * Revision 1.12 1999/04/06 04:54:28 rgb
35850 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
35851 + * patch shell fixes.
35853 + * Revision 1.11 1999/02/17 16:52:53 rgb
35854 + * Convert DEBUG_IPSEC to KLIPS_PRINT
35855 + * Clean out unused cruft.
35857 + * Revision 1.10 1999/01/22 06:30:05 rgb
35858 + * Cruft clean-out.
35859 + * 64-bit clean-up.
35861 + * Revision 1.9 1998/12/01 13:22:04 rgb
35862 + * Added support for debug printing of version info.
35864 + * Revision 1.8 1998/11/30 13:22:55 rgb
35865 + * Rationalised all the klips kernel file headers. They are much shorter
35866 + * now and won't conflict under RH5.2.
35868 + * Revision 1.7 1998/10/25 02:43:26 rgb
35869 + * Change return type on rj_addroute and rj_delete and add and argument
35870 + * to the latter to be able to transmit more infomation about errors.
35872 + * Revision 1.6 1998/10/19 14:30:06 rgb
35873 + * Added inclusion of freeswan.h.
35875 + * Revision 1.5 1998/10/09 04:33:27 rgb
35876 + * Added 'klips_debug' prefix to all klips printk debug statements.
35877 + * Fixed output formatting slightly.
35879 + * Revision 1.4 1998/07/28 00:06:59 rgb
35880 + * Add debug detail to tree traversing.
35882 + * Revision 1.3 1998/07/14 18:07:58 rgb
35883 + * Add a routine to clear the eroute tree.
35885 + * Revision 1.2 1998/06/25 20:03:22 rgb
35886 + * Cleanup #endif comments. Debug output for rj_init.
35888 + * Revision 1.1 1998/06/18 21:30:22 henry
35889 + * move sources from klips/src to klips/net/ipsec to keep stupid kernel
35890 + * build scripts happier about symlinks
35892 + * Revision 1.8 1998/05/25 20:34:15 rgb
35893 + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
35895 + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
35896 + * add ipsec_rj_walker_delete.
35898 + * Recover memory for eroute table on unload of module.
35900 + * Revision 1.7 1998/05/21 12:58:58 rgb
35901 + * Moved 'extern' definitions to ipsec_radij.h to support /proc 3k limit fix.
35903 + * Revision 1.6 1998/04/23 20:57:29 rgb
35904 + * Cleaned up compiler warnings for unused debugging functions.
35906 + * Revision 1.5 1998/04/22 16:51:38 rgb
35907 + * Tidy up radij debug code from recent rash of modifications to debug code.
35909 + * Revision 1.4 1998/04/21 21:28:56 rgb
35910 + * Rearrange debug switches to change on the fly debug output from user
35911 + * space. Only kernel changes checked in at this time. radij.c was also
35912 + * changed to temporarily remove buggy debugging code in rj_delete causing
35913 + * an OOPS and hence, netlink device open errors.
35915 + * Revision 1.3 1998/04/14 17:30:37 rgb
35916 + * Fix up compiling errors for radij tree memory reclamation.
35918 + * Revision 1.2 1998/04/12 22:03:25 rgb
35919 + * Updated ESP-3DES-HMAC-MD5-96,
35920 + * ESP-DES-HMAC-MD5-96,
35921 + * AH-HMAC-MD5-96,
35922 + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
35923 + * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
35925 + * Fixed eroute references in /proc/net/ipsec*.
35927 + * Started to patch module unloading memory leaks in ipsec_netlink and
35928 + * radij tree unloading.
35930 + * Revision 1.1 1998/04/09 03:06:15 henry
35931 + * sources moved up from linux/net/ipsec
35933 + * Revision 1.1.1.1 1998/04/08 05:35:03 henry
35934 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
35936 + * Revision 0.4 1997/01/15 01:28:15 ji
35939 + * Revision 0.3 1996/11/20 14:39:04 ji
35940 + * Minor cleanups.
35941 + * Rationalized debugging code.
35943 + * Revision 0.2 1996/11/02 00:18:33 ji
35944 + * First limited release.
35948 diff -druN linux-noipsec/net/ipsec/radij.h linux/net/ipsec/radij.h
35949 --- linux-noipsec/net/ipsec/radij.h Thu Jan 1 01:00:00 1970
35950 +++ linux/net/ipsec/radij.h Thu Nov 18 05:09:20 1999
35957 + * This file is defived from ${SRC}/sys/net/radix.h of BSD 4.4lite
35959 + * Variable and procedure names have been modified so that they don't
35960 + * conflict with the original BSD code, as a small number of modifications
35961 + * have been introduced and we may want to reuse this code in BSD.
35963 + * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek
35964 + * chi or a German ch sound (as `doch', not as in `milch'), or even a
35965 + * spanish j as in Juan. It is not as far back in the throat like
35966 + * the corresponding Hebrew sound, nor is it a soft breath like the English h.
35967 + * It has nothing to do with the Dutch ij sound.
35969 + * Here is the appropriate copyright notice:
35973 + * Copyright (c) 1988, 1989, 1993
35974 + * The Regents of the University of California. All rights reserved.
35976 + * Redistribution and use in source and binary forms, with or without
35977 + * modification, are permitted provided that the following conditions
35979 + * 1. Redistributions of source code must retain the above copyright
35980 + * notice, this list of conditions and the following disclaimer.
35981 + * 2. Redistributions in binary form must reproduce the above copyright
35982 + * notice, this list of conditions and the following disclaimer in the
35983 + * documentation and/or other materials provided with the distribution.
35984 + * 3. All advertising materials mentioning features or use of this software
35985 + * must display the following acknowledgement:
35986 + * This product includes software developed by the University of
35987 + * California, Berkeley and its contributors.
35988 + * 4. Neither the name of the University nor the names of its contributors
35989 + * may be used to endorse or promote products derived from this software
35990 + * without specific prior written permission.
35992 + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
35993 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35994 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
35995 + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
35996 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
35997 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35998 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35999 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36000 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36001 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36004 + * @(#)radix.h 8.1 (Berkeley) 6/10/93
36026 +static __inline__ int min(unsigned int a, unsigned int b)
36035 +static __inline__ int max(unsigned int a, unsigned int b)
36042 +#endif /* NET_21 */
36045 + * Radix search tree node layout.
36050 + struct radij_mask *rj_mklist; /* list of masks contained in subtree */
36051 + struct radij_node *rj_p; /* parent */
36052 + short rj_b; /* bit offset; -1-index(netmask) */
36053 + char rj_bmask; /* node: mask for bit test*/
36054 + u_char rj_flags; /* enumerated next */
36055 +#define RJF_NORMAL 1 /* leaf contains normal route */
36056 +#define RJF_ROOT 2 /* leaf is root leaf for tree */
36057 +#define RJF_ACTIVE 4 /* This node is alive (for rtfree) */
36059 + struct { /* leaf only data: */
36060 + caddr_t rj_Key; /* object of search */
36061 + caddr_t rj_Mask; /* netmask, if present */
36062 + struct radij_node *rj_Dupedkey;
36064 + struct { /* node only data: */
36065 + int rj_Off; /* where to start compare */
36066 + struct radij_node *rj_L;/* progeny */
36067 + struct radij_node *rj_R;/* progeny */
36072 + struct radij_node *rj_twin;
36073 + struct radij_node *rj_ybro;
36077 +#define rj_dupedkey rj_u.rj_leaf.rj_Dupedkey
36078 +#define rj_key rj_u.rj_leaf.rj_Key
36079 +#define rj_mask rj_u.rj_leaf.rj_Mask
36080 +#define rj_off rj_u.rj_node.rj_Off
36081 +#define rj_l rj_u.rj_node.rj_L
36082 +#define rj_r rj_u.rj_node.rj_R
36085 + * Annotations to tree concerning potential routes applying to subtrees.
36088 +extern struct radij_mask {
36089 + short rm_b; /* bit offset; -1-index(netmask) */
36090 + char rm_unused; /* cf. rj_bmask */
36091 + u_char rm_flags; /* cf. rj_flags */
36092 + struct radij_mask *rm_mklist; /* more masks to try */
36093 + caddr_t rm_mask; /* the mask */
36094 + int rm_refs; /* # of references to this struct */
36097 +#define MKGet(m) {\
36098 + if (rj_mkfreelist) {\
36099 + m = rj_mkfreelist; \
36100 + rj_mkfreelist = (m)->rm_mklist; \
36102 + R_Malloc(m, struct radij_mask *, sizeof (*(m))); }\
36104 +#define MKFree(m) { (m)->rm_mklist = rj_mkfreelist; rj_mkfreelist = (m);}
36106 +struct radij_node_head {
36107 + struct radij_node *rnh_treetop;
36108 + int rnh_addrsize; /* permit, but not require fixed keys */
36109 + int rnh_pktsize; /* permit, but not require fixed keys */
36111 + struct radij_node *(*rnh_addaddr) /* add based on sockaddr */
36112 + __P((void *v, void *mask,
36113 + struct radij_node_head *head, struct radij_node nodes[]));
36115 + int (*rnh_addaddr) /* add based on sockaddr */
36116 + __P((void *v, void *mask,
36117 + struct radij_node_head *head, struct radij_node nodes[]));
36118 + struct radij_node *(*rnh_addpkt) /* add based on packet hdr */
36119 + __P((void *v, void *mask,
36120 + struct radij_node_head *head, struct radij_node nodes[]));
36122 + struct radij_node *(*rnh_deladdr) /* remove based on sockaddr */
36123 + __P((void *v, void *mask, struct radij_node_head *head));
36125 + int (*rnh_deladdr) /* remove based on sockaddr */
36126 + __P((void *v, void *mask, struct radij_node_head *head, struct radij_node **node));
36127 + struct radij_node *(*rnh_delpkt) /* remove based on packet hdr */
36128 + __P((void *v, void *mask, struct radij_node_head *head));
36129 + struct radij_node *(*rnh_matchaddr) /* locate based on sockaddr */
36130 + __P((void *v, struct radij_node_head *head));
36131 + struct radij_node *(*rnh_matchpkt) /* locate based on packet hdr */
36132 + __P((void *v, struct radij_node_head *head));
36133 + int (*rnh_walktree) /* traverse tree */
36134 + __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w));
36135 + struct radij_node rnh_nodes[3]; /* empty tree for common case */
36139 +#define Bcmp(a, b, n) memcmp(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n))
36140 +#define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n))
36141 +#define Bzero(p, n) memset((caddr_t)(p), 0, (unsigned)(n))
36142 +#define R_Malloc(p, t, n) ((p = (t) kmalloc((size_t)(n), GFP_ATOMIC)), Bzero((p),(n)))
36143 +#define Free(p) kfree((caddr_t)p);
36145 +void rj_init __P((void));
36146 +int rj_inithead __P((void **, int));
36147 +int rj_refines __P((void *, void *));
36148 +int rj_walktree __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w));
36150 + *rj_addmask __P((void *, int, int)) /* , rgb */ ;
36151 +int /* * */ rj_addroute __P((void *, void *, struct radij_node_head *,
36152 + struct radij_node [2])) /* , rgb */ ;
36153 +int /* * */ rj_delete __P((void *, void *, struct radij_node_head *, struct radij_node **)) /* , rgb */ ;
36154 +struct radij_node /* rgb */
36155 + *rj_insert __P((void *, struct radij_node_head *, int *,
36156 + struct radij_node [2])),
36157 + *rj_match __P((void *, struct radij_node_head *)),
36158 + *rj_newpair __P((void *, int, struct radij_node[2])),
36159 + *rj_search __P((void *, struct radij_node *)),
36160 + *rj_search_m __P((void *, struct radij_node *, void *));
36162 +void rj_deltree(struct radij_node_head *);
36163 +void rj_delnodes(struct radij_node *);
36164 +void rj_free_mkfreelist(void);
36165 +int radijcleartree(void);
36166 +int radijcleanup(void);
36168 +extern struct radij_node_head *mask_rjhead;
36169 +extern int maj_keylen;
36170 +#endif /* __KERNEL__ */
36172 +#endif /* _RADIJ_H_ */
36177 + * Revision 1.10 1999/11/18 04:09:20 rgb
36178 + * Replaced all kernel version macros to shorter, readable form.
36180 + * Revision 1.9 1999/05/05 22:02:33 rgb
36181 + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
36183 + * Revision 1.8 1999/04/29 15:24:58 rgb
36184 + * Add check for existence of macros min/max.
36186 + * Revision 1.7 1999/04/11 00:29:02 henry
36187 + * GPL boilerplate
36189 + * Revision 1.6 1999/04/06 04:54:29 rgb
36190 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
36191 + * patch shell fixes.
36193 + * Revision 1.5 1999/01/22 06:30:32 rgb
36194 + * 64-bit clean-up.
36196 + * Revision 1.4 1998/11/30 13:22:55 rgb
36197 + * Rationalised all the klips kernel file headers. They are much shorter
36198 + * now and won't conflict under RH5.2.
36200 + * Revision 1.3 1998/10/25 02:43:27 rgb
36201 + * Change return type on rj_addroute and rj_delete and add and argument
36202 + * to the latter to be able to transmit more infomation about errors.
36204 + * Revision 1.2 1998/07/14 18:09:51 rgb
36205 + * Add a routine to clear eroute table.
36206 + * Added #ifdef __KERNEL__ directives to restrict scope of header.
36208 + * Revision 1.1 1998/06/18 21:30:22 henry
36209 + * move sources from klips/src to klips/net/ipsec to keep stupid kernel
36210 + * build scripts happier about symlinks
36212 + * Revision 1.4 1998/05/25 20:34:16 rgb
36213 + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
36215 + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
36216 + * add ipsec_rj_walker_delete.
36218 + * Recover memory for eroute table on unload of module.
36220 + * Revision 1.3 1998/04/22 16:51:37 rgb
36221 + * Tidy up radij debug code from recent rash of modifications to debug code.
36223 + * Revision 1.2 1998/04/14 17:30:38 rgb
36224 + * Fix up compiling errors for radij tree memory reclamation.
36226 + * Revision 1.1 1998/04/09 03:06:16 henry
36227 + * sources moved up from linux/net/ipsec
36229 + * Revision 1.1.1.1 1998/04/08 05:35:04 henry
36230 + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
36232 + * Revision 0.4 1997/01/15 01:28:15 ji
36235 + * Revision 0.3 1996/11/20 14:44:45 ji
36236 + * Release update only.
36238 + * Revision 0.2 1996/11/02 00:18:33 ji
36239 + * First limited release.
36243 diff -druN linux-noipsec/net/ipsec/sysctl_net_ipsec.c linux/net/ipsec/sysctl_net_ipsec.c
36244 --- linux-noipsec/net/ipsec/sysctl_net_ipsec.c Thu Jan 1 01:00:00 1970
36245 +++ linux/net/ipsec/sysctl_net_ipsec.c Sat Sep 16 03:50:15 2000
36248 + * sysctl interface to net IPSEC subsystem.
36249 + * Copyright (C) 1998, 1999, 2000 Richard Guy Briggs.
36251 + * This program is free software; you can redistribute it and/or modify it
36252 + * under the terms of the GNU General Public License as published by the
36253 + * Free Software Foundation; either version 2 of the License, or (at your
36254 + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
36256 + * This program is distributed in the hope that it will be useful, but
36257 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
36258 + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
36259 + * for more details.
36264 +/* -*- linux-c -*-
36266 + * Initiated April 3, 1998, Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
36269 +#include <linux/mm.h>
36270 +#include <linux/sysctl.h>
36272 +#ifdef CONFIG_SYSCTL
36274 +#define NET_IPSEC 2112 /* Random number */
36275 +#ifdef CONFIG_IPSEC_DEBUG
36276 +extern int debug_ah;
36277 +extern int debug_esp;
36278 +extern int debug_tunnel;
36279 +extern int debug_eroute;
36280 +extern int debug_spi;
36281 +extern int debug_radij;
36282 +extern int debug_netlink;
36283 +extern int debug_xform;
36284 +extern int debug_rcv;
36285 +extern int debug_pfkey;
36286 +extern int sysctl_ipsec_debug_verbose;
36287 +#ifdef CONFIG_IPSEC_IPCOMP
36288 +extern int sysctl_ipsec_debug_ipcomp;
36289 +#endif /* CONFIG_IPSEC_IPCOMP */
36290 +#endif /* CONFIG_IPSEC_DEBUG */
36292 +extern int sysctl_ipsec_icmp;
36293 +extern int sysctl_ipsec_no_eroute_pass;
36294 +extern int sysctl_ipsec_inbound_policy_check;
36295 +extern int sysctl_ipsec_opportunistic;
36296 +extern int sysctl_ipsec_tos;
36299 +#ifdef CONFIG_IPSEC_DEBUG
36300 + NET_IPSEC_DEBUG_AH=1,
36301 + NET_IPSEC_DEBUG_ESP=2,
36302 + NET_IPSEC_DEBUG_TUNNEL=3,
36303 + NET_IPSEC_DEBUG_EROUTE=4,
36304 + NET_IPSEC_DEBUG_SPI=5,
36305 + NET_IPSEC_DEBUG_RADIJ=6,
36306 + NET_IPSEC_DEBUG_NETLINK=7,
36307 + NET_IPSEC_DEBUG_XFORM=8,
36308 + NET_IPSEC_DEBUG_RCV=9,
36309 + NET_IPSEC_DEBUG_PFKEY=10,
36310 + NET_IPSEC_DEBUG_VERBOSE=11,
36311 + NET_IPSEC_DEBUG_IPCOMP=12,
36312 +#endif /* CONFIG_IPSEC_DEBUG */
36313 + NET_IPSEC_ICMP=13,
36314 + NET_IPSEC_NO_EROUTE_PASS=14,
36315 + NET_IPSEC_INBOUND_POLICY_CHECK=15,
36316 + NET_IPSEC_OPPORTUNISTIC=16,
36320 +static ctl_table ipsec_table[] = {
36321 +#ifdef CONFIG_IPSEC_DEBUG
36322 + { NET_IPSEC_DEBUG_AH, "debug_ah", &debug_ah,
36323 + sizeof(int), 0644, NULL, &proc_dointvec},
36324 + { NET_IPSEC_DEBUG_ESP, "debug_esp", &debug_esp,
36325 + sizeof(int), 0644, NULL, &proc_dointvec},
36326 + { NET_IPSEC_DEBUG_TUNNEL, "debug_tunnel", &debug_tunnel,
36327 + sizeof(int), 0644, NULL, &proc_dointvec},
36328 + { NET_IPSEC_DEBUG_EROUTE, "debug_eroute", &debug_eroute,
36329 + sizeof(int), 0644, NULL, &proc_dointvec},
36330 + { NET_IPSEC_DEBUG_SPI, "debug_spi", &debug_spi,
36331 + sizeof(int), 0644, NULL, &proc_dointvec},
36332 + { NET_IPSEC_DEBUG_RADIJ, "debug_radij", &debug_radij,
36333 + sizeof(int), 0644, NULL, &proc_dointvec},
36334 + { NET_IPSEC_DEBUG_NETLINK, "debug_netlink", &debug_netlink,
36335 + sizeof(int), 0644, NULL, &proc_dointvec},
36336 + { NET_IPSEC_DEBUG_XFORM, "debug_xform", &debug_xform,
36337 + sizeof(int), 0644, NULL, &proc_dointvec},
36338 + { NET_IPSEC_DEBUG_RCV, "debug_rcv", &debug_rcv,
36339 + sizeof(int), 0644, NULL, &proc_dointvec},
36340 + { NET_IPSEC_DEBUG_PFKEY, "debug_pfkey", &debug_pfkey,
36341 + sizeof(int), 0644, NULL, &proc_dointvec},
36342 + { NET_IPSEC_DEBUG_VERBOSE, "debug_verbose",&sysctl_ipsec_debug_verbose,
36343 + sizeof(int), 0644, NULL, &proc_dointvec},
36344 +#ifdef CONFIG_IPSEC_IPCOMP
36345 + { NET_IPSEC_DEBUG_IPCOMP, "debug_ipcomp", &sysctl_ipsec_debug_ipcomp,
36346 + sizeof(int), 0644, NULL, &proc_dointvec},
36347 +#endif /* CONFIG_IPSEC_IPCOMP */
36348 +#endif /* CONFIG_IPSEC_DEBUG */
36349 + { NET_IPSEC_ICMP, "icmp", &sysctl_ipsec_icmp,
36350 + sizeof(int), 0644, NULL, &proc_dointvec},
36351 + { NET_IPSEC_NO_EROUTE_PASS, "no_eroute_pass", &sysctl_ipsec_no_eroute_pass,
36352 + sizeof(int), 0644, NULL, &proc_dointvec},
36353 + { NET_IPSEC_INBOUND_POLICY_CHECK, "inbound_policy_check", &sysctl_ipsec_inbound_policy_check,
36354 + sizeof(int), 0644, NULL, &proc_dointvec},
36355 + { NET_IPSEC_OPPORTUNISTIC, "opportunistic", &sysctl_ipsec_opportunistic,
36356 + sizeof(int), 0644, NULL, &proc_dointvec},
36357 + { NET_IPSEC_TOS, "tos", &sysctl_ipsec_tos,
36358 + sizeof(int), 0644, NULL, &proc_dointvec},
36362 +static ctl_table ipsec_net_table[] = {
36363 + { NET_IPSEC, "ipsec", NULL, 0, 0555, ipsec_table },
36367 +static ctl_table ipsec_root_table[] = {
36368 + { CTL_NET, "net", NULL, 0, 0555, ipsec_net_table },
36372 +static struct ctl_table_header *ipsec_table_header;
36374 +int ipsec_sysctl_register(void)
36376 + ipsec_table_header = register_sysctl_table(ipsec_root_table, 0);
36377 + if (!ipsec_table_header) {
36383 +void ipsec_sysctl_unregister(void)
36385 + unregister_sysctl_table(ipsec_table_header);
36388 +#endif /* CONFIG_SYSCTL */
36392 + * Revision 1.10 2000/09/16 01:50:15 rgb
36393 + * Protect sysctl_ipsec_debug_ipcomp with compiler defines too so that the
36394 + * linker won't blame rj_delete() for missing symbols. ;-> Damn statics...
36396 + * Revision 1.9 2000/09/15 23:17:51 rgb
36397 + * Moved stuff around to compile with debug off.
36399 + * Revision 1.8 2000/09/15 11:37:02 rgb
36400 + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
36401 + * IPCOMP zlib deflate code.
36403 + * Revision 1.7 2000/09/15 07:37:15 rgb
36404 + * Munged silly log comment that was causing a warning.
36406 + * Revision 1.6 2000/09/15 04:58:23 rgb
36407 + * Added tos runtime switch.
36408 + * Removed 'sysctl_ipsec_' prefix from /proc/sys/net/ipsec/ filenames.
36410 + * Revision 1.5 2000/09/12 03:25:28 rgb
36411 + * Filled in and implemented sysctl.
36413 + * Revision 1.4 1999/04/11 00:29:03 henry
36414 + * GPL boilerplate
36416 + * Revision 1.3 1999/04/06 04:54:29 rgb
36417 + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
36418 + * patch shell fixes.
36421 diff -druN linux-noipsec/net/ipsec/version.c linux/net/ipsec/version.c
36422 --- linux-noipsec/net/ipsec/version.c Thu Jan 1 01:00:00 1970
36423 +++ linux/net/ipsec/version.c Thu Nov 30 06:02:51 2000
36425 +/* silly pointless RCSID $Id$ */
36426 +static const char freeswan_version[] = "1.8";
36427 diff -druN linux-noipsec/net/ipsec/zlib/Makefile linux/net/ipsec/zlib/Makefile
36428 --- linux-noipsec/net/ipsec/zlib/Makefile Thu Jan 1 01:00:00 1970
36429 +++ linux/net/ipsec/zlib/Makefile Fri Sep 29 20:51:33 2000
36431 +# Makefile for IPCOMP zlib deflate code
36432 +# Copyright (C) 1998, 1999, 2000 Richard Guy Briggs.
36433 +# Copyright (C) 2000 Svenning Soerensen
36435 +# This program is free software; you can redistribute it and/or modify it
36436 +# under the terms of the GNU General Public License as published by the
36437 +# Free Software Foundation; either version 2 of the License, or (at your
36438 +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
36440 +# This program is distributed in the hope that it will be useful, but
36441 +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
36442 +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
36443 +# for more details.
36449 +TOPDIR := /usr/src/linux
36453 +L_TARGET := zlib.a
36454 +L_OBJS := adler32.o deflate.o infblock.o infcodes.o inffast.o inflate.o inftrees.o infutil.o trees.o zutil.o
36457 +ifeq ($(CONFIG_IPSEC_DEBUG),y)
36458 +override CFLAGS += -g
36461 +override CFLAGS += -Wall
36462 +#override CFLAGS += -Wconversion
36463 +#override CFLAGS += -Wmissing-prototypes
36464 +override CFLAGS += -Wpointer-arith
36465 +#override CFLAGS += -Wcast-qual
36466 +#override CFLAGS += -Wmissing-declarations
36467 +override CFLAGS += -Wstrict-prototypes
36468 +#override CFLAGS += -pedantic
36469 +#override CFLAGS += -O3
36470 +#override CFLAGS += -W
36471 +#override CFLAGS += -Wwrite-strings
36472 +override CFLAGS += -Wbad-function-cast
36473 +override CFLAGS += -DIPCOMP_PREFIX
36476 + $(CC) -D__ASSEMBLY__ -DNO_UNDERLINE -traditional -c $< -o $*.o
36479 + L_OBJS += match586.o
36480 + override CFLAGS += -DASMV
36482 +ifdef CONFIG_M586TSC
36483 + L_OBJS += match586.o
36484 + override CFLAGS += -DASMV
36487 + L_OBJS += match686.o
36488 + override CFLAGS += -DASMV
36492 +include $(TOPDIR)/Rules.make
36494 +$(L_OBJS): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h
36501 +# Revision 1.1.1.1 2000/09/29 18:51:33 rgb
36505 diff -druN linux-noipsec/net/ipsec/zlib/adler32.c linux/net/ipsec/zlib/adler32.c
36506 --- linux-noipsec/net/ipsec/zlib/adler32.c Thu Jan 1 01:00:00 1970
36507 +++ linux/net/ipsec/zlib/adler32.c Fri Sep 29 20:51:33 2000
36509 +/* adler32.c -- compute the Adler-32 checksum of a data stream
36510 + * Copyright (C) 1995-1998 Mark Adler
36511 + * For conditions of distribution and use, see copyright notice in zlib.h
36518 +#define BASE 65521L /* largest prime smaller than 65536 */
36520 +/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
36522 +#define DO1(buf,i) {s1 += buf[i]; s2 += s1;}
36523 +#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1);
36524 +#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2);
36525 +#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4);
36526 +#define DO16(buf) DO8(buf,0); DO8(buf,8);
36528 +/* ========================================================================= */
36529 +uLong ZEXPORT adler32(adler, buf, len)
36531 + const Bytef *buf;
36534 + unsigned long s1 = adler & 0xffff;
36535 + unsigned long s2 = (adler >> 16) & 0xffff;
36538 + if (buf == Z_NULL) return 1L;
36540 + while (len > 0) {
36541 + k = len < NMAX ? len : NMAX;
36543 + while (k >= 16) {
36555 + return (s2 << 16) | s1;
36557 diff -druN linux-noipsec/net/ipsec/zlib/deflate.c linux/net/ipsec/zlib/deflate.c
36558 --- linux-noipsec/net/ipsec/zlib/deflate.c Thu Jan 1 01:00:00 1970
36559 +++ linux/net/ipsec/zlib/deflate.c Fri Sep 29 20:51:33 2000
36561 +/* deflate.c -- compress data using the deflation algorithm
36562 + * Copyright (C) 1995-1998 Jean-loup Gailly.
36563 + * For conditions of distribution and use, see copyright notice in zlib.h
36569 + * The "deflation" process depends on being able to identify portions
36570 + * of the input text which are identical to earlier input (within a
36571 + * sliding window trailing behind the input currently being processed).
36573 + * The most straightforward technique turns out to be the fastest for
36574 + * most input files: try all possible matches and select the longest.
36575 + * The key feature of this algorithm is that insertions into the string
36576 + * dictionary are very simple and thus fast, and deletions are avoided
36577 + * completely. Insertions are performed at each input character, whereas
36578 + * string matches are performed only when the previous match ends. So it
36579 + * is preferable to spend more time in matches to allow very fast string
36580 + * insertions and avoid deletions. The matching algorithm for small
36581 + * strings is inspired from that of Rabin & Karp. A brute force approach
36582 + * is used to find longer strings when a small match has been found.
36583 + * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
36584 + * (by Leonid Broukhis).
36585 + * A previous version of this file used a more sophisticated algorithm
36586 + * (by Fiala and Greene) which is guaranteed to run in linear amortized
36587 + * time, but has a larger average cost, uses more memory and is patented.
36588 + * However the F&G algorithm may be faster for some highly redundant
36589 + * files if the parameter max_chain_length (described below) is too large.
36591 + * ACKNOWLEDGEMENTS
36593 + * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
36594 + * I found it in 'freeze' written by Leonid Broukhis.
36595 + * Thanks to many people for bug reports and testing.
36599 + * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification".
36600 + * Available in ftp://ds.internic.net/rfc/rfc1951.txt
36602 + * A description of the Rabin and Karp algorithm is given in the book
36603 + * "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
36605 + * Fiala,E.R., and Greene,D.H.
36606 + * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
36612 +#include "deflate.h"
36614 +local const char deflate_copyright[] =
36615 + " deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly ";
36617 + If you use the zlib library in a product, an acknowledgment is welcome
36618 + in the documentation of your product. If for some reason you cannot
36619 + include such an acknowledgment, I would appreciate that you keep this
36620 + copyright string in the executable of your product.
36623 +/* ===========================================================================
36624 + * Function prototypes.
36627 + need_more, /* block not completed, need more input or more output */
36628 + block_done, /* block flush performed */
36629 + finish_started, /* finish started, need only more output at next deflate */
36630 + finish_done /* finish done, accept no more input or output */
36633 +typedef block_state (*compress_func) OF((deflate_state *s, int flush));
36634 +/* Compression function. Returns the block state after the call. */
36636 +local void fill_window OF((deflate_state *s));
36637 +local block_state deflate_stored OF((deflate_state *s, int flush));
36638 +local block_state deflate_fast OF((deflate_state *s, int flush));
36639 +local block_state deflate_slow OF((deflate_state *s, int flush));
36640 +local void lm_init OF((deflate_state *s));
36641 +local void putShortMSB OF((deflate_state *s, uInt b));
36642 +local void flush_pending OF((z_streamp strm));
36643 +local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size));
36645 + void match_init OF((void)); /* asm code initialization */
36646 + uInt longest_match OF((deflate_state *s, IPos cur_match));
36648 +local uInt longest_match OF((deflate_state *s, IPos cur_match));
36652 +local void check_match OF((deflate_state *s, IPos start, IPos match,
36656 +/* ===========================================================================
36661 +/* Tail of hash chains */
36664 +# define TOO_FAR 4096
36666 +/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
36668 +#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
36669 +/* Minimum amount of lookahead, except at the end of the input file.
36670 + * See deflate.c for comments about the MIN_MATCH+1.
36673 +/* Values for max_lazy_match, good_match and max_chain_length, depending on
36674 + * the desired pack level (0..9). The values given below have been tuned to
36675 + * exclude worst case performance for pathological files. Better values may be
36676 + * found for specific files.
36678 +typedef struct config_s {
36679 + ush good_length; /* reduce lazy search above this match length */
36680 + ush max_lazy; /* do not perform lazy search above this match length */
36681 + ush nice_length; /* quit search above this match length */
36683 + compress_func func;
36686 +local const config configuration_table[10] = {
36687 +/* good lazy nice chain */
36688 +/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */
36689 +/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */
36690 +/* 2 */ {4, 5, 16, 8, deflate_fast},
36691 +/* 3 */ {4, 6, 32, 32, deflate_fast},
36693 +/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */
36694 +/* 5 */ {8, 16, 32, 32, deflate_slow},
36695 +/* 6 */ {8, 16, 128, 128, deflate_slow},
36696 +/* 7 */ {8, 32, 128, 256, deflate_slow},
36697 +/* 8 */ {32, 128, 258, 1024, deflate_slow},
36698 +/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */
36700 +/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
36701 + * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
36706 +/* result of memcmp for equal strings */
36708 +struct static_tree_desc_s {int dummy;}; /* for buggy compilers */
36710 +/* ===========================================================================
36711 + * Update a hash value with the given input byte
36712 + * IN assertion: all calls to to UPDATE_HASH are made with consecutive
36713 + * input characters, so that a running hash key can be computed from the
36714 + * previous key instead of complete recalculation each time.
36716 +#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
36719 +/* ===========================================================================
36720 + * Insert string str in the dictionary and set match_head to the previous head
36721 + * of the hash chain (the most recent string with same hash key). Return
36722 + * the previous length of the hash chain.
36723 + * If this file is compiled with -DFASTEST, the compression level is forced
36724 + * to 1, and no hash chains are maintained.
36725 + * IN assertion: all calls to to INSERT_STRING are made with consecutive
36726 + * input characters and the first MIN_MATCH bytes of str are valid
36727 + * (except for the last MIN_MATCH-1 bytes of the input file).
36730 +#define INSERT_STRING(s, str, match_head) \
36731 + (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
36732 + match_head = s->head[s->ins_h], \
36733 + s->head[s->ins_h] = (Pos)(str))
36735 +#define INSERT_STRING(s, str, match_head) \
36736 + (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
36737 + s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \
36738 + s->head[s->ins_h] = (Pos)(str))
36741 +/* ===========================================================================
36742 + * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
36743 + * prev[] will be initialized on the fly.
36745 +#define CLEAR_HASH(s) \
36746 + s->head[s->hash_size-1] = NIL; \
36747 + zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
36749 +/* ========================================================================= */
36750 +int ZEXPORT deflateInit_(strm, level, version, stream_size)
36753 + const char *version;
36756 + return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
36757 + Z_DEFAULT_STRATEGY, version, stream_size);
36758 + /* To do: ignore strm->next_in if we use it as window */
36761 +/* ========================================================================= */
36762 +int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
36763 + version, stream_size)
36770 + const char *version;
36773 + deflate_state *s;
36774 + int noheader = 0;
36775 + static const char* my_version = ZLIB_VERSION;
36778 + /* We overlay pending_buf and d_buf+l_buf. This works since the average
36779 + * output size for (length,distance) codes is <= 24 bits.
36782 + if (version == Z_NULL || version[0] != my_version[0] ||
36783 + stream_size != sizeof(z_stream)) {
36784 + return Z_VERSION_ERROR;
36786 + if (strm == Z_NULL) return Z_STREAM_ERROR;
36788 + strm->msg = Z_NULL;
36789 + if (strm->zalloc == Z_NULL) {
36790 + return Z_STREAM_ERROR;
36791 +/* strm->zalloc = zcalloc;
36792 + strm->opaque = (voidpf)0;*/
36794 + if (strm->zfree == Z_NULL) return Z_STREAM_ERROR; /* strm->zfree = zcfree; */
36796 + if (level == Z_DEFAULT_COMPRESSION) level = 6;
36801 + if (windowBits < 0) { /* undocumented feature: suppress zlib header */
36803 + windowBits = -windowBits;
36805 + if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
36806 + windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
36807 + strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
36808 + return Z_STREAM_ERROR;
36810 + s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
36811 + if (s == Z_NULL) return Z_MEM_ERROR;
36812 + strm->state = (struct internal_state FAR *)s;
36815 + s->noheader = noheader;
36816 + s->w_bits = windowBits;
36817 + s->w_size = 1 << s->w_bits;
36818 + s->w_mask = s->w_size - 1;
36820 + s->hash_bits = memLevel + 7;
36821 + s->hash_size = 1 << s->hash_bits;
36822 + s->hash_mask = s->hash_size - 1;
36823 + s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
36825 + s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
36826 + s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
36827 + s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
36829 + s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
36831 + overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
36832 + s->pending_buf = (uchf *) overlay;
36833 + s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
36835 + if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
36836 + s->pending_buf == Z_NULL) {
36837 + strm->msg = ERR_MSG(Z_MEM_ERROR);
36838 + deflateEnd (strm);
36839 + return Z_MEM_ERROR;
36841 + s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
36842 + s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
36844 + s->level = level;
36845 + s->strategy = strategy;
36846 + s->method = (Byte)method;
36848 + return deflateReset(strm);
36851 +/* ========================================================================= */
36852 +int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength)
36854 + const Bytef *dictionary;
36857 + deflate_state *s;
36858 + uInt length = dictLength;
36860 + IPos hash_head = 0;
36862 + if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL ||
36863 + strm->state->status != INIT_STATE) return Z_STREAM_ERROR;
36866 + strm->adler = adler32(strm->adler, dictionary, dictLength);
36868 + if (length < MIN_MATCH) return Z_OK;
36869 + if (length > MAX_DIST(s)) {
36870 + length = MAX_DIST(s);
36871 +#ifndef USE_DICT_HEAD
36872 + dictionary += dictLength - length; /* use the tail of the dictionary */
36875 + zmemcpy(s->window, dictionary, length);
36876 + s->strstart = length;
36877 + s->block_start = (long)length;
36879 + /* Insert all strings in the hash table (except for the last two bytes).
36880 + * s->lookahead stays null, so s->ins_h will be recomputed at the next
36881 + * call of fill_window.
36883 + s->ins_h = s->window[0];
36884 + UPDATE_HASH(s, s->ins_h, s->window[1]);
36885 + for (n = 0; n <= length - MIN_MATCH; n++) {
36886 + INSERT_STRING(s, n, hash_head);
36888 + if (hash_head) hash_head = 0; /* to make compiler happy */
36892 +/* ========================================================================= */
36893 +int ZEXPORT deflateReset (strm)
36896 + deflate_state *s;
36898 + if (strm == Z_NULL || strm->state == Z_NULL ||
36899 + strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR;
36901 + strm->total_in = strm->total_out = 0;
36902 + strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
36903 + strm->data_type = Z_UNKNOWN;
36905 + s = (deflate_state *)strm->state;
36907 + s->pending_out = s->pending_buf;
36909 + if (s->noheader < 0) {
36910 + s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */
36912 + s->status = s->noheader ? BUSY_STATE : INIT_STATE;
36914 + s->last_flush = Z_NO_FLUSH;
36922 +/* ========================================================================= */
36923 +int ZEXPORT deflateParams(strm, level, strategy)
36928 + deflate_state *s;
36929 + compress_func func;
36932 + if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
36935 + if (level == Z_DEFAULT_COMPRESSION) {
36938 + if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
36939 + return Z_STREAM_ERROR;
36941 + func = configuration_table[s->level].func;
36943 + if (func != configuration_table[level].func && strm->total_in != 0) {
36944 + /* Flush the last buffer: */
36945 + err = deflate(strm, Z_PARTIAL_FLUSH);
36947 + if (s->level != level) {
36948 + s->level = level;
36949 + s->max_lazy_match = configuration_table[level].max_lazy;
36950 + s->good_match = configuration_table[level].good_length;
36951 + s->nice_match = configuration_table[level].nice_length;
36952 + s->max_chain_length = configuration_table[level].max_chain;
36954 + s->strategy = strategy;
36958 +/* =========================================================================
36959 + * Put a short in the pending buffer. The 16-bit value is put in MSB order.
36960 + * IN assertion: the stream state is correct and there is enough room in
36963 +local void putShortMSB (s, b)
36964 + deflate_state *s;
36967 + put_byte(s, (Byte)(b >> 8));
36968 + put_byte(s, (Byte)(b & 0xff));
36971 +/* =========================================================================
36972 + * Flush as much pending output as possible. All deflate() output goes
36973 + * through this function so some applications may wish to modify it
36974 + * to avoid allocating a large strm->next_out buffer and copying into it.
36975 + * (See also read_buf()).
36977 +local void flush_pending(strm)
36980 + unsigned len = strm->state->pending;
36982 + if (len > strm->avail_out) len = strm->avail_out;
36983 + if (len == 0) return;
36985 + zmemcpy(strm->next_out, strm->state->pending_out, len);
36986 + strm->next_out += len;
36987 + strm->state->pending_out += len;
36988 + strm->total_out += len;
36989 + strm->avail_out -= len;
36990 + strm->state->pending -= len;
36991 + if (strm->state->pending == 0) {
36992 + strm->state->pending_out = strm->state->pending_buf;
36996 +/* ========================================================================= */
36997 +int ZEXPORT deflate (strm, flush)
37001 + int old_flush; /* value of flush param for previous deflate call */
37002 + deflate_state *s;
37004 + if (strm == Z_NULL || strm->state == Z_NULL ||
37005 + flush > Z_FINISH || flush < 0) {
37006 + return Z_STREAM_ERROR;
37010 + if (strm->next_out == Z_NULL ||
37011 + (strm->next_in == Z_NULL && strm->avail_in != 0) ||
37012 + (s->status == FINISH_STATE && flush != Z_FINISH)) {
37013 + ERR_RETURN(strm, Z_STREAM_ERROR);
37015 + if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
37017 + s->strm = strm; /* just in case */
37018 + old_flush = s->last_flush;
37019 + s->last_flush = flush;
37021 + /* Write the zlib header */
37022 + if (s->status == INIT_STATE) {
37024 + uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
37025 + uInt level_flags = (s->level-1) >> 1;
37027 + if (level_flags > 3) level_flags = 3;
37028 + header |= (level_flags << 6);
37029 + if (s->strstart != 0) header |= PRESET_DICT;
37030 + header += 31 - (header % 31);
37032 + s->status = BUSY_STATE;
37033 + putShortMSB(s, header);
37035 + /* Save the adler32 of the preset dictionary: */
37036 + if (s->strstart != 0) {
37037 + putShortMSB(s, (uInt)(strm->adler >> 16));
37038 + putShortMSB(s, (uInt)(strm->adler & 0xffff));
37040 + strm->adler = 1L;
37043 + /* Flush as much pending output as possible */
37044 + if (s->pending != 0) {
37045 + flush_pending(strm);
37046 + if (strm->avail_out == 0) {
37047 + /* Since avail_out is 0, deflate will be called again with
37048 + * more output space, but possibly with both pending and
37049 + * avail_in equal to zero. There won't be anything to do,
37050 + * but this is not an error situation so make sure we
37051 + * return OK instead of BUF_ERROR at next call of deflate:
37053 + s->last_flush = -1;
37057 + /* Make sure there is something to do and avoid duplicate consecutive
37058 + * flushes. For repeated and useless calls with Z_FINISH, we keep
37059 + * returning Z_STREAM_END instead of Z_BUFF_ERROR.
37061 + } else if (strm->avail_in == 0 && flush <= old_flush &&
37062 + flush != Z_FINISH) {
37063 + ERR_RETURN(strm, Z_BUF_ERROR);
37066 + /* User must not provide more input after the first FINISH: */
37067 + if (s->status == FINISH_STATE && strm->avail_in != 0) {
37068 + ERR_RETURN(strm, Z_BUF_ERROR);
37071 + /* Start a new block or continue the current one.
37073 + if (strm->avail_in != 0 || s->lookahead != 0 ||
37074 + (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
37075 + block_state bstate;
37077 + bstate = (*(configuration_table[s->level].func))(s, flush);
37079 + if (bstate == finish_started || bstate == finish_done) {
37080 + s->status = FINISH_STATE;
37082 + if (bstate == need_more || bstate == finish_started) {
37083 + if (strm->avail_out == 0) {
37084 + s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
37087 + /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
37088 + * of deflate should use the same flush parameter to make sure
37089 + * that the flush is complete. So we don't have to output an
37090 + * empty block here, this will be done at next call. This also
37091 + * ensures that for a very small output buffer, we emit at most
37092 + * one empty block.
37095 + if (bstate == block_done) {
37096 + if (flush == Z_PARTIAL_FLUSH) {
37098 + } else { /* FULL_FLUSH or SYNC_FLUSH */
37099 + _tr_stored_block(s, (char*)0, 0L, 0);
37100 + /* For a full flush, this empty block will be recognized
37101 + * as a special marker by inflate_sync().
37103 + if (flush == Z_FULL_FLUSH) {
37104 + CLEAR_HASH(s); /* forget history */
37107 + flush_pending(strm);
37108 + if (strm->avail_out == 0) {
37109 + s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
37114 + Assert(strm->avail_out > 0, "bug2");
37116 + if (flush != Z_FINISH) return Z_OK;
37117 + if (s->noheader) return Z_STREAM_END;
37119 + /* Write the zlib trailer (adler32) */
37120 + putShortMSB(s, (uInt)(strm->adler >> 16));
37121 + putShortMSB(s, (uInt)(strm->adler & 0xffff));
37122 + flush_pending(strm);
37123 + /* If avail_out is zero, the application will call deflate again
37124 + * to flush the rest.
37126 + s->noheader = -1; /* write the trailer only once! */
37127 + return s->pending != 0 ? Z_OK : Z_STREAM_END;
37130 +/* ========================================================================= */
37131 +int ZEXPORT deflateEnd (strm)
37136 + if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
37138 + status = strm->state->status;
37139 + if (status != INIT_STATE && status != BUSY_STATE &&
37140 + status != FINISH_STATE) {
37141 + return Z_STREAM_ERROR;
37144 + /* Deallocate in reverse order of allocations: */
37145 + TRY_FREE(strm, strm->state->pending_buf);
37146 + TRY_FREE(strm, strm->state->head);
37147 + TRY_FREE(strm, strm->state->prev);
37148 + TRY_FREE(strm, strm->state->window);
37150 + ZFREE(strm, strm->state);
37151 + strm->state = Z_NULL;
37153 + return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
37156 +/* =========================================================================
37157 + * Copy the source state to the destination state.
37158 + * To simplify the source, this is not supported for 16-bit MSDOS (which
37159 + * doesn't have enough memory anyway to duplicate compression states).
37161 +int ZEXPORT deflateCopy (dest, source)
37163 + z_streamp source;
37166 + return Z_STREAM_ERROR;
37168 + deflate_state *ds;
37169 + deflate_state *ss;
37173 + if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
37174 + return Z_STREAM_ERROR;
37177 + ss = source->state;
37181 + ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state));
37182 + if (ds == Z_NULL) return Z_MEM_ERROR;
37183 + dest->state = (struct internal_state FAR *) ds;
37187 + ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
37188 + ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
37189 + ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
37190 + overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
37191 + ds->pending_buf = (uchf *) overlay;
37193 + if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
37194 + ds->pending_buf == Z_NULL) {
37195 + deflateEnd (dest);
37196 + return Z_MEM_ERROR;
37198 + /* following zmemcpy do not work for 16-bit MSDOS */
37199 + zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
37200 + zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos));
37201 + zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos));
37202 + zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
37204 + ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
37205 + ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
37206 + ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
37208 + ds->l_desc.dyn_tree = ds->dyn_ltree;
37209 + ds->d_desc.dyn_tree = ds->dyn_dtree;
37210 + ds->bl_desc.dyn_tree = ds->bl_tree;
37216 +/* ===========================================================================
37217 + * Read a new buffer from the current input stream, update the adler32
37218 + * and total number of bytes read. All deflate() input goes through
37219 + * this function so some applications may wish to modify it to avoid
37220 + * allocating a large strm->next_in buffer and copying from it.
37221 + * (See also flush_pending()).
37223 +local int read_buf(strm, buf, size)
37228 + unsigned len = strm->avail_in;
37230 + if (len > size) len = size;
37231 + if (len == 0) return 0;
37233 + strm->avail_in -= len;
37235 + if (!strm->state->noheader) {
37236 + strm->adler = adler32(strm->adler, strm->next_in, len);
37238 + zmemcpy(buf, strm->next_in, len);
37239 + strm->next_in += len;
37240 + strm->total_in += len;
37245 +/* ===========================================================================
37246 + * Initialize the "longest match" routines for a new zlib stream
37248 +local void lm_init (s)
37249 + deflate_state *s;
37251 + s->window_size = (ulg)2L*s->w_size;
37255 + /* Set the default configuration parameters:
37257 + s->max_lazy_match = configuration_table[s->level].max_lazy;
37258 + s->good_match = configuration_table[s->level].good_length;
37259 + s->nice_match = configuration_table[s->level].nice_length;
37260 + s->max_chain_length = configuration_table[s->level].max_chain;
37263 + s->block_start = 0L;
37264 + s->lookahead = 0;
37265 + s->match_length = s->prev_length = MIN_MATCH-1;
37266 + s->match_available = 0;
37269 + match_init(); /* initialize the asm code */
37273 +/* ===========================================================================
37274 + * Set match_start to the longest match starting at the given string and
37275 + * return its length. Matches shorter or equal to prev_length are discarded,
37276 + * in which case the result is equal to prev_length and match_start is
37278 + * IN assertions: cur_match is the head of the hash chain for the current
37279 + * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
37280 + * OUT assertion: the match length is not greater than s->lookahead.
37283 +/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
37284 + * match.S. The code will be functionally equivalent.
37287 +local uInt longest_match(s, cur_match)
37288 + deflate_state *s;
37289 + IPos cur_match; /* current match */
37291 + unsigned chain_length = s->max_chain_length;/* max hash chain length */
37292 + register Bytef *scan = s->window + s->strstart; /* current string */
37293 + register Bytef *match; /* matched string */
37294 + register int len; /* length of current match */
37295 + int best_len = s->prev_length; /* best match length so far */
37296 + int nice_match = s->nice_match; /* stop if match long enough */
37297 + IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
37298 + s->strstart - (IPos)MAX_DIST(s) : NIL;
37299 + /* Stop when cur_match becomes <= limit. To simplify the code,
37300 + * we prevent matches with the string of window index 0.
37302 + Posf *prev = s->prev;
37303 + uInt wmask = s->w_mask;
37305 +#ifdef UNALIGNED_OK
37306 + /* Compare two bytes at a time. Note: this is not always beneficial.
37307 + * Try with and without -DUNALIGNED_OK to check.
37309 + register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
37310 + register ush scan_start = *(ushf*)scan;
37311 + register ush scan_end = *(ushf*)(scan+best_len-1);
37313 + register Bytef *strend = s->window + s->strstart + MAX_MATCH;
37314 + register Byte scan_end1 = scan[best_len-1];
37315 + register Byte scan_end = scan[best_len];
37318 + /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
37319 + * It is easy to get rid of this optimization if necessary.
37321 + Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
37323 + /* Do not waste too much time if we already have a good match: */
37324 + if (s->prev_length >= s->good_match) {
37325 + chain_length >>= 2;
37327 + /* Do not look for matches beyond the end of the input. This is necessary
37328 + * to make deflate deterministic.
37330 + if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead;
37332 + Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
37335 + Assert(cur_match < s->strstart, "no future");
37336 + match = s->window + cur_match;
37338 + /* Skip to next match if the match length cannot increase
37339 + * or if the match length is less than 2:
37341 +#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
37342 + /* This code assumes sizeof(unsigned short) == 2. Do not use
37343 + * UNALIGNED_OK if your compiler uses a different size.
37345 + if (*(ushf*)(match+best_len-1) != scan_end ||
37346 + *(ushf*)match != scan_start) continue;
37348 + /* It is not necessary to compare scan[2] and match[2] since they are
37349 + * always equal when the other bytes match, given that the hash keys
37350 + * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
37351 + * strstart+3, +5, ... up to strstart+257. We check for insufficient
37352 + * lookahead only every 4th comparison; the 128th check will be made
37353 + * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
37354 + * necessary to put more guard bytes at the end of the window, or
37355 + * to check more often for insufficient lookahead.
37357 + Assert(scan[2] == match[2], "scan[2]?");
37360 + } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
37361 + *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
37362 + *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
37363 + *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
37365 + /* The funny "do {}" generates better code on most compilers */
37367 + /* Here, scan <= window+strstart+257 */
37368 + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
37369 + if (*scan == *match) scan++;
37371 + len = (MAX_MATCH - 1) - (int)(strend-scan);
37372 + scan = strend - (MAX_MATCH-1);
37374 +#else /* UNALIGNED_OK */
37376 + if (match[best_len] != scan_end ||
37377 + match[best_len-1] != scan_end1 ||
37378 + *match != *scan ||
37379 + *++match != scan[1]) continue;
37381 + /* The check at best_len-1 can be removed because it will be made
37382 + * again later. (This heuristic is not always a win.)
37383 + * It is not necessary to compare scan[2] and match[2] since they
37384 + * are always equal when the other bytes match, given that
37385 + * the hash keys are equal and that HASH_BITS >= 8.
37387 + scan += 2, match++;
37388 + Assert(*scan == *match, "match[2]?");
37390 + /* We check for insufficient lookahead only every 8th comparison;
37391 + * the 256th check will be made at strstart+258.
37394 + } while (*++scan == *++match && *++scan == *++match &&
37395 + *++scan == *++match && *++scan == *++match &&
37396 + *++scan == *++match && *++scan == *++match &&
37397 + *++scan == *++match && *++scan == *++match &&
37400 + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
37402 + len = MAX_MATCH - (int)(strend - scan);
37403 + scan = strend - MAX_MATCH;
37405 +#endif /* UNALIGNED_OK */
37407 + if (len > best_len) {
37408 + s->match_start = cur_match;
37410 + if (len >= nice_match) break;
37411 +#ifdef UNALIGNED_OK
37412 + scan_end = *(ushf*)(scan+best_len-1);
37414 + scan_end1 = scan[best_len-1];
37415 + scan_end = scan[best_len];
37418 + } while ((cur_match = prev[cur_match & wmask]) > limit
37419 + && --chain_length != 0);
37421 + if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
37422 + return s->lookahead;
37425 +#else /* FASTEST */
37426 +/* ---------------------------------------------------------------------------
37427 + * Optimized version for level == 1 only
37429 +local uInt longest_match(s, cur_match)
37430 + deflate_state *s;
37431 + IPos cur_match; /* current match */
37433 + register Bytef *scan = s->window + s->strstart; /* current string */
37434 + register Bytef *match; /* matched string */
37435 + register int len; /* length of current match */
37436 + register Bytef *strend = s->window + s->strstart + MAX_MATCH;
37438 + /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
37439 + * It is easy to get rid of this optimization if necessary.
37441 + Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
37443 + Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
37445 + Assert(cur_match < s->strstart, "no future");
37447 + match = s->window + cur_match;
37449 + /* Return failure if the match length is less than 2:
37451 + if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1;
37453 + /* The check at best_len-1 can be removed because it will be made
37454 + * again later. (This heuristic is not always a win.)
37455 + * It is not necessary to compare scan[2] and match[2] since they
37456 + * are always equal when the other bytes match, given that
37457 + * the hash keys are equal and that HASH_BITS >= 8.
37459 + scan += 2, match += 2;
37460 + Assert(*scan == *match, "match[2]?");
37462 + /* We check for insufficient lookahead only every 8th comparison;
37463 + * the 256th check will be made at strstart+258.
37466 + } while (*++scan == *++match && *++scan == *++match &&
37467 + *++scan == *++match && *++scan == *++match &&
37468 + *++scan == *++match && *++scan == *++match &&
37469 + *++scan == *++match && *++scan == *++match &&
37472 + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
37474 + len = MAX_MATCH - (int)(strend - scan);
37476 + if (len < MIN_MATCH) return MIN_MATCH - 1;
37478 + s->match_start = cur_match;
37479 + return len <= s->lookahead ? len : s->lookahead;
37481 +#endif /* FASTEST */
37485 +/* ===========================================================================
37486 + * Check that the match at match_start is indeed a match.
37488 +local void check_match(s, start, match, length)
37489 + deflate_state *s;
37490 + IPos start, match;
37493 + /* check that the match is indeed a match */
37494 + if (zmemcmp(s->window + match,
37495 + s->window + start, length) != EQUAL) {
37496 + fprintf(stderr, " start %u, match %u, length %d\n",
37497 + start, match, length);
37499 + fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
37500 + } while (--length != 0);
37501 + z_error("invalid match");
37503 + if (z_verbose > 1) {
37504 + fprintf(stderr,"\\[%d,%d]", start-match, length);
37505 + do { putc(s->window[start++], stderr); } while (--length != 0);
37509 +# define check_match(s, start, match, length)
37512 +/* ===========================================================================
37513 + * Fill the window when the lookahead becomes insufficient.
37514 + * Updates strstart and lookahead.
37516 + * IN assertion: lookahead < MIN_LOOKAHEAD
37517 + * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
37518 + * At least one byte has been read, or avail_in == 0; reads are
37519 + * performed for at least two bytes (required for the zip translate_eol
37520 + * option -- not supported here).
37522 +local void fill_window(s)
37523 + deflate_state *s;
37525 + register unsigned n, m;
37526 + register Posf *p;
37527 + unsigned more; /* Amount of free space at the end of the window. */
37528 + uInt wsize = s->w_size;
37531 + more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
37533 + /* Deal with !@#$% 64K limit: */
37534 + if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
37537 + } else if (more == (unsigned)(-1)) {
37538 + /* Very unlikely, but possible on 16 bit machine if strstart == 0
37539 + * and lookahead == 1 (input done one byte at time)
37543 + /* If the window is almost full and there is insufficient lookahead,
37544 + * move the upper half to the lower one to make room in the upper half.
37546 + } else if (s->strstart >= wsize+MAX_DIST(s)) {
37548 + zmemcpy(s->window, s->window+wsize, (unsigned)wsize);
37549 + s->match_start -= wsize;
37550 + s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
37551 + s->block_start -= (long) wsize;
37553 + /* Slide the hash table (could be avoided with 32 bit values
37554 + at the expense of memory usage). We slide even when level == 0
37555 + to keep the hash table consistent if we switch back to level > 0
37556 + later. (Using level 0 permanently is not an optimal usage of
37557 + zlib, so we don't care about this pathological case.)
37559 + n = s->hash_size;
37563 + *p = (Pos)(m >= wsize ? m-wsize : NIL);
37571 + *p = (Pos)(m >= wsize ? m-wsize : NIL);
37572 + /* If n is not on any hash chain, prev[n] is garbage but
37573 + * its value will never be used.
37579 + if (s->strm->avail_in == 0) return;
37581 + /* If there was no sliding:
37582 + * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
37583 + * more == window_size - lookahead - strstart
37584 + * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
37585 + * => more >= window_size - 2*WSIZE + 2
37586 + * In the BIG_MEM or MMAP case (not yet supported),
37587 + * window_size == input_size + MIN_LOOKAHEAD &&
37588 + * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
37589 + * Otherwise, window_size == 2*WSIZE so more >= 2.
37590 + * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
37592 + Assert(more >= 2, "more < 2");
37594 + n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
37595 + s->lookahead += n;
37597 + /* Initialize the hash value now that we have some input: */
37598 + if (s->lookahead >= MIN_MATCH) {
37599 + s->ins_h = s->window[s->strstart];
37600 + UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
37601 +#if MIN_MATCH != 3
37602 + Call UPDATE_HASH() MIN_MATCH-3 more times
37605 + /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
37606 + * but this is not important since only literal bytes will be emitted.
37609 + } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
37612 +/* ===========================================================================
37613 + * Flush the current block, with given end-of-file flag.
37614 + * IN assertion: strstart is set to the end of the current match.
37616 +#define FLUSH_BLOCK_ONLY(s, eof) { \
37617 + _tr_flush_block(s, (s->block_start >= 0L ? \
37618 + (charf *)&s->window[(unsigned)s->block_start] : \
37619 + (charf *)Z_NULL), \
37620 + (ulg)((long)s->strstart - s->block_start), \
37622 + s->block_start = s->strstart; \
37623 + flush_pending(s->strm); \
37624 + Tracev((stderr,"[FLUSH]")); \
37627 +/* Same but force premature exit if necessary. */
37628 +#define FLUSH_BLOCK(s, eof) { \
37629 + FLUSH_BLOCK_ONLY(s, eof); \
37630 + if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \
37633 +/* ===========================================================================
37634 + * Copy without compression as much as possible from the input stream, return
37635 + * the current block state.
37636 + * This function does not insert new strings in the dictionary since
37637 + * uncompressible data is probably not useful. This function is used
37638 + * only for the level=0 compression option.
37639 + * NOTE: this function should be optimized to avoid extra copying from
37640 + * window to pending_buf.
37642 +local block_state deflate_stored(s, flush)
37643 + deflate_state *s;
37646 + /* Stored blocks are limited to 0xffff bytes, pending_buf is limited
37647 + * to pending_buf_size, and each stored block has a 5 byte header:
37649 + ulg max_block_size = 0xffff;
37652 + if (max_block_size > s->pending_buf_size - 5) {
37653 + max_block_size = s->pending_buf_size - 5;
37656 + /* Copy as much as possible from input to output: */
37658 + /* Fill the window as much as possible: */
37659 + if (s->lookahead <= 1) {
37661 + Assert(s->strstart < s->w_size+MAX_DIST(s) ||
37662 + s->block_start >= (long)s->w_size, "slide too late");
37665 + if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more;
37667 + if (s->lookahead == 0) break; /* flush the current block */
37669 + Assert(s->block_start >= 0L, "block gone");
37671 + s->strstart += s->lookahead;
37672 + s->lookahead = 0;
37674 + /* Emit a stored block if pending_buf will be full: */
37675 + max_start = s->block_start + max_block_size;
37676 + if (s->strstart == 0 || (ulg)s->strstart >= max_start) {
37677 + /* strstart == 0 is possible when wraparound on 16-bit machine */
37678 + s->lookahead = (uInt)(s->strstart - max_start);
37679 + s->strstart = (uInt)max_start;
37680 + FLUSH_BLOCK(s, 0);
37682 + /* Flush if we may have to slide, otherwise block_start may become
37683 + * negative and the data will be gone:
37685 + if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) {
37686 + FLUSH_BLOCK(s, 0);
37689 + FLUSH_BLOCK(s, flush == Z_FINISH);
37690 + return flush == Z_FINISH ? finish_done : block_done;
37693 +/* ===========================================================================
37694 + * Compress as much as possible from the input stream, return the current
37696 + * This function does not perform lazy evaluation of matches and inserts
37697 + * new strings in the dictionary only for unmatched strings or for short
37698 + * matches. It is used only for the fast compression options.
37700 +local block_state deflate_fast(s, flush)
37701 + deflate_state *s;
37704 + IPos hash_head = NIL; /* head of the hash chain */
37705 + int bflush; /* set if current block must be flushed */
37708 + /* Make sure that we always have enough lookahead, except
37709 + * at the end of the input file. We need MAX_MATCH bytes
37710 + * for the next match, plus MIN_MATCH bytes to insert the
37711 + * string following the next match.
37713 + if (s->lookahead < MIN_LOOKAHEAD) {
37715 + if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
37716 + return need_more;
37718 + if (s->lookahead == 0) break; /* flush the current block */
37721 + /* Insert the string window[strstart .. strstart+2] in the
37722 + * dictionary, and set hash_head to the head of the hash chain:
37724 + if (s->lookahead >= MIN_MATCH) {
37725 + INSERT_STRING(s, s->strstart, hash_head);
37728 + /* Find the longest match, discarding those <= prev_length.
37729 + * At this point we have always match_length < MIN_MATCH
37731 + if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
37732 + /* To simplify the code, we prevent matches with the string
37733 + * of window index 0 (in particular we have to avoid a match
37734 + * of the string with itself at the start of the input file).
37736 + if (s->strategy != Z_HUFFMAN_ONLY) {
37737 + s->match_length = longest_match (s, hash_head);
37739 + /* longest_match() sets match_start */
37741 + if (s->match_length >= MIN_MATCH) {
37742 + check_match(s, s->strstart, s->match_start, s->match_length);
37744 + _tr_tally_dist(s, s->strstart - s->match_start,
37745 + s->match_length - MIN_MATCH, bflush);
37747 + s->lookahead -= s->match_length;
37749 + /* Insert new strings in the hash table only if the match length
37750 + * is not too large. This saves time but degrades compression.
37753 + if (s->match_length <= s->max_insert_length &&
37754 + s->lookahead >= MIN_MATCH) {
37755 + s->match_length--; /* string at strstart already in hash table */
37758 + INSERT_STRING(s, s->strstart, hash_head);
37759 + /* strstart never exceeds WSIZE-MAX_MATCH, so there are
37760 + * always MIN_MATCH bytes ahead.
37762 + } while (--s->match_length != 0);
37767 + s->strstart += s->match_length;
37768 + s->match_length = 0;
37769 + s->ins_h = s->window[s->strstart];
37770 + UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
37771 +#if MIN_MATCH != 3
37772 + Call UPDATE_HASH() MIN_MATCH-3 more times
37774 + /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
37775 + * matter since it will be recomputed at next deflate call.
37779 + /* No match, output a literal byte */
37780 + Tracevv((stderr,"%c", s->window[s->strstart]));
37781 + _tr_tally_lit (s, s->window[s->strstart], bflush);
37785 + if (bflush) FLUSH_BLOCK(s, 0);
37787 + FLUSH_BLOCK(s, flush == Z_FINISH);
37788 + return flush == Z_FINISH ? finish_done : block_done;
37791 +/* ===========================================================================
37792 + * Same as above, but achieves better compression. We use a lazy
37793 + * evaluation for matches: a match is finally adopted only if there is
37794 + * no better match at the next window position.
37796 +local block_state deflate_slow(s, flush)
37797 + deflate_state *s;
37800 + IPos hash_head = NIL; /* head of hash chain */
37801 + int bflush; /* set if current block must be flushed */
37803 + /* Process the input block. */
37805 + /* Make sure that we always have enough lookahead, except
37806 + * at the end of the input file. We need MAX_MATCH bytes
37807 + * for the next match, plus MIN_MATCH bytes to insert the
37808 + * string following the next match.
37810 + if (s->lookahead < MIN_LOOKAHEAD) {
37812 + if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
37813 + return need_more;
37815 + if (s->lookahead == 0) break; /* flush the current block */
37818 + /* Insert the string window[strstart .. strstart+2] in the
37819 + * dictionary, and set hash_head to the head of the hash chain:
37821 + if (s->lookahead >= MIN_MATCH) {
37822 + INSERT_STRING(s, s->strstart, hash_head);
37825 + /* Find the longest match, discarding those <= prev_length.
37827 + s->prev_length = s->match_length, s->prev_match = s->match_start;
37828 + s->match_length = MIN_MATCH-1;
37830 + if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
37831 + s->strstart - hash_head <= MAX_DIST(s)) {
37832 + /* To simplify the code, we prevent matches with the string
37833 + * of window index 0 (in particular we have to avoid a match
37834 + * of the string with itself at the start of the input file).
37836 + if (s->strategy != Z_HUFFMAN_ONLY) {
37837 + s->match_length = longest_match (s, hash_head);
37839 + /* longest_match() sets match_start */
37841 + if (s->match_length <= 5 && (s->strategy == Z_FILTERED ||
37842 + (s->match_length == MIN_MATCH &&
37843 + s->strstart - s->match_start > TOO_FAR))) {
37845 + /* If prev_match is also MIN_MATCH, match_start is garbage
37846 + * but we will ignore the current match anyway.
37848 + s->match_length = MIN_MATCH-1;
37851 + /* If there was a match at the previous step and the current
37852 + * match is not better, output the previous match:
37854 + if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
37855 + uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
37856 + /* Do not insert strings in hash table beyond this. */
37858 + check_match(s, s->strstart-1, s->prev_match, s->prev_length);
37860 + _tr_tally_dist(s, s->strstart -1 - s->prev_match,
37861 + s->prev_length - MIN_MATCH, bflush);
37863 + /* Insert in hash table all strings up to the end of the match.
37864 + * strstart-1 and strstart are already inserted. If there is not
37865 + * enough lookahead, the last two strings are not inserted in
37866 + * the hash table.
37868 + s->lookahead -= s->prev_length-1;
37869 + s->prev_length -= 2;
37871 + if (++s->strstart <= max_insert) {
37872 + INSERT_STRING(s, s->strstart, hash_head);
37874 + } while (--s->prev_length != 0);
37875 + s->match_available = 0;
37876 + s->match_length = MIN_MATCH-1;
37879 + if (bflush) FLUSH_BLOCK(s, 0);
37881 + } else if (s->match_available) {
37882 + /* If there was no match at the previous position, output a
37883 + * single literal. If there was a match but the current match
37884 + * is longer, truncate the previous match to a single literal.
37886 + Tracevv((stderr,"%c", s->window[s->strstart-1]));
37887 + _tr_tally_lit(s, s->window[s->strstart-1], bflush);
37889 + FLUSH_BLOCK_ONLY(s, 0);
37893 + if (s->strm->avail_out == 0) return need_more;
37895 + /* There is no previous match to compare with, wait for
37896 + * the next step to decide.
37898 + s->match_available = 1;
37903 + Assert (flush != Z_NO_FLUSH, "no flush?");
37904 + if (s->match_available) {
37905 + Tracevv((stderr,"%c", s->window[s->strstart-1]));
37906 + _tr_tally_lit(s, s->window[s->strstart-1], bflush);
37907 + s->match_available = 0;
37909 + FLUSH_BLOCK(s, flush == Z_FINISH);
37910 + return flush == Z_FINISH ? finish_done : block_done;
37912 diff -druN linux-noipsec/net/ipsec/zlib/deflate.h linux/net/ipsec/zlib/deflate.h
37913 --- linux-noipsec/net/ipsec/zlib/deflate.h Thu Jan 1 01:00:00 1970
37914 +++ linux/net/ipsec/zlib/deflate.h Fri Sep 29 20:51:34 2000
37916 +/* deflate.h -- internal compression state
37917 + * Copyright (C) 1995-1998 Jean-loup Gailly
37918 + * For conditions of distribution and use, see copyright notice in zlib.h
37921 +/* WARNING: this file should *not* be used by applications. It is
37922 + part of the implementation of the compression library and is
37923 + subject to change. Applications should only use zlib.h.
37928 +#ifndef _DEFLATE_H
37929 +#define _DEFLATE_H
37931 +#include "zutil.h"
37933 +/* ===========================================================================
37934 + * Internal compression state.
37937 +#define LENGTH_CODES 29
37938 +/* number of length codes, not counting the special END_BLOCK code */
37940 +#define LITERALS 256
37941 +/* number of literal bytes 0..255 */
37943 +#define L_CODES (LITERALS+1+LENGTH_CODES)
37944 +/* number of Literal or Length codes, including the END_BLOCK code */
37946 +#define D_CODES 30
37947 +/* number of distance codes */
37949 +#define BL_CODES 19
37950 +/* number of codes used to transfer the bit lengths */
37952 +#define HEAP_SIZE (2*L_CODES+1)
37953 +/* maximum heap size */
37955 +#define MAX_BITS 15
37956 +/* All codes must not exceed MAX_BITS bits */
37958 +#define INIT_STATE 42
37959 +#define BUSY_STATE 113
37960 +#define FINISH_STATE 666
37961 +/* Stream status */
37964 +/* Data structure describing a single value and its code string. */
37965 +typedef struct ct_data_s {
37967 + ush freq; /* frequency count */
37968 + ush code; /* bit string */
37971 + ush dad; /* father node in Huffman tree */
37972 + ush len; /* length of bit string */
37976 +#define Freq fc.freq
37977 +#define Code fc.code
37978 +#define Dad dl.dad
37979 +#define Len dl.len
37981 +typedef struct static_tree_desc_s static_tree_desc;
37983 +typedef struct tree_desc_s {
37984 + ct_data *dyn_tree; /* the dynamic tree */
37985 + int max_code; /* largest code with non zero frequency */
37986 + static_tree_desc *stat_desc; /* the corresponding static tree */
37990 +typedef Pos FAR Posf;
37991 +typedef unsigned IPos;
37993 +/* A Pos is an index in the character window. We use short instead of int to
37994 + * save space in the various tables. IPos is used only for parameter passing.
37997 +typedef struct internal_state {
37998 + z_streamp strm; /* pointer back to this zlib stream */
37999 + int status; /* as the name implies */
38000 + Bytef *pending_buf; /* output still pending */
38001 + ulg pending_buf_size; /* size of pending_buf */
38002 + Bytef *pending_out; /* next pending byte to output to the stream */
38003 + int pending; /* nb of bytes in the pending buffer */
38004 + int noheader; /* suppress zlib header and adler32 */
38005 + Byte data_type; /* UNKNOWN, BINARY or ASCII */
38006 + Byte method; /* STORED (for zip only) or DEFLATED */
38007 + int last_flush; /* value of flush param for previous deflate call */
38009 + /* used by deflate.c: */
38011 + uInt w_size; /* LZ77 window size (32K by default) */
38012 + uInt w_bits; /* log2(w_size) (8..16) */
38013 + uInt w_mask; /* w_size - 1 */
38016 + /* Sliding window. Input bytes are read into the second half of the window,
38017 + * and move to the first half later to keep a dictionary of at least wSize
38018 + * bytes. With this organization, matches are limited to a distance of
38019 + * wSize-MAX_MATCH bytes, but this ensures that IO is always
38020 + * performed with a length multiple of the block size. Also, it limits
38021 + * the window size to 64K, which is quite useful on MSDOS.
38022 + * To do: use the user input buffer as sliding window.
38026 + /* Actual size of window: 2*wSize, except when the user input buffer
38027 + * is directly used as sliding window.
38031 + /* Link to older string with same hash index. To limit the size of this
38032 + * array to 64K, this link is maintained only for the last 32K strings.
38033 + * An index in this array is thus a window index modulo 32K.
38036 + Posf *head; /* Heads of the hash chains or NIL. */
38038 + uInt ins_h; /* hash index of string to be inserted */
38039 + uInt hash_size; /* number of elements in hash table */
38040 + uInt hash_bits; /* log2(hash_size) */
38041 + uInt hash_mask; /* hash_size-1 */
38044 + /* Number of bits by which ins_h must be shifted at each input
38045 + * step. It must be such that after MIN_MATCH steps, the oldest
38046 + * byte no longer takes part in the hash key, that is:
38047 + * hash_shift * MIN_MATCH >= hash_bits
38050 + long block_start;
38051 + /* Window position at the beginning of the current output block. Gets
38052 + * negative when the window is moved backwards.
38055 + uInt match_length; /* length of best match */
38056 + IPos prev_match; /* previous match */
38057 + int match_available; /* set if previous match exists */
38058 + uInt strstart; /* start of string to insert */
38059 + uInt match_start; /* start of matching string */
38060 + uInt lookahead; /* number of valid bytes ahead in window */
38062 + uInt prev_length;
38063 + /* Length of the best match at previous step. Matches not greater than this
38064 + * are discarded. This is used in the lazy match evaluation.
38067 + uInt max_chain_length;
38068 + /* To speed up deflation, hash chains are never searched beyond this
38069 + * length. A higher limit improves compression ratio but degrades the
38073 + uInt max_lazy_match;
38074 + /* Attempt to find a better match only when the current match is strictly
38075 + * smaller than this value. This mechanism is used only for compression
38078 +# define max_insert_length max_lazy_match
38079 + /* Insert new strings in the hash table only if the match length is not
38080 + * greater than this length. This saves time but degrades compression.
38081 + * max_insert_length is used only for compression levels <= 3.
38084 + int level; /* compression level (1..9) */
38085 + int strategy; /* favor or force Huffman coding*/
38088 + /* Use a faster search when the previous match is longer than this */
38090 + int nice_match; /* Stop searching when current match exceeds this */
38092 + /* used by trees.c: */
38093 + /* Didn't use ct_data typedef below to supress compiler warning */
38094 + struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */
38095 + struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
38096 + struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */
38098 + struct tree_desc_s l_desc; /* desc. for literal tree */
38099 + struct tree_desc_s d_desc; /* desc. for distance tree */
38100 + struct tree_desc_s bl_desc; /* desc. for bit length tree */
38102 + ush bl_count[MAX_BITS+1];
38103 + /* number of codes at each bit length for an optimal tree */
38105 + int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */
38106 + int heap_len; /* number of elements in the heap */
38107 + int heap_max; /* element of largest frequency */
38108 + /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
38109 + * The same heap array is used to build all trees.
38112 + uch depth[2*L_CODES+1];
38113 + /* Depth of each subtree used as tie breaker for trees of equal frequency
38116 + uchf *l_buf; /* buffer for literals or lengths */
38118 + uInt lit_bufsize;
38119 + /* Size of match buffer for literals/lengths. There are 4 reasons for
38120 + * limiting lit_bufsize to 64K:
38121 + * - frequencies can be kept in 16 bit counters
38122 + * - if compression is not successful for the first block, all input
38123 + * data is still in the window so we can still emit a stored block even
38124 + * when input comes from standard input. (This can also be done for
38125 + * all blocks if lit_bufsize is not greater than 32K.)
38126 + * - if compression is not successful for a file smaller than 64K, we can
38127 + * even emit a stored file instead of a stored block (saving 5 bytes).
38128 + * This is applicable only for zip (not gzip or zlib).
38129 + * - creating new Huffman trees less frequently may not provide fast
38130 + * adaptation to changes in the input data statistics. (Take for
38131 + * example a binary file with poorly compressible code followed by
38132 + * a highly compressible string table.) Smaller buffer sizes give
38133 + * fast adaptation but have of course the overhead of transmitting
38134 + * trees more frequently.
38135 + * - I can't count above 4
38138 + uInt last_lit; /* running index in l_buf */
38141 + /* Buffer for distances. To simplify the code, d_buf and l_buf have
38142 + * the same number of elements. To use different lengths, an extra flag
38143 + * array would be necessary.
38146 + ulg opt_len; /* bit length of current block with optimal trees */
38147 + ulg static_len; /* bit length of current block with static trees */
38148 + uInt matches; /* number of string matches in current block */
38149 + int last_eob_len; /* bit length of EOB code for last block */
38152 + ulg compressed_len; /* total bit length of compressed file mod 2^32 */
38153 + ulg bits_sent; /* bit length of compressed data sent mod 2^32 */
38157 + /* Output buffer. bits are inserted starting at the bottom (least
38158 + * significant bits).
38161 + /* Number of valid bits in bi_buf. All bits above the last valid bit
38162 + * are always zero.
38165 +} FAR deflate_state;
38167 +/* Output a byte on the stream.
38168 + * IN assertion: there is enough room in pending_buf.
38170 +#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
38173 +#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
38174 +/* Minimum amount of lookahead, except at the end of the input file.
38175 + * See deflate.c for comments about the MIN_MATCH+1.
38178 +#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD)
38179 +/* In order to simplify the code, particularly on 16 bit machines, match
38180 + * distances are limited to MAX_DIST instead of WSIZE.
38184 +void _tr_init OF((deflate_state *s));
38185 +int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
38186 +void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
38188 +void _tr_align OF((deflate_state *s));
38189 +void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
38192 +#define d_code(dist) \
38193 + ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
38194 +/* Mapping from a distance to a distance code. dist is the distance - 1 and
38195 + * must not have side effects. _dist_code[256] and _dist_code[257] are never
38200 +/* Inline versions of _tr_tally for speed: */
38202 +#if defined(GEN_TREES_H) || !defined(STDC)
38203 + extern uch _length_code[];
38204 + extern uch _dist_code[];
38206 + extern const uch _length_code[];
38207 + extern const uch _dist_code[];
38210 +# define _tr_tally_lit(s, c, flush) \
38211 + { uch cc = (c); \
38212 + s->d_buf[s->last_lit] = 0; \
38213 + s->l_buf[s->last_lit++] = cc; \
38214 + s->dyn_ltree[cc].Freq++; \
38215 + flush = (s->last_lit == s->lit_bufsize-1); \
38217 +# define _tr_tally_dist(s, distance, length, flush) \
38218 + { uch len = (length); \
38219 + ush dist = (distance); \
38220 + s->d_buf[s->last_lit] = dist; \
38221 + s->l_buf[s->last_lit++] = len; \
38223 + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
38224 + s->dyn_dtree[d_code(dist)].Freq++; \
38225 + flush = (s->last_lit == s->lit_bufsize-1); \
38228 +# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
38229 +# define _tr_tally_dist(s, distance, length, flush) \
38230 + flush = _tr_tally(s, distance, length)
38233 +#endif /* _DEFLATE_H */
38234 diff -druN linux-noipsec/net/ipsec/zlib/infblock.c linux/net/ipsec/zlib/infblock.c
38235 --- linux-noipsec/net/ipsec/zlib/infblock.c Thu Jan 1 01:00:00 1970
38236 +++ linux/net/ipsec/zlib/infblock.c Fri Sep 29 20:51:34 2000
38238 +/* infblock.c -- interpret and process block types to last block
38239 + * Copyright (C) 1995-1998 Mark Adler
38240 + * For conditions of distribution and use, see copyright notice in zlib.h
38243 +#include "zutil.h"
38244 +#include "infblock.h"
38245 +#include "inftrees.h"
38246 +#include "infcodes.h"
38247 +#include "infutil.h"
38249 +struct inflate_codes_state {int dummy;}; /* for buggy compilers */
38251 +/* simplify the use of the inflate_huft type with some defines */
38252 +#define exop word.what.Exop
38253 +#define bits word.what.Bits
38255 +/* Table for deflate from PKZIP's appnote.txt. */
38256 +local const uInt border[] = { /* Order of the bit length code lengths */
38257 + 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
38260 + Notes beyond the 1.93a appnote.txt:
38262 + 1. Distance pointers never point before the beginning of the output
38264 + 2. Distance pointers can point back across blocks, up to 32k away.
38265 + 3. There is an implied maximum of 7 bits for the bit length table and
38266 + 15 bits for the actual data.
38267 + 4. If only one code exists, then it is encoded using one bit. (Zero
38268 + would be more efficient, but perhaps a little confusing.) If two
38269 + codes exist, they are coded using one bit each (0 and 1).
38270 + 5. There is no way of sending zero distance codes--a dummy must be
38271 + sent if there are none. (History: a pre 2.0 version of PKZIP would
38272 + store blocks with no distance codes, but this was discovered to be
38273 + too harsh a criterion.) Valid only for 1.93a. 2.04c does allow
38274 + zero distance codes, which is sent as one code of zero bits in
38276 + 6. There are up to 286 literal/length codes. Code 256 represents the
38277 + end-of-block. Note however that the static length tree defines
38278 + 288 codes just to fill out the Huffman codes. Codes 286 and 287
38279 + cannot be used though, since there is no length base or extra bits
38280 + defined for them. Similarily, there are up to 30 distance codes.
38281 + However, static trees define 32 codes (all 5 bits) to fill out the
38282 + Huffman codes, but the last two had better not show up in the data.
38283 + 7. Unzip can check dynamic Huffman blocks for complete code sets.
38284 + The exception is that a single code would not be complete (see #4).
38285 + 8. The five bits following the block type is really the number of
38286 + literal codes sent minus 257.
38287 + 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits
38288 + (1+6+6). Therefore, to output three times the length, you output
38289 + three codes (1+1+1), whereas to output four times the same length,
38290 + you only need two codes (1+3). Hmm.
38291 + 10. In the tree reconstruction algorithm, Code = Code + Increment
38292 + only if BitLength(i) is not zero. (Pretty obvious.)
38293 + 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19)
38294 + 12. Note: length code 284 can represent 227-258, but length code 285
38295 + really is 258. The last length deserves its own, short code
38296 + since it gets used a lot in very redundant files. The length
38297 + 258 is special since 258 - 3 (the min match length) is 255.
38298 + 13. The literal/length and distance code bit lengths are read as a
38299 + single stream of lengths. It is possible (and advantageous) for
38300 + a repeat code (16, 17, or 18) to go across the boundary between
38301 + the two sets of lengths.
38305 +void inflate_blocks_reset(s, z, c)
38306 +inflate_blocks_statef *s;
38312 + if (s->mode == BTREE || s->mode == DTREE)
38313 + ZFREE(z, s->sub.trees.blens);
38314 + if (s->mode == CODES)
38315 + inflate_codes_free(s->sub.decode.codes, z);
38319 + s->read = s->write = s->window;
38320 + if (s->checkfn != Z_NULL)
38321 + z->adler = s->check = (*s->checkfn)(0L, (const Bytef *)Z_NULL, 0);
38322 + Tracev((stderr, "inflate: blocks reset\n"));
38326 +inflate_blocks_statef *inflate_blocks_new(z, c, w)
38331 + inflate_blocks_statef *s;
38333 + if ((s = (inflate_blocks_statef *)ZALLOC
38334 + (z,1,sizeof(struct inflate_blocks_state))) == Z_NULL)
38337 + (inflate_huft *)ZALLOC(z, sizeof(inflate_huft), MANY)) == Z_NULL)
38342 + if ((s->window = (Bytef *)ZALLOC(z, 1, w)) == Z_NULL)
38344 + ZFREE(z, s->hufts);
38348 + s->end = s->window + w;
38351 + Tracev((stderr, "inflate: blocks allocated\n"));
38352 + inflate_blocks_reset(s, z, Z_NULL);
38357 +int inflate_blocks(s, z, r)
38358 +inflate_blocks_statef *s;
38362 + uInt t; /* temporary storage */
38363 + uLong b; /* bit buffer */
38364 + uInt k; /* bits in bit buffer */
38365 + Bytef *p; /* input data pointer */
38366 + uInt n; /* bytes available there */
38367 + Bytef *q; /* output window write pointer */
38368 + uInt m; /* bytes to end of window or read pointer */
38370 + /* copy input/output information to locals (UPDATE macro restores) */
38373 + /* process input based on current state */
38374 + while (1) switch (s->mode)
38382 + case 0: /* stored */
38383 + Tracev((stderr, "inflate: stored block%s\n",
38384 + s->last ? " (last)" : ""));
38386 + t = k & 7; /* go to byte boundary */
38388 + s->mode = LENS; /* get length of stored block */
38390 + case 1: /* fixed */
38391 + Tracev((stderr, "inflate: fixed codes block%s\n",
38392 + s->last ? " (last)" : ""));
38395 + inflate_huft *tl, *td;
38397 + inflate_trees_fixed(&bl, &bd, &tl, &td, z);
38398 + s->sub.decode.codes = inflate_codes_new(bl, bd, tl, td, z);
38399 + if (s->sub.decode.codes == Z_NULL)
38408 + case 2: /* dynamic */
38409 + Tracev((stderr, "inflate: dynamic codes block%s\n",
38410 + s->last ? " (last)" : ""));
38414 + case 3: /* illegal */
38417 + z->msg = (char*)"invalid block type";
38418 + r = Z_DATA_ERROR;
38424 + if ((((~b) >> 16) & 0xffff) != (b & 0xffff))
38427 + z->msg = (char*)"invalid stored block lengths";
38428 + r = Z_DATA_ERROR;
38431 + s->sub.left = (uInt)b & 0xffff;
38432 + b = k = 0; /* dump bits */
38433 + Tracev((stderr, "inflate: stored length %u\n", s->sub.left));
38434 + s->mode = s->sub.left ? STORED : (s->last ? DRY : TYPE);
38441 + if (t > n) t = n;
38442 + if (t > m) t = m;
38443 + zmemcpy(q, p, t);
38446 + if ((s->sub.left -= t) != 0)
38448 + Tracev((stderr, "inflate: stored end, %lu total out\n",
38449 + z->total_out + (q >= s->read ? q - s->read :
38450 + (s->end - s->read) + (q - s->window))));
38451 + s->mode = s->last ? DRY : TYPE;
38455 + s->sub.trees.table = t = (uInt)b & 0x3fff;
38456 +#ifndef PKZIP_BUG_WORKAROUND
38457 + if ((t & 0x1f) > 29 || ((t >> 5) & 0x1f) > 29)
38460 + z->msg = (char*)"too many length or distance symbols";
38461 + r = Z_DATA_ERROR;
38465 + t = 258 + (t & 0x1f) + ((t >> 5) & 0x1f);
38466 + if ((s->sub.trees.blens = (uIntf*)ZALLOC(z, t, sizeof(uInt))) == Z_NULL)
38472 + s->sub.trees.index = 0;
38473 + Tracev((stderr, "inflate: table sizes ok\n"));
38476 + while (s->sub.trees.index < 4 + (s->sub.trees.table >> 10))
38479 + s->sub.trees.blens[border[s->sub.trees.index++]] = (uInt)b & 7;
38482 + while (s->sub.trees.index < 19)
38483 + s->sub.trees.blens[border[s->sub.trees.index++]] = 0;
38484 + s->sub.trees.bb = 7;
38485 + t = inflate_trees_bits(s->sub.trees.blens, &s->sub.trees.bb,
38486 + &s->sub.trees.tb, s->hufts, z);
38489 + ZFREE(z, s->sub.trees.blens);
38491 + if (r == Z_DATA_ERROR)
38495 + s->sub.trees.index = 0;
38496 + Tracev((stderr, "inflate: bits tree ok\n"));
38499 + while (t = s->sub.trees.table,
38500 + s->sub.trees.index < 258 + (t & 0x1f) + ((t >> 5) & 0x1f))
38505 + t = s->sub.trees.bb;
38507 + h = s->sub.trees.tb + ((uInt)b & inflate_mask[t]);
38513 + s->sub.trees.blens[s->sub.trees.index++] = c;
38515 + else /* c == 16..18 */
38517 + i = c == 18 ? 7 : c - 14;
38518 + j = c == 18 ? 11 : 3;
38521 + j += (uInt)b & inflate_mask[i];
38523 + i = s->sub.trees.index;
38524 + t = s->sub.trees.table;
38525 + if (i + j > 258 + (t & 0x1f) + ((t >> 5) & 0x1f) ||
38526 + (c == 16 && i < 1))
38528 + ZFREE(z, s->sub.trees.blens);
38530 + z->msg = (char*)"invalid bit length repeat";
38531 + r = Z_DATA_ERROR;
38534 + c = c == 16 ? s->sub.trees.blens[i - 1] : 0;
38536 + s->sub.trees.blens[i++] = c;
38538 + s->sub.trees.index = i;
38541 + s->sub.trees.tb = Z_NULL;
38544 + inflate_huft *tl, *td;
38545 + inflate_codes_statef *c;
38547 + bl = 9; /* must be <= 9 for lookahead assumptions */
38548 + bd = 6; /* must be <= 9 for lookahead assumptions */
38549 + t = s->sub.trees.table;
38550 + t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
38551 + s->sub.trees.blens, &bl, &bd, &tl, &td,
38553 + ZFREE(z, s->sub.trees.blens);
38556 + if (t == (uInt)Z_DATA_ERROR)
38561 + Tracev((stderr, "inflate: trees ok\n"));
38562 + if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL)
38567 + s->sub.decode.codes = c;
38572 + if ((r = inflate_codes(s, z, r)) != Z_STREAM_END)
38573 + return inflate_flush(s, z, r);
38575 + inflate_codes_free(s->sub.decode.codes, z);
38577 + Tracev((stderr, "inflate: codes end, %lu total out\n",
38578 + z->total_out + (q >= s->read ? q - s->read :
38579 + (s->end - s->read) + (q - s->window))));
38588 + if (s->read != s->write)
38592 + r = Z_STREAM_END;
38595 + r = Z_DATA_ERROR;
38598 + r = Z_STREAM_ERROR;
38604 +int inflate_blocks_free(s, z)
38605 +inflate_blocks_statef *s;
38608 + inflate_blocks_reset(s, z, Z_NULL);
38609 + ZFREE(z, s->window);
38610 + ZFREE(z, s->hufts);
38612 + Tracev((stderr, "inflate: blocks freed\n"));
38617 +void inflate_set_dictionary(s, d, n)
38618 +inflate_blocks_statef *s;
38622 + zmemcpy(s->window, d, n);
38623 + s->read = s->write = s->window + n;
38627 +/* Returns true if inflate is currently at the end of a block generated
38628 + * by Z_SYNC_FLUSH or Z_FULL_FLUSH.
38629 + * IN assertion: s != Z_NULL
38631 +int inflate_blocks_sync_point(s)
38632 +inflate_blocks_statef *s;
38634 + return s->mode == LENS;
38636 diff -druN linux-noipsec/net/ipsec/zlib/infblock.h linux/net/ipsec/zlib/infblock.h
38637 --- linux-noipsec/net/ipsec/zlib/infblock.h Thu Jan 1 01:00:00 1970
38638 +++ linux/net/ipsec/zlib/infblock.h Fri Sep 29 20:51:34 2000
38640 +/* infblock.h -- header to use infblock.c
38641 + * Copyright (C) 1995-1998 Mark Adler
38642 + * For conditions of distribution and use, see copyright notice in zlib.h
38645 +/* WARNING: this file should *not* be used by applications. It is
38646 + part of the implementation of the compression library and is
38647 + subject to change. Applications should only use zlib.h.
38650 +struct inflate_blocks_state;
38651 +typedef struct inflate_blocks_state FAR inflate_blocks_statef;
38653 +extern inflate_blocks_statef * inflate_blocks_new OF((
38655 + check_func c, /* check function */
38656 + uInt w)); /* window size */
38658 +extern int inflate_blocks OF((
38659 + inflate_blocks_statef *,
38661 + int)); /* initial return code */
38663 +extern void inflate_blocks_reset OF((
38664 + inflate_blocks_statef *,
38666 + uLongf *)); /* check value on output */
38668 +extern int inflate_blocks_free OF((
38669 + inflate_blocks_statef *,
38672 +extern void inflate_set_dictionary OF((
38673 + inflate_blocks_statef *s,
38674 + const Bytef *d, /* dictionary */
38675 + uInt n)); /* dictionary length */
38677 +extern int inflate_blocks_sync_point OF((
38678 + inflate_blocks_statef *s));
38679 diff -druN linux-noipsec/net/ipsec/zlib/infcodes.c linux/net/ipsec/zlib/infcodes.c
38680 --- linux-noipsec/net/ipsec/zlib/infcodes.c Thu Jan 1 01:00:00 1970
38681 +++ linux/net/ipsec/zlib/infcodes.c Fri Sep 29 20:51:34 2000
38683 +/* infcodes.c -- process literals and length/distance pairs
38684 + * Copyright (C) 1995-1998 Mark Adler
38685 + * For conditions of distribution and use, see copyright notice in zlib.h
38688 +#include "zutil.h"
38689 +#include "inftrees.h"
38690 +#include "infblock.h"
38691 +#include "infcodes.h"
38692 +#include "infutil.h"
38693 +#include "inffast.h"
38695 +/* simplify the use of the inflate_huft type with some defines */
38696 +#define exop word.what.Exop
38697 +#define bits word.what.Bits
38699 +typedef enum { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */
38700 + START, /* x: set up for LEN */
38701 + LEN, /* i: get length/literal/eob next */
38702 + LENEXT, /* i: getting length extra (have base) */
38703 + DIST, /* i: get distance next */
38704 + DISTEXT, /* i: getting distance extra */
38705 + COPY, /* o: copying bytes in window, waiting for space */
38706 + LIT, /* o: got literal, waiting for output space */
38707 + WASH, /* o: got eob, possibly still output waiting */
38708 + END, /* x: got eob and all data flushed */
38709 + BADCODE} /* x: got error */
38710 +inflate_codes_mode;
38712 +/* inflate codes private state */
38713 +struct inflate_codes_state {
38716 + inflate_codes_mode mode; /* current inflate_codes mode */
38718 + /* mode dependent information */
38722 + inflate_huft *tree; /* pointer into tree */
38723 + uInt need; /* bits needed */
38724 + } code; /* if LEN or DIST, where in tree */
38725 + uInt lit; /* if LIT, literal */
38727 + uInt get; /* bits to get for extra */
38728 + uInt dist; /* distance back to copy from */
38729 + } copy; /* if EXT or COPY, where and how much */
38730 + } sub; /* submode */
38732 + /* mode independent information */
38733 + Byte lbits; /* ltree bits decoded per branch */
38734 + Byte dbits; /* dtree bits decoder per branch */
38735 + inflate_huft *ltree; /* literal/length/eob tree */
38736 + inflate_huft *dtree; /* distance tree */
38741 +inflate_codes_statef *inflate_codes_new(bl, bd, tl, td, z)
38744 +inflate_huft *td; /* need separate declaration for Borland C++ */
38747 + inflate_codes_statef *c;
38749 + if ((c = (inflate_codes_statef *)
38750 + ZALLOC(z,1,sizeof(struct inflate_codes_state))) != Z_NULL)
38753 + c->lbits = (Byte)bl;
38754 + c->dbits = (Byte)bd;
38757 + Tracev((stderr, "inflate: codes new\n"));
38763 +int inflate_codes(s, z, r)
38764 +inflate_blocks_statef *s;
38768 + uInt j; /* temporary storage */
38769 + inflate_huft *t; /* temporary pointer */
38770 + uInt e; /* extra bits or operation */
38771 + uLong b; /* bit buffer */
38772 + uInt k; /* bits in bit buffer */
38773 + Bytef *p; /* input data pointer */
38774 + uInt n; /* bytes available there */
38775 + Bytef *q; /* output window write pointer */
38776 + uInt m; /* bytes to end of window or read pointer */
38777 + Bytef *f; /* pointer to copy strings from */
38778 + inflate_codes_statef *c = s->sub.decode.codes; /* codes state */
38780 + /* copy input/output information to locals (UPDATE macro restores) */
38783 + /* process input and output based on current state */
38784 + while (1) switch (c->mode)
38785 + { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */
38786 + case START: /* x: set up for LEN */
38788 + if (m >= 258 && n >= 10)
38791 + r = inflate_fast(c->lbits, c->dbits, c->ltree, c->dtree, s, z);
38795 + c->mode = r == Z_STREAM_END ? WASH : BADCODE;
38799 +#endif /* !SLOW */
38800 + c->sub.code.need = c->lbits;
38801 + c->sub.code.tree = c->ltree;
38803 + case LEN: /* i: get length/literal/eob next */
38804 + j = c->sub.code.need;
38806 + t = c->sub.code.tree + ((uInt)b & inflate_mask[j]);
38807 + DUMPBITS(t->bits)
38808 + e = (uInt)(t->exop);
38809 + if (e == 0) /* literal */
38811 + c->sub.lit = t->base;
38812 + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
38813 + "inflate: literal '%c'\n" :
38814 + "inflate: literal 0x%02x\n", t->base));
38818 + if (e & 16) /* length */
38820 + c->sub.copy.get = e & 15;
38821 + c->len = t->base;
38822 + c->mode = LENEXT;
38825 + if ((e & 64) == 0) /* next table */
38827 + c->sub.code.need = e;
38828 + c->sub.code.tree = t + t->base;
38831 + if (e & 32) /* end of block */
38833 + Tracevv((stderr, "inflate: end of block\n"));
38837 + c->mode = BADCODE; /* invalid code */
38838 + z->msg = (char*)"invalid literal/length code";
38839 + r = Z_DATA_ERROR;
38841 + case LENEXT: /* i: getting length extra (have base) */
38842 + j = c->sub.copy.get;
38844 + c->len += (uInt)b & inflate_mask[j];
38846 + c->sub.code.need = c->dbits;
38847 + c->sub.code.tree = c->dtree;
38848 + Tracevv((stderr, "inflate: length %u\n", c->len));
38850 + case DIST: /* i: get distance next */
38851 + j = c->sub.code.need;
38853 + t = c->sub.code.tree + ((uInt)b & inflate_mask[j]);
38854 + DUMPBITS(t->bits)
38855 + e = (uInt)(t->exop);
38856 + if (e & 16) /* distance */
38858 + c->sub.copy.get = e & 15;
38859 + c->sub.copy.dist = t->base;
38860 + c->mode = DISTEXT;
38863 + if ((e & 64) == 0) /* next table */
38865 + c->sub.code.need = e;
38866 + c->sub.code.tree = t + t->base;
38869 + c->mode = BADCODE; /* invalid code */
38870 + z->msg = (char*)"invalid distance code";
38871 + r = Z_DATA_ERROR;
38873 + case DISTEXT: /* i: getting distance extra */
38874 + j = c->sub.copy.get;
38876 + c->sub.copy.dist += (uInt)b & inflate_mask[j];
38878 + Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist));
38880 + case COPY: /* o: copying bytes in window, waiting for space */
38881 +#ifndef __TURBOC__ /* Turbo C bug for following expression */
38882 + f = (uInt)(q - s->window) < c->sub.copy.dist ?
38883 + s->end - (c->sub.copy.dist - (q - s->window)) :
38884 + q - c->sub.copy.dist;
38886 + f = q - c->sub.copy.dist;
38887 + if ((uInt)(q - s->window) < c->sub.copy.dist)
38888 + f = s->end - (c->sub.copy.dist - (uInt)(q - s->window));
38900 + case LIT: /* o: got literal, waiting for output space */
38902 + OUTBYTE(c->sub.lit)
38905 + case WASH: /* o: got eob, possibly more output */
38906 + if (k > 7) /* return unused byte, if any */
38908 + Assert(k < 16, "inflate_codes grabbed too many bytes")
38911 + p--; /* can always return one */
38914 + if (s->read != s->write)
38918 + r = Z_STREAM_END;
38920 + case BADCODE: /* x: got error */
38921 + r = Z_DATA_ERROR;
38924 + r = Z_STREAM_ERROR;
38927 +#ifdef NEED_DUMMY_RETURN
38928 + return Z_STREAM_ERROR; /* Some dumb compilers complain without this */
38933 +void inflate_codes_free(c, z)
38934 +inflate_codes_statef *c;
38938 + Tracev((stderr, "inflate: codes free\n"));
38940 diff -druN linux-noipsec/net/ipsec/zlib/infcodes.h linux/net/ipsec/zlib/infcodes.h
38941 --- linux-noipsec/net/ipsec/zlib/infcodes.h Thu Jan 1 01:00:00 1970
38942 +++ linux/net/ipsec/zlib/infcodes.h Fri Sep 29 20:51:34 2000
38944 +/* infcodes.h -- header to use infcodes.c
38945 + * Copyright (C) 1995-1998 Mark Adler
38946 + * For conditions of distribution and use, see copyright notice in zlib.h
38949 +/* WARNING: this file should *not* be used by applications. It is
38950 + part of the implementation of the compression library and is
38951 + subject to change. Applications should only use zlib.h.
38954 +#ifndef _INFCODES_H
38955 +#define _INFCODES_H
38957 +struct inflate_codes_state;
38958 +typedef struct inflate_codes_state FAR inflate_codes_statef;
38960 +extern inflate_codes_statef *inflate_codes_new OF((
38962 + inflate_huft *, inflate_huft *,
38965 +extern int inflate_codes OF((
38966 + inflate_blocks_statef *,
38970 +extern void inflate_codes_free OF((
38971 + inflate_codes_statef *,
38974 +#endif /* _INFCODES_H */
38975 diff -druN linux-noipsec/net/ipsec/zlib/inffast.c linux/net/ipsec/zlib/inffast.c
38976 --- linux-noipsec/net/ipsec/zlib/inffast.c Thu Jan 1 01:00:00 1970
38977 +++ linux/net/ipsec/zlib/inffast.c Fri Sep 29 20:51:34 2000
38979 +/* inffast.c -- process literals and length/distance pairs fast
38980 + * Copyright (C) 1995-1998 Mark Adler
38981 + * For conditions of distribution and use, see copyright notice in zlib.h
38984 +#include "zutil.h"
38985 +#include "inftrees.h"
38986 +#include "infblock.h"
38987 +#include "infcodes.h"
38988 +#include "infutil.h"
38989 +#include "inffast.h"
38991 +struct inflate_codes_state {int dummy;}; /* for buggy compilers */
38993 +/* simplify the use of the inflate_huft type with some defines */
38994 +#define exop word.what.Exop
38995 +#define bits word.what.Bits
38997 +/* macros for bit input with no checking and for returning unused bytes */
38998 +#define GRABBITS(j) {while(k<(j)){b|=((uLong)NEXTBYTE)<<k;k+=8;}}
38999 +#define UNGRAB {c=z->avail_in-n;c=(k>>3)<c?k>>3:c;n+=c;p-=c;k-=c<<3;}
39001 +/* Called with number of bytes left to write in window at least 258
39002 + (the maximum string length) and number of input bytes available
39003 + at least ten. The ten bytes are six bytes for the longest length/
39004 + distance pair plus four bytes for overloading the bit buffer. */
39006 +int inflate_fast(bl, bd, tl, td, s, z)
39009 +inflate_huft *td; /* need separate declaration for Borland C++ */
39010 +inflate_blocks_statef *s;
39013 + inflate_huft *t; /* temporary pointer */
39014 + uInt e; /* extra bits or operation */
39015 + uLong b; /* bit buffer */
39016 + uInt k; /* bits in bit buffer */
39017 + Bytef *p; /* input data pointer */
39018 + uInt n; /* bytes available there */
39019 + Bytef *q; /* output window write pointer */
39020 + uInt m; /* bytes to end of window or read pointer */
39021 + uInt ml; /* mask for literal/length tree */
39022 + uInt md; /* mask for distance tree */
39023 + uInt c; /* bytes to copy */
39024 + uInt d; /* distance back to copy from */
39025 + Bytef *r; /* copy source pointer */
39027 + /* load input, output, bit values */
39030 + /* initialize masks */
39031 + ml = inflate_mask[bl];
39032 + md = inflate_mask[bd];
39034 + /* do until not enough input or output space for fast loop */
39035 + do { /* assume called with m >= 258 && n >= 10 */
39036 + /* get literal/length code */
39037 + GRABBITS(20) /* max bits for literal/length code */
39038 + if ((e = (t = tl + ((uInt)b & ml))->exop) == 0)
39040 + DUMPBITS(t->bits)
39041 + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
39042 + "inflate: * literal '%c'\n" :
39043 + "inflate: * literal 0x%02x\n", t->base));
39044 + *q++ = (Byte)t->base;
39049 + DUMPBITS(t->bits)
39052 + /* get extra bits for length */
39054 + c = t->base + ((uInt)b & inflate_mask[e]);
39056 + Tracevv((stderr, "inflate: * length %u\n", c));
39058 + /* decode distance base of block to copy */
39059 + GRABBITS(15); /* max bits for distance code */
39060 + e = (t = td + ((uInt)b & md))->exop;
39062 + DUMPBITS(t->bits)
39065 + /* get extra bits to add to distance base */
39067 + GRABBITS(e) /* get extra bits (up to 13) */
39068 + d = t->base + ((uInt)b & inflate_mask[e]);
39070 + Tracevv((stderr, "inflate: * distance %u\n", d));
39072 + /* do the copy */
39074 + if ((uInt)(q - s->window) >= d) /* offset before dest */
39075 + { /* just copy */
39077 + *q++ = *r++; c--; /* minimum count is three, */
39078 + *q++ = *r++; c--; /* so unroll loop a little */
39080 + else /* else offset after destination */
39082 + e = d - (uInt)(q - s->window); /* bytes from offset to end */
39083 + r = s->end - e; /* pointer to offset */
39084 + if (c > e) /* if source crosses, */
39086 + c -= e; /* copy to end of window */
39090 + r = s->window; /* copy rest from start of window */
39093 + do { /* copy all or what's left */
39098 + else if ((e & 64) == 0)
39101 + e = (t += ((uInt)b & inflate_mask[e]))->exop;
39105 + z->msg = (char*)"invalid distance code";
39108 + return Z_DATA_ERROR;
39113 + if ((e & 64) == 0)
39116 + if ((e = (t += ((uInt)b & inflate_mask[e]))->exop) == 0)
39118 + DUMPBITS(t->bits)
39119 + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
39120 + "inflate: * literal '%c'\n" :
39121 + "inflate: * literal 0x%02x\n", t->base));
39122 + *q++ = (Byte)t->base;
39129 + Tracevv((stderr, "inflate: * end of block\n"));
39132 + return Z_STREAM_END;
39136 + z->msg = (char*)"invalid literal/length code";
39139 + return Z_DATA_ERROR;
39142 + } while (m >= 258 && n >= 10);
39144 + /* not enough input or output--restore pointers and return */
39149 diff -druN linux-noipsec/net/ipsec/zlib/inffast.h linux/net/ipsec/zlib/inffast.h
39150 --- linux-noipsec/net/ipsec/zlib/inffast.h Thu Jan 1 01:00:00 1970
39151 +++ linux/net/ipsec/zlib/inffast.h Fri Sep 29 20:51:34 2000
39153 +/* inffast.h -- header to use inffast.c
39154 + * Copyright (C) 1995-1998 Mark Adler
39155 + * For conditions of distribution and use, see copyright notice in zlib.h
39158 +/* WARNING: this file should *not* be used by applications. It is
39159 + part of the implementation of the compression library and is
39160 + subject to change. Applications should only use zlib.h.
39163 +#ifndef _INFFAST_H
39164 +#define _INFFAST_H
39166 +extern int inflate_fast OF((
39171 + inflate_blocks_statef *,
39174 +#endif /* _INFFAST_H */
39175 diff -druN linux-noipsec/net/ipsec/zlib/inffixed.h linux/net/ipsec/zlib/inffixed.h
39176 --- linux-noipsec/net/ipsec/zlib/inffixed.h Thu Jan 1 01:00:00 1970
39177 +++ linux/net/ipsec/zlib/inffixed.h Fri Sep 29 20:51:34 2000
39179 +/* inffixed.h -- table for decoding fixed codes
39180 + * Generated automatically by the maketree.c program
39183 +/* WARNING: this file should *not* be used by applications. It is
39184 + part of the implementation of the compression library and is
39185 + subject to change. Applications should only use zlib.h.
39188 +local uInt fixed_bl = 9;
39189 +local uInt fixed_bd = 5;
39190 +local inflate_huft fixed_tl[] = {
39191 + {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115},
39192 + {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},192},
39193 + {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},160},
39194 + {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},224},
39195 + {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},144},
39196 + {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},208},
39197 + {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},176},
39198 + {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},240},
39199 + {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227},
39200 + {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},200},
39201 + {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},168},
39202 + {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},232},
39203 + {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},152},
39204 + {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},216},
39205 + {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},184},
39206 + {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},248},
39207 + {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163},
39208 + {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},196},
39209 + {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},164},
39210 + {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},228},
39211 + {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},148},
39212 + {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},212},
39213 + {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},180},
39214 + {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},244},
39215 + {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0},
39216 + {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},204},
39217 + {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},172},
39218 + {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},236},
39219 + {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},156},
39220 + {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},220},
39221 + {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},188},
39222 + {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},252},
39223 + {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131},
39224 + {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},194},
39225 + {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},162},
39226 + {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},226},
39227 + {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},146},
39228 + {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},210},
39229 + {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},178},
39230 + {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},242},
39231 + {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258},
39232 + {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},202},
39233 + {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},170},
39234 + {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},234},
39235 + {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},154},
39236 + {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},218},
39237 + {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},186},
39238 + {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},250},
39239 + {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195},
39240 + {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},198},
39241 + {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},166},
39242 + {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},230},
39243 + {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},150},
39244 + {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},214},
39245 + {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},182},
39246 + {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},246},
39247 + {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0},
39248 + {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},206},
39249 + {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},174},
39250 + {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},238},
39251 + {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},158},
39252 + {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},222},
39253 + {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},190},
39254 + {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},254},
39255 + {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115},
39256 + {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},193},
39257 + {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},161},
39258 + {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},225},
39259 + {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},145},
39260 + {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},209},
39261 + {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},177},
39262 + {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},241},
39263 + {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227},
39264 + {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},201},
39265 + {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},169},
39266 + {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},233},
39267 + {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},153},
39268 + {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},217},
39269 + {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},185},
39270 + {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},249},
39271 + {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163},
39272 + {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},197},
39273 + {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},165},
39274 + {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},229},
39275 + {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},149},
39276 + {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},213},
39277 + {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},181},
39278 + {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},245},
39279 + {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0},
39280 + {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},205},
39281 + {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},173},
39282 + {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},237},
39283 + {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},157},
39284 + {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},221},
39285 + {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},189},
39286 + {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},253},
39287 + {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131},
39288 + {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},195},
39289 + {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},163},
39290 + {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},227},
39291 + {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},147},
39292 + {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},211},
39293 + {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},179},
39294 + {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},243},
39295 + {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258},
39296 + {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},203},
39297 + {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},171},
39298 + {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},235},
39299 + {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},155},
39300 + {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},219},
39301 + {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},187},
39302 + {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},251},
39303 + {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195},
39304 + {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},199},
39305 + {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},167},
39306 + {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},231},
39307 + {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},151},
39308 + {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},215},
39309 + {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},183},
39310 + {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},247},
39311 + {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0},
39312 + {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},207},
39313 + {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},175},
39314 + {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},239},
39315 + {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},159},
39316 + {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},223},
39317 + {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},191},
39318 + {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},255}
39320 +local inflate_huft fixed_td[] = {
39321 + {{{80,5}},1}, {{{87,5}},257}, {{{83,5}},17}, {{{91,5}},4097},
39322 + {{{81,5}},5}, {{{89,5}},1025}, {{{85,5}},65}, {{{93,5}},16385},
39323 + {{{80,5}},3}, {{{88,5}},513}, {{{84,5}},33}, {{{92,5}},8193},
39324 + {{{82,5}},9}, {{{90,5}},2049}, {{{86,5}},129}, {{{192,5}},24577},
39325 + {{{80,5}},2}, {{{87,5}},385}, {{{83,5}},25}, {{{91,5}},6145},
39326 + {{{81,5}},7}, {{{89,5}},1537}, {{{85,5}},97}, {{{93,5}},24577},
39327 + {{{80,5}},4}, {{{88,5}},769}, {{{84,5}},49}, {{{92,5}},12289},
39328 + {{{82,5}},13}, {{{90,5}},3073}, {{{86,5}},193}, {{{192,5}},24577}
39330 diff -druN linux-noipsec/net/ipsec/zlib/inflate.c linux/net/ipsec/zlib/inflate.c
39331 --- linux-noipsec/net/ipsec/zlib/inflate.c Thu Jan 1 01:00:00 1970
39332 +++ linux/net/ipsec/zlib/inflate.c Fri Sep 29 20:51:34 2000
39334 +/* inflate.c -- zlib interface to inflate modules
39335 + * Copyright (C) 1995-1998 Mark Adler
39336 + * For conditions of distribution and use, see copyright notice in zlib.h
39339 +#include "zutil.h"
39340 +#include "infblock.h"
39342 +struct inflate_blocks_state {int dummy;}; /* for buggy compilers */
39345 + METHOD, /* waiting for method byte */
39346 + FLAG, /* waiting for flag byte */
39347 + DICT4, /* four dictionary check bytes to go */
39348 + DICT3, /* three dictionary check bytes to go */
39349 + DICT2, /* two dictionary check bytes to go */
39350 + DICT1, /* one dictionary check byte to go */
39351 + DICT0, /* waiting for inflateSetDictionary */
39352 + BLOCKS, /* decompressing blocks */
39353 + CHECK4, /* four check bytes to go */
39354 + CHECK3, /* three check bytes to go */
39355 + CHECK2, /* two check bytes to go */
39356 + CHECK1, /* one check byte to go */
39357 + DONE, /* finished check, done */
39358 + BAD} /* got an error--stay here */
39361 +/* inflate private state */
39362 +struct internal_state {
39365 + inflate_mode mode; /* current inflate mode */
39367 + /* mode dependent information */
39369 + uInt method; /* if FLAGS, method byte */
39371 + uLong was; /* computed check value */
39372 + uLong need; /* stream check value */
39373 + } check; /* if CHECK, check values to compare */
39374 + uInt marker; /* if BAD, inflateSync's marker bytes count */
39375 + } sub; /* submode */
39377 + /* mode independent information */
39378 + int nowrap; /* flag for no wrapper */
39379 + uInt wbits; /* log2(window size) (8..15, defaults to 15) */
39380 + inflate_blocks_statef
39381 + *blocks; /* current inflate_blocks state */
39386 +int ZEXPORT inflateReset(z)
39389 + if (z == Z_NULL || z->state == Z_NULL)
39390 + return Z_STREAM_ERROR;
39391 + z->total_in = z->total_out = 0;
39393 + z->state->mode = z->state->nowrap ? BLOCKS : METHOD;
39394 + inflate_blocks_reset(z->state->blocks, z, Z_NULL);
39395 + Tracev((stderr, "inflate: reset\n"));
39400 +int ZEXPORT inflateEnd(z)
39403 + if (z == Z_NULL || z->state == Z_NULL || z->zfree == Z_NULL)
39404 + return Z_STREAM_ERROR;
39405 + if (z->state->blocks != Z_NULL)
39406 + inflate_blocks_free(z->state->blocks, z);
39407 + ZFREE(z, z->state);
39408 + z->state = Z_NULL;
39409 + Tracev((stderr, "inflate: end\n"));
39414 +int ZEXPORT inflateInit2_(z, w, version, stream_size)
39417 +const char *version;
39420 + if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
39421 + stream_size != sizeof(z_stream))
39422 + return Z_VERSION_ERROR;
39424 + /* initialize state */
39426 + return Z_STREAM_ERROR;
39428 + if (z->zalloc == Z_NULL)
39430 + return Z_STREAM_ERROR;
39431 +/* z->zalloc = zcalloc;
39432 + z->opaque = (voidpf)0;
39435 + if (z->zfree == Z_NULL) return Z_STREAM_ERROR; /* z->zfree = zcfree; */
39436 + if ((z->state = (struct internal_state FAR *)
39437 + ZALLOC(z,1,sizeof(struct internal_state))) == Z_NULL)
39438 + return Z_MEM_ERROR;
39439 + z->state->blocks = Z_NULL;
39441 + /* handle undocumented nowrap option (no zlib header or check) */
39442 + z->state->nowrap = 0;
39446 + z->state->nowrap = 1;
39449 + /* set window size */
39450 + if (w < 8 || w > 15)
39453 + return Z_STREAM_ERROR;
39455 + z->state->wbits = (uInt)w;
39457 + /* create inflate_blocks state */
39458 + if ((z->state->blocks =
39459 + inflate_blocks_new(z, z->state->nowrap ? Z_NULL : adler32, (uInt)1 << w))
39463 + return Z_MEM_ERROR;
39465 + Tracev((stderr, "inflate: allocated\n"));
39467 + /* reset state */
39473 +int ZEXPORT inflateInit_(z, version, stream_size)
39475 +const char *version;
39478 + return inflateInit2_(z, DEF_WBITS, version, stream_size);
39482 +#define NEEDBYTE {if(z->avail_in==0)return r;r=f;}
39483 +#define NEXTBYTE (z->avail_in--,z->total_in++,*z->next_in++)
39485 +int ZEXPORT inflate(z, f)
39492 + if (z == Z_NULL || z->state == Z_NULL || z->next_in == Z_NULL)
39493 + return Z_STREAM_ERROR;
39494 + f = f == Z_FINISH ? Z_BUF_ERROR : Z_OK;
39496 + while (1) switch (z->state->mode)
39500 + if (((z->state->sub.method = NEXTBYTE) & 0xf) != Z_DEFLATED)
39502 + z->state->mode = BAD;
39503 + z->msg = (char*)"unknown compression method";
39504 + z->state->sub.marker = 5; /* can't try inflateSync */
39507 + if ((z->state->sub.method >> 4) + 8 > z->state->wbits)
39509 + z->state->mode = BAD;
39510 + z->msg = (char*)"invalid window size";
39511 + z->state->sub.marker = 5; /* can't try inflateSync */
39514 + z->state->mode = FLAG;
39518 + if (((z->state->sub.method << 8) + b) % 31)
39520 + z->state->mode = BAD;
39521 + z->msg = (char*)"incorrect header check";
39522 + z->state->sub.marker = 5; /* can't try inflateSync */
39525 + Tracev((stderr, "inflate: zlib header ok\n"));
39526 + if (!(b & PRESET_DICT))
39528 + z->state->mode = BLOCKS;
39531 + z->state->mode = DICT4;
39534 + z->state->sub.check.need = (uLong)NEXTBYTE << 24;
39535 + z->state->mode = DICT3;
39538 + z->state->sub.check.need += (uLong)NEXTBYTE << 16;
39539 + z->state->mode = DICT2;
39542 + z->state->sub.check.need += (uLong)NEXTBYTE << 8;
39543 + z->state->mode = DICT1;
39546 + z->state->sub.check.need += (uLong)NEXTBYTE;
39547 + z->adler = z->state->sub.check.need;
39548 + z->state->mode = DICT0;
39549 + return Z_NEED_DICT;
39551 + z->state->mode = BAD;
39552 + z->msg = (char*)"need dictionary";
39553 + z->state->sub.marker = 0; /* can try inflateSync */
39554 + return Z_STREAM_ERROR;
39556 + r = inflate_blocks(z->state->blocks, z, r);
39557 + if (r == Z_DATA_ERROR)
39559 + z->state->mode = BAD;
39560 + z->state->sub.marker = 0; /* can try inflateSync */
39565 + if (r != Z_STREAM_END)
39568 + inflate_blocks_reset(z->state->blocks, z, &z->state->sub.check.was);
39569 + if (z->state->nowrap)
39571 + z->state->mode = DONE;
39574 + z->state->mode = CHECK4;
39577 + z->state->sub.check.need = (uLong)NEXTBYTE << 24;
39578 + z->state->mode = CHECK3;
39581 + z->state->sub.check.need += (uLong)NEXTBYTE << 16;
39582 + z->state->mode = CHECK2;
39585 + z->state->sub.check.need += (uLong)NEXTBYTE << 8;
39586 + z->state->mode = CHECK1;
39589 + z->state->sub.check.need += (uLong)NEXTBYTE;
39591 + if (z->state->sub.check.was != z->state->sub.check.need)
39593 + z->state->mode = BAD;
39594 + z->msg = (char*)"incorrect data check";
39595 + z->state->sub.marker = 5; /* can't try inflateSync */
39598 + Tracev((stderr, "inflate: zlib check ok\n"));
39599 + z->state->mode = DONE;
39601 + return Z_STREAM_END;
39603 + return Z_DATA_ERROR;
39605 + return Z_STREAM_ERROR;
39607 +#ifdef NEED_DUMMY_RETURN
39608 + return Z_STREAM_ERROR; /* Some dumb compilers complain without this */
39613 +int ZEXPORT inflateSetDictionary(z, dictionary, dictLength)
39615 +const Bytef *dictionary;
39618 + uInt length = dictLength;
39620 + if (z == Z_NULL || z->state == Z_NULL || z->state->mode != DICT0)
39621 + return Z_STREAM_ERROR;
39623 + if (adler32(1L, dictionary, dictLength) != z->adler) return Z_DATA_ERROR;
39626 + if (length >= ((uInt)1<<z->state->wbits))
39628 + length = (1<<z->state->wbits)-1;
39629 + dictionary += dictLength - length;
39631 + inflate_set_dictionary(z->state->blocks, dictionary, length);
39632 + z->state->mode = BLOCKS;
39637 +int ZEXPORT inflateSync(z)
39640 + uInt n; /* number of bytes to look at */
39641 + Bytef *p; /* pointer to bytes */
39642 + uInt m; /* number of marker bytes found in a row */
39643 + uLong r, w; /* temporaries to save total_in and total_out */
39646 + if (z == Z_NULL || z->state == Z_NULL)
39647 + return Z_STREAM_ERROR;
39648 + if (z->state->mode != BAD)
39650 + z->state->mode = BAD;
39651 + z->state->sub.marker = 0;
39653 + if ((n = z->avail_in) == 0)
39654 + return Z_BUF_ERROR;
39656 + m = z->state->sub.marker;
39659 + while (n && m < 4)
39661 + static const Byte mark[4] = {0, 0, 0xff, 0xff};
39662 + if (*p == mark[m])
39672 + z->total_in += p - z->next_in;
39675 + z->state->sub.marker = m;
39677 + /* return no joy or set up to restart on a new block */
39679 + return Z_DATA_ERROR;
39680 + r = z->total_in; w = z->total_out;
39682 + z->total_in = r; z->total_out = w;
39683 + z->state->mode = BLOCKS;
39688 +/* Returns true if inflate is currently at the end of a block generated
39689 + * by Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP
39690 + * implementation to provide an additional safety check. PPP uses Z_SYNC_FLUSH
39691 + * but removes the length bytes of the resulting empty stored block. When
39692 + * decompressing, PPP checks that at the end of input packet, inflate is
39693 + * waiting for these length bytes.
39695 +int ZEXPORT inflateSyncPoint(z)
39698 + if (z == Z_NULL || z->state == Z_NULL || z->state->blocks == Z_NULL)
39699 + return Z_STREAM_ERROR;
39700 + return inflate_blocks_sync_point(z->state->blocks);
39702 diff -druN linux-noipsec/net/ipsec/zlib/inftrees.c linux/net/ipsec/zlib/inftrees.c
39703 --- linux-noipsec/net/ipsec/zlib/inftrees.c Thu Jan 1 01:00:00 1970
39704 +++ linux/net/ipsec/zlib/inftrees.c Fri Sep 29 20:51:34 2000
39706 +/* inftrees.c -- generate Huffman trees for efficient decoding
39707 + * Copyright (C) 1995-1998 Mark Adler
39708 + * For conditions of distribution and use, see copyright notice in zlib.h
39711 +#include "zutil.h"
39712 +#include "inftrees.h"
39714 +#if !defined(BUILDFIXED) && !defined(STDC)
39715 +# define BUILDFIXED /* non ANSI compilers may not accept inffixed.h */
39718 +local const char inflate_copyright[] =
39719 + " inflate 1.1.3 Copyright 1995-1998 Mark Adler ";
39721 + If you use the zlib library in a product, an acknowledgment is welcome
39722 + in the documentation of your product. If for some reason you cannot
39723 + include such an acknowledgment, I would appreciate that you keep this
39724 + copyright string in the executable of your product.
39726 +struct internal_state {int dummy;}; /* for buggy compilers */
39728 +/* simplify the use of the inflate_huft type with some defines */
39729 +#define exop word.what.Exop
39730 +#define bits word.what.Bits
39733 +local int huft_build OF((
39734 + uIntf *, /* code lengths in bits */
39735 + uInt, /* number of codes */
39736 + uInt, /* number of "simple" codes */
39737 + const uIntf *, /* list of base values for non-simple codes */
39738 + const uIntf *, /* list of extra bits for non-simple codes */
39739 + inflate_huft * FAR*,/* result: starting table */
39740 + uIntf *, /* maximum lookup bits (returns actual) */
39741 + inflate_huft *, /* space for trees */
39742 + uInt *, /* hufts used in space */
39743 + uIntf * )); /* space for values */
39745 +/* Tables for deflate from PKZIP's appnote.txt. */
39746 +local const uInt cplens[31] = { /* Copy lengths for literal codes 257..285 */
39747 + 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
39748 + 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
39749 + /* see note #13 above about 258 */
39750 +local const uInt cplext[31] = { /* Extra bits for literal codes 257..285 */
39751 + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2,
39752 + 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 112, 112}; /* 112==invalid */
39753 +local const uInt cpdist[30] = { /* Copy offsets for distance codes 0..29 */
39754 + 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
39755 + 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
39756 + 8193, 12289, 16385, 24577};
39757 +local const uInt cpdext[30] = { /* Extra bits for distance codes */
39758 + 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6,
39759 + 7, 7, 8, 8, 9, 9, 10, 10, 11, 11,
39763 + Huffman code decoding is performed using a multi-level table lookup.
39764 + The fastest way to decode is to simply build a lookup table whose
39765 + size is determined by the longest code. However, the time it takes
39766 + to build this table can also be a factor if the data being decoded
39767 + is not very long. The most common codes are necessarily the
39768 + shortest codes, so those codes dominate the decoding time, and hence
39769 + the speed. The idea is you can have a shorter table that decodes the
39770 + shorter, more probable codes, and then point to subsidiary tables for
39771 + the longer codes. The time it costs to decode the longer codes is
39772 + then traded against the time it takes to make longer tables.
39774 + This results of this trade are in the variables lbits and dbits
39775 + below. lbits is the number of bits the first level table for literal/
39776 + length codes can decode in one step, and dbits is the same thing for
39777 + the distance codes. Subsequent tables are also less than or equal to
39778 + those sizes. These values may be adjusted either when all of the
39779 + codes are shorter than that, in which case the longest code length in
39780 + bits is used, or when the shortest code is *longer* than the requested
39781 + table size, in which case the length of the shortest code in bits is
39784 + There are two different values for the two tables, since they code a
39785 + different number of possibilities each. The literal/length table
39786 + codes 286 possible values, or in a flat code, a little over eight
39787 + bits. The distance table codes 30 possible values, or a little less
39788 + than five bits, flat. The optimum values for speed end up being
39789 + about one bit more than those, so lbits is 8+1 and dbits is 5+1.
39790 + The optimum values may differ though from machine to machine, and
39791 + possibly even between compilers. Your mileage may vary.
39795 +/* If BMAX needs to be larger than 16, then h and x[] should be uLong. */
39796 +#define BMAX 15 /* maximum bit length of any code */
39798 +local int huft_build(b, n, s, d, e, t, m, hp, hn, v)
39799 +uIntf *b; /* code lengths in bits (all assumed <= BMAX) */
39800 +uInt n; /* number of codes (assumed <= 288) */
39801 +uInt s; /* number of simple-valued codes (0..s-1) */
39802 +const uIntf *d; /* list of base values for non-simple codes */
39803 +const uIntf *e; /* list of extra bits for non-simple codes */
39804 +inflate_huft * FAR *t; /* result: starting table */
39805 +uIntf *m; /* maximum lookup bits, returns actual */
39806 +inflate_huft *hp; /* space for trees */
39807 +uInt *hn; /* hufts used in space */
39808 +uIntf *v; /* working area: values in order of bit length */
39809 +/* Given a list of code lengths and a maximum table size, make a set of
39810 + tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR
39811 + if the given code set is incomplete (the tables are still built in this
39812 + case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of
39813 + lengths), or Z_MEM_ERROR if not enough memory. */
39816 + uInt a; /* counter for codes of length k */
39817 + uInt c[BMAX+1]; /* bit length count table */
39818 + uInt f; /* i repeats in table every f entries */
39819 + int g; /* maximum code length */
39820 + int h; /* table level */
39821 + register uInt i; /* counter, current code */
39822 + register uInt j; /* counter */
39823 + register int k; /* number of bits in current code */
39824 + int l; /* bits per table (returned in m) */
39825 + uInt mask; /* (1 << w) - 1, to avoid cc -O bug on HP */
39826 + register uIntf *p; /* pointer into c[], b[], or v[] */
39827 + inflate_huft *q; /* points to current table */
39828 + struct inflate_huft_s r; /* table entry for structure assignment */
39829 + inflate_huft *u[BMAX]; /* table stack */
39830 + register int w; /* bits before this table == (l * h) */
39831 + uInt x[BMAX+1]; /* bit offsets, then code stack */
39832 + uIntf *xp; /* pointer into x */
39833 + int y; /* number of dummy codes added */
39834 + uInt z; /* number of entries in current table */
39837 + /* Generate counts for each bit length */
39839 +#define C0 *p++ = 0;
39840 +#define C2 C0 C0 C0 C0
39841 +#define C4 C2 C2 C2 C2
39842 + C4 /* clear c[]--assume BMAX+1 is 16 */
39845 + c[*p++]++; /* assume all entries <= BMAX */
39847 + if (c[0] == n) /* null input--all zero length codes */
39849 + *t = (inflate_huft *)Z_NULL;
39855 + /* Find minimum and maximum length, bound *m by those */
39857 + for (j = 1; j <= BMAX; j++)
39860 + k = j; /* minimum code length */
39863 + for (i = BMAX; i; i--)
39866 + g = i; /* maximum code length */
39872 + /* Adjust last length count to fill out codes, if needed */
39873 + for (y = 1 << j; j < i; j++, y <<= 1)
39874 + if ((y -= c[j]) < 0)
39875 + return Z_DATA_ERROR;
39876 + if ((y -= c[i]) < 0)
39877 + return Z_DATA_ERROR;
39881 + /* Generate starting offsets into the value table for each length */
39883 + p = c + 1; xp = x + 2;
39884 + while (--i) { /* note that i == g from above */
39885 + *xp++ = (j += *p++);
39889 + /* Make a table of values in order of bit lengths */
39892 + if ((j = *p++) != 0)
39894 + } while (++i < n);
39895 + n = x[g]; /* set n to length of v */
39898 + /* Generate the Huffman codes and for each, make the table entries */
39899 + x[0] = i = 0; /* first Huffman code is zero */
39900 + p = v; /* grab values in bit order */
39901 + h = -1; /* no tables yet--level -1 */
39902 + w = -l; /* bits decoded == (l * h) */
39903 + u[0] = (inflate_huft *)Z_NULL; /* just to keep compilers happy */
39904 + q = (inflate_huft *)Z_NULL; /* ditto */
39905 + z = 0; /* ditto */
39907 + /* go through the bit lengths (k already is bits in shortest code) */
39908 + for (; k <= g; k++)
39913 + /* here i is the Huffman code of length k bits for value *p */
39914 + /* make tables up to required level */
39915 + while (k > w + l)
39918 + w += l; /* previous table always l bits */
39920 + /* compute minimum size table less than or equal to l bits */
39922 + z = z > (uInt)l ? l : z; /* table size upper limit */
39923 + if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */
39924 + { /* too few codes for k-w bit table */
39925 + f -= a + 1; /* deduct codes from patterns left */
39928 + while (++j < z) /* try smaller tables up to z bits */
39930 + if ((f <<= 1) <= *++xp)
39931 + break; /* enough codes to use up j bits */
39932 + f -= *xp; /* else deduct codes from patterns */
39935 + z = 1 << j; /* table entries for j-bit table */
39937 + /* allocate new table */
39938 + if (*hn + z > MANY) /* (note: doesn't matter for fixed) */
39939 + return Z_MEM_ERROR; /* not enough memory */
39940 + u[h] = q = hp + *hn;
39943 + /* connect to last table, if there is one */
39946 + x[h] = i; /* save pattern for backing up */
39947 + r.bits = (Byte)l; /* bits to dump before this table */
39948 + r.exop = (Byte)j; /* bits in this table */
39949 + j = i >> (w - l);
39950 + r.base = (uInt)(q - u[h-1] - j); /* offset to this table */
39951 + u[h-1][j] = r; /* connect to last table */
39954 + *t = q; /* first table is returned result */
39957 + /* set up table entry in r */
39958 + r.bits = (Byte)(k - w);
39960 + r.exop = 128 + 64; /* out of values--invalid code */
39963 + r.exop = (Byte)(*p < 256 ? 0 : 32 + 64); /* 256 is end-of-block */
39964 + r.base = *p++; /* simple code is just the value */
39968 + r.exop = (Byte)(e[*p - s] + 16 + 64);/* non-simple--look up in lists */
39969 + r.base = d[*p++ - s];
39972 + /* fill code-like entries with r */
39973 + f = 1 << (k - w);
39974 + for (j = i >> w; j < z; j += f)
39977 + /* backwards increment the k-bit code i */
39978 + for (j = 1 << (k - 1); i & j; j >>= 1)
39982 + /* backup over finished tables */
39983 + mask = (1 << w) - 1; /* needed on HP, cc -O bug */
39984 + while ((i & mask) != x[h])
39986 + h--; /* don't need to update q */
39988 + mask = (1 << w) - 1;
39994 + /* Return Z_BUF_ERROR if we were given an incomplete table */
39995 + return y != 0 && g != 1 ? Z_BUF_ERROR : Z_OK;
39999 +int inflate_trees_bits(c, bb, tb, hp, z)
40000 +uIntf *c; /* 19 code lengths */
40001 +uIntf *bb; /* bits tree desired/actual depth */
40002 +inflate_huft * FAR *tb; /* bits tree result */
40003 +inflate_huft *hp; /* space for trees */
40004 +z_streamp z; /* for messages */
40007 + uInt hn = 0; /* hufts used in space */
40008 + uIntf *v; /* work area for huft_build */
40010 + if ((v = (uIntf*)ZALLOC(z, 19, sizeof(uInt))) == Z_NULL)
40011 + return Z_MEM_ERROR;
40012 + r = huft_build(c, 19, 19, (uIntf*)Z_NULL, (uIntf*)Z_NULL,
40013 + tb, bb, hp, &hn, v);
40014 + if (r == Z_DATA_ERROR)
40015 + z->msg = (char*)"oversubscribed dynamic bit lengths tree";
40016 + else if (r == Z_BUF_ERROR || *bb == 0)
40018 + z->msg = (char*)"incomplete dynamic bit lengths tree";
40019 + r = Z_DATA_ERROR;
40026 +int inflate_trees_dynamic(nl, nd, c, bl, bd, tl, td, hp, z)
40027 +uInt nl; /* number of literal/length codes */
40028 +uInt nd; /* number of distance codes */
40029 +uIntf *c; /* that many (total) code lengths */
40030 +uIntf *bl; /* literal desired/actual bit depth */
40031 +uIntf *bd; /* distance desired/actual bit depth */
40032 +inflate_huft * FAR *tl; /* literal/length tree result */
40033 +inflate_huft * FAR *td; /* distance tree result */
40034 +inflate_huft *hp; /* space for trees */
40035 +z_streamp z; /* for messages */
40038 + uInt hn = 0; /* hufts used in space */
40039 + uIntf *v; /* work area for huft_build */
40041 + /* allocate work area */
40042 + if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL)
40043 + return Z_MEM_ERROR;
40045 + /* build literal/length tree */
40046 + r = huft_build(c, nl, 257, cplens, cplext, tl, bl, hp, &hn, v);
40047 + if (r != Z_OK || *bl == 0)
40049 + if (r == Z_DATA_ERROR)
40050 + z->msg = (char*)"oversubscribed literal/length tree";
40051 + else if (r != Z_MEM_ERROR)
40053 + z->msg = (char*)"incomplete literal/length tree";
40054 + r = Z_DATA_ERROR;
40060 + /* build distance tree */
40061 + r = huft_build(c + nl, nd, 0, cpdist, cpdext, td, bd, hp, &hn, v);
40062 + if (r != Z_OK || (*bd == 0 && nl > 257))
40064 + if (r == Z_DATA_ERROR)
40065 + z->msg = (char*)"oversubscribed distance tree";
40066 + else if (r == Z_BUF_ERROR) {
40067 +#ifdef PKZIP_BUG_WORKAROUND
40071 + z->msg = (char*)"incomplete distance tree";
40072 + r = Z_DATA_ERROR;
40074 + else if (r != Z_MEM_ERROR)
40076 + z->msg = (char*)"empty distance tree with lengths";
40077 + r = Z_DATA_ERROR;
40090 +/* build fixed tables only once--keep them here */
40092 +local int fixed_built = 0;
40093 +#define FIXEDH 544 /* number of hufts used by fixed tables */
40094 +local inflate_huft fixed_mem[FIXEDH];
40095 +local uInt fixed_bl;
40096 +local uInt fixed_bd;
40097 +local inflate_huft *fixed_tl;
40098 +local inflate_huft *fixed_td;
40100 +#include "inffixed.h"
40104 +int inflate_trees_fixed(bl, bd, tl, td, z)
40105 +uIntf *bl; /* literal desired/actual bit depth */
40106 +uIntf *bd; /* distance desired/actual bit depth */
40107 +inflate_huft * FAR *tl; /* literal/length tree result */
40108 +inflate_huft * FAR *td; /* distance tree result */
40109 +z_streamp z; /* for memory allocation */
40112 + /* build fixed tables if not already */
40113 + if (!fixed_built)
40115 + int k; /* temporary variable */
40116 + uInt f = 0; /* number of hufts used in fixed_mem */
40117 + uIntf *c; /* length list for huft_build */
40118 + uIntf *v; /* work area for huft_build */
40120 + /* allocate memory */
40121 + if ((c = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL)
40122 + return Z_MEM_ERROR;
40123 + if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL)
40126 + return Z_MEM_ERROR;
40129 + /* literal table */
40130 + for (k = 0; k < 144; k++)
40132 + for (; k < 256; k++)
40134 + for (; k < 280; k++)
40136 + for (; k < 288; k++)
40139 + huft_build(c, 288, 257, cplens, cplext, &fixed_tl, &fixed_bl,
40140 + fixed_mem, &f, v);
40142 + /* distance table */
40143 + for (k = 0; k < 30; k++)
40146 + huft_build(c, 30, 0, cpdist, cpdext, &fixed_td, &fixed_bd,
40147 + fixed_mem, &f, v);
40161 diff -druN linux-noipsec/net/ipsec/zlib/inftrees.h linux/net/ipsec/zlib/inftrees.h
40162 --- linux-noipsec/net/ipsec/zlib/inftrees.h Thu Jan 1 01:00:00 1970
40163 +++ linux/net/ipsec/zlib/inftrees.h Fri Sep 29 20:51:34 2000
40165 +/* inftrees.h -- header to use inftrees.c
40166 + * Copyright (C) 1995-1998 Mark Adler
40167 + * For conditions of distribution and use, see copyright notice in zlib.h
40170 +/* WARNING: this file should *not* be used by applications. It is
40171 + part of the implementation of the compression library and is
40172 + subject to change. Applications should only use zlib.h.
40175 +/* Huffman code lookup table entry--this entry is four bytes for machines
40176 + that have 16-bit pointers (e.g. PC's in the small or medium model). */
40178 +#ifndef _INFTREES_H
40179 +#define _INFTREES_H
40181 +typedef struct inflate_huft_s FAR inflate_huft;
40183 +struct inflate_huft_s {
40186 + Byte Exop; /* number of extra bits or operation */
40187 + Byte Bits; /* number of bits in this code or subcode */
40189 + uInt pad; /* pad structure to a power of 2 (4 bytes for */
40190 + } word; /* 16-bit, 8 bytes for 32-bit int's) */
40191 + uInt base; /* literal, length base, distance base,
40192 + or table offset */
40195 +/* Maximum size of dynamic tree. The maximum found in a long but non-
40196 + exhaustive search was 1004 huft structures (850 for length/literals
40197 + and 154 for distances, the latter actually the result of an
40198 + exhaustive search). The actual maximum is not known, but the
40199 + value below is more than safe. */
40202 +extern int inflate_trees_bits OF((
40203 + uIntf *, /* 19 code lengths */
40204 + uIntf *, /* bits tree desired/actual depth */
40205 + inflate_huft * FAR *, /* bits tree result */
40206 + inflate_huft *, /* space for trees */
40207 + z_streamp)); /* for messages */
40209 +extern int inflate_trees_dynamic OF((
40210 + uInt, /* number of literal/length codes */
40211 + uInt, /* number of distance codes */
40212 + uIntf *, /* that many (total) code lengths */
40213 + uIntf *, /* literal desired/actual bit depth */
40214 + uIntf *, /* distance desired/actual bit depth */
40215 + inflate_huft * FAR *, /* literal/length tree result */
40216 + inflate_huft * FAR *, /* distance tree result */
40217 + inflate_huft *, /* space for trees */
40218 + z_streamp)); /* for messages */
40220 +extern int inflate_trees_fixed OF((
40221 + uIntf *, /* literal desired/actual bit depth */
40222 + uIntf *, /* distance desired/actual bit depth */
40223 + inflate_huft * FAR *, /* literal/length tree result */
40224 + inflate_huft * FAR *, /* distance tree result */
40225 + z_streamp)); /* for memory allocation */
40227 +#endif /* _INFTREES_H */
40228 diff -druN linux-noipsec/net/ipsec/zlib/infutil.c linux/net/ipsec/zlib/infutil.c
40229 --- linux-noipsec/net/ipsec/zlib/infutil.c Thu Jan 1 01:00:00 1970
40230 +++ linux/net/ipsec/zlib/infutil.c Fri Sep 29 20:51:34 2000
40232 +/* inflate_util.c -- data and routines common to blocks and codes
40233 + * Copyright (C) 1995-1998 Mark Adler
40234 + * For conditions of distribution and use, see copyright notice in zlib.h
40237 +#include "zutil.h"
40238 +#include "infblock.h"
40239 +#include "inftrees.h"
40240 +#include "infcodes.h"
40241 +#include "infutil.h"
40243 +struct inflate_codes_state {int dummy;}; /* for buggy compilers */
40245 +/* And'ing with mask[n] masks the lower n bits */
40246 +uInt inflate_mask[17] = {
40248 + 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff,
40249 + 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff
40253 +/* copy as much as possible from the sliding window to the output area */
40254 +int inflate_flush(s, z, r)
40255 +inflate_blocks_statef *s;
40263 + /* local copies of source and destination pointers */
40267 + /* compute number of bytes to copy as far as end of window */
40268 + n = (uInt)((q <= s->write ? s->write : s->end) - q);
40269 + if (n > z->avail_out) n = z->avail_out;
40270 + if (n && r == Z_BUF_ERROR) r = Z_OK;
40272 + /* update counters */
40273 + z->avail_out -= n;
40274 + z->total_out += n;
40276 + /* update check information */
40277 + if (s->checkfn != Z_NULL)
40278 + z->adler = s->check = (*s->checkfn)(s->check, q, n);
40280 + /* copy as far as end of window */
40281 + zmemcpy(p, q, n);
40285 + /* see if more to copy at beginning of window */
40288 + /* wrap pointers */
40290 + if (s->write == s->end)
40291 + s->write = s->window;
40293 + /* compute bytes to copy */
40294 + n = (uInt)(s->write - q);
40295 + if (n > z->avail_out) n = z->avail_out;
40296 + if (n && r == Z_BUF_ERROR) r = Z_OK;
40298 + /* update counters */
40299 + z->avail_out -= n;
40300 + z->total_out += n;
40302 + /* update check information */
40303 + if (s->checkfn != Z_NULL)
40304 + z->adler = s->check = (*s->checkfn)(s->check, q, n);
40307 + zmemcpy(p, q, n);
40312 + /* update pointers */
40319 diff -druN linux-noipsec/net/ipsec/zlib/infutil.h linux/net/ipsec/zlib/infutil.h
40320 --- linux-noipsec/net/ipsec/zlib/infutil.h Thu Jan 1 01:00:00 1970
40321 +++ linux/net/ipsec/zlib/infutil.h Fri Sep 29 20:51:34 2000
40323 +/* infutil.h -- types and macros common to blocks and codes
40324 + * Copyright (C) 1995-1998 Mark Adler
40325 + * For conditions of distribution and use, see copyright notice in zlib.h
40328 +/* WARNING: this file should *not* be used by applications. It is
40329 + part of the implementation of the compression library and is
40330 + subject to change. Applications should only use zlib.h.
40333 +#ifndef _INFUTIL_H
40334 +#define _INFUTIL_H
40337 + TYPE, /* get type bits (3, including end bit) */
40338 + LENS, /* get lengths for stored */
40339 + STORED, /* processing stored block */
40340 + TABLE, /* get table lengths */
40341 + BTREE, /* get bit lengths tree for a dynamic block */
40342 + DTREE, /* get length, distance trees for a dynamic block */
40343 + CODES, /* processing fixed or dynamic block */
40344 + DRY, /* output remaining window bytes */
40345 + DONE, /* finished last block, done */
40346 + BAD} /* got a data error--stuck here */
40347 +inflate_block_mode;
40349 +/* inflate blocks semi-private state */
40350 +struct inflate_blocks_state {
40353 + inflate_block_mode mode; /* current inflate_block mode */
40355 + /* mode dependent information */
40357 + uInt left; /* if STORED, bytes left to copy */
40359 + uInt table; /* table lengths (14 bits) */
40360 + uInt index; /* index into blens (or border) */
40361 + uIntf *blens; /* bit lengths of codes */
40362 + uInt bb; /* bit length tree depth */
40363 + inflate_huft *tb; /* bit length decoding tree */
40364 + } trees; /* if DTREE, decoding info for trees */
40366 + inflate_codes_statef
40368 + } decode; /* if CODES, current state */
40369 + } sub; /* submode */
40370 + uInt last; /* true if this block is the last block */
40372 + /* mode independent information */
40373 + uInt bitk; /* bits in bit buffer */
40374 + uLong bitb; /* bit buffer */
40375 + inflate_huft *hufts; /* single malloc for tree space */
40376 + Bytef *window; /* sliding window */
40377 + Bytef *end; /* one byte after sliding window */
40378 + Bytef *read; /* window read pointer */
40379 + Bytef *write; /* window write pointer */
40380 + check_func checkfn; /* check function */
40381 + uLong check; /* check on output */
40386 +/* defines for inflate input/output */
40387 +/* update pointers and return */
40388 +#define UPDBITS {s->bitb=b;s->bitk=k;}
40389 +#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;}
40390 +#define UPDOUT {s->write=q;}
40391 +#define UPDATE {UPDBITS UPDIN UPDOUT}
40392 +#define LEAVE {UPDATE return inflate_flush(s,z,r);}
40393 +/* get bytes and bits */
40394 +#define LOADIN {p=z->next_in;n=z->avail_in;b=s->bitb;k=s->bitk;}
40395 +#define NEEDBYTE {if(n)r=Z_OK;else LEAVE}
40396 +#define NEXTBYTE (n--,*p++)
40397 +#define NEEDBITS(j) {while(k<(j)){NEEDBYTE;b|=((uLong)NEXTBYTE)<<k;k+=8;}}
40398 +#define DUMPBITS(j) {b>>=(j);k-=(j);}
40399 +/* output bytes */
40400 +#define WAVAIL (uInt)(q<s->read?s->read-q-1:s->end-q)
40401 +#define LOADOUT {q=s->write;m=(uInt)WAVAIL;}
40402 +#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}}
40403 +#define FLUSH {UPDOUT r=inflate_flush(s,z,r); LOADOUT}
40404 +#define NEEDOUT {if(m==0){WRAP if(m==0){FLUSH WRAP if(m==0) LEAVE}}r=Z_OK;}
40405 +#define OUTBYTE(a) {*q++=(Byte)(a);m--;}
40406 +/* load local pointers */
40407 +#define LOAD {LOADIN LOADOUT}
40409 +/* masks for lower bits (size given to avoid silly warnings with Visual C++) */
40410 +extern uInt inflate_mask[17];
40412 +/* copy as much as possible from the sliding window to the output area */
40413 +extern int inflate_flush OF((
40414 + inflate_blocks_statef *,
40418 +struct internal_state {int dummy;}; /* for buggy compilers */
40420 +#endif /* _INFUTIL_H */
40421 diff -druN linux-noipsec/net/ipsec/zlib/match586.S linux/net/ipsec/zlib/match586.S
40422 --- linux-noipsec/net/ipsec/zlib/match586.S Thu Jan 1 01:00:00 1970
40423 +++ linux/net/ipsec/zlib/match586.S Fri Sep 29 20:51:34 2000
40425 +/* match.s -- Pentium-optimized version of longest_match()
40426 + * Written for zlib 1.1.2
40427 + * Copyright (C) 1998 Brian Raiter <breadbox@muppetlabs.com>
40429 + * This is free software; you can redistribute it and/or modify it
40430 + * under the terms of the GNU General Public License.
40433 +#ifndef NO_UNDERLINE
40434 +#define match_init _ipcomp_match_init
40435 +#define longest_match _ipcomp_longest_match
40437 +#define match_init ipcomp_match_init
40438 +#define longest_match ipcomp_longest_match
40441 +#define MAX_MATCH (258)
40442 +#define MIN_MATCH (3)
40443 +#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1)
40444 +#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7)
40446 +/* stack frame offsets */
40448 +#define wmask 0 /* local copy of s->wmask */
40449 +#define window 4 /* local copy of s->window */
40450 +#define windowbestlen 8 /* s->window + bestlen */
40451 +#define chainlenscanend 12 /* high word: current chain len */
40452 + /* low word: last bytes sought */
40453 +#define scanstart 16 /* first two bytes of string */
40454 +#define scanalign 20 /* dword-misalignment of string */
40455 +#define nicematch 24 /* a good enough match size */
40456 +#define bestlen 28 /* size of best match so far */
40457 +#define scan 32 /* ptr to string wanting match */
40459 +#define LocalVarsSize (36)
40460 +/* saved ebx 36 */
40461 +/* saved edi 40 */
40462 +/* saved esi 44 */
40463 +/* saved ebp 48 */
40464 +/* return address 52 */
40465 +#define deflatestate 56 /* the function arguments */
40466 +#define curmatch 60
40468 +/* Offsets for fields in the deflate_state structure. These numbers
40469 + * are calculated from the definition of deflate_state, with the
40470 + * assumption that the compiler will dword-align the fields. (Thus,
40471 + * changing the definition of deflate_state could easily cause this
40472 + * program to crash horribly, without so much as a warning at
40473 + * compile time. Sigh.)
40475 +#define dsWSize 36
40476 +#define dsWMask 44
40477 +#define dsWindow 48
40479 +#define dsMatchLen 88
40480 +#define dsPrevMatch 92
40481 +#define dsStrStart 100
40482 +#define dsMatchStart 104
40483 +#define dsLookahead 108
40484 +#define dsPrevLen 112
40485 +#define dsMaxChainLen 116
40486 +#define dsGoodMatch 132
40487 +#define dsNiceMatch 136
40492 +.globl match_init, longest_match
40496 +/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */
40500 +/* Save registers that the compiler may be using, and adjust %esp to */
40501 +/* make room for our stack frame. */
40507 + subl $LocalVarsSize, %esp
40509 +/* Retrieve the function arguments. %ecx will hold cur_match */
40510 +/* throughout the entire function. %edx will hold the pointer to the */
40511 +/* deflate_state structure during the function's setup (before */
40512 +/* entering the main loop). */
40514 + movl deflatestate(%esp), %edx
40515 + movl curmatch(%esp), %ecx
40517 +/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */
40519 + movl dsNiceMatch(%edx), %eax
40520 + movl dsLookahead(%edx), %ebx
40524 +LookaheadLess: movl %ebx, nicematch(%esp)
40526 +/* register Bytef *scan = s->window + s->strstart; */
40528 + movl dsWindow(%edx), %esi
40529 + movl %esi, window(%esp)
40530 + movl dsStrStart(%edx), %ebp
40531 + lea (%esi,%ebp), %edi
40532 + movl %edi, scan(%esp)
40534 +/* Determine how many bytes the scan ptr is off from being */
40535 +/* dword-aligned. */
40540 + movl %eax, scanalign(%esp)
40542 +/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */
40543 +/* s->strstart - (IPos)MAX_DIST(s) : NIL; */
40545 + movl dsWSize(%edx), %eax
40546 + subl $MIN_LOOKAHEAD, %eax
40552 +/* unsigned chain_length = s->max_chain_length; */
40553 +/* if (s->prev_length >= s->good_match) { */
40554 +/* chain_length >>= 2; */
40557 + movl dsPrevLen(%edx), %eax
40558 + movl dsGoodMatch(%edx), %ebx
40560 + movl dsMaxChainLen(%edx), %ebx
40565 +/* chainlen is decremented once beforehand so that the function can */
40566 +/* use the sign flag instead of the zero flag for the exit test. */
40567 +/* It is then shifted into the high word, to make room for the scanend */
40568 +/* scanend value, which it will always accompany. */
40573 +/* int best_len = s->prev_length; */
40575 + movl dsPrevLen(%edx), %eax
40576 + movl %eax, bestlen(%esp)
40578 +/* Store the sum of s->window + best_len in %esi locally, and in %esi. */
40581 + movl %esi, windowbestlen(%esp)
40583 +/* register ush scan_start = *(ushf*)scan; */
40584 +/* register ush scan_end = *(ushf*)(scan+best_len-1); */
40587 + movw %bx, scanstart(%esp)
40588 + movw -1(%edi,%eax), %bx
40589 + movl %ebx, chainlenscanend(%esp)
40591 +/* Posf *prev = s->prev; */
40592 +/* uInt wmask = s->w_mask; */
40594 + movl dsPrev(%edx), %edi
40595 + movl dsWMask(%edx), %edx
40596 + mov %edx, wmask(%esp)
40598 +/* Jump into the main loop. */
40605 + * match = s->window + cur_match;
40606 + * if (*(ushf*)(match+best_len-1) != scan_end ||
40607 + * *(ushf*)match != scan_start) continue;
40609 + * } while ((cur_match = prev[cur_match & wmask]) > limit
40610 + * && --chain_length != 0);
40612 + * Here is the inner loop of the function. The function will spend the
40613 + * majority of its time in this loop, and majority of that time will
40614 + * be spent in the first ten instructions.
40616 + * Within this loop:
40617 + * %ebx = chainlenscanend - i.e., ((chainlen << 16) | scanend)
40618 + * %ecx = curmatch
40619 + * %edx = curmatch & wmask
40620 + * %esi = windowbestlen - i.e., (window + bestlen)
40624 + * Two optimization notes on the choice of instructions:
40626 + * The first instruction uses a 16-bit address, which costs an extra,
40627 + * unpairable cycle. This is cheaper than doing a 32-bit access and
40628 + * zeroing the high word, due to the 3-cycle misalignment penalty which
40629 + * would occur half the time. This also turns out to be cheaper than
40630 + * doing two separate 8-bit accesses, as the memory is so rarely in the
40633 + * The window buffer, however, apparently spends a lot of time in the
40634 + * cache, and so it is faster to retrieve the word at the end of the
40635 + * match string with two 8-bit loads. The instructions that test the
40636 + * word at the beginning of the match string, however, are executed
40637 + * much less frequently, and there it was cheaper to use 16-bit
40638 + * instructions, which avoided the necessity of saving off and
40639 + * subsequently reloading one of the other registers.
40643 + movw (%edi,%edx,2), %cx /* 2 U pipe */
40644 + movl wmask(%esp), %edx /* 2 V pipe */
40645 + cmpl %ebp, %ecx /* 3 U pipe */
40646 + jbe LeaveNow /* 3 V pipe */
40647 + subl $0x00010000, %ebx /* 4 U pipe */
40648 + js LeaveNow /* 4 V pipe */
40649 +LoopEntry: movb -1(%esi,%ecx), %al /* 5 U pipe */
40650 + andl %ecx, %edx /* 5 V pipe */
40651 + cmpb %bl, %al /* 6 U pipe */
40652 + jnz LookupLoop /* 6 V pipe */
40653 + movb (%esi,%ecx), %ah
40656 + movl window(%esp), %eax
40657 + movw (%eax,%ecx), %ax
40658 + cmpw scanstart(%esp), %ax
40661 +/* Store the current value of chainlen. */
40663 + movl %ebx, chainlenscanend(%esp)
40665 +/* Point %edi to the string under scrutiny, and %esi to the string we */
40666 +/* are hoping to match it up with. In actuality, %esi and %edi are */
40667 +/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */
40668 +/* initialized to -(MAX_MATCH_8 - scanalign). */
40670 + movl window(%esp), %esi
40671 + movl scan(%esp), %edi
40673 + movl scanalign(%esp), %eax
40674 + movl $(-MAX_MATCH_8), %edx
40675 + lea MAX_MATCH_8(%edi,%eax), %edi
40676 + lea MAX_MATCH_8(%esi,%eax), %esi
40678 +/* Test the strings for equality, 8 bytes at a time. At the end,
40679 + * adjust %edx so that it is offset to the exact byte that mismatched.
40681 + * We already know at this point that the first three bytes of the
40682 + * strings match each other, and they can be safely passed over before
40683 + * starting the compare loop. So what this code does is skip over 0-3
40684 + * bytes, as much as necessary in order to dword-align the %edi
40685 + * pointer. (%esi will still be misaligned three times out of four.)
40687 + * It should be confessed that this loop usually does not represent
40688 + * much of the total running time. Replacing it with a more
40689 + * straightforward "rep cmpsb" would not drastically degrade
40693 + movl (%esi,%edx), %eax
40694 + movl (%edi,%edx), %ebx
40696 + jnz LeaveLoopCmps
40697 + movl 4(%esi,%edx), %eax
40698 + movl 4(%edi,%edx), %ebx
40700 + jnz LeaveLoopCmps4
40704 +LeaveLoopCmps4: addl $4, %edx
40705 +LeaveLoopCmps: testl $0x0000FFFF, %eax
40709 +LenLower: subb $1, %al
40712 +/* Calculate the length of the match. If it is longer than MAX_MATCH, */
40713 +/* then automatically accept it as the best possible match and leave. */
40715 + lea (%edi,%edx), %eax
40716 + movl scan(%esp), %edi
40718 + cmpl $MAX_MATCH, %eax
40721 +/* If the length of the match is not longer than the best match we */
40722 +/* have so far, then forget it and return to the lookup loop. */
40724 + movl deflatestate(%esp), %edx
40725 + movl bestlen(%esp), %ebx
40728 + movl chainlenscanend(%esp), %ebx
40729 + movl windowbestlen(%esp), %esi
40730 + movl dsPrev(%edx), %edi
40731 + movl wmask(%esp), %edx
40735 +/* s->match_start = cur_match; */
40736 +/* best_len = len; */
40737 +/* if (len >= nice_match) break; */
40738 +/* scan_end = *(ushf*)(scan+best_len-1); */
40740 +LongerMatch: movl nicematch(%esp), %ebx
40741 + movl %eax, bestlen(%esp)
40742 + movl %ecx, dsMatchStart(%edx)
40745 + movl window(%esp), %esi
40747 + movl %esi, windowbestlen(%esp)
40748 + movl chainlenscanend(%esp), %ebx
40749 + movw -1(%edi,%eax), %bx
40750 + movl dsPrev(%edx), %edi
40751 + movl %ebx, chainlenscanend(%esp)
40752 + movl wmask(%esp), %edx
40756 +/* Accept the current string, with the maximum possible length. */
40758 +LenMaximum: movl deflatestate(%esp), %edx
40759 + movl $MAX_MATCH, bestlen(%esp)
40760 + movl %ecx, dsMatchStart(%edx)
40762 +/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */
40763 +/* return s->lookahead; */
40766 + movl deflatestate(%esp), %edx
40767 + movl bestlen(%esp), %ebx
40768 + movl dsLookahead(%edx), %eax
40774 +/* Restore the stack and return from whence we came. */
40776 + addl $LocalVarsSize, %esp
40782 diff -druN linux-noipsec/net/ipsec/zlib/match686.S linux/net/ipsec/zlib/match686.S
40783 --- linux-noipsec/net/ipsec/zlib/match686.S Thu Jan 1 01:00:00 1970
40784 +++ linux/net/ipsec/zlib/match686.S Fri Oct 27 05:35:16 2000
40786 +/* match.s -- Pentium-Pro-optimized version of longest_match()
40787 + * Written for zlib 1.1.2
40788 + * Copyright (C) 1998 Brian Raiter <breadbox@muppetlabs.com>
40790 + * This is free software; you can redistribute it and/or modify it
40791 + * under the terms of the GNU General Public License.
40794 +#ifndef NO_UNDERLINE
40795 +#define match_init _ipcomp_match_init
40796 +#define longest_match _ipcomp_longest_match
40798 +#define match_init ipcomp_match_init
40799 +#define longest_match ipcomp_longest_match
40802 +#define MAX_MATCH (258)
40803 +#define MIN_MATCH (3)
40804 +#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1)
40805 +#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7)
40807 +/* stack frame offsets */
40809 +#define chainlenwmask 0 /* high word: current chain len */
40810 + /* low word: s->wmask */
40811 +#define window 4 /* local copy of s->window */
40812 +#define windowbestlen 8 /* s->window + bestlen */
40813 +#define scanstart 16 /* first two bytes of string */
40814 +#define scanend 12 /* last two bytes of string */
40815 +#define scanalign 20 /* dword-misalignment of string */
40816 +#define nicematch 24 /* a good enough match size */
40817 +#define bestlen 28 /* size of best match so far */
40818 +#define scan 32 /* ptr to string wanting match */
40820 +#define LocalVarsSize (36)
40821 +/* saved ebx 36 */
40822 +/* saved edi 40 */
40823 +/* saved esi 44 */
40824 +/* saved ebp 48 */
40825 +/* return address 52 */
40826 +#define deflatestate 56 /* the function arguments */
40827 +#define curmatch 60
40829 +/* Offsets for fields in the deflate_state structure. These numbers
40830 + * are calculated from the definition of deflate_state, with the
40831 + * assumption that the compiler will dword-align the fields. (Thus,
40832 + * changing the definition of deflate_state could easily cause this
40833 + * program to crash horribly, without so much as a warning at
40834 + * compile time. Sigh.)
40836 +#define dsWSize 36
40837 +#define dsWMask 44
40838 +#define dsWindow 48
40840 +#define dsMatchLen 88
40841 +#define dsPrevMatch 92
40842 +#define dsStrStart 100
40843 +#define dsMatchStart 104
40844 +#define dsLookahead 108
40845 +#define dsPrevLen 112
40846 +#define dsMaxChainLen 116
40847 +#define dsGoodMatch 132
40848 +#define dsNiceMatch 136
40853 +.globl match_init, longest_match
40857 +/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */
40861 +/* Save registers that the compiler may be using, and adjust %esp to */
40862 +/* make room for our stack frame. */
40868 + subl $LocalVarsSize, %esp
40870 +/* Retrieve the function arguments. %ecx will hold cur_match */
40871 +/* throughout the entire function. %edx will hold the pointer to the */
40872 +/* deflate_state structure during the function's setup (before */
40873 +/* entering the main loop). */
40875 + movl deflatestate(%esp), %edx
40876 + movl curmatch(%esp), %ecx
40878 +/* uInt wmask = s->w_mask; */
40879 +/* unsigned chain_length = s->max_chain_length; */
40880 +/* if (s->prev_length >= s->good_match) { */
40881 +/* chain_length >>= 2; */
40884 + movl dsPrevLen(%edx), %eax
40885 + movl dsGoodMatch(%edx), %ebx
40887 + movl dsWMask(%edx), %eax
40888 + movl dsMaxChainLen(%edx), %ebx
40893 +/* chainlen is decremented once beforehand so that the function can */
40894 +/* use the sign flag instead of the zero flag for the exit test. */
40895 +/* It is then shifted into the high word, to make room for the wmask */
40896 +/* value, which it will always accompany. */
40901 + movl %ebx, chainlenwmask(%esp)
40903 +/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */
40905 + movl dsNiceMatch(%edx), %eax
40906 + movl dsLookahead(%edx), %ebx
40910 +LookaheadLess: movl %ebx, nicematch(%esp)
40912 +/* register Bytef *scan = s->window + s->strstart; */
40914 + movl dsWindow(%edx), %esi
40915 + movl %esi, window(%esp)
40916 + movl dsStrStart(%edx), %ebp
40917 + lea (%esi,%ebp), %edi
40918 + movl %edi, scan(%esp)
40920 +/* Determine how many bytes the scan ptr is off from being */
40921 +/* dword-aligned. */
40926 + movl %eax, scanalign(%esp)
40928 +/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */
40929 +/* s->strstart - (IPos)MAX_DIST(s) : NIL; */
40931 + movl dsWSize(%edx), %eax
40932 + subl $MIN_LOOKAHEAD, %eax
40938 +/* int best_len = s->prev_length; */
40940 + movl dsPrevLen(%edx), %eax
40941 + movl %eax, bestlen(%esp)
40943 +/* Store the sum of s->window + best_len in %esi locally, and in %esi. */
40946 + movl %esi, windowbestlen(%esp)
40948 +/* register ush scan_start = *(ushf*)scan; */
40949 +/* register ush scan_end = *(ushf*)(scan+best_len-1); */
40950 +/* Posf *prev = s->prev; */
40952 + movzwl (%edi), %ebx
40953 + movl %ebx, scanstart(%esp)
40954 + movzwl -1(%edi,%eax), %ebx
40955 + movl %ebx, scanend(%esp)
40956 + movl dsPrev(%edx), %edi
40958 +/* Jump into the main loop. */
40960 + movl chainlenwmask(%esp), %edx
40966 + * match = s->window + cur_match;
40967 + * if (*(ushf*)(match+best_len-1) != scan_end ||
40968 + * *(ushf*)match != scan_start) continue;
40970 + * } while ((cur_match = prev[cur_match & wmask]) > limit
40971 + * && --chain_length != 0);
40973 + * Here is the inner loop of the function. The function will spend the
40974 + * majority of its time in this loop, and majority of that time will
40975 + * be spent in the first ten instructions.
40977 + * Within this loop:
40979 + * %ecx = curmatch
40980 + * %edx = chainlenwmask - i.e., ((chainlen << 16) | wmask)
40981 + * %esi = windowbestlen - i.e., (window + bestlen)
40987 + movzwl (%edi,%ecx,2), %ecx
40990 + subl $0x00010000, %edx
40992 +LoopEntry: movzwl -1(%esi,%ecx), %eax
40995 + movl window(%esp), %eax
40996 + movzwl (%eax,%ecx), %eax
40997 + cmpl scanstart(%esp), %eax
41000 +/* Store the current value of chainlen. */
41002 + movl %edx, chainlenwmask(%esp)
41004 +/* Point %edi to the string under scrutiny, and %esi to the string we */
41005 +/* are hoping to match it up with. In actuality, %esi and %edi are */
41006 +/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */
41007 +/* initialized to -(MAX_MATCH_8 - scanalign). */
41009 + movl window(%esp), %esi
41010 + movl scan(%esp), %edi
41012 + movl scanalign(%esp), %eax
41013 + movl $(-MAX_MATCH_8), %edx
41014 + lea MAX_MATCH_8(%edi,%eax), %edi
41015 + lea MAX_MATCH_8(%esi,%eax), %esi
41017 +/* Test the strings for equality, 8 bytes at a time. At the end,
41018 + * adjust %edx so that it is offset to the exact byte that mismatched.
41020 + * We already know at this point that the first three bytes of the
41021 + * strings match each other, and they can be safely passed over before
41022 + * starting the compare loop. So what this code does is skip over 0-3
41023 + * bytes, as much as necessary in order to dword-align the %edi
41024 + * pointer. (%esi will still be misaligned three times out of four.)
41026 + * It should be confessed that this loop usually does not represent
41027 + * much of the total running time. Replacing it with a more
41028 + * straightforward "rep cmpsb" would not drastically degrade
41032 + movl (%esi,%edx), %eax
41033 + xorl (%edi,%edx), %eax
41034 + jnz LeaveLoopCmps
41035 + movl 4(%esi,%edx), %eax
41036 + xorl 4(%edi,%edx), %eax
41037 + jnz LeaveLoopCmps4
41041 +LeaveLoopCmps4: addl $4, %edx
41042 +LeaveLoopCmps: testl $0x0000FFFF, %eax
41046 +LenLower: subb $1, %al
41049 +/* Calculate the length of the match. If it is longer than MAX_MATCH, */
41050 +/* then automatically accept it as the best possible match and leave. */
41052 + lea (%edi,%edx), %eax
41053 + movl scan(%esp), %edi
41055 + cmpl $MAX_MATCH, %eax
41058 +/* If the length of the match is not longer than the best match we */
41059 +/* have so far, then forget it and return to the lookup loop. */
41061 + movl deflatestate(%esp), %edx
41062 + movl bestlen(%esp), %ebx
41065 + movl windowbestlen(%esp), %esi
41066 + movl dsPrev(%edx), %edi
41067 + movl scanend(%esp), %ebx
41068 + movl chainlenwmask(%esp), %edx
41071 +/* s->match_start = cur_match; */
41072 +/* best_len = len; */
41073 +/* if (len >= nice_match) break; */
41074 +/* scan_end = *(ushf*)(scan+best_len-1); */
41076 +LongerMatch: movl nicematch(%esp), %ebx
41077 + movl %eax, bestlen(%esp)
41078 + movl %ecx, dsMatchStart(%edx)
41081 + movl window(%esp), %esi
41083 + movl %esi, windowbestlen(%esp)
41084 + movzwl -1(%edi,%eax), %ebx
41085 + movl dsPrev(%edx), %edi
41086 + movl %ebx, scanend(%esp)
41087 + movl chainlenwmask(%esp), %edx
41090 +/* Accept the current string, with the maximum possible length. */
41092 +LenMaximum: movl deflatestate(%esp), %edx
41093 + movl $MAX_MATCH, bestlen(%esp)
41094 + movl %ecx, dsMatchStart(%edx)
41096 +/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */
41097 +/* return s->lookahead; */
41100 + movl deflatestate(%esp), %edx
41101 + movl bestlen(%esp), %ebx
41102 + movl dsLookahead(%edx), %eax
41108 +/* Restore the stack and return from whence we came. */
41110 + addl $LocalVarsSize, %esp
41116 diff -druN linux-noipsec/net/ipsec/zlib/trees.c linux/net/ipsec/zlib/trees.c
41117 --- linux-noipsec/net/ipsec/zlib/trees.c Thu Jan 1 01:00:00 1970
41118 +++ linux/net/ipsec/zlib/trees.c Fri Sep 29 20:51:34 2000
41120 +/* trees.c -- output deflated data using Huffman coding
41121 + * Copyright (C) 1995-1998 Jean-loup Gailly
41122 + * For conditions of distribution and use, see copyright notice in zlib.h
41128 + * The "deflation" process uses several Huffman trees. The more
41129 + * common source values are represented by shorter bit sequences.
41131 + * Each code tree is stored in a compressed form which is itself
41132 + * a Huffman encoding of the lengths of all the code strings (in
41133 + * ascending order by source values). The actual code strings are
41134 + * reconstructed from the lengths in the inflate process, as described
41135 + * in the deflate specification.
41139 + * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
41140 + * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
41142 + * Storer, James A.
41143 + * Data Compression: Methods and Theory, pp. 49-50.
41144 + * Computer Science Press, 1988. ISBN 0-7167-8156-5.
41147 + * Algorithms, p290.
41148 + * Addison-Wesley, 1983. ISBN 0-201-06672-6.
41153 +/* #define GEN_TREES_H */
41155 +#include "deflate.h"
41158 +# include <ctype.h>
41161 +/* ===========================================================================
41165 +#define MAX_BL_BITS 7
41166 +/* Bit length codes must not exceed MAX_BL_BITS bits */
41168 +#define END_BLOCK 256
41169 +/* end of block literal code */
41171 +#define REP_3_6 16
41172 +/* repeat previous bit length 3-6 times (2 bits of repeat count) */
41174 +#define REPZ_3_10 17
41175 +/* repeat a zero length 3-10 times (3 bits of repeat count) */
41177 +#define REPZ_11_138 18
41178 +/* repeat a zero length 11-138 times (7 bits of repeat count) */
41180 +local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
41181 + = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
41183 +local const int extra_dbits[D_CODES] /* extra bits for each distance code */
41184 + = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
41186 +local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */
41187 + = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
41189 +local const uch bl_order[BL_CODES]
41190 + = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
41191 +/* The lengths of the bit length codes are sent in order of decreasing
41192 + * probability, to avoid transmitting the lengths for unused bit length codes.
41195 +#define Buf_size (8 * 2*sizeof(char))
41196 +/* Number of bits used within bi_buf. (bi_buf might be implemented on
41197 + * more than 16 bits on some systems.)
41200 +/* ===========================================================================
41201 + * Local data. These are initialized only once.
41204 +#define DIST_CODE_LEN 512 /* see definition of array dist_code below */
41206 +#if defined(GEN_TREES_H) || !defined(STDC)
41207 +/* non ANSI compilers may not accept trees.h */
41209 +local ct_data static_ltree[L_CODES+2];
41210 +/* The static literal tree. Since the bit lengths are imposed, there is no
41211 + * need for the L_CODES extra codes used during heap construction. However
41212 + * The codes 286 and 287 are needed to build a canonical tree (see _tr_init
41216 +local ct_data static_dtree[D_CODES];
41217 +/* The static distance tree. (Actually a trivial tree since all codes use
41221 +uch _dist_code[DIST_CODE_LEN];
41222 +/* Distance codes. The first 256 values correspond to the distances
41223 + * 3 .. 258, the last 256 values correspond to the top 8 bits of
41224 + * the 15 bit distances.
41227 +uch _length_code[MAX_MATCH-MIN_MATCH+1];
41228 +/* length code for each normalized match length (0 == MIN_MATCH) */
41230 +local int base_length[LENGTH_CODES];
41231 +/* First normalized length for each code (0 = MIN_MATCH) */
41233 +local int base_dist[D_CODES];
41234 +/* First normalized distance for each code (0 = distance of 1) */
41237 +# include "trees.h"
41238 +#endif /* GEN_TREES_H */
41240 +struct static_tree_desc_s {
41241 + const ct_data *static_tree; /* static tree or NULL */
41242 + const intf *extra_bits; /* extra bits for each code or NULL */
41243 + int extra_base; /* base index for extra_bits */
41244 + int elems; /* max number of elements in the tree */
41245 + int max_length; /* max bit length for the codes */
41248 +local static_tree_desc static_l_desc =
41249 +{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
41251 +local static_tree_desc static_d_desc =
41252 +{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS};
41254 +local static_tree_desc static_bl_desc =
41255 +{(const ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS};
41257 +/* ===========================================================================
41258 + * Local (static) routines in this file.
41261 +local void tr_static_init OF((void));
41262 +local void init_block OF((deflate_state *s));
41263 +local void pqdownheap OF((deflate_state *s, ct_data *tree, int k));
41264 +local void gen_bitlen OF((deflate_state *s, tree_desc *desc));
41265 +local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count));
41266 +local void build_tree OF((deflate_state *s, tree_desc *desc));
41267 +local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code));
41268 +local void send_tree OF((deflate_state *s, ct_data *tree, int max_code));
41269 +local int build_bl_tree OF((deflate_state *s));
41270 +local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
41272 +local void compress_block OF((deflate_state *s, const ct_data *ltree,
41273 + const ct_data *dtree));
41274 +local void set_data_type OF((deflate_state *s));
41275 +local unsigned bi_reverse OF((unsigned value, int length));
41276 +local void bi_windup OF((deflate_state *s));
41277 +local void bi_flush OF((deflate_state *s));
41278 +local void copy_block OF((deflate_state *s, charf *buf, unsigned len,
41281 +#ifdef GEN_TREES_H
41282 +local void gen_trees_header OF((void));
41286 +# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
41287 + /* Send a code of the given tree. c and tree must not have side effects */
41290 +# define send_code(s, c, tree) \
41291 + { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \
41292 + send_bits(s, tree[c].Code, tree[c].Len); }
41295 +/* ===========================================================================
41296 + * Output a short LSB first on the stream.
41297 + * IN assertion: there is enough room in pendingBuf.
41299 +#define put_short(s, w) { \
41300 + put_byte(s, (uch)((w) & 0xff)); \
41301 + put_byte(s, (uch)((ush)(w) >> 8)); \
41304 +/* ===========================================================================
41305 + * Send a value on a given number of bits.
41306 + * IN assertion: length <= 16 and value fits in length bits.
41309 +local void send_bits OF((deflate_state *s, int value, int length));
41311 +local void send_bits(s, value, length)
41312 + deflate_state *s;
41313 + int value; /* value to send */
41314 + int length; /* number of bits */
41316 + Tracevv((stderr," l %2d v %4x ", length, value));
41317 + Assert(length > 0 && length <= 15, "invalid length");
41318 + s->bits_sent += (ulg)length;
41320 + /* If not enough room in bi_buf, use (valid) bits from bi_buf and
41321 + * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid))
41322 + * unused bits in value.
41324 + if (s->bi_valid > (int)Buf_size - length) {
41325 + s->bi_buf |= (value << s->bi_valid);
41326 + put_short(s, s->bi_buf);
41327 + s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
41328 + s->bi_valid += length - Buf_size;
41330 + s->bi_buf |= value << s->bi_valid;
41331 + s->bi_valid += length;
41334 +#else /* !DEBUG */
41336 +#define send_bits(s, value, length) \
41337 +{ int len = length;\
41338 + if (s->bi_valid > (int)Buf_size - len) {\
41339 + int val = value;\
41340 + s->bi_buf |= (val << s->bi_valid);\
41341 + put_short(s, s->bi_buf);\
41342 + s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
41343 + s->bi_valid += len - Buf_size;\
41345 + s->bi_buf |= (value) << s->bi_valid;\
41346 + s->bi_valid += len;\
41349 +#endif /* DEBUG */
41352 +#define MAX(a,b) (a >= b ? a : b)
41353 +/* the arguments must not have side effects */
41355 +/* ===========================================================================
41356 + * Initialize the various 'constant' tables.
41358 +local void tr_static_init()
41360 +#if defined(GEN_TREES_H) || !defined(STDC)
41361 + static int static_init_done = 0;
41362 + int n; /* iterates over tree elements */
41363 + int bits; /* bit counter */
41364 + int length; /* length value */
41365 + int code; /* code value */
41366 + int dist; /* distance index */
41367 + ush bl_count[MAX_BITS+1];
41368 + /* number of codes at each bit length for an optimal tree */
41370 + if (static_init_done) return;
41372 + /* For some embedded targets, global variables are not initialized: */
41373 + static_l_desc.static_tree = static_ltree;
41374 + static_l_desc.extra_bits = extra_lbits;
41375 + static_d_desc.static_tree = static_dtree;
41376 + static_d_desc.extra_bits = extra_dbits;
41377 + static_bl_desc.extra_bits = extra_blbits;
41379 + /* Initialize the mapping length (0..255) -> length code (0..28) */
41381 + for (code = 0; code < LENGTH_CODES-1; code++) {
41382 + base_length[code] = length;
41383 + for (n = 0; n < (1<<extra_lbits[code]); n++) {
41384 + _length_code[length++] = (uch)code;
41387 + Assert (length == 256, "tr_static_init: length != 256");
41388 + /* Note that the length 255 (match length 258) can be represented
41389 + * in two different ways: code 284 + 5 bits or code 285, so we
41390 + * overwrite length_code[255] to use the best encoding:
41392 + _length_code[length-1] = (uch)code;
41394 + /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
41396 + for (code = 0 ; code < 16; code++) {
41397 + base_dist[code] = dist;
41398 + for (n = 0; n < (1<<extra_dbits[code]); n++) {
41399 + _dist_code[dist++] = (uch)code;
41402 + Assert (dist == 256, "tr_static_init: dist != 256");
41403 + dist >>= 7; /* from now on, all distances are divided by 128 */
41404 + for ( ; code < D_CODES; code++) {
41405 + base_dist[code] = dist << 7;
41406 + for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) {
41407 + _dist_code[256 + dist++] = (uch)code;
41410 + Assert (dist == 256, "tr_static_init: 256+dist != 512");
41412 + /* Construct the codes of the static literal tree */
41413 + for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
41415 + while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
41416 + while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
41417 + while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
41418 + while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
41419 + /* Codes 286 and 287 do not exist, but we must include them in the
41420 + * tree construction to get a canonical Huffman tree (longest code
41423 + gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
41425 + /* The static distance tree is trivial: */
41426 + for (n = 0; n < D_CODES; n++) {
41427 + static_dtree[n].Len = 5;
41428 + static_dtree[n].Code = bi_reverse((unsigned)n, 5);
41430 + static_init_done = 1;
41432 +# ifdef GEN_TREES_H
41433 + gen_trees_header();
41435 +#endif /* defined(GEN_TREES_H) || !defined(STDC) */
41438 +/* ===========================================================================
41439 + * Genererate the file trees.h describing the static trees.
41441 +#ifdef GEN_TREES_H
41443 +# include <stdio.h>
41446 +# define SEPARATOR(i, last, width) \
41447 + ((i) == (last)? "\n};\n\n" : \
41448 + ((i) % (width) == (width)-1 ? ",\n" : ", "))
41450 +void gen_trees_header()
41452 + FILE *header = fopen("trees.h", "w");
41455 + Assert (header != NULL, "Can't open trees.h");
41457 + "/* header created automatically with -DGEN_TREES_H */\n\n");
41459 + fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n");
41460 + for (i = 0; i < L_CODES+2; i++) {
41461 + fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code,
41462 + static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5));
41465 + fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n");
41466 + for (i = 0; i < D_CODES; i++) {
41467 + fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code,
41468 + static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5));
41471 + fprintf(header, "const uch _dist_code[DIST_CODE_LEN] = {\n");
41472 + for (i = 0; i < DIST_CODE_LEN; i++) {
41473 + fprintf(header, "%2u%s", _dist_code[i],
41474 + SEPARATOR(i, DIST_CODE_LEN-1, 20));
41477 + fprintf(header, "const uch _length_code[MAX_MATCH-MIN_MATCH+1]= {\n");
41478 + for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) {
41479 + fprintf(header, "%2u%s", _length_code[i],
41480 + SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20));
41483 + fprintf(header, "local const int base_length[LENGTH_CODES] = {\n");
41484 + for (i = 0; i < LENGTH_CODES; i++) {
41485 + fprintf(header, "%1u%s", base_length[i],
41486 + SEPARATOR(i, LENGTH_CODES-1, 20));
41489 + fprintf(header, "local const int base_dist[D_CODES] = {\n");
41490 + for (i = 0; i < D_CODES; i++) {
41491 + fprintf(header, "%5u%s", base_dist[i],
41492 + SEPARATOR(i, D_CODES-1, 10));
41497 +#endif /* GEN_TREES_H */
41499 +/* ===========================================================================
41500 + * Initialize the tree data structures for a new zlib stream.
41503 + deflate_state *s;
41505 + tr_static_init();
41507 + s->l_desc.dyn_tree = s->dyn_ltree;
41508 + s->l_desc.stat_desc = &static_l_desc;
41510 + s->d_desc.dyn_tree = s->dyn_dtree;
41511 + s->d_desc.stat_desc = &static_d_desc;
41513 + s->bl_desc.dyn_tree = s->bl_tree;
41514 + s->bl_desc.stat_desc = &static_bl_desc;
41518 + s->last_eob_len = 8; /* enough lookahead for inflate */
41520 + s->compressed_len = 0L;
41521 + s->bits_sent = 0L;
41524 + /* Initialize the first block of the first file: */
41528 +/* ===========================================================================
41529 + * Initialize a new block.
41531 +local void init_block(s)
41532 + deflate_state *s;
41534 + int n; /* iterates over tree elements */
41536 + /* Initialize the trees. */
41537 + for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0;
41538 + for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0;
41539 + for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
41541 + s->dyn_ltree[END_BLOCK].Freq = 1;
41542 + s->opt_len = s->static_len = 0L;
41543 + s->last_lit = s->matches = 0;
41546 +#define SMALLEST 1
41547 +/* Index within the heap array of least frequent node in the Huffman tree */
41550 +/* ===========================================================================
41551 + * Remove the smallest element from the heap and recreate the heap with
41552 + * one less element. Updates heap and heap_len.
41554 +#define pqremove(s, tree, top) \
41556 + top = s->heap[SMALLEST]; \
41557 + s->heap[SMALLEST] = s->heap[s->heap_len--]; \
41558 + pqdownheap(s, tree, SMALLEST); \
41561 +/* ===========================================================================
41562 + * Compares to subtrees, using the tree depth as tie breaker when
41563 + * the subtrees have equal frequency. This minimizes the worst case length.
41565 +#define smaller(tree, n, m, depth) \
41566 + (tree[n].Freq < tree[m].Freq || \
41567 + (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
41569 +/* ===========================================================================
41570 + * Restore the heap property by moving down the tree starting at node k,
41571 + * exchanging a node with the smallest of its two sons if necessary, stopping
41572 + * when the heap property is re-established (each father smaller than its
41575 +local void pqdownheap(s, tree, k)
41576 + deflate_state *s;
41577 + ct_data *tree; /* the tree to restore */
41578 + int k; /* node to move down */
41580 + int v = s->heap[k];
41581 + int j = k << 1; /* left son of k */
41582 + while (j <= s->heap_len) {
41583 + /* Set j to the smallest of the two sons: */
41584 + if (j < s->heap_len &&
41585 + smaller(tree, s->heap[j+1], s->heap[j], s->depth)) {
41588 + /* Exit if v is smaller than both sons */
41589 + if (smaller(tree, v, s->heap[j], s->depth)) break;
41591 + /* Exchange v with the smallest son */
41592 + s->heap[k] = s->heap[j]; k = j;
41594 + /* And continue down the tree, setting j to the left son of k */
41600 +/* ===========================================================================
41601 + * Compute the optimal bit lengths for a tree and update the total bit length
41602 + * for the current block.
41603 + * IN assertion: the fields freq and dad are set, heap[heap_max] and
41604 + * above are the tree nodes sorted by increasing frequency.
41605 + * OUT assertions: the field len is set to the optimal bit length, the
41606 + * array bl_count contains the frequencies for each bit length.
41607 + * The length opt_len is updated; static_len is also updated if stree is
41610 +local void gen_bitlen(s, desc)
41611 + deflate_state *s;
41612 + tree_desc *desc; /* the tree descriptor */
41614 + ct_data *tree = desc->dyn_tree;
41615 + int max_code = desc->max_code;
41616 + const ct_data *stree = desc->stat_desc->static_tree;
41617 + const intf *extra = desc->stat_desc->extra_bits;
41618 + int base = desc->stat_desc->extra_base;
41619 + int max_length = desc->stat_desc->max_length;
41620 + int h; /* heap index */
41621 + int n, m; /* iterate over the tree elements */
41622 + int bits; /* bit length */
41623 + int xbits; /* extra bits */
41624 + ush f; /* frequency */
41625 + int overflow = 0; /* number of elements with bit length too large */
41627 + for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
41629 + /* In a first pass, compute the optimal bit lengths (which may
41630 + * overflow in the case of the bit length tree).
41632 + tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
41634 + for (h = s->heap_max+1; h < HEAP_SIZE; h++) {
41636 + bits = tree[tree[n].Dad].Len + 1;
41637 + if (bits > max_length) bits = max_length, overflow++;
41638 + tree[n].Len = (ush)bits;
41639 + /* We overwrite tree[n].Dad which is no longer needed */
41641 + if (n > max_code) continue; /* not a leaf node */
41643 + s->bl_count[bits]++;
41645 + if (n >= base) xbits = extra[n-base];
41646 + f = tree[n].Freq;
41647 + s->opt_len += (ulg)f * (bits + xbits);
41648 + if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits);
41650 + if (overflow == 0) return;
41652 + Trace((stderr,"\nbit length overflow\n"));
41653 + /* This happens for example on obj2 and pic of the Calgary corpus */
41655 + /* Find the first bit length which could increase: */
41657 + bits = max_length-1;
41658 + while (s->bl_count[bits] == 0) bits--;
41659 + s->bl_count[bits]--; /* move one leaf down the tree */
41660 + s->bl_count[bits+1] += 2; /* move one overflow item as its brother */
41661 + s->bl_count[max_length]--;
41662 + /* The brother of the overflow item also moves one step up,
41663 + * but this does not affect bl_count[max_length]
41666 + } while (overflow > 0);
41668 + /* Now recompute all bit lengths, scanning in increasing frequency.
41669 + * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
41670 + * lengths instead of fixing only the wrong ones. This idea is taken
41671 + * from 'ar' written by Haruhiko Okumura.)
41673 + for (bits = max_length; bits != 0; bits--) {
41674 + n = s->bl_count[bits];
41676 + m = s->heap[--h];
41677 + if (m > max_code) continue;
41678 + if (tree[m].Len != (unsigned) bits) {
41679 + Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
41680 + s->opt_len += ((long)bits - (long)tree[m].Len)
41681 + *(long)tree[m].Freq;
41682 + tree[m].Len = (ush)bits;
41689 +/* ===========================================================================
41690 + * Generate the codes for a given tree and bit counts (which need not be
41692 + * IN assertion: the array bl_count contains the bit length statistics for
41693 + * the given tree and the field len is set for all tree elements.
41694 + * OUT assertion: the field code is set for all tree elements of non
41695 + * zero code length.
41697 +local void gen_codes (tree, max_code, bl_count)
41698 + ct_data *tree; /* the tree to decorate */
41699 + int max_code; /* largest code with non zero frequency */
41700 + ushf *bl_count; /* number of codes at each bit length */
41702 + ush next_code[MAX_BITS+1]; /* next code value for each bit length */
41703 + ush code = 0; /* running code value */
41704 + int bits; /* bit index */
41705 + int n; /* code index */
41707 + /* The distribution counts are first used to generate the code values
41708 + * without bit reversal.
41710 + for (bits = 1; bits <= MAX_BITS; bits++) {
41711 + next_code[bits] = code = (code + bl_count[bits-1]) << 1;
41713 + /* Check that the bit counts in bl_count are consistent. The last code
41714 + * must be all ones.
41716 + Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1,
41717 + "inconsistent bit counts");
41718 + Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
41720 + for (n = 0; n <= max_code; n++) {
41721 + int len = tree[n].Len;
41722 + if (len == 0) continue;
41723 + /* Now reverse the bits */
41724 + tree[n].Code = bi_reverse(next_code[len]++, len);
41726 + Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
41727 + n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1));
41731 +/* ===========================================================================
41732 + * Construct one Huffman tree and assigns the code bit strings and lengths.
41733 + * Update the total bit length for the current block.
41734 + * IN assertion: the field freq is set for all tree elements.
41735 + * OUT assertions: the fields len and code are set to the optimal bit length
41736 + * and corresponding code. The length opt_len is updated; static_len is
41737 + * also updated if stree is not null. The field max_code is set.
41739 +local void build_tree(s, desc)
41740 + deflate_state *s;
41741 + tree_desc *desc; /* the tree descriptor */
41743 + ct_data *tree = desc->dyn_tree;
41744 + const ct_data *stree = desc->stat_desc->static_tree;
41745 + int elems = desc->stat_desc->elems;
41746 + int n, m; /* iterate over heap elements */
41747 + int max_code = -1; /* largest code with non zero frequency */
41748 + int node; /* new node being created */
41750 + /* Construct the initial heap, with least frequent element in
41751 + * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].
41752 + * heap[0] is not used.
41754 + s->heap_len = 0, s->heap_max = HEAP_SIZE;
41756 + for (n = 0; n < elems; n++) {
41757 + if (tree[n].Freq != 0) {
41758 + s->heap[++(s->heap_len)] = max_code = n;
41765 + /* The pkzip format requires that at least one distance code exists,
41766 + * and that at least one bit should be sent even if there is only one
41767 + * possible code. So to avoid special checks later on we force at least
41768 + * two codes of non zero frequency.
41770 + while (s->heap_len < 2) {
41771 + node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
41772 + tree[node].Freq = 1;
41773 + s->depth[node] = 0;
41774 + s->opt_len--; if (stree) s->static_len -= stree[node].Len;
41775 + /* node is 0 or 1 so it does not have extra bits */
41777 + desc->max_code = max_code;
41779 + /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,
41780 + * establish sub-heaps of increasing lengths:
41782 + for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
41784 + /* Construct the Huffman tree by repeatedly combining the least two
41785 + * frequent nodes.
41787 + node = elems; /* next internal node of the tree */
41789 + pqremove(s, tree, n); /* n = node of least frequency */
41790 + m = s->heap[SMALLEST]; /* m = node of next least frequency */
41792 + s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
41793 + s->heap[--(s->heap_max)] = m;
41795 + /* Create a new node father of n and m */
41796 + tree[node].Freq = tree[n].Freq + tree[m].Freq;
41797 + s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1);
41798 + tree[n].Dad = tree[m].Dad = (ush)node;
41799 +#ifdef DUMP_BL_TREE
41800 + if (tree == s->bl_tree) {
41801 + fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
41802 + node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
41805 + /* and insert the new node in the heap */
41806 + s->heap[SMALLEST] = node++;
41807 + pqdownheap(s, tree, SMALLEST);
41809 + } while (s->heap_len >= 2);
41811 + s->heap[--(s->heap_max)] = s->heap[SMALLEST];
41813 + /* At this point, the fields freq and dad are set. We can now
41814 + * generate the bit lengths.
41816 + gen_bitlen(s, (tree_desc *)desc);
41818 + /* The field len is now set, we can generate the bit codes */
41819 + gen_codes ((ct_data *)tree, max_code, s->bl_count);
41822 +/* ===========================================================================
41823 + * Scan a literal or distance tree to determine the frequencies of the codes
41824 + * in the bit length tree.
41826 +local void scan_tree (s, tree, max_code)
41827 + deflate_state *s;
41828 + ct_data *tree; /* the tree to be scanned */
41829 + int max_code; /* and its largest code of non zero frequency */
41831 + int n; /* iterates over all tree elements */
41832 + int prevlen = -1; /* last emitted length */
41833 + int curlen; /* length of current code */
41834 + int nextlen = tree[0].Len; /* length of next code */
41835 + int count = 0; /* repeat count of the current code */
41836 + int max_count = 7; /* max repeat count */
41837 + int min_count = 4; /* min repeat count */
41839 + if (nextlen == 0) max_count = 138, min_count = 3;
41840 + tree[max_code+1].Len = (ush)0xffff; /* guard */
41842 + for (n = 0; n <= max_code; n++) {
41843 + curlen = nextlen; nextlen = tree[n+1].Len;
41844 + if (++count < max_count && curlen == nextlen) {
41846 + } else if (count < min_count) {
41847 + s->bl_tree[curlen].Freq += count;
41848 + } else if (curlen != 0) {
41849 + if (curlen != prevlen) s->bl_tree[curlen].Freq++;
41850 + s->bl_tree[REP_3_6].Freq++;
41851 + } else if (count <= 10) {
41852 + s->bl_tree[REPZ_3_10].Freq++;
41854 + s->bl_tree[REPZ_11_138].Freq++;
41856 + count = 0; prevlen = curlen;
41857 + if (nextlen == 0) {
41858 + max_count = 138, min_count = 3;
41859 + } else if (curlen == nextlen) {
41860 + max_count = 6, min_count = 3;
41862 + max_count = 7, min_count = 4;
41867 +/* ===========================================================================
41868 + * Send a literal or distance tree in compressed form, using the codes in
41871 +local void send_tree (s, tree, max_code)
41872 + deflate_state *s;
41873 + ct_data *tree; /* the tree to be scanned */
41874 + int max_code; /* and its largest code of non zero frequency */
41876 + int n; /* iterates over all tree elements */
41877 + int prevlen = -1; /* last emitted length */
41878 + int curlen; /* length of current code */
41879 + int nextlen = tree[0].Len; /* length of next code */
41880 + int count = 0; /* repeat count of the current code */
41881 + int max_count = 7; /* max repeat count */
41882 + int min_count = 4; /* min repeat count */
41884 + /* tree[max_code+1].Len = -1; */ /* guard already set */
41885 + if (nextlen == 0) max_count = 138, min_count = 3;
41887 + for (n = 0; n <= max_code; n++) {
41888 + curlen = nextlen; nextlen = tree[n+1].Len;
41889 + if (++count < max_count && curlen == nextlen) {
41891 + } else if (count < min_count) {
41892 + do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
41894 + } else if (curlen != 0) {
41895 + if (curlen != prevlen) {
41896 + send_code(s, curlen, s->bl_tree); count--;
41898 + Assert(count >= 3 && count <= 6, " 3_6?");
41899 + send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2);
41901 + } else if (count <= 10) {
41902 + send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3);
41905 + send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7);
41907 + count = 0; prevlen = curlen;
41908 + if (nextlen == 0) {
41909 + max_count = 138, min_count = 3;
41910 + } else if (curlen == nextlen) {
41911 + max_count = 6, min_count = 3;
41913 + max_count = 7, min_count = 4;
41918 +/* ===========================================================================
41919 + * Construct the Huffman tree for the bit lengths and return the index in
41920 + * bl_order of the last bit length code to send.
41922 +local int build_bl_tree(s)
41923 + deflate_state *s;
41925 + int max_blindex; /* index of last bit length code of non zero freq */
41927 + /* Determine the bit length frequencies for literal and distance trees */
41928 + scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
41929 + scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
41931 + /* Build the bit length tree: */
41932 + build_tree(s, (tree_desc *)(&(s->bl_desc)));
41933 + /* opt_len now includes the length of the tree representations, except
41934 + * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.
41937 + /* Determine the number of bit length codes to send. The pkzip format
41938 + * requires that at least 4 bit length codes be sent. (appnote.txt says
41939 + * 3 but the actual value used is 4.)
41941 + for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
41942 + if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
41944 + /* Update opt_len to include the bit length tree and counts */
41945 + s->opt_len += 3*(max_blindex+1) + 5+5+4;
41946 + Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
41947 + s->opt_len, s->static_len));
41949 + return max_blindex;
41952 +/* ===========================================================================
41953 + * Send the header for a block using dynamic Huffman trees: the counts, the
41954 + * lengths of the bit length codes, the literal tree and the distance tree.
41955 + * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
41957 +local void send_all_trees(s, lcodes, dcodes, blcodes)
41958 + deflate_state *s;
41959 + int lcodes, dcodes, blcodes; /* number of codes for each tree */
41961 + int rank; /* index in bl_order */
41963 + Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
41964 + Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
41965 + "too many codes");
41966 + Tracev((stderr, "\nbl counts: "));
41967 + send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */
41968 + send_bits(s, dcodes-1, 5);
41969 + send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */
41970 + for (rank = 0; rank < blcodes; rank++) {
41971 + Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
41972 + send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
41974 + Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
41976 + send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */
41977 + Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
41979 + send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */
41980 + Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
41983 +/* ===========================================================================
41984 + * Send a stored block
41986 +void _tr_stored_block(s, buf, stored_len, eof)
41987 + deflate_state *s;
41988 + charf *buf; /* input block */
41989 + ulg stored_len; /* length of input block */
41990 + int eof; /* true if this is the last block for a file */
41992 + send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */
41994 + s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L;
41995 + s->compressed_len += (stored_len + 4) << 3;
41997 + copy_block(s, buf, (unsigned)stored_len, 1); /* with header */
42000 +/* ===========================================================================
42001 + * Send one empty static block to give enough lookahead for inflate.
42002 + * This takes 10 bits, of which 7 may remain in the bit buffer.
42003 + * The current inflate code requires 9 bits of lookahead. If the
42004 + * last two codes for the previous block (real code plus EOB) were coded
42005 + * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode
42006 + * the last real code. In this case we send two empty static blocks instead
42007 + * of one. (There are no problems if the previous block is stored or fixed.)
42008 + * To simplify the code, we assume the worst case of last real code encoded
42009 + * on one bit only.
42012 + deflate_state *s;
42014 + send_bits(s, STATIC_TREES<<1, 3);
42015 + send_code(s, END_BLOCK, static_ltree);
42017 + s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
42020 + /* Of the 10 bits for the empty block, we have already sent
42021 + * (10 - bi_valid) bits. The lookahead for the last real code (before
42022 + * the EOB of the previous block) was thus at least one plus the length
42023 + * of the EOB plus what we have just sent of the empty static block.
42025 + if (1 + s->last_eob_len + 10 - s->bi_valid < 9) {
42026 + send_bits(s, STATIC_TREES<<1, 3);
42027 + send_code(s, END_BLOCK, static_ltree);
42029 + s->compressed_len += 10L;
42033 + s->last_eob_len = 7;
42036 +/* ===========================================================================
42037 + * Determine the best encoding for the current block: dynamic trees, static
42038 + * trees or store, and output the encoded block to the zip file.
42040 +void _tr_flush_block(s, buf, stored_len, eof)
42041 + deflate_state *s;
42042 + charf *buf; /* input block, or NULL if too old */
42043 + ulg stored_len; /* length of input block */
42044 + int eof; /* true if this is the last block for a file */
42046 + ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
42047 + int max_blindex = 0; /* index of last bit length code of non zero freq */
42049 + /* Build the Huffman trees unless a stored block is forced */
42050 + if (s->level > 0) {
42052 + /* Check if the file is ascii or binary */
42053 + if (s->data_type == Z_UNKNOWN) set_data_type(s);
42055 + /* Construct the literal and distance trees */
42056 + build_tree(s, (tree_desc *)(&(s->l_desc)));
42057 + Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
42060 + build_tree(s, (tree_desc *)(&(s->d_desc)));
42061 + Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
42063 + /* At this point, opt_len and static_len are the total bit lengths of
42064 + * the compressed block data, excluding the tree representations.
42067 + /* Build the bit length tree for the above two trees, and get the index
42068 + * in bl_order of the last bit length code to send.
42070 + max_blindex = build_bl_tree(s);
42072 + /* Determine the best encoding. Compute first the block length in bytes*/
42073 + opt_lenb = (s->opt_len+3+7)>>3;
42074 + static_lenb = (s->static_len+3+7)>>3;
42076 + Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
42077 + opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
42080 + if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
42083 + Assert(buf != (char*)0, "lost buf");
42084 + opt_lenb = static_lenb = stored_len + 5; /* force a stored block */
42087 +#ifdef FORCE_STORED
42088 + if (buf != (char*)0) { /* force stored block */
42090 + if (stored_len+4 <= opt_lenb && buf != (char*)0) {
42091 + /* 4: two words for the lengths */
42093 + /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
42094 + * Otherwise we can't have processed more than WSIZE input bytes since
42095 + * the last block flush, because compression would have been
42096 + * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
42097 + * transform a block into a stored block.
42099 + _tr_stored_block(s, buf, stored_len, eof);
42101 +#ifdef FORCE_STATIC
42102 + } else if (static_lenb >= 0) { /* force static trees */
42104 + } else if (static_lenb == opt_lenb) {
42106 + send_bits(s, (STATIC_TREES<<1)+eof, 3);
42107 + compress_block(s, static_ltree, static_dtree);
42109 + s->compressed_len += 3 + s->static_len;
42112 + send_bits(s, (DYN_TREES<<1)+eof, 3);
42113 + send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1,
42115 + compress_block(s, s->dyn_ltree, s->dyn_dtree);
42117 + s->compressed_len += 3 + s->opt_len;
42120 + Assert (s->compressed_len == s->bits_sent, "bad compressed size");
42121 + /* The above check is made mod 2^32, for files larger than 512 MB
42122 + * and uLong implemented on 32 bits.
42129 + s->compressed_len += 7; /* align on byte boundary */
42132 + Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3,
42133 + s->compressed_len-7*eof));
42136 +/* ===========================================================================
42137 + * Save the match info and tally the frequency counts. Return true if
42138 + * the current block must be flushed.
42140 +int _tr_tally (s, dist, lc)
42141 + deflate_state *s;
42142 + unsigned dist; /* distance of matched string */
42143 + unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
42145 + s->d_buf[s->last_lit] = (ush)dist;
42146 + s->l_buf[s->last_lit++] = (uch)lc;
42148 + /* lc is the unmatched char */
42149 + s->dyn_ltree[lc].Freq++;
42152 + /* Here, lc is the match length - MIN_MATCH */
42153 + dist--; /* dist = match distance - 1 */
42154 + Assert((ush)dist < (ush)MAX_DIST(s) &&
42155 + (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
42156 + (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match");
42158 + s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
42159 + s->dyn_dtree[d_code(dist)].Freq++;
42162 +#ifdef TRUNCATE_BLOCK
42163 + /* Try to guess if it is profitable to stop the current block here */
42164 + if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
42165 + /* Compute an upper bound for the compressed length */
42166 + ulg out_length = (ulg)s->last_lit*8L;
42167 + ulg in_length = (ulg)((long)s->strstart - s->block_start);
42169 + for (dcode = 0; dcode < D_CODES; dcode++) {
42170 + out_length += (ulg)s->dyn_dtree[dcode].Freq *
42171 + (5L+extra_dbits[dcode]);
42173 + out_length >>= 3;
42174 + Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
42175 + s->last_lit, in_length, out_length,
42176 + 100L - out_length*100L/in_length));
42177 + if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
42180 + return (s->last_lit == s->lit_bufsize-1);
42181 + /* We avoid equality with lit_bufsize because of wraparound at 64K
42182 + * on 16 bit machines and because stored blocks are restricted to
42187 +/* ===========================================================================
42188 + * Send the block data compressed using the given Huffman trees
42190 +local void compress_block(s, ltree, dtree)
42191 + deflate_state *s;
42192 + const ct_data *ltree; /* literal tree */
42193 + const ct_data *dtree; /* distance tree */
42195 + unsigned dist; /* distance of matched string */
42196 + int lc; /* match length or unmatched char (if dist == 0) */
42197 + unsigned lx = 0; /* running index in l_buf */
42198 + unsigned code; /* the code to send */
42199 + int extra; /* number of extra bits to send */
42201 + if (s->last_lit != 0) do {
42202 + dist = s->d_buf[lx];
42203 + lc = s->l_buf[lx++];
42205 + send_code(s, lc, ltree); /* send a literal byte */
42206 + Tracecv(isgraph(lc), (stderr," '%c' ", lc));
42208 + /* Here, lc is the match length - MIN_MATCH */
42209 + code = _length_code[lc];
42210 + send_code(s, code+LITERALS+1, ltree); /* send the length code */
42211 + extra = extra_lbits[code];
42212 + if (extra != 0) {
42213 + lc -= base_length[code];
42214 + send_bits(s, lc, extra); /* send the extra length bits */
42216 + dist--; /* dist is now the match distance - 1 */
42217 + code = d_code(dist);
42218 + Assert (code < D_CODES, "bad d_code");
42220 + send_code(s, code, dtree); /* send the distance code */
42221 + extra = extra_dbits[code];
42222 + if (extra != 0) {
42223 + dist -= base_dist[code];
42224 + send_bits(s, dist, extra); /* send the extra distance bits */
42226 + } /* literal or match pair ? */
42228 + /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
42229 + Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow");
42231 + } while (lx < s->last_lit);
42233 + send_code(s, END_BLOCK, ltree);
42234 + s->last_eob_len = ltree[END_BLOCK].Len;
42237 +/* ===========================================================================
42238 + * Set the data type to ASCII or BINARY, using a crude approximation:
42239 + * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise.
42240 + * IN assertion: the fields freq of dyn_ltree are set and the total of all
42241 + * frequencies does not exceed 64K (to fit in an int on 16 bit machines).
42243 +local void set_data_type(s)
42244 + deflate_state *s;
42247 + unsigned ascii_freq = 0;
42248 + unsigned bin_freq = 0;
42249 + while (n < 7) bin_freq += s->dyn_ltree[n++].Freq;
42250 + while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq;
42251 + while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq;
42252 + s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII);
42255 +/* ===========================================================================
42256 + * Reverse the first len bits of a code, using straightforward code (a faster
42257 + * method would use a table)
42258 + * IN assertion: 1 <= len <= 15
42260 +local unsigned bi_reverse(code, len)
42261 + unsigned code; /* the value to invert */
42262 + int len; /* its bit length */
42264 + register unsigned res = 0;
42267 + code >>= 1, res <<= 1;
42268 + } while (--len > 0);
42272 +/* ===========================================================================
42273 + * Flush the bit buffer, keeping at most 7 bits in it.
42275 +local void bi_flush(s)
42276 + deflate_state *s;
42278 + if (s->bi_valid == 16) {
42279 + put_short(s, s->bi_buf);
42282 + } else if (s->bi_valid >= 8) {
42283 + put_byte(s, (Byte)s->bi_buf);
42285 + s->bi_valid -= 8;
42289 +/* ===========================================================================
42290 + * Flush the bit buffer and align the output on a byte boundary
42292 +local void bi_windup(s)
42293 + deflate_state *s;
42295 + if (s->bi_valid > 8) {
42296 + put_short(s, s->bi_buf);
42297 + } else if (s->bi_valid > 0) {
42298 + put_byte(s, (Byte)s->bi_buf);
42303 + s->bits_sent = (s->bits_sent+7) & ~7;
42307 +/* ===========================================================================
42308 + * Copy a stored block, storing first the length and its
42309 + * one's complement if requested.
42311 +local void copy_block(s, buf, len, header)
42312 + deflate_state *s;
42313 + charf *buf; /* the input data */
42314 + unsigned len; /* its length */
42315 + int header; /* true if block header must be written */
42317 + bi_windup(s); /* align on byte boundary */
42318 + s->last_eob_len = 8; /* enough lookahead for inflate */
42321 + put_short(s, (ush)len);
42322 + put_short(s, (ush)~len);
42324 + s->bits_sent += 2*16;
42328 + s->bits_sent += (ulg)len<<3;
42331 + put_byte(s, *buf++);
42334 diff -druN linux-noipsec/net/ipsec/zlib/trees.h linux/net/ipsec/zlib/trees.h
42335 --- linux-noipsec/net/ipsec/zlib/trees.h Thu Jan 1 01:00:00 1970
42336 +++ linux/net/ipsec/zlib/trees.h Fri Sep 29 20:51:34 2000
42338 +/* header created automatically with -DGEN_TREES_H */
42340 +local const ct_data static_ltree[L_CODES+2] = {
42341 +{{ 12},{ 8}}, {{140},{ 8}}, {{ 76},{ 8}}, {{204},{ 8}}, {{ 44},{ 8}},
42342 +{{172},{ 8}}, {{108},{ 8}}, {{236},{ 8}}, {{ 28},{ 8}}, {{156},{ 8}},
42343 +{{ 92},{ 8}}, {{220},{ 8}}, {{ 60},{ 8}}, {{188},{ 8}}, {{124},{ 8}},
42344 +{{252},{ 8}}, {{ 2},{ 8}}, {{130},{ 8}}, {{ 66},{ 8}}, {{194},{ 8}},
42345 +{{ 34},{ 8}}, {{162},{ 8}}, {{ 98},{ 8}}, {{226},{ 8}}, {{ 18},{ 8}},
42346 +{{146},{ 8}}, {{ 82},{ 8}}, {{210},{ 8}}, {{ 50},{ 8}}, {{178},{ 8}},
42347 +{{114},{ 8}}, {{242},{ 8}}, {{ 10},{ 8}}, {{138},{ 8}}, {{ 74},{ 8}},
42348 +{{202},{ 8}}, {{ 42},{ 8}}, {{170},{ 8}}, {{106},{ 8}}, {{234},{ 8}},
42349 +{{ 26},{ 8}}, {{154},{ 8}}, {{ 90},{ 8}}, {{218},{ 8}}, {{ 58},{ 8}},
42350 +{{186},{ 8}}, {{122},{ 8}}, {{250},{ 8}}, {{ 6},{ 8}}, {{134},{ 8}},
42351 +{{ 70},{ 8}}, {{198},{ 8}}, {{ 38},{ 8}}, {{166},{ 8}}, {{102},{ 8}},
42352 +{{230},{ 8}}, {{ 22},{ 8}}, {{150},{ 8}}, {{ 86},{ 8}}, {{214},{ 8}},
42353 +{{ 54},{ 8}}, {{182},{ 8}}, {{118},{ 8}}, {{246},{ 8}}, {{ 14},{ 8}},
42354 +{{142},{ 8}}, {{ 78},{ 8}}, {{206},{ 8}}, {{ 46},{ 8}}, {{174},{ 8}},
42355 +{{110},{ 8}}, {{238},{ 8}}, {{ 30},{ 8}}, {{158},{ 8}}, {{ 94},{ 8}},
42356 +{{222},{ 8}}, {{ 62},{ 8}}, {{190},{ 8}}, {{126},{ 8}}, {{254},{ 8}},
42357 +{{ 1},{ 8}}, {{129},{ 8}}, {{ 65},{ 8}}, {{193},{ 8}}, {{ 33},{ 8}},
42358 +{{161},{ 8}}, {{ 97},{ 8}}, {{225},{ 8}}, {{ 17},{ 8}}, {{145},{ 8}},
42359 +{{ 81},{ 8}}, {{209},{ 8}}, {{ 49},{ 8}}, {{177},{ 8}}, {{113},{ 8}},
42360 +{{241},{ 8}}, {{ 9},{ 8}}, {{137},{ 8}}, {{ 73},{ 8}}, {{201},{ 8}},
42361 +{{ 41},{ 8}}, {{169},{ 8}}, {{105},{ 8}}, {{233},{ 8}}, {{ 25},{ 8}},
42362 +{{153},{ 8}}, {{ 89},{ 8}}, {{217},{ 8}}, {{ 57},{ 8}}, {{185},{ 8}},
42363 +{{121},{ 8}}, {{249},{ 8}}, {{ 5},{ 8}}, {{133},{ 8}}, {{ 69},{ 8}},
42364 +{{197},{ 8}}, {{ 37},{ 8}}, {{165},{ 8}}, {{101},{ 8}}, {{229},{ 8}},
42365 +{{ 21},{ 8}}, {{149},{ 8}}, {{ 85},{ 8}}, {{213},{ 8}}, {{ 53},{ 8}},
42366 +{{181},{ 8}}, {{117},{ 8}}, {{245},{ 8}}, {{ 13},{ 8}}, {{141},{ 8}},
42367 +{{ 77},{ 8}}, {{205},{ 8}}, {{ 45},{ 8}}, {{173},{ 8}}, {{109},{ 8}},
42368 +{{237},{ 8}}, {{ 29},{ 8}}, {{157},{ 8}}, {{ 93},{ 8}}, {{221},{ 8}},
42369 +{{ 61},{ 8}}, {{189},{ 8}}, {{125},{ 8}}, {{253},{ 8}}, {{ 19},{ 9}},
42370 +{{275},{ 9}}, {{147},{ 9}}, {{403},{ 9}}, {{ 83},{ 9}}, {{339},{ 9}},
42371 +{{211},{ 9}}, {{467},{ 9}}, {{ 51},{ 9}}, {{307},{ 9}}, {{179},{ 9}},
42372 +{{435},{ 9}}, {{115},{ 9}}, {{371},{ 9}}, {{243},{ 9}}, {{499},{ 9}},
42373 +{{ 11},{ 9}}, {{267},{ 9}}, {{139},{ 9}}, {{395},{ 9}}, {{ 75},{ 9}},
42374 +{{331},{ 9}}, {{203},{ 9}}, {{459},{ 9}}, {{ 43},{ 9}}, {{299},{ 9}},
42375 +{{171},{ 9}}, {{427},{ 9}}, {{107},{ 9}}, {{363},{ 9}}, {{235},{ 9}},
42376 +{{491},{ 9}}, {{ 27},{ 9}}, {{283},{ 9}}, {{155},{ 9}}, {{411},{ 9}},
42377 +{{ 91},{ 9}}, {{347},{ 9}}, {{219},{ 9}}, {{475},{ 9}}, {{ 59},{ 9}},
42378 +{{315},{ 9}}, {{187},{ 9}}, {{443},{ 9}}, {{123},{ 9}}, {{379},{ 9}},
42379 +{{251},{ 9}}, {{507},{ 9}}, {{ 7},{ 9}}, {{263},{ 9}}, {{135},{ 9}},
42380 +{{391},{ 9}}, {{ 71},{ 9}}, {{327},{ 9}}, {{199},{ 9}}, {{455},{ 9}},
42381 +{{ 39},{ 9}}, {{295},{ 9}}, {{167},{ 9}}, {{423},{ 9}}, {{103},{ 9}},
42382 +{{359},{ 9}}, {{231},{ 9}}, {{487},{ 9}}, {{ 23},{ 9}}, {{279},{ 9}},
42383 +{{151},{ 9}}, {{407},{ 9}}, {{ 87},{ 9}}, {{343},{ 9}}, {{215},{ 9}},
42384 +{{471},{ 9}}, {{ 55},{ 9}}, {{311},{ 9}}, {{183},{ 9}}, {{439},{ 9}},
42385 +{{119},{ 9}}, {{375},{ 9}}, {{247},{ 9}}, {{503},{ 9}}, {{ 15},{ 9}},
42386 +{{271},{ 9}}, {{143},{ 9}}, {{399},{ 9}}, {{ 79},{ 9}}, {{335},{ 9}},
42387 +{{207},{ 9}}, {{463},{ 9}}, {{ 47},{ 9}}, {{303},{ 9}}, {{175},{ 9}},
42388 +{{431},{ 9}}, {{111},{ 9}}, {{367},{ 9}}, {{239},{ 9}}, {{495},{ 9}},
42389 +{{ 31},{ 9}}, {{287},{ 9}}, {{159},{ 9}}, {{415},{ 9}}, {{ 95},{ 9}},
42390 +{{351},{ 9}}, {{223},{ 9}}, {{479},{ 9}}, {{ 63},{ 9}}, {{319},{ 9}},
42391 +{{191},{ 9}}, {{447},{ 9}}, {{127},{ 9}}, {{383},{ 9}}, {{255},{ 9}},
42392 +{{511},{ 9}}, {{ 0},{ 7}}, {{ 64},{ 7}}, {{ 32},{ 7}}, {{ 96},{ 7}},
42393 +{{ 16},{ 7}}, {{ 80},{ 7}}, {{ 48},{ 7}}, {{112},{ 7}}, {{ 8},{ 7}},
42394 +{{ 72},{ 7}}, {{ 40},{ 7}}, {{104},{ 7}}, {{ 24},{ 7}}, {{ 88},{ 7}},
42395 +{{ 56},{ 7}}, {{120},{ 7}}, {{ 4},{ 7}}, {{ 68},{ 7}}, {{ 36},{ 7}},
42396 +{{100},{ 7}}, {{ 20},{ 7}}, {{ 84},{ 7}}, {{ 52},{ 7}}, {{116},{ 7}},
42397 +{{ 3},{ 8}}, {{131},{ 8}}, {{ 67},{ 8}}, {{195},{ 8}}, {{ 35},{ 8}},
42398 +{{163},{ 8}}, {{ 99},{ 8}}, {{227},{ 8}}
42401 +local const ct_data static_dtree[D_CODES] = {
42402 +{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}},
42403 +{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}},
42404 +{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}},
42405 +{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}},
42406 +{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}},
42407 +{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}}
42410 +const uch _dist_code[DIST_CODE_LEN] = {
42411 + 0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8,
42412 + 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10,
42413 +10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11,
42414 +11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12,
42415 +12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13,
42416 +13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
42417 +13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
42418 +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
42419 +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
42420 +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15,
42421 +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
42422 +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
42423 +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 0, 0, 16, 17,
42424 +18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22,
42425 +23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
42426 +24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
42427 +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
42428 +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27,
42429 +27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
42430 +27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
42431 +28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
42432 +28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
42433 +28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
42434 +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
42435 +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
42436 +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29
42439 +const uch _length_code[MAX_MATCH-MIN_MATCH+1]= {
42440 + 0, 1, 2, 3, 4, 5, 6, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 12, 12,
42441 +13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16,
42442 +17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19,
42443 +19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20,
42444 +21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22,
42445 +22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23,
42446 +23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
42447 +24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
42448 +25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
42449 +25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26,
42450 +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
42451 +26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
42452 +27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28
42455 +local const int base_length[LENGTH_CODES] = {
42456 +0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56,
42457 +64, 80, 96, 112, 128, 160, 192, 224, 0
42460 +local const int base_dist[D_CODES] = {
42461 + 0, 1, 2, 3, 4, 6, 8, 12, 16, 24,
42462 + 32, 48, 64, 96, 128, 192, 256, 384, 512, 768,
42463 + 1024, 1536, 2048, 3072, 4096, 6144, 8192, 12288, 16384, 24576
42466 diff -druN linux-noipsec/net/ipsec/zlib/zconf.h linux/net/ipsec/zlib/zconf.h
42467 --- linux-noipsec/net/ipsec/zlib/zconf.h Thu Jan 1 01:00:00 1970
42468 +++ linux/net/ipsec/zlib/zconf.h Fri Sep 29 20:51:34 2000
42470 +/* zconf.h -- configuration of the zlib compression library
42471 + * Copyright (C) 1995-1998 Jean-loup Gailly.
42472 + * For conditions of distribution and use, see copyright notice in zlib.h
42481 + * If you *really* need a unique prefix for all types and library functions,
42482 + * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
42484 +#ifdef IPCOMP_PREFIX
42485 +# define deflateInit_ ipcomp_deflateInit_
42486 +# define deflate ipcomp_deflate
42487 +# define deflateEnd ipcomp_deflateEnd
42488 +# define inflateInit_ ipcomp_inflateInit_
42489 +# define inflate ipcomp_inflate
42490 +# define inflateEnd ipcomp_inflateEnd
42491 +# define deflateInit2_ ipcomp_deflateInit2_
42492 +# define deflateSetDictionary ipcomp_deflateSetDictionary
42493 +# define deflateCopy ipcomp_deflateCopy
42494 +# define deflateReset ipcomp_deflateReset
42495 +# define deflateParams ipcomp_deflateParams
42496 +# define inflateInit2_ ipcomp_inflateInit2_
42497 +# define inflateSetDictionary ipcomp_inflateSetDictionary
42498 +# define inflateSync ipcomp_inflateSync
42499 +# define inflateSyncPoint ipcomp_inflateSyncPoint
42500 +# define inflateReset ipcomp_inflateReset
42501 +# define compress ipcomp_compress
42502 +# define compress2 ipcomp_compress2
42503 +# define uncompress ipcomp_uncompress
42504 +# define adler32 ipcomp_adler32
42505 +# define crc32 ipcomp_crc32
42506 +# define get_crc_table ipcomp_get_crc_table
42507 +/* SSS: these also need to be prefixed to avoid clash with ppp_deflate and ext2compression */
42508 +# define inflate_blocks ipcomp_deflate_blocks
42509 +# define inflate_blocks_free ipcomp_deflate_blocks_free
42510 +# define inflate_blocks_new ipcomp_inflate_blocks_new
42511 +# define inflate_blocks_reset ipcomp_inflate_blocks_reset
42512 +# define inflate_blocks_sync_point ipcomp_inflate_blocks_sync_point
42513 +# define inflate_set_dictionary ipcomp_inflate_set_dictionary
42514 +# define inflate_codes ipcomp_inflate_codes
42515 +# define inflate_codes_free ipcomp_inflate_codes_free
42516 +# define inflate_codes_new ipcomp_inflate_codes_new
42517 +# define inflate_fast ipcomp_inflate_fast
42518 +# define inflate_trees_bits ipcomp_inflate_trees_bits
42519 +# define inflate_trees_dynamic ipcomp_inflate_trees_dynamic
42520 +# define inflate_trees_fixed ipcomp_inflate_trees_fixed
42521 +# define inflate_flush ipcomp_inflate_flush
42522 +# define inflate_mask ipcomp_inflate_mask
42523 +# define _dist_code _ipcomp_dist_code
42524 +# define _length_code _ipcomp_length_code
42525 +# define _tr_align _ipcomp_tr_align
42526 +# define _tr_flush_block _ipcomp_tr_flush_block
42527 +# define _tr_init _ipcomp_tr_init
42528 +# define _tr_stored_block _ipcomp_tr_stored_block
42529 +# define _tr_tally _ipcomp_tr_tally
42530 +# define zError ipcomp_zError
42531 +# define z_errmsg ipcomp_z_errmsg
42532 +# define zlibVersion ipcomp_zlibVersion
42533 +# define match_init ipcomp_match_init
42534 +# define longest_match ipcomp_longest_match
42538 +# define Byte z_Byte
42539 +# define uInt z_uInt
42540 +# define uLong z_uLong
42541 +# define Bytef z_Bytef
42542 +# define charf z_charf
42543 +# define intf z_intf
42544 +# define uIntf z_uIntf
42545 +# define uLongf z_uLongf
42546 +# define voidpf z_voidpf
42547 +# define voidp z_voidp
42550 +#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
42553 +#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386)
42554 +# ifndef __32BIT__
42555 +# define __32BIT__
42558 +#if defined(__MSDOS__) && !defined(MSDOS)
42563 + * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
42564 + * than 64k bytes at a time (needed on systems with 16-bit int).
42566 +#if defined(MSDOS) && !defined(__32BIT__)
42567 +# define MAXSEG_64K
42570 +# define UNALIGNED_OK
42573 +#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32)) && !defined(STDC)
42576 +#if defined(__STDC__) || defined(__cplusplus) || defined(__OS2__)
42583 +# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
42588 +/* Some Mac compilers merge all .h files incorrectly: */
42589 +#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__)
42590 +# define NO_DUMMY_DECL
42593 +/* Old Borland C incorrectly complains about missing returns: */
42594 +#if defined(__BORLANDC__) && (__BORLANDC__ < 0x500)
42595 +# define NEED_DUMMY_RETURN
42599 +/* Maximum value for memLevel in deflateInit2 */
42600 +#ifndef MAX_MEM_LEVEL
42601 +# ifdef MAXSEG_64K
42602 +# define MAX_MEM_LEVEL 8
42604 +# define MAX_MEM_LEVEL 9
42608 +/* Maximum value for windowBits in deflateInit2 and inflateInit2.
42609 + * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
42610 + * created by gzip. (Files created by minigzip can still be extracted by
42614 +# define MAX_WBITS 15 /* 32K LZ77 window */
42617 +/* The memory requirements for deflate are (in bytes):
42618 + (1 << (windowBits+2)) + (1 << (memLevel+9))
42619 + that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
42620 + plus a few kilobytes for small objects. For example, if you want to reduce
42621 + the default memory requirements from 256K to 128K, compile with
42622 + make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
42623 + Of course this will generally degrade compression (there's no free lunch).
42625 + The memory requirements for inflate are (in bytes) 1 << windowBits
42626 + that is, 32K for windowBits=15 (default value) plus a few kilobytes
42627 + for small objects.
42630 + /* Type declarations */
42632 +#ifndef OF /* function prototypes */
42634 +# define OF(args) args
42636 +# define OF(args) ()
42640 +/* The following definitions for FAR are needed only for MSDOS mixed
42641 + * model programming (small or medium model with some far allocations).
42642 + * This was tested only with MSC; for other MSDOS compilers you may have
42643 + * to define NO_MEMCPY in zutil.h. If you don't need the mixed model,
42644 + * just define FAR to be empty.
42646 +#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__)
42647 + /* MSC small or medium model */
42648 +# define SMALL_MEDIUM
42655 +#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__))
42656 +# ifndef __32BIT__
42657 +# define SMALL_MEDIUM
42662 +/* Compile with -DZLIB_DLL for Windows DLL support */
42663 +#if defined(ZLIB_DLL)
42664 +# if defined(_WINDOWS) || defined(WINDOWS)
42668 +# include <windows.h>
42669 +# define ZEXPORT WINAPI
42671 +# define ZEXPORTVA WINAPIV
42673 +# define ZEXPORTVA FAR _cdecl _export
42676 +# if defined (__BORLANDC__)
42677 +# if (__BORLANDC__ >= 0x0500) && defined (WIN32)
42678 +# include <windows.h>
42679 +# define ZEXPORT __declspec(dllexport) WINAPI
42680 +# define ZEXPORTRVA __declspec(dllexport) WINAPIV
42682 +# if defined (_Windows) && defined (__DLL__)
42683 +# define ZEXPORT _export
42684 +# define ZEXPORTVA _export
42690 +#if defined (__BEOS__)
42691 +# if defined (ZLIB_DLL)
42692 +# define ZEXTERN extern __declspec(dllexport)
42694 +# define ZEXTERN extern __declspec(dllimport)
42702 +# define ZEXPORTVA
42705 +# define ZEXTERN extern
42712 +#if !defined(MACOS) && !defined(TARGET_OS_MAC)
42713 +typedef unsigned char Byte; /* 8 bits */
42715 +typedef unsigned int uInt; /* 16 bits or more */
42716 +typedef unsigned long uLong; /* 32 bits or more */
42718 +#ifdef SMALL_MEDIUM
42719 + /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
42720 +# define Bytef Byte FAR
42722 + typedef Byte FAR Bytef;
42724 +typedef char FAR charf;
42725 +typedef int FAR intf;
42726 +typedef uInt FAR uIntf;
42727 +typedef uLong FAR uLongf;
42730 + typedef void FAR *voidpf;
42731 + typedef void *voidp;
42733 + typedef Byte FAR *voidpf;
42734 + typedef Byte *voidp;
42737 +#ifdef HAVE_UNISTD_H
42738 +# include <sys/types.h> /* for off_t */
42739 +# include <unistd.h> /* for SEEK_* and off_t */
42740 +# define z_off_t off_t
42743 +# define SEEK_SET 0 /* Seek from beginning of file. */
42744 +# define SEEK_CUR 1 /* Seek from current position. */
42745 +# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */
42748 +# define z_off_t long
42751 +/* MVS linker does not support external names larger than 8 bytes */
42752 +#if defined(__MVS__)
42753 +# pragma map(deflateInit_,"DEIN")
42754 +# pragma map(deflateInit2_,"DEIN2")
42755 +# pragma map(deflateEnd,"DEEND")
42756 +# pragma map(inflateInit_,"ININ")
42757 +# pragma map(inflateInit2_,"ININ2")
42758 +# pragma map(inflateEnd,"INEND")
42759 +# pragma map(inflateSync,"INSY")
42760 +# pragma map(inflateSetDictionary,"INSEDI")
42761 +# pragma map(inflate_blocks,"INBL")
42762 +# pragma map(inflate_blocks_new,"INBLNE")
42763 +# pragma map(inflate_blocks_free,"INBLFR")
42764 +# pragma map(inflate_blocks_reset,"INBLRE")
42765 +# pragma map(inflate_codes_free,"INCOFR")
42766 +# pragma map(inflate_codes,"INCO")
42767 +# pragma map(inflate_fast,"INFA")
42768 +# pragma map(inflate_flush,"INFLU")
42769 +# pragma map(inflate_mask,"INMA")
42770 +# pragma map(inflate_set_dictionary,"INSEDI2")
42771 +# pragma map(ipcomp_inflate_copyright,"INCOPY")
42772 +# pragma map(inflate_trees_bits,"INTRBI")
42773 +# pragma map(inflate_trees_dynamic,"INTRDY")
42774 +# pragma map(inflate_trees_fixed,"INTRFI")
42775 +# pragma map(inflate_trees_free,"INTRFR")
42778 +#endif /* _ZCONF_H */
42779 diff -druN linux-noipsec/net/ipsec/zlib/zlib.h linux/net/ipsec/zlib/zlib.h
42780 --- linux-noipsec/net/ipsec/zlib/zlib.h Thu Jan 1 01:00:00 1970
42781 +++ linux/net/ipsec/zlib/zlib.h Fri Sep 29 20:51:34 2000
42783 +/* zlib.h -- interface of the 'zlib' general purpose compression library
42784 + version 1.1.3, July 9th, 1998
42786 + Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler
42788 + This software is provided 'as-is', without any express or implied
42789 + warranty. In no event will the authors be held liable for any damages
42790 + arising from the use of this software.
42792 + Permission is granted to anyone to use this software for any purpose,
42793 + including commercial applications, and to alter it and redistribute it
42794 + freely, subject to the following restrictions:
42796 + 1. The origin of this software must not be misrepresented; you must not
42797 + claim that you wrote the original software. If you use this software
42798 + in a product, an acknowledgment in the product documentation would be
42799 + appreciated but is not required.
42800 + 2. Altered source versions must be plainly marked as such, and must not be
42801 + misrepresented as being the original software.
42802 + 3. This notice may not be removed or altered from any source distribution.
42804 + Jean-loup Gailly Mark Adler
42805 + jloup@gzip.org madler@alumni.caltech.edu
42808 + The data format used by the zlib library is described by RFCs (Request for
42809 + Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
42810 + (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
42816 +#include "zconf.h"
42818 +#ifdef __cplusplus
42822 +#define ZLIB_VERSION "1.1.3"
42825 + The 'zlib' compression library provides in-memory compression and
42826 + decompression functions, including integrity checks of the uncompressed
42827 + data. This version of the library supports only one compression method
42828 + (deflation) but other algorithms will be added later and will have the same
42829 + stream interface.
42831 + Compression can be done in a single step if the buffers are large
42832 + enough (for example if an input file is mmap'ed), or can be done by
42833 + repeated calls of the compression function. In the latter case, the
42834 + application must provide more input and/or consume the output
42835 + (providing more output space) before each call.
42837 + The library also supports reading and writing files in gzip (.gz) format
42838 + with an interface similar to that of stdio.
42840 + The library does not install any signal handler. The decoder checks
42841 + the consistency of the compressed data, so the library should never
42842 + crash even in case of corrupted input.
42845 +typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
42846 +typedef void (*free_func) OF((voidpf opaque, voidpf address));
42848 +struct internal_state;
42850 +typedef struct z_stream_s {
42851 + Bytef *next_in; /* next input byte */
42852 + uInt avail_in; /* number of bytes available at next_in */
42853 + uLong total_in; /* total nb of input bytes read so far */
42855 + Bytef *next_out; /* next output byte should be put there */
42856 + uInt avail_out; /* remaining free space at next_out */
42857 + uLong total_out; /* total nb of bytes output so far */
42859 + const char *msg; /* last error message, NULL if no error */
42860 + struct internal_state FAR *state; /* not visible by applications */
42862 + alloc_func zalloc; /* used to allocate the internal state */
42863 + free_func zfree; /* used to free the internal state */
42864 + voidpf opaque; /* private data object passed to zalloc and zfree */
42866 + int data_type; /* best guess about the data type: ascii or binary */
42867 + uLong adler; /* adler32 value of the uncompressed data */
42868 + uLong reserved; /* reserved for future use */
42871 +typedef z_stream FAR *z_streamp;
42874 + The application must update next_in and avail_in when avail_in has
42875 + dropped to zero. It must update next_out and avail_out when avail_out
42876 + has dropped to zero. The application must initialize zalloc, zfree and
42877 + opaque before calling the init function. All other fields are set by the
42878 + compression library and must not be updated by the application.
42880 + The opaque value provided by the application will be passed as the first
42881 + parameter for calls of zalloc and zfree. This can be useful for custom
42882 + memory management. The compression library attaches no meaning to the
42885 + zalloc must return Z_NULL if there is not enough memory for the object.
42886 + If zlib is used in a multi-threaded application, zalloc and zfree must be
42889 + On 16-bit systems, the functions zalloc and zfree must be able to allocate
42890 + exactly 65536 bytes, but will not be required to allocate more than this
42891 + if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
42892 + pointers returned by zalloc for objects of exactly 65536 bytes *must*
42893 + have their offset normalized to zero. The default allocation function
42894 + provided by this library ensures this (see zutil.c). To reduce memory
42895 + requirements and avoid any allocation of 64K objects, at the expense of
42896 + compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
42898 + The fields total_in and total_out can be used for statistics or
42899 + progress reports. After compression, total_in holds the total size of
42900 + the uncompressed data and may be saved for use in the decompressor
42901 + (particularly if the decompressor wants to decompress everything in
42907 +#define Z_NO_FLUSH 0
42908 +#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */
42909 +#define Z_SYNC_FLUSH 2
42910 +#define Z_FULL_FLUSH 3
42911 +#define Z_FINISH 4
42912 +/* Allowed flush values; see deflate() below for details */
42915 +#define Z_STREAM_END 1
42916 +#define Z_NEED_DICT 2
42917 +#define Z_ERRNO (-1)
42918 +#define Z_STREAM_ERROR (-2)
42919 +#define Z_DATA_ERROR (-3)
42920 +#define Z_MEM_ERROR (-4)
42921 +#define Z_BUF_ERROR (-5)
42922 +#define Z_VERSION_ERROR (-6)
42923 +/* Return codes for the compression/decompression functions. Negative
42924 + * values are errors, positive values are used for special but normal events.
42927 +#define Z_NO_COMPRESSION 0
42928 +#define Z_BEST_SPEED 1
42929 +#define Z_BEST_COMPRESSION 9
42930 +#define Z_DEFAULT_COMPRESSION (-1)
42931 +/* compression levels */
42933 +#define Z_FILTERED 1
42934 +#define Z_HUFFMAN_ONLY 2
42935 +#define Z_DEFAULT_STRATEGY 0
42936 +/* compression strategy; see deflateInit2() below for details */
42938 +#define Z_BINARY 0
42940 +#define Z_UNKNOWN 2
42941 +/* Possible values of the data_type field */
42943 +#define Z_DEFLATED 8
42944 +/* The deflate compression method (the only one supported in this version) */
42946 +#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
42948 +#define zlib_version zlibVersion()
42949 +/* for compatibility with versions < 1.0.2 */
42951 + /* basic functions */
42953 +ZEXTERN const char * ZEXPORT zlibVersion OF((void));
42954 +/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
42955 + If the first character differs, the library code actually used is
42956 + not compatible with the zlib.h header file used by the application.
42957 + This check is automatically made by deflateInit and inflateInit.
42961 +ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
42963 + Initializes the internal stream state for compression. The fields
42964 + zalloc, zfree and opaque must be initialized before by the caller.
42965 + If zalloc and zfree are set to Z_NULL, deflateInit updates them to
42966 + use default allocation functions.
42968 + The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
42969 + 1 gives best speed, 9 gives best compression, 0 gives no compression at
42970 + all (the input data is simply copied a block at a time).
42971 + Z_DEFAULT_COMPRESSION requests a default compromise between speed and
42972 + compression (currently equivalent to level 6).
42974 + deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
42975 + enough memory, Z_STREAM_ERROR if level is not a valid compression level,
42976 + Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
42977 + with the version assumed by the caller (ZLIB_VERSION).
42978 + msg is set to null if there is no error message. deflateInit does not
42979 + perform any compression: this will be done by deflate().
42983 +ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
42985 + deflate compresses as much data as possible, and stops when the input
42986 + buffer becomes empty or the output buffer becomes full. It may introduce some
42987 + output latency (reading input without producing any output) except when
42990 + The detailed semantics are as follows. deflate performs one or both of the
42991 + following actions:
42993 + - Compress more input starting at next_in and update next_in and avail_in
42994 + accordingly. If not all input can be processed (because there is not
42995 + enough room in the output buffer), next_in and avail_in are updated and
42996 + processing will resume at this point for the next call of deflate().
42998 + - Provide more output starting at next_out and update next_out and avail_out
42999 + accordingly. This action is forced if the parameter flush is non zero.
43000 + Forcing flush frequently degrades the compression ratio, so this parameter
43001 + should be set only when necessary (in interactive applications).
43002 + Some output may be provided even if flush is not set.
43004 + Before the call of deflate(), the application should ensure that at least
43005 + one of the actions is possible, by providing more input and/or consuming
43006 + more output, and updating avail_in or avail_out accordingly; avail_out
43007 + should never be zero before the call. The application can consume the
43008 + compressed output when it wants, for example when the output buffer is full
43009 + (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
43010 + and with zero avail_out, it must be called again after making room in the
43011 + output buffer because there might be more output pending.
43013 + If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
43014 + flushed to the output buffer and the output is aligned on a byte boundary, so
43015 + that the decompressor can get all input data available so far. (In particular
43016 + avail_in is zero after the call if enough output space has been provided
43017 + before the call.) Flushing may degrade compression for some compression
43018 + algorithms and so it should be used only when necessary.
43020 + If flush is set to Z_FULL_FLUSH, all output is flushed as with
43021 + Z_SYNC_FLUSH, and the compression state is reset so that decompression can
43022 + restart from this point if previous compressed data has been damaged or if
43023 + random access is desired. Using Z_FULL_FLUSH too often can seriously degrade
43026 + If deflate returns with avail_out == 0, this function must be called again
43027 + with the same value of the flush parameter and more output space (updated
43028 + avail_out), until the flush is complete (deflate returns with non-zero
43031 + If the parameter flush is set to Z_FINISH, pending input is processed,
43032 + pending output is flushed and deflate returns with Z_STREAM_END if there
43033 + was enough output space; if deflate returns with Z_OK, this function must be
43034 + called again with Z_FINISH and more output space (updated avail_out) but no
43035 + more input data, until it returns with Z_STREAM_END or an error. After
43036 + deflate has returned Z_STREAM_END, the only possible operations on the
43037 + stream are deflateReset or deflateEnd.
43039 + Z_FINISH can be used immediately after deflateInit if all the compression
43040 + is to be done in a single step. In this case, avail_out must be at least
43041 + 0.1% larger than avail_in plus 12 bytes. If deflate does not return
43042 + Z_STREAM_END, then it must be called again as described above.
43044 + deflate() sets strm->adler to the adler32 checksum of all input read
43045 + so far (that is, total_in bytes).
43047 + deflate() may update data_type if it can make a good guess about
43048 + the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
43049 + binary. This field is only for information purposes and does not affect
43050 + the compression algorithm in any manner.
43052 + deflate() returns Z_OK if some progress has been made (more input
43053 + processed or more output produced), Z_STREAM_END if all input has been
43054 + consumed and all output has been produced (only when flush is set to
43055 + Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
43056 + if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible
43057 + (for example avail_in or avail_out was zero).
43061 +ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
43063 + All dynamically allocated data structures for this stream are freed.
43064 + This function discards any unprocessed input and does not flush any
43067 + deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
43068 + stream state was inconsistent, Z_DATA_ERROR if the stream was freed
43069 + prematurely (some input or output was discarded). In the error case,
43070 + msg may be set but then points to a static string (which must not be
43076 +ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
43078 + Initializes the internal stream state for decompression. The fields
43079 + next_in, avail_in, zalloc, zfree and opaque must be initialized before by
43080 + the caller. If next_in is not Z_NULL and avail_in is large enough (the exact
43081 + value depends on the compression method), inflateInit determines the
43082 + compression method from the zlib header and allocates all data structures
43083 + accordingly; otherwise the allocation will be deferred to the first call of
43084 + inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to
43085 + use default allocation functions.
43087 + inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
43088 + memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
43089 + version assumed by the caller. msg is set to null if there is no error
43090 + message. inflateInit does not perform any decompression apart from reading
43091 + the zlib header if present: this will be done by inflate(). (So next_in and
43092 + avail_in may be modified, but next_out and avail_out are unchanged.)
43096 +ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
43098 + inflate decompresses as much data as possible, and stops when the input
43099 + buffer becomes empty or the output buffer becomes full. It may some
43100 + introduce some output latency (reading input without producing any output)
43101 + except when forced to flush.
43103 + The detailed semantics are as follows. inflate performs one or both of the
43104 + following actions:
43106 + - Decompress more input starting at next_in and update next_in and avail_in
43107 + accordingly. If not all input can be processed (because there is not
43108 + enough room in the output buffer), next_in is updated and processing
43109 + will resume at this point for the next call of inflate().
43111 + - Provide more output starting at next_out and update next_out and avail_out
43112 + accordingly. inflate() provides as much output as possible, until there
43113 + is no more input data or no more space in the output buffer (see below
43114 + about the flush parameter).
43116 + Before the call of inflate(), the application should ensure that at least
43117 + one of the actions is possible, by providing more input and/or consuming
43118 + more output, and updating the next_* and avail_* values accordingly.
43119 + The application can consume the uncompressed output when it wants, for
43120 + example when the output buffer is full (avail_out == 0), or after each
43121 + call of inflate(). If inflate returns Z_OK and with zero avail_out, it
43122 + must be called again after making room in the output buffer because there
43123 + might be more output pending.
43125 + If the parameter flush is set to Z_SYNC_FLUSH, inflate flushes as much
43126 + output as possible to the output buffer. The flushing behavior of inflate is
43127 + not specified for values of the flush parameter other than Z_SYNC_FLUSH
43128 + and Z_FINISH, but the current implementation actually flushes as much output
43129 + as possible anyway.
43131 + inflate() should normally be called until it returns Z_STREAM_END or an
43132 + error. However if all decompression is to be performed in a single step
43133 + (a single call of inflate), the parameter flush should be set to
43134 + Z_FINISH. In this case all pending input is processed and all pending
43135 + output is flushed; avail_out must be large enough to hold all the
43136 + uncompressed data. (The size of the uncompressed data may have been saved
43137 + by the compressor for this purpose.) The next operation on this stream must
43138 + be inflateEnd to deallocate the decompression state. The use of Z_FINISH
43139 + is never required, but can be used to inform inflate that a faster routine
43140 + may be used for the single inflate() call.
43142 + If a preset dictionary is needed at this point (see inflateSetDictionary
43143 + below), inflate sets strm-adler to the adler32 checksum of the
43144 + dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise
43145 + it sets strm->adler to the adler32 checksum of all output produced
43146 + so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or
43147 + an error code as described below. At the end of the stream, inflate()
43148 + checks that its computed adler32 checksum is equal to that saved by the
43149 + compressor and returns Z_STREAM_END only if the checksum is correct.
43151 + inflate() returns Z_OK if some progress has been made (more input processed
43152 + or more output produced), Z_STREAM_END if the end of the compressed data has
43153 + been reached and all uncompressed output has been produced, Z_NEED_DICT if a
43154 + preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
43155 + corrupted (input stream not conforming to the zlib format or incorrect
43156 + adler32 checksum), Z_STREAM_ERROR if the stream structure was inconsistent
43157 + (for example if next_in or next_out was NULL), Z_MEM_ERROR if there was not
43158 + enough memory, Z_BUF_ERROR if no progress is possible or if there was not
43159 + enough room in the output buffer when Z_FINISH is used. In the Z_DATA_ERROR
43160 + case, the application may then call inflateSync to look for a good
43161 + compression block.
43165 +ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
43167 + All dynamically allocated data structures for this stream are freed.
43168 + This function discards any unprocessed input and does not flush any
43171 + inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
43172 + was inconsistent. In the error case, msg may be set but then points to a
43173 + static string (which must not be deallocated).
43176 + /* Advanced functions */
43179 + The following functions are needed only in some special applications.
43183 +ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
43190 + This is another version of deflateInit with more compression options. The
43191 + fields next_in, zalloc, zfree and opaque must be initialized before by
43194 + The method parameter is the compression method. It must be Z_DEFLATED in
43195 + this version of the library.
43197 + The windowBits parameter is the base two logarithm of the window size
43198 + (the size of the history buffer). It should be in the range 8..15 for this
43199 + version of the library. Larger values of this parameter result in better
43200 + compression at the expense of memory usage. The default value is 15 if
43201 + deflateInit is used instead.
43203 + The memLevel parameter specifies how much memory should be allocated
43204 + for the internal compression state. memLevel=1 uses minimum memory but
43205 + is slow and reduces compression ratio; memLevel=9 uses maximum memory
43206 + for optimal speed. The default value is 8. See zconf.h for total memory
43207 + usage as a function of windowBits and memLevel.
43209 + The strategy parameter is used to tune the compression algorithm. Use the
43210 + value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
43211 + filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no
43212 + string match). Filtered data consists mostly of small values with a
43213 + somewhat random distribution. In this case, the compression algorithm is
43214 + tuned to compress them better. The effect of Z_FILTERED is to force more
43215 + Huffman coding and less string matching; it is somewhat intermediate
43216 + between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects
43217 + the compression ratio but not the correctness of the compressed output even
43218 + if it is not set appropriately.
43220 + deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
43221 + memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid
43222 + method). msg is set to null if there is no error message. deflateInit2 does
43223 + not perform any compression: this will be done by deflate().
43226 +ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
43227 + const Bytef *dictionary,
43228 + uInt dictLength));
43230 + Initializes the compression dictionary from the given byte sequence
43231 + without producing any compressed output. This function must be called
43232 + immediately after deflateInit, deflateInit2 or deflateReset, before any
43233 + call of deflate. The compressor and decompressor must use exactly the same
43234 + dictionary (see inflateSetDictionary).
43236 + The dictionary should consist of strings (byte sequences) that are likely
43237 + to be encountered later in the data to be compressed, with the most commonly
43238 + used strings preferably put towards the end of the dictionary. Using a
43239 + dictionary is most useful when the data to be compressed is short and can be
43240 + predicted with good accuracy; the data can then be compressed better than
43241 + with the default empty dictionary.
43243 + Depending on the size of the compression data structures selected by
43244 + deflateInit or deflateInit2, a part of the dictionary may in effect be
43245 + discarded, for example if the dictionary is larger than the window size in
43246 + deflate or deflate2. Thus the strings most likely to be useful should be
43247 + put at the end of the dictionary, not at the front.
43249 + Upon return of this function, strm->adler is set to the Adler32 value
43250 + of the dictionary; the decompressor may later use this value to determine
43251 + which dictionary has been used by the compressor. (The Adler32 value
43252 + applies to the whole dictionary even if only a subset of the dictionary is
43253 + actually used by the compressor.)
43255 + deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
43256 + parameter is invalid (such as NULL dictionary) or the stream state is
43257 + inconsistent (for example if deflate has already been called for this stream
43258 + or if the compression method is bsort). deflateSetDictionary does not
43259 + perform any compression: this will be done by deflate().
43262 +ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
43263 + z_streamp source));
43265 + Sets the destination stream as a complete copy of the source stream.
43267 + This function can be useful when several compression strategies will be
43268 + tried, for example when there are several ways of pre-processing the input
43269 + data with a filter. The streams that will be discarded should then be freed
43270 + by calling deflateEnd. Note that deflateCopy duplicates the internal
43271 + compression state which can be quite large, so this strategy is slow and
43272 + can consume lots of memory.
43274 + deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
43275 + enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
43276 + (such as zalloc being NULL). msg is left unchanged in both source and
43280 +ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
43282 + This function is equivalent to deflateEnd followed by deflateInit,
43283 + but does not free and reallocate all the internal compression state.
43284 + The stream will keep the same compression level and any other attributes
43285 + that may have been set by deflateInit2.
43287 + deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
43288 + stream state was inconsistent (such as zalloc or state being NULL).
43291 +ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
43295 + Dynamically update the compression level and compression strategy. The
43296 + interpretation of level and strategy is as in deflateInit2. This can be
43297 + used to switch between compression and straight copy of the input data, or
43298 + to switch to a different kind of input data requiring a different
43299 + strategy. If the compression level is changed, the input available so far
43300 + is compressed with the old level (and may be flushed); the new level will
43301 + take effect only at the next call of deflate().
43303 + Before the call of deflateParams, the stream state must be set as for
43304 + a call of deflate(), since the currently available input may have to
43305 + be compressed and flushed. In particular, strm->avail_out must be non-zero.
43307 + deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
43308 + stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
43309 + if strm->avail_out was zero.
43313 +ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
43314 + int windowBits));
43316 + This is another version of inflateInit with an extra parameter. The
43317 + fields next_in, avail_in, zalloc, zfree and opaque must be initialized
43318 + before by the caller.
43320 + The windowBits parameter is the base two logarithm of the maximum window
43321 + size (the size of the history buffer). It should be in the range 8..15 for
43322 + this version of the library. The default value is 15 if inflateInit is used
43323 + instead. If a compressed stream with a larger window size is given as
43324 + input, inflate() will return with the error code Z_DATA_ERROR instead of
43325 + trying to allocate a larger window.
43327 + inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
43328 + memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative
43329 + memLevel). msg is set to null if there is no error message. inflateInit2
43330 + does not perform any decompression apart from reading the zlib header if
43331 + present: this will be done by inflate(). (So next_in and avail_in may be
43332 + modified, but next_out and avail_out are unchanged.)
43335 +ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
43336 + const Bytef *dictionary,
43337 + uInt dictLength));
43339 + Initializes the decompression dictionary from the given uncompressed byte
43340 + sequence. This function must be called immediately after a call of inflate
43341 + if this call returned Z_NEED_DICT. The dictionary chosen by the compressor
43342 + can be determined from the Adler32 value returned by this call of
43343 + inflate. The compressor and decompressor must use exactly the same
43344 + dictionary (see deflateSetDictionary).
43346 + inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
43347 + parameter is invalid (such as NULL dictionary) or the stream state is
43348 + inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
43349 + expected one (incorrect Adler32 value). inflateSetDictionary does not
43350 + perform any decompression: this will be done by subsequent calls of
43354 +ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
43356 + Skips invalid compressed data until a full flush point (see above the
43357 + description of deflate with Z_FULL_FLUSH) can be found, or until all
43358 + available input is skipped. No output is provided.
43360 + inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR
43361 + if no more input was provided, Z_DATA_ERROR if no flush point has been found,
43362 + or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
43363 + case, the application may save the current current value of total_in which
43364 + indicates where valid compressed data was found. In the error case, the
43365 + application may repeatedly call inflateSync, providing more input each time,
43366 + until success or end of the input data.
43369 +ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
43371 + This function is equivalent to inflateEnd followed by inflateInit,
43372 + but does not free and reallocate all the internal decompression state.
43373 + The stream will keep attributes that may have been set by inflateInit2.
43375 + inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
43376 + stream state was inconsistent (such as zalloc or state being NULL).
43380 + /* utility functions */
43383 + The following utility functions are implemented on top of the
43384 + basic stream-oriented functions. To simplify the interface, some
43385 + default options are assumed (compression level and memory usage,
43386 + standard memory allocation functions). The source code of these
43387 + utility functions can easily be modified if you need special options.
43390 +ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen,
43391 + const Bytef *source, uLong sourceLen));
43393 + Compresses the source buffer into the destination buffer. sourceLen is
43394 + the byte length of the source buffer. Upon entry, destLen is the total
43395 + size of the destination buffer, which must be at least 0.1% larger than
43396 + sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the
43397 + compressed buffer.
43398 + This function can be used to compress a whole file at once if the
43399 + input file is mmap'ed.
43400 + compress returns Z_OK if success, Z_MEM_ERROR if there was not
43401 + enough memory, Z_BUF_ERROR if there was not enough room in the output
43405 +ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen,
43406 + const Bytef *source, uLong sourceLen,
43409 + Compresses the source buffer into the destination buffer. The level
43410 + parameter has the same meaning as in deflateInit. sourceLen is the byte
43411 + length of the source buffer. Upon entry, destLen is the total size of the
43412 + destination buffer, which must be at least 0.1% larger than sourceLen plus
43413 + 12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
43415 + compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
43416 + memory, Z_BUF_ERROR if there was not enough room in the output buffer,
43417 + Z_STREAM_ERROR if the level parameter is invalid.
43420 +ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen,
43421 + const Bytef *source, uLong sourceLen));
43423 + Decompresses the source buffer into the destination buffer. sourceLen is
43424 + the byte length of the source buffer. Upon entry, destLen is the total
43425 + size of the destination buffer, which must be large enough to hold the
43426 + entire uncompressed data. (The size of the uncompressed data must have
43427 + been saved previously by the compressor and transmitted to the decompressor
43428 + by some mechanism outside the scope of this compression library.)
43429 + Upon exit, destLen is the actual size of the compressed buffer.
43430 + This function can be used to decompress a whole file at once if the
43431 + input file is mmap'ed.
43433 + uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
43434 + enough memory, Z_BUF_ERROR if there was not enough room in the output
43435 + buffer, or Z_DATA_ERROR if the input data was corrupted.
43439 +typedef voidp gzFile;
43441 +ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
43443 + Opens a gzip (.gz) file for reading or writing. The mode parameter
43444 + is as in fopen ("rb" or "wb") but can also include a compression level
43445 + ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for
43446 + Huffman only compression as in "wb1h". (See the description
43447 + of deflateInit2 for more information about the strategy parameter.)
43449 + gzopen can be used to read a file which is not in gzip format; in this
43450 + case gzread will directly read from the file without decompression.
43452 + gzopen returns NULL if the file could not be opened or if there was
43453 + insufficient memory to allocate the (de)compression state; errno
43454 + can be checked to distinguish the two cases (if errno is zero, the
43455 + zlib error is Z_MEM_ERROR). */
43457 +ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
43459 + gzdopen() associates a gzFile with the file descriptor fd. File
43460 + descriptors are obtained from calls like open, dup, creat, pipe or
43461 + fileno (in the file has been previously opened with fopen).
43462 + The mode parameter is as in gzopen.
43463 + The next call of gzclose on the returned gzFile will also close the
43464 + file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
43465 + descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
43466 + gzdopen returns NULL if there was insufficient memory to allocate
43467 + the (de)compression state.
43470 +ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
43472 + Dynamically update the compression level or strategy. See the description
43473 + of deflateInit2 for the meaning of these parameters.
43474 + gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not
43475 + opened for writing.
43478 +ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
43480 + Reads the given number of uncompressed bytes from the compressed file.
43481 + If the input file was not in gzip format, gzread copies the given number
43482 + of bytes into the buffer.
43483 + gzread returns the number of uncompressed bytes actually read (0 for
43484 + end of file, -1 for error). */
43486 +ZEXTERN int ZEXPORT gzwrite OF((gzFile file,
43487 + const voidp buf, unsigned len));
43489 + Writes the given number of uncompressed bytes into the compressed file.
43490 + gzwrite returns the number of uncompressed bytes actually written
43491 + (0 in case of error).
43494 +ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...));
43496 + Converts, formats, and writes the args to the compressed file under
43497 + control of the format string, as in fprintf. gzprintf returns the number of
43498 + uncompressed bytes actually written (0 in case of error).
43501 +ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
43503 + Writes the given null-terminated string to the compressed file, excluding
43504 + the terminating null character.
43505 + gzputs returns the number of characters written, or -1 in case of error.
43508 +ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
43510 + Reads bytes from the compressed file until len-1 characters are read, or
43511 + a newline character is read and transferred to buf, or an end-of-file
43512 + condition is encountered. The string is then terminated with a null
43514 + gzgets returns buf, or Z_NULL in case of error.
43517 +ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
43519 + Writes c, converted to an unsigned char, into the compressed file.
43520 + gzputc returns the value that was written, or -1 in case of error.
43523 +ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
43525 + Reads one byte from the compressed file. gzgetc returns this byte
43526 + or -1 in case of end of file or error.
43529 +ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
43531 + Flushes all pending output into the compressed file. The parameter
43532 + flush is as in the deflate() function. The return value is the zlib
43533 + error number (see function gzerror below). gzflush returns Z_OK if
43534 + the flush parameter is Z_FINISH and all output could be flushed.
43535 + gzflush should be called only when strictly necessary because it can
43536 + degrade compression.
43539 +ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
43540 + z_off_t offset, int whence));
43542 + Sets the starting position for the next gzread or gzwrite on the
43543 + given compressed file. The offset represents a number of bytes in the
43544 + uncompressed data stream. The whence parameter is defined as in lseek(2);
43545 + the value SEEK_END is not supported.
43546 + If the file is opened for reading, this function is emulated but can be
43547 + extremely slow. If the file is opened for writing, only forward seeks are
43548 + supported; gzseek then compresses a sequence of zeroes up to the new
43549 + starting position.
43551 + gzseek returns the resulting offset location as measured in bytes from
43552 + the beginning of the uncompressed stream, or -1 in case of error, in
43553 + particular if the file is opened for writing and the new starting position
43554 + would be before the current position.
43557 +ZEXTERN int ZEXPORT gzrewind OF((gzFile file));
43559 + Rewinds the given file. This function is supported only for reading.
43561 + gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET)
43564 +ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file));
43566 + Returns the starting position for the next gzread or gzwrite on the
43567 + given compressed file. This position represents a number of bytes in the
43568 + uncompressed data stream.
43570 + gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
43573 +ZEXTERN int ZEXPORT gzeof OF((gzFile file));
43575 + Returns 1 when EOF has previously been detected reading the given
43576 + input stream, otherwise zero.
43579 +ZEXTERN int ZEXPORT gzclose OF((gzFile file));
43581 + Flushes all pending output if necessary, closes the compressed file
43582 + and deallocates all the (de)compression state. The return value is the zlib
43583 + error number (see function gzerror below).
43586 +ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
43588 + Returns the error message for the last error which occurred on the
43589 + given compressed file. errnum is set to zlib error number. If an
43590 + error occurred in the file system and not in the compression library,
43591 + errnum is set to Z_ERRNO and the application may consult errno
43592 + to get the exact error code.
43595 + /* checksum functions */
43598 + These functions are not related to compression but are exported
43599 + anyway because they might be useful in applications using the
43600 + compression library.
43603 +ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
43606 + Update a running Adler-32 checksum with the bytes buf[0..len-1] and
43607 + return the updated checksum. If buf is NULL, this function returns
43608 + the required initial value for the checksum.
43609 + An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
43610 + much faster. Usage example:
43612 + uLong adler = adler32(0L, Z_NULL, 0);
43614 + while (read_buffer(buffer, length) != EOF) {
43615 + adler = adler32(adler, buffer, length);
43617 + if (adler != original_adler) error();
43620 +ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
43622 + Update a running crc with the bytes buf[0..len-1] and return the updated
43623 + crc. If buf is NULL, this function returns the required initial value
43624 + for the crc. Pre- and post-conditioning (one's complement) is performed
43625 + within this function so it shouldn't be done by the application.
43628 + uLong crc = crc32(0L, Z_NULL, 0);
43630 + while (read_buffer(buffer, length) != EOF) {
43631 + crc = crc32(crc, buffer, length);
43633 + if (crc != original_crc) error();
43637 + /* various hacks, don't look :) */
43639 +/* deflateInit and inflateInit are macros to allow checking the zlib version
43640 + * and the compiler's view of z_stream:
43642 +ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
43643 + const char *version, int stream_size));
43644 +ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
43645 + const char *version, int stream_size));
43646 +ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
43647 + int windowBits, int memLevel,
43648 + int strategy, const char *version,
43649 + int stream_size));
43650 +ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
43651 + const char *version, int stream_size));
43652 +#define deflateInit(strm, level) \
43653 + deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
43654 +#define inflateInit(strm) \
43655 + inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
43656 +#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
43657 + deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
43658 + (strategy), ZLIB_VERSION, sizeof(z_stream))
43659 +#define inflateInit2(strm, windowBits) \
43660 + inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
43663 +#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
43664 + struct internal_state {int dummy;}; /* hack for buggy compilers */
43667 +ZEXTERN const char * ZEXPORT zError OF((int err));
43668 +ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z));
43669 +ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void));
43671 +#ifdef __cplusplus
43675 +#endif /* _ZLIB_H */
43676 diff -druN linux-noipsec/net/ipsec/zlib/zutil.c linux/net/ipsec/zlib/zutil.c
43677 --- linux-noipsec/net/ipsec/zlib/zutil.c Thu Jan 1 01:00:00 1970
43678 +++ linux/net/ipsec/zlib/zutil.c Fri Sep 29 20:51:34 2000
43680 +/* zutil.c -- target dependent utility functions for the compression library
43681 + * Copyright (C) 1995-1998 Jean-loup Gailly.
43682 + * For conditions of distribution and use, see copyright notice in zlib.h
43687 +#include "zutil.h"
43689 +#define MY_ZCALLOC
43691 +struct internal_state {int dummy;}; /* for buggy compilers */
43694 +extern void exit OF((int));
43697 +const char *z_errmsg[10] = {
43698 +"need dictionary", /* Z_NEED_DICT 2 */
43699 +"stream end", /* Z_STREAM_END 1 */
43701 +"file error", /* Z_ERRNO (-1) */
43702 +"stream error", /* Z_STREAM_ERROR (-2) */
43703 +"data error", /* Z_DATA_ERROR (-3) */
43704 +"insufficient memory", /* Z_MEM_ERROR (-4) */
43705 +"buffer error", /* Z_BUF_ERROR (-5) */
43706 +"incompatible version",/* Z_VERSION_ERROR (-6) */
43710 +const char * ZEXPORT zlibVersion()
43712 + return ZLIB_VERSION;
43718 +# define verbose 0
43720 +int z_verbose = verbose;
43725 + fprintf(stderr, "%s\n", m);
43730 +/* exported to allow conversion of error code to string for compress() and
43733 +const char * ZEXPORT zError(err)
43736 + return ERR_MSG(err);
43740 +#ifndef HAVE_MEMCPY
43742 +void zmemcpy(dest, source, len)
43744 + const Bytef* source;
43747 + if (len == 0) return;
43749 + *dest++ = *source++; /* ??? to be unrolled */
43750 + } while (--len != 0);
43753 +int zmemcmp(s1, s2, len)
43760 + for (j = 0; j < len; j++) {
43761 + if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1;
43766 +void zmemzero(dest, len)
43770 + if (len == 0) return;
43772 + *dest++ = 0; /* ??? to be unrolled */
43773 + } while (--len != 0);
43778 +#if (defined( __BORLANDC__) || !defined(SMALL_MEDIUM)) && !defined(__32BIT__)
43779 +/* Small and medium model in Turbo C are for now limited to near allocation
43780 + * with reduced MAX_WBITS and MAX_MEM_LEVEL
43782 +# define MY_ZCALLOC
43784 +/* Turbo C malloc() does not allow dynamic allocation of 64K bytes
43785 + * and farmalloc(64K) returns a pointer with an offset of 8, so we
43786 + * must fix the pointer. Warning: the pointer must be put back to its
43787 + * original form in order to free it, use zcfree().
43790 +#define MAX_PTR 10
43791 +/* 10*64K = 640K */
43793 +local int next_ptr = 0;
43795 +typedef struct ptr_table_s {
43800 +local ptr_table table[MAX_PTR];
43801 +/* This table is used to remember the original form of pointers
43802 + * to large buffers (64K). Such pointers are normalized with a zero offset.
43803 + * Since MSDOS is not a preemptive multitasking OS, this table is not
43804 + * protected from concurrent access. This hack doesn't work anyway on
43805 + * a protected system like OS/2. Use Microsoft C instead.
43808 +voidpf zcalloc (voidpf opaque, unsigned items, unsigned size)
43810 + voidpf buf = opaque; /* just to make some compilers happy */
43811 + ulg bsize = (ulg)items*size;
43813 + /* If we allocate less than 65520 bytes, we assume that farmalloc
43814 + * will return a usable pointer which doesn't have to be normalized.
43816 + if (bsize < 65520L) {
43817 + buf = farmalloc(bsize);
43818 + if (*(ush*)&buf != 0) return buf;
43820 + buf = farmalloc(bsize + 16L);
43822 + if (buf == NULL || next_ptr >= MAX_PTR) return NULL;
43823 + table[next_ptr].org_ptr = buf;
43825 + /* Normalize the pointer to seg:0 */
43826 + *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4;
43828 + table[next_ptr++].new_ptr = buf;
43832 +void zcfree (voidpf opaque, voidpf ptr)
43835 + if (*(ush*)&ptr != 0) { /* object < 64K */
43839 + /* Find the original pointer */
43840 + for (n = 0; n < next_ptr; n++) {
43841 + if (ptr != table[n].new_ptr) continue;
43843 + farfree(table[n].org_ptr);
43844 + while (++n < next_ptr) {
43845 + table[n-1] = table[n];
43850 + ptr = opaque; /* just to make some compilers happy */
43851 + Assert(0, "zcfree: ptr not found");
43854 +#endif /* __TURBOC__ */
43857 +#if defined(M_I86) && !defined(__32BIT__)
43858 +/* Microsoft C in 16-bit mode */
43860 +# define MY_ZCALLOC
43862 +#if (!defined(_MSC_VER) || (_MSC_VER <= 600))
43863 +# define _halloc halloc
43864 +# define _hfree hfree
43867 +voidpf zcalloc (voidpf opaque, unsigned items, unsigned size)
43869 + if (opaque) opaque = 0; /* to make compiler happy */
43870 + return _halloc((long)items, size);
43873 +void zcfree (voidpf opaque, voidpf ptr)
43875 + if (opaque) opaque = 0; /* to make compiler happy */
43882 +#ifndef MY_ZCALLOC /* Any system without a special alloc function */
43885 +extern voidp calloc OF((uInt items, uInt size));
43886 +extern void free OF((voidpf ptr));
43889 +voidpf zcalloc (opaque, items, size)
43894 + if (opaque) items += size - size; /* make compiler happy */
43895 + return (voidpf)calloc(items, size);
43898 +void zcfree (opaque, ptr)
43903 + if (opaque) return; /* make compiler happy */
43906 +#endif /* MY_ZCALLOC */
43907 diff -druN linux-noipsec/net/ipsec/zlib/zutil.h linux/net/ipsec/zlib/zutil.h
43908 --- linux-noipsec/net/ipsec/zlib/zutil.h Thu Jan 1 01:00:00 1970
43909 +++ linux/net/ipsec/zlib/zutil.h Fri Sep 29 20:51:34 2000
43911 +/* zutil.h -- internal interface and configuration of the compression library
43912 + * Copyright (C) 1995-1998 Jean-loup Gailly.
43913 + * For conditions of distribution and use, see copyright notice in zlib.h
43916 +/* WARNING: this file should *not* be used by applications. It is
43917 + part of the implementation of the compression library and is
43918 + subject to change. Applications should only use zlib.h.
43928 +#include <linux/string.h>
43929 +#define HAVE_MEMCPY
43931 +#if 0 // #ifdef STDC
43932 +# include <stddef.h>
43933 +# include <string.h>
43934 +# include <stdlib.h>
43937 + extern int errno;
43939 +# include <errno.h>
43943 +# define local static
43945 +/* compile with -Dlocal if your debugger can't find static symbols */
43947 +typedef unsigned char uch;
43948 +typedef uch FAR uchf;
43949 +typedef unsigned short ush;
43950 +typedef ush FAR ushf;
43951 +typedef unsigned long ulg;
43953 +extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */
43954 +/* (size given to avoid silly warnings with Visual C++) */
43956 +#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
43958 +#define ERR_RETURN(strm,err) \
43959 + return (strm->msg = ERR_MSG(err), (err))
43960 +/* To be used only when the state is known to be valid */
43962 + /* common constants */
43965 +# define DEF_WBITS MAX_WBITS
43967 +/* default windowBits for decompression. MAX_WBITS is for compression only */
43969 +#if MAX_MEM_LEVEL >= 8
43970 +# define DEF_MEM_LEVEL 8
43972 +# define DEF_MEM_LEVEL MAX_MEM_LEVEL
43974 +/* default memLevel */
43976 +#define STORED_BLOCK 0
43977 +#define STATIC_TREES 1
43978 +#define DYN_TREES 2
43979 +/* The three kinds of block type */
43981 +#define MIN_MATCH 3
43982 +#define MAX_MATCH 258
43983 +/* The minimum and maximum match lengths */
43985 +#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
43987 + /* target dependencies */
43990 +# define OS_CODE 0x00
43991 +# if defined(__TURBOC__) || defined(__BORLANDC__)
43992 +# if(__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__))
43993 + /* Allow compilation with ANSI keywords only enabled */
43994 + void _Cdecl farfree( void *block );
43995 + void *_Cdecl farmalloc( unsigned long nbytes );
43997 +# include <alloc.h>
43999 +# else /* MSC or DJGPP */
44000 +# include <malloc.h>
44005 +# define OS_CODE 0x06
44008 +#ifdef WIN32 /* Window 95 & Windows NT */
44009 +# define OS_CODE 0x0b
44012 +#if defined(VAXC) || defined(VMS)
44013 +# define OS_CODE 0x02
44014 +# define F_OPEN(name, mode) \
44015 + fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
44019 +# define OS_CODE 0x01
44022 +#if defined(ATARI) || defined(atarist)
44023 +# define OS_CODE 0x05
44026 +#if defined(MACOS) || defined(TARGET_OS_MAC)
44027 +# define OS_CODE 0x07
44028 +# if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
44029 +# include <unix.h> /* for fdopen */
44032 +# define fdopen(fd,mode) NULL /* No fdopen() */
44037 +#ifdef __50SERIES /* Prime/PRIMOS */
44038 +# define OS_CODE 0x0F
44042 +# define OS_CODE 0x0a
44045 +#if defined(_BEOS_) || defined(RISCOS)
44046 +# define fdopen(fd,mode) NULL /* No fdopen() */
44049 +#if (defined(_MSC_VER) && (_MSC_VER > 600))
44050 +# define fdopen(fd,type) _fdopen(fd,type)
44054 + /* Common defaults */
44057 +# define OS_CODE 0x03 /* assume Unix */
44061 +# define F_OPEN(name, mode) fopen((name), (mode))
44066 +#ifdef HAVE_STRERROR
44067 + extern char *strerror OF((int));
44068 +# define zstrerror(errnum) strerror(errnum)
44070 +# define zstrerror(errnum) ""
44074 +# define NO_MEMCPY
44076 +#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__)
44077 + /* Use our own functions for small and medium model with MSC <= 5.0.
44078 + * You may have to use the same strategy for Borland C (untested).
44079 + * The __SC__ check is for Symantec.
44081 +# define NO_MEMCPY
44083 +#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
44084 +# define HAVE_MEMCPY
44086 +#ifdef HAVE_MEMCPY
44087 +# ifdef SMALL_MEDIUM /* MSDOS small or medium model */
44088 +# define zmemcpy _fmemcpy
44089 +# define zmemcmp _fmemcmp
44090 +# define zmemzero(dest, len) _fmemset(dest, 0, len)
44092 +# define zmemcpy memcpy
44093 +# define zmemcmp memcmp
44094 +# define zmemzero(dest, len) memset(dest, 0, len)
44097 + extern void zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
44098 + extern int zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
44099 + extern void zmemzero OF((Bytef* dest, uInt len));
44102 +/* Diagnostic functions */
44104 +# include <stdio.h>
44105 + extern int z_verbose;
44106 + extern void z_error OF((char *m));
44107 +# define Assert(cond,msg) {if(!(cond)) z_error(msg);}
44108 +# define Trace(x) {if (z_verbose>=0) fprintf x ;}
44109 +# define Tracev(x) {if (z_verbose>0) fprintf x ;}
44110 +# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
44111 +# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
44112 +# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
44114 +# define Assert(cond,msg)
44116 +# define Tracev(x)
44117 +# define Tracevv(x)
44118 +# define Tracec(c,x)
44119 +# define Tracecv(c,x)
44123 +typedef uLong (ZEXPORT *check_func) OF((uLong check, const Bytef *buf,
44125 +voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size));
44126 +void zcfree OF((voidpf opaque, voidpf ptr));
44128 +#define ZALLOC(strm, items, size) \
44129 + (*((strm)->zalloc))((strm)->opaque, (items), (size))
44130 +#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
44131 +#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
44133 +#endif /* _Z_UTIL_H */
44134 diff -druN linux-noipsec/net/ipv4/af_inet.c linux/net/ipv4/af_inet.c
44135 --- linux-noipsec/net/ipv4/af_inet.c Fri Dec 15 15:15:47 2000
44136 +++ linux/net/ipv4/af_inet.c Fri Dec 15 15:18:21 2000
44137 @@ -1149,6 +1149,17 @@
44141 +#if defined(CONFIG_IPSEC)
44143 + extern /* void */ int ipsec_init(void);
44145 + * Initialise AF_INET ESP and AH protocol support including
44146 + * e-routing and SA tables
44150 +#endif /* CONFIG_IPSEC */
44152 #ifdef CONFIG_INET_RARP
44153 rarp_ioctl_hook = rarp_ioctl;